Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
A8xYhQFvXo.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_5a155b1e9b8901355626d9881b9ed599cf1223_82810a17_1b0352d0\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_9155b230567b23dc90309f27732428df1d2d4b15_82810a17_1a0b4812\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_9155b230567b23dc90309f27732428df1d2d4b15_82810a17_1b8b63b8\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3DB2.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Jan 30 22:23:04 2021, 0x1205a4 type
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4043.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER413E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER493B.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Jan 30 22:23:07 2021, 0x1205a4 type
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C88.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4DF0.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5CB4.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Jan 30 22:23:12 2021, 0x1205a4 type
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5EA9.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5F65.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe 'C:\Users\user\Desktop\A8xYhQFvXo.dll'
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\A8xYhQFvXo.dll,Hello001
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 712
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\A8xYhQFvXo.dll,Hello002
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 712
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\A8xYhQFvXo.dll,Hello003
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 712
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://01%s08%s15%s22%sWebGL%d%02d%s.club/http://01%s08%s15%s22%sFrankLin%d%02d%s.xyz/post_info.
|
unknown
|
|
|
|
https://upload.twitter.com/i/media/upload.jsoncommand=FINALIZE&media_id=
|
unknown
|
|
|
|
https://twitter.com/compose/tweetsec-fetch-dest:
|
unknown
|
|
|
|
https://www.instagram.com/
|
unknown
|
|
|
|
https://www.messenger.com/
|
unknown
|
|
|
|
https://upload.twitter.com/i/media/upload.json%dcommand=INIT&total_bytes=&media_type=image%2Fjpeg&me
|
unknown
|
|
|
|
https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=0accept:
|
unknown
|
|
|
|
https://api.twitter.com/1.1/statuses/update.jsoninclude_profile_interstitial_type=1&include_blocking
|
unknown
|
|
|
|
https://www.messenger.com/origin:
|
unknown
|
|
|
|
https://twitter.com/
|
unknown
|
|
|
|
https://twitter.com/ookie:
|
unknown
|
|
|
|
https://api.twitter.com/1.1/statuses/update.json
|
unknown
|
|
|
|
https://curl.haxx.se/docs/http-cookies.html
|
unknown
|
|
|
|
https://twitter.comsec-fetch-dest:
|
unknown
|
|
|
|
https://upload.twitter.com/i/media/upload.json
|
unknown
|
|
|
|
https://twitter.com/compose/tweetsec-fetch-mode:
|
unknown
|
|
|
|
https://www.instagram.comsec-fetch-mode:
|
unknown
|
|
|
|
https://www.instagram.com/accounts/login/ajax/facebook/
|
unknown
|
|
|
|
https://www.instagram.com/sec-fetch-site:
|
unknown
|
|
|
|
https://twitter.comReferer:
|
unknown
|
|
|
|
https://www.messenger.com/accept:
|
unknown
|
|
|
|
http://www.interestvideo.com/video1.php
|
unknown
|
|
|
|
https://www.messenger.com
|
unknown
|
|
|
|
https://www.instagram.com/accept:
|
unknown
|
|
|
|
https://www.messenger.com/login/nonce/
|
unknown
|
|
|
|
https://www.messenger.com/login/nonce/ookie:
|
unknown
|
|
|
|
https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=0
|
unknown
|
|
|
|
https://www.instagram.com/graphql/query/?query_hash=149bef52a3b2af88c0fec37913fe1cbc&variables=%7B%2
|
unknown
|
|
There are 18 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\WerFault.exe
|
AmiHivePermissionsCorrect
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
AmiHiveOwnerCorrect
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
ProgramId
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
FileId
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
LowerCaseLongPath
