Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
62835e34e60c1.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_99e41d792528612ced890929ed2335749e1b7_7cac0383_0c9233db\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_b48bc1255c8639c941b68601e9389dc647932d2_7cac0383_190a0077\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_cb7b105113bf417cfd7547dda3de839a49ae23_7cac0383_05f1cc86\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER150A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER20C3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB41C.tmp.dmp
|
Mini DuMP crash report, 15 streams, Tue May 17 17:58:04 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB73.tmp.dmp
|
Mini DuMP crash report, 15 streams, Tue May 17 17:58:26 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBBBE.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC4B8.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE28F.tmp.dmp
|
Mini DuMP crash report, 15 streams, Tue May 17 17:58:16 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE908.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREF72.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_99e41d792528612ced890929ed2335749e1b7_7cac0383_1936fee1\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_cb7b105113bf417cfd7547dda3de839a49ae23_7cac0383_1942d7b1\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_e912ab21695e486193197883960c42688442ed7_7cac0383_1836ecd0\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD1D5.tmp.dmp
|
Mini DuMP crash report, 15 streams, Tue May 17 17:46:23 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD4C4.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD67B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE01E.tmp.dmp
|
Mini DuMP crash report, 15 streams, Tue May 17 17:46:27 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE33B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE465.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF4BF.tmp.dmp
|
Mini DuMP crash report, 15 streams, Tue May 17 17:46:32 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF740.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF8A9.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
There are 15 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\62835e34e60c1.dll",#1
|
|
|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\62835e34e60c1.dll"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\62835e34e60c1.dll",#1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 400
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 408
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 436
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 400
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 408
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 412
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://185.189.151.70/drew/aaJEUlLh_/2FLHWWSII4z5Zv8IHOi1/CMWvnEAIAbago4IEJQ4/RXWAE
|
unknown
|
|
|
|
http://185.18
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
l-0007.l-dc-msedge.net
|
13.107.43.16
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.189.151.70
|
unknown
|
Switzerland
|
|
|
|
185.189.151.28
|
unknown
|
Switzerland
|
|
|
|
192.168.2.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
001840064172BCE4
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C005C62C4D85
|
There are 2 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4ED8000
|
heap
|
page read and write
|
|
|
|
4ED8000
|
heap
|
page read and write
|
|
|
|
4ED8000
|
heap
|
page read and write
|
|
|
|
4ED8000
|
heap
|
page read and write
|
|
|
|
4ED8000
|
heap
|
page read and write
|
|
|
|
4ED8000
|
heap
|
page read and write
|
|
|
|
4ED8000
|
heap
|
page read and write
|
|
|
|
49E9000
|
heap
|
page read and write
|
|
|
|
4ED8000
|
heap
|
page read and write
|
|
|
|
4ED8000
|
heap
|
page read and write
|
|
|
|
1F8AD870000
|
heap
|
page read and write
|
||
|
1B46F9C0000
|
heap
|
page readonly
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
6C7000
|
unkown
|
page write copy
|
||
|
1B46F780000
|
trusted library allocation
|
page read and write
|
||
|
6B0000
|
unkown
|
page readonly
|
||
|
46D000
|
stack
|
page read and write
|
||
|
1B46E930000
|
trusted library allocation
|
page read and write
|
||
|
5175DCE000
|
stack
|
page read and write
|
||
|
7C13FB000
|
stack
|
page read and write
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
207D4100000
|
trusted library allocation
|
page read and write
|
||
|
6A0000
|
trusted library allocation
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
16C1E713000
|
heap
|
page read and write
|
||
|
276F1E8A000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
13829229000
|
heap
|
page read and write
|
||
|
6BD000
|
unkown
|
page readonly
|
||
|
CB9000
|
unclassified section
|
page readonly
|
||
|
13829227000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
3EEC55B000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
1F8AD84F000
|
heap
|
page read and write
|
||
|
1B46EB20000
|
heap
|
page read and write
|
||
|
1B46EB6F000
|
heap
|
page read and write
|
||
|
6BD000
|
unkown
|
page readonly
|
||
|
5175CCC000
|
stack
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
7841E77000
|
stack
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
5175D4E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
985000
|
heap
|
page read and write
|
||
|
13829313000
|
heap
|
page read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
1678ED13000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
CBC000
|
unclassified section
|
page readonly
|
||
|
1B46EE15000
|
heap
|
page read and write
|
||
|
B05000
|
heap
|
page read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
16C1E560000
|
trusted library allocation
|
page read and write
|
||
|
1B46E920000
|
heap
|
page read and write
|
||
|
1678ED08000
|
heap
|
page read and write
|
||
|
7841A7D000
|
stack
|
page read and write
|
||
|
6A0000
|
trusted library allocation
|
page read and write
|
||
|
1678ED02000
|
heap
|
page read and write
|
||
|
16C1E666000
|
heap
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
712000
|
unkown
|
page readonly
|
||
|
212C7B000
|
stack
|
page read and write
|
||
|
212A7C000
|
stack
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
7841BFC000
|
stack
|
page read and write
|
||
|
3EECD7F000
|
stack
|
page read and write
|
||
|
7C16FE000
|
stack
|
page read and write
|
||
|
D0125BD000
|
stack
|
page read and write
|
||
|
276F1CB0000
|
heap
|
page read and write
|
||
|
13829213000
|
heap
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
6B0000
|
unkown
|
page readonly
|
||
|
7841F7F000
|
stack
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
2131979000
|
stack
|
page read and write
|
||
|
1B46FA30000
|
trusted library allocation
|
page read and write
|
||
|
712000
|
unkown
|
page readonly
|
||
|
6B0000
|
unkown
|
page readonly
|
||
|
1678EC00000
|
heap
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
56C000
|
stack
|
page read and write
|
||
|
207D4513000
|
heap
|
page read and write
|
||
|
1678EC3C000
|
heap
|
page read and write
|
||
|
6B1000
|
unkown
|
page execute read
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
6BF000
|
unkown
|
page read and write
|
||
|
6BB000
|
unkown
|
page execute read
|
||
|
538E000
|
stack
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
16C1E600000
|
heap
|
page read and write
|
||
|
276F1C50000
|
heap
|
page read and write
|
||
|
13829190000
|
heap
|
page read and write
|
||
|
56C000
|
stack
|
page read and write
|
||
|
212DFB000
|
stack
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
52C000
|
stack
|
page read and write
|
||
|
1F8AD610000
|
heap
|
page read and write
|
||
|
51763FE000
|
stack
|
page read and write
|
||
|
1678EC81000
|
heap
|
page read and write
|
||
|
6B1000
|
unkown
|
page execute read
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
207D4413000
|
heap
|
page read and write
|
||
|
7C17FB000
|
stack
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
16C1E655000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
16C1E702000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
D012E7F000
|
stack
|
page read and write
|
||
|
13829270000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
8F0000
|
remote allocation
|
page read and write
|
||
|
1678EC4E000
|
heap
|
page read and write
|
||
|
CAF000
|
stack
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
1382927E000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
1F8AD856000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
6C7000
|
unkown
|
page write copy
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
6B1000
|
unkown
|
page execute read
|
||
|
466D000
|
stack
|
page read and write
|
||
|
207D4000000
|
unkown
|
page read and write
|
||
|
7B0000
|
remote allocation
|
page read and write
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
D01297B000
|
stack
|
page read and write