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
LongPathHash
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
Name
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
Publisher
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
Version
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
BinFileVersion
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
BinaryType
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
ProductName
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
ProductVersion
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
LinkDate
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
BinProductVersion
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
Size
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
Language
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
IsPeFile
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
IsOsComponent
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
ExceptionRecord
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
DeviceTicket
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
DeviceId
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
ApplicationFlags
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
0018C0020EB01841
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
ClockTimeSeconds
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
TickCount
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
ExceptionRecord
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
ExceptionRecord
|
|
There are 18 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
10171000
|
unkown image
|
page readonly
|
|
|
|
31AB000
|
unkown
|
page read and write
|
|
|
|
F1E000
|
stack
|
page read and write
|
|
|
|
2C5E000
|
unkown
|
page readonly
|
|
|
|
10409000
|
unkown image
|
page readonly
|
|
|
|
2CF1000
|
unkown
|
page readonly
|
|
|
|
2CF5000
|
unkown
|
page readonly
|
|
|
|
2CB2000
|
unkown
|
page readonly
|
|
|
|
358A000
|
heap default
|
page read and write
|
|
|
|
2AFB000
|
unkown
|
page readonly
|
|
|
|
2C68000
|
unkown
|
page readonly
|
|
|
|
D80000
|
unkown
|
page read and write
|
|
|
|
2C5E000
|
unkown
|
page readonly
|
|
|
|
2D1E000
|
unkown
|
page readonly
|
|
|
|
315A000
|
heap default
|
page read and write
|
|
|
|
33F0000
|
unkown
|
page readonly
|
|
|
|
E92000
|
unkown
|
page read and write
|
|
|
|
2D45000
|
unkown
|
page readonly
|
|
|
|
10409000
|
unkown image
|
page readonly
|
|
|
|
2CA6000
|
unkown
|
page readonly
|
|
|
|
2CB7000
|
unkown
|
page readonly
|
|
|
|
4640000
|
heap private
|
page read and write
|
|
|
|
2C4D000
|
unkown
|
page readonly
|
|
|
|
C7B000
|
stack
|
page read and write
|
|
|
|
3470000
|
unkown
|
page readonly
|
|
|
|
A4E000
|
stack
|
page read and write
|
|
|
|
344E000
|
unkown
|
page read and write
|
|
|
|
2D54000
|
unkown
|
page readonly
|
|
|
|
2C8A000
|
unkown
|
page readonly
|
|
|
|
2F9E000
|
stack
|
page read and write
|
|
|
|
2D20000
|
unkown
|
page readonly
|
|
|
|
2C9B000
|
unkown
|
page readonly
|
|
|
|
ED0000
|
heap private
|
page read and write
|
|
|
|
10401000
|
unkown image
|
page read and write
|
|
|
|
5230000
|
heap private
|
page read and write
|
|
|
|
4A90000
|
heap private
|
page read and write
|
|
|
|
A00000
|
heap default
|
page read and write
|
|
|
|
2CF5000
|
unkown
|
page readonly
|
|
|
|
10289000
|
unkown image
|
page read and write
|
|
|
|
EB0000
|
unkown
|
page read and write
|
|
|
|
136F000
|
stack
|
page read and write
|
|
|
|
4E5E000
|
unkown
|
page read and write
|
|
|
|
10289000
|
unkown image
|
page read and write
|
|
|
|
2B95000
|
unkown
|
page readonly
|
|
|
|
2CC0000
|
unkown
|
page readonly
|
|
|
|
AF0000
|
heap private
|
page read and write
|
|
|
|
2C82000
|
unkown
|
page readonly
|
|
|
|
48F0000
|
heap private
|
page read and write
|
|
|
|
A2E000
|
unkown
|
page read and write
|
|
|
|
DB0000
|
unkown
|
page readonly
|
|
|
|
1390000
|
heap default
|
page read and write
|
|
|
|
2CAF000
|
unkown
|
page readonly
|
|
|
|
2D54000
|
unkown
|
page readonly
|
|
|
|
E60000
|
unkown
|
page readonly
|
|
|
|
990000
|
unkown
|
page readonly
|
|
|
|
2CC2000
|
unkown
|
page readonly
|
|
|
|
31A7000
|
unkown
|
page read and write
|
|
|
|
2CCF000
|
unkown
|
page readonly
|
|
|
|
BBA000
|
heap default
|
page read and write
|
|
|
|
3250000
|
unkown
|
page readonly
|
|
|
|
2CE2000
|
unkown
|
page readonly
|
|
|
|
10FB000
|
stack
|
page read and write
|
|
|
|
122E000
|
unkown
|
page read and write
|
|
|
|
2D55000
|
unkown
|
page readonly
|
|
|
|
1100000
|
unkown
|
page readonly
|
|
|
|
489E000
|
stack
|
page read and write
|
|
|
|
1028B000
|
unkown image
|
page write copy
|
|
|
|
2CEC000
|
unkown
|
page readonly
|
|
|
|
2D06000
|
unkown
|
page readonly
|
|
|
|
2D22000
|
unkown
|
page readonly
|
|
|
|
2C91000
|
unkown
|
page readonly
|
|
|
|
3570000
|
unkown
|
page readonly
|
|
|
|
2DA6000
|
unkown
|
page readonly
|
|
|
|
2CBE000
|
unkown
|
page readonly
|
|
|
|
2C96000
|
unkown
|
page readonly
|
|
|
|
329B000
|
stack
|
page read and write
|
|
|
|
2D40000
|
unkown
|
page readonly
|
|
|
|
4510000
|
unkown
|
page readonly
|
|
|
|
2D46000
|
unkown
|
page readonly
|
|
|
|
6F6000
|
unkown
|
page read and write
|
|
|
|
2C96000
|
unkown
|
page readonly
|
|
|
|
E9F000
|
unkown
|
page read and write
|
|
|
|
2CBC000
|
unkown
|
page readonly
|
|
|
|
2C6F000
|
unkown
|
page readonly
|
|
|
|
2C8D000
|
unkown
|
page readonly
|
|
|
|
3400000
|
unkown
|
page readonly
|
|
|
|
3300000
|
unkown
|
page readonly
|
|
|
|
2DB4000
|
unkown
|
page readonly
|
|
|
|
313E000
|
unkown
|
page read and write
|
|
|
|
1590000
|
unkown
|
page readonly
|
|
|
|
2CBE000
|
unkown
|
page readonly
|
|
|
|
2BD8000
|
unkown
|
page readonly
|
|
|
|
2D60000
|
unkown
|
page readonly
|
|
|
|
2CC0000
|
unkown
|
page readonly
|
|
|
|
101CE000
|
unkown image
|
page readonly
|
|
|
|
5050000
|
heap private
|
page read and write
|
|
|
|
2B85000
|
unkown
|
page readonly
|
|
|
|
34CF000
|
stack
|
page read and write
|
|
|
|
3480000
|
heap default
|
page read and write
|
|
|
|
2CB2000
|
unkown
|
page readonly
|
|
|
|
2D4B000
|
unkown
|
page readonly
|
|
|
|
970000
|
unkown
|
page read and write
|
|
|
|
DA0000
|
unkown
|
page readonly
|
|
|
|
2D17000
|
unkown
|
page readonly
|
|
|
|
D70000
|
unkown
|
page read and write
|
|
|
|
2CA6000
|
unkown
|
page readonly
|
|
|
|
3550000
|
unkown
|
page read and write
|
|
|
|
2B78000
|
unkown
|
page readonly
|
|
|
|
2CBE000
|
unkown
|
page readonly
|
|
|
|
2CC8000
|
unkown
|
page readonly
|
|
|
|
2C8A000
|
unkown
|
page readonly
|
|
|
|
2CE5000
|
unkown
|
page readonly
|
|
|
|
2CF6000
|
unkown
|
page readonly
|
|
|
|
2CE0000
|
unkown
|
page readonly
|
|
|
|
2BE5000
|
unkown
|
page readonly
|
|
|
|
ADE000
|
stack
|
page read and write
|
|
|
|
2CEA000
|
unkown
|
page readonly
|
|
|
|
2CAF000
|
unkown
|
page readonly
|
|
|
|
2CFB000
|
unkown
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
EAE000
|
unkown
|
page read and write
|
|
|
|
2B78000
|
unkown
|
page readonly
|
|
|
|
CB0000
|
unkown
|
page readonly
|
|
|
|
10289000
|
unkown image
|
page read and write
|
|
|
|
1028B000
|
unkown image
|
page write copy
|
|
|
|
2CD3000
|
unkown
|
page readonly
|
|
|
|
2CA4000
|
unkown
|
page readonly
|
|
|
|
350E000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2DC0000
|
unkown
|
page readonly
|
|
|
|
10171000
|
unkown image
|
page readonly
|
|
|
|
2D46000
|
unkown
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2D5A000
|
unkown
|
page readonly
|
|
|
|
CB0000
|
unkown
|
page readonly
|
|
|
|
2D12000
|
unkown
|
page readonly
|
|
|
|
2D40000
|
unkown
|
page readonly
|
|
|
|
4E9F000
|
stack
|
page read and write
|
|
|
|
D80000
|
unkown
|
page readonly
|
|
|
|
2CE0000
|
unkown
|
page readonly
|
|
|
|
10001000
|
unkown image
|
page execute read
|
|
|
|
2D68000
|
unkown
|
page readonly
|
|
|
|
2D00000
|
unkown
|
page readonly
|
|
|
|
2CBC000
|
unkown
|
page readonly
|
|
|
|
2CE5000
|
unkown
|
page readonly
|
|
|
|
2DA0000
|
unkown
|
page readonly
|
|
|
|
2CD3000
|
unkown
|
page readonly
|
|
|
|
DCE000
|
unkown
|
page read and write
|
|
|
|
2D6E000
|
unkown
|
page read and write
|
|
|
|
E96000
|
unkown
|