|
||
|
1678EC51000
|
heap
|
page read and write
|
||
|
6BD000
|
unkown
|
page readonly
|
||
|
6A0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page read and write
|
||
|
13829249000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
1F8AD5A0000
|
heap
|
page read and write
|
||
|
207D400D000
|
unkown
|
page read and write
|
||
|
2130FF000
|
stack
|
page read and write
|
||
|
1B46EAF0000
|
trusted library allocation
|
page read and write
|
||
|
6B1000
|
unkown
|
page execute read
|
||
|
1678EC13000
|
heap
|
page read and write
|
||
|
207D406A000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
276F1E00000
|
heap
|
page read and write
|
||
|
1B46EB00000
|
trusted library allocation
|
page read and write
|
||
|
13829180000
|
heap
|
page read and write
|
||
|
1678EC49000
|
heap
|
page read and write
|
||
|
1B46EB10000
|
trusted library allocation
|
page read and write
|
||
|
207D4115000
|
trusted library allocation
|
page read and write
|
||
|
7C197E000
|
stack
|
page read and write
|
||
|
1678F402000
|
trusted library allocation
|
page read and write
|
||
|
56C000
|
stack
|
page read and write
|
||
|
276F1E81000
|
heap
|
page read and write
|
||
|
212AFE000
|
stack
|
page read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
1B46EB59000
|
heap
|
page read and write
|
||
|
6B1000
|
unkown
|
page execute read
|
||
|
6C7000
|
unkown
|
page write copy
|
||
|
7C1A77000
|
stack
|
page read and write
|
||
|
CAF000
|
stack
|
page read and write
|
||
|
A2D000
|
stack
|
page read and write
|
||
|
6BF000
|
unkown
|
page read and write
|
||
|
B2E000
|
heap
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
212EF7000
|
stack
|
page read and write
|
||
|
1F8AD900000
|
heap
|
page read and write
|
||
|
7C18FB000
|
stack
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
1B46EA80000
|
heap
|
page read and write
|
||
|
1F8AD87E000
|
heap
|
page read and write
|
||
|
16C1E400000
|
heap
|
page read and write
|
||
|
212FFF000
|
stack
|
page read and write
|
||
|
276F1E27000
|
heap
|
page read and write
|
||
|
4ABA000
|
stack
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
1B46EE19000
|
heap
|
page read and write
|
||
|
712000
|
unkown
|
page readonly
|
||
|
207D4102000
|
trusted library allocation
|
page read and write
|
||
|
56B000
|
stack
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
16C1E68A000
|
heap
|
page read and write
|
||
|
1F8AD710000
|
trusted library allocation
|
page read and write
|
||
|
6BB000
|
unkown
|
page execute read
|
||
|
6A0000
|
trusted library allocation
|
page read and write
|
||
|
CAC000
|
stack
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
5D0000
|
trusted library allocation
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
6A0000
|
trusted library allocation
|
page read and write
|
||
|
406000
|
unkown
|
page readonly
|
||
|
6BB000
|
unkown
|
page execute read
|
||
|
1B46EE10000
|
heap
|
page read and write
|
||
|
16C1E700000
|
heap
|
page read and write
|
||
|
6B1000
|
unkown
|
page execute read
|
||
|
4EDB000
|
heap
|
page read and write
|
||
|
276F1F13000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
8F0000
|
remote allocation
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
51762F7000
|
stack
|
page read and write
|
||
|
712000
|
unkown
|
page readonly
|
||
|
6C7000
|
unkown
|
page write copy
|
||
|
207D4037000
|
heap
|
page read and write
|
||
|
1F8AD813000
|
heap
|
page read and write
|
||
|
2131A7E000
|
stack
|
page read and write
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
990000
|
direct allocation
|
page read and write
|
||
|
1678E9A0000
|
heap
|
page read and write
|
||
|
1B46EA60000
|
heap
|
page read and write
|
||
|
1B46F9E0000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
unclassified section
|
page read and write
|
||
|
1F8AD913000
|
heap
|
page read and write
|
||
|
207D4513000
|
heap
|
page read and write
|
||
|
1678EC48000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
712000
|
unkown
|
page readonly
|
||
|
1B46EE20000
|
trusted library allocation
|
page read and write
|
||
|
276F1E29000
|
heap
|
page read and write
|
||
|
207D4123000
|
heap
|
page read and write
|
||
|
6B0000
|
unkown
|
page readonly
|
||
|
207D3F80000
|
trusted library allocation
|
page read and write
|
||
|
1F8AD88B000
|
heap
|
page read and write
|
||
|
276F1F02000
|
heap
|
page read and write
|
||
|
1678EC02000
|
heap
|
page read and write
|
||
|
13829308000
|
heap
|
page read and write
|
||
|