page read and write
|
|
|
|
10001000
|
unkown image
|
page execute read
|
|
|
|
2DC8000
|
unkown
|
page readonly
|
|
|
|
2DAB000
|
unkown
|
page readonly
|
|
|
|
2CA4000
|
unkown
|
page readonly
|
|
|
|
4670000
|
heap private
|
page read and write
|
|
|
|
2CA0000
|
unkown
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2CA0000
|
unkown
|
page readonly
|
|
|
|
3150000
|
heap default
|
page read and write
|
|
|
|
2CFA000
|
unkown
|
page readonly
|
|
|
|
BAF000
|
stack
|
page read and write
|
|
|
|
83B000
|
stack
|
page read and write
|
|
|
|
325C000
|
unkown
|
page read and write
|
|
|
|
158E000
|
stack
|
page read and write
|
|
|
|
2C91000
|
unkown
|
page readonly
|
|
|
|
2C6F000
|
unkown
|
page readonly
|
|
|
|
3580000
|
heap default
|
page read and write
|
|
|
|
2D40000
|
unkown
|
page readonly
|
|
|
|
2C61000
|
unkown
|
page readonly
|
|
|
|
2CED000
|
unkown
|
page readonly
|
|
|
|
2CC2000
|
unkown
|
page readonly
|
|
|
|
A50000
|
unkown
|
page readonly
|
|
|
|
E10000
|
heap default
|
page read and write
|
|
|
|
4900000
|
unkown
|
page readonly
|
|
|
|
2DC0000
|
unkown
|
page read and write
|
|
|
|
2AFB000
|
unkown
|
page readonly
|
|
|
|
1028B000
|
unkown image
|
page write copy
|
|
|
|
9F0000
|
unkown
|
page readonly
|
|
|
|
AE0000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2C8D000
|
unkown
|
page readonly
|
|
|
|
354E000
|
stack
|
page read and write
|
|
|
|
11E0000
|
heap default
|
page read and write
|
|
|
|
A9E000
|
unkown
|
page read and write
|
|
|
|
2D68000
|
unkown
|
page readonly
|
|
|
|
2D68000
|
unkown
|
page readonly
|
|
|
|
E5E000
|
stack
|
page read and write
|
|
|
|
B6E000
|
unkown
|
page read and write
|
|
|
|
10401000
|
unkown image
|
page read and write
|
|
|
|
2DC8000
|
unkown
|
page readonly
|
|
|
|
10001000
|
unkown image
|
page execute read
|
|
|
|
DD0000
|
unkown
|
page readonly
|
|
|
|
9EE000
|
unkown
|
page read and write
|
|
|
|
3450000
|
heap private
|
page read and write
|
|
|
|
101CE000
|
unkown image
|
page readonly
|
|
|
|
2CC1000
|
unkown
|
page readonly
|
|
|
|
2B5B000
|
unkown
|
page readonly
|
|
|
|
2E90000
|
heap private
|
page read and write
|
|
|
|
2C68000
|
unkown
|
page readonly
|
|
|
|
6F2000
|
unkown
|
page read and write
|
|
|
|
2CB7000
|
unkown
|
page readonly
|
|
|
|
C3C000
|
unkown
|
page read and write
|
|
|
|
3460000
|
unkown
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2C61000
|
unkown
|
page readonly
|
|
|
|
10401000
|
unkown image
|
page read and write
|
|
|
|
4EA0000
|
unkown
|
page readonly
|
|
|
|
B10000
|
unkown
|
page readonly
|
|
|
|
2D0F000
|
unkown
|
page readonly
|
|
|
|
2D33000
|
unkown
|
page readonly
|
|
|
|
2B85000
|
unkown
|
page readonly
|
|
|
|
2D4C000
|
unkown
|
page readonly
|
|
|
|
2CEC000
|
unkown
|
page readonly
|
|
|
|
2C9B000
|
unkown
|
page readonly
|
|
|
|
DFD000
|
unkown
|
page read and write
|
|
|
|
10409000
|
unkown image
|
page readonly
|
|
|
|
D0D000
|
unkown
|
page read and write
|
|
|
|
2BF5000
|
unkown
|
page readonly
|
|
|
|
3680000
|
unkown
|
page readonly
|
|
|
|
9A0000
|
unkown
|
page readonly
|
|
|
|
A2A000
|
unkown
|
page read and write
|
|
|
|
E00000
|
unkown
|
page readonly
|
|
|
|
2D68000
|
unkown
|
page readonly
|
|
|
|
2CFA000
|
unkown
|
page readonly
|
|
|
|
2C4D000
|
unkown
|
page readonly
|
|
|
|
2D1C000
|
unkown
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2D04000
|
unkown
|
page readonly
|
|
|
|
2C82000
|
unkown
|
page readonly
|
|
|
|
139B000
|
heap default
|
page read and write
|
|
|
|
8A0000
|
unkown
|
page readonly
|
|
|
|
101CE000
|
unkown image
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
10171000
|
unkown image
|
page readonly
|
|
|
|
5FC000
|
unkown
|
page read and write
|
|
|
|
2D4B000
|
unkown
|
page readonly
|
|
|
|
2D60000
|
unkown
|
page readonly
|
|
|
|
F20000
|
unkown
|
page readonly
|
|
|
|
2CAD000
|
unkown
|
page readonly
|
|
|
|
2B95000
|
unkown
|
page readonly
|
|
|
|
33D0000
|
unkown
|
page read and write
|
|
|
|
BB0000
|
heap default
|
page read and write
|
|
There are 232 hidden memdumps, click here to show them.