1B46EB8D000
|
heap
|
page read and write
|
||
|
207D4402000
|
heap
|
page read and write
|
||
|
52AF000
|
stack
|
page read and write
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
138291F0000
|
heap
|
page read and write
|
||
|
1F8AD83C000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page read and write
|
||
|
21315FB000
|
stack
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
7B0000
|
remote allocation
|
page read and write
|
||
|
276F2602000
|
trusted library allocation
|
page read and write
|
||
|
1678EC50000
|
heap
|
page read and write
|
||
|
1678EC4D000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
1F8AD926000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
6C7000
|
unkown
|
page write copy
|
||
|
16C1EE02000
|
trusted library allocation
|
page read and write
|
||
|
CB1000
|
unclassified section
|
page execute read
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
56C000
|
stack
|
page read and write
|
||
|
276F1C40000
|
heap
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
6BB000
|
unkown
|
page execute read
|
||
|
46D000
|
stack
|
page read and write
|
||
|
56C000
|
stack
|
page read and write
|
||
|
1678EC60000
|
heap
|
page read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
7C1C7E000
|
stack
|
page read and write
|
||
|
46D000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
D012D79000
|
stack
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
56C000
|
stack
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
405000
|
unkown
|
page read and write
|
||
|
1678EC45000
|
heap
|
page read and write
|
||
|
8F0000
|
remote allocation
|
page read and write
|
||
|
6BF000
|
unkown
|
page read and write
|
||
|
1B46EB6F000
|
heap
|
page read and write
|
||
|
207D4400000
|
heap
|
page read and write
|
||
|
207D403A000
|
heap
|
page read and write
|
||
|
8E0000
|
trusted library allocation
|
page read and write
|
||
|
207D4013000
|
unkown
|
page read and write
|
||
|
207D4502000
|
heap
|
page read and write
|
||
|
276F1E3C000
|
heap
|
page read and write
|
||
|
13829253000
|
heap
|
page read and write
|
||
|
CAF000
|
stack
|
page read and write
|
||
|
16C1E628000
|
heap
|
page read and write
|
||
|
6B1000
|
unkown
|
page execute read
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
462C000
|
stack
|
page read and write
|
||
|
6BB000
|
unkown
|
page execute read
|
||
|
16C1E613000
|
heap
|
page read and write
|
||
|
1F8AD865000
|
heap
|
page read and write
|
||
|
16C1E3F0000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
207D4502000
|
heap
|
page read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
1678EC29000
|
heap
|
page read and write
|
||
|
1382928E000
|
heap
|
page read and write
|
||
|
1F8AE002000
|
trusted library allocation
|
page read and write
|
||
|
1678EC60000
|
heap
|
page read and write
|
||
|
6C7000
|
unkown
|
page write copy
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
1B46EB6F000
|
heap
|
page read and write
|
||
|
6BB000
|
unkown
|
page execute read
|
||
|
970000
|
direct allocation
|
page execute and read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
712000
|
unkown
|
page readonly
|
||
|
7841AFF000
|
stack
|
page read and write
|
||
|
784179B000
|
stack
|
page read and write
|
||
|
6A0000
|
trusted library allocation
|
page read and write
|
||
|
1678EB10000
|
trusted library allocation
|
page read and write
|
||
|
46D000
|
stack
|
page read and write
|
||
|
276F1E70000
|
heap
|
page read and write
|
||
|
46D000
|
stack
|
page read and write
|
||
|
13829289000
|
heap
|
page read and write
|
||
|
13829C02000
|
trusted library allocation
|
page read and write
|
||
|
207D4002000
|
unkown
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
3EECB7E000
|
stack
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
1382924E000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
52EE000
|
stack
|
page read and write
|
||
|
6BF000
|
unkown
|
page read and write
|
||
|
6BD000
|
unkown
|
page readonly
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
6BD000
|
unkown
|
page readonly
|
||
|
CAF000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page read and write
|
||
|
207D4500000
|
heap
|
page read and write
|
||
|
3EECC7B000
|
stack
|
page read and write
|
||
|
51764FF000
|
stack
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
1382923C000
|
heap
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
6BF000
|
unkown
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
1F8AD5B0000
|
heap
|
page read and write
|
||
|
1678EA10000
|
heap
|
page read and write
|
||
|
207D406A000
|
heap
|
page read and write
|
||
|
53CF000
|
stack
|
page read and write
|
||
|
207D3F70000
|
heap
|
page read and write
|
||
|
2131B79000
|
stack
|
page read and write
|
||
|
207D403A000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
CAF000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page read and write
|
||
|
1B46F9B0000
|
trusted library allocation
|
page read and write
|
||
|
ABA000
|
heap
|
page read and write
|
||
|
712000
|
unkown
|
page readonly
|
||
|
1B46EB29000
|
heap
|
page read and write
|
||
|
6BF000
|
unkown
|
page read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page read and write
|
||
|
1678EC71000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
7841C7E000
|
stack
|
page read and write
|
||
|
1678EC46000
|
heap
|
page read and write
|
||
|
403000
|
unkown
|
page readonly
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
532F000
|
stack
|
page read and write
|
||
|
46D000
|
stack
|
page read and write
|
||
|
46D000
|
stack
|
page read and write
|
||
|
7841D7A000
|
stack
|
page read and write
|
||
|
1382924C000
|
heap
|
page read and write
|
||
|
3EECA7B000
|
stack
|
page read and write
|
||
|
13829302000
|
heap
|
page read and write
|
||
|
1F8AD865000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
16C1E63C000
|
heap
|
page read and write
|
||
|
1678E9B0000
|
heap
|
page read and write
|
||
|
6B0000
|
unkown
|
page readonly
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
6BB000
|
unkown
|
page execute read
|
||
|
276F1DB0000
|
trusted library allocation
|
page read and write
|
||
|
1B46EB67000
|
heap
|
page read and write
|
||
|
4AE0000
|
heap
|
page read and write
|
||
|
1B46EB31000
|
heap
|
page read and write
|
||
|
1F8AD902000
|
heap
|
page read and write
|
||
|
6A0000
|
trusted library allocation
|
page read and write
|
||
|
1F8AD802000
|
heap
|
page read and write
|
||
|
CBA000
|
unclassified section
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
207D403A000
|
heap
|
page read and write
|
||
|
56C000
|
stack
|
page read and write
|
||
|
13829300000
|
heap
|
page read and write
|
||
|
7C167E000
|
stack
|
page read and write
|
||
|
21319FA000
|
stack
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
51761FB000
|
stack
|
page read and write
|
||
|
16C1E460000
|
heap
|
page read and write
|
||
|
13829200000
|
heap
|
page read and write
|
||
|
526E000
|
stack
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
6B0000
|
unkown
|
page readonly
|
||
|
4EDB000
|
heap
|
page read and write
|
||
|
4670000
|
heap
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
13829A90000
|
trusted library allocation
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
1F8AD800000
|
heap
|
page read and write
|
||
|
212B7D000
|
stack
|
page read and write
|
||
|
212CFE000
|
stack
|
page read and write
|
||
|
1678EC8C000
|
heap
|
page read and write
|
||
|
CAF000
|
stack
|
page read and write
|
||
|
784217E000
|
stack
|
page read and write
|
||
|
6BF000
|
unkown
|
page read and write
|
||
|
6C7000
|
unkown
|
page write copy
|
||
|
1F8AD908000
|
heap
|
page read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
4A68000
|
heap
|
page read and write
|
||
|
452B000
|
stack
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
CAF000
|
stack
|
page read and write
|
||
|
6BD000
|
unkown
|
page readonly
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
8F0000
|
remote allocation
|
page read and write
|
||
|
1B46F9D0000
|
trusted library allocation
|
page read and write
|
||
|
7C1B7E000
|
stack
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
9D3000
|
direct allocation
|
page read and write
|
||
|
207D3FE0000
|
heap
|
page read and write
|
||
|
1678ED00000
|
heap
|
page read and write
|
||
|
1F8AD829000
|
heap
|
page read and write
|
||
|
276F1E13000
|
heap
|
page read and write
|
||
|
AA0000
|
direct allocation
|
page read and write
|
||
|
207D4028000
|
heap
|
page read and write
|
||
|
6BD000
|
unkown
|
page readonly
|
||
|
1678EC4B000
|
heap
|
page read and write
|
||
|
276F1E5E000
|
heap
|
page read and write
|
||
|
D07000
|
heap
|
page read and write
|
||
|
784207A000
|
stack
|
page read and write
|
||
|
45EE000
|
stack
|
page read and write
|
||
|
8E0000
|
trusted library allocation
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
6B0000
|
unkown
|
page readonly
|
There are 443 hidden memdumps, click here to show them.