Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
OCVOXxB3d1.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_76b43c6d9c1a2a81832137409fd652e3d2404ae8_7cac0383_17015320\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bc4dba44e5104f2aa4617139c4a8f4569b60d283_82810a17_16914f67\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bc4dba44e5104f2aa4617139c4a8f4569b60d283_82810a17_16bd4e9c\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3F2B.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Aug 31 21:47:16 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3F3A.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Aug 31 21:47:16 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4507.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Aug 31 21:47:17 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4575.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4640.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER473B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4806.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER495D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B81.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\OCVOXxB3d1.dll"
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\OCVOXxB3d1.dll,_ReflectiveLoader@0
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\OCVOXxB3d1.dll",#1
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\OCVOXxB3d1.dll",#1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 632
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 648
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 580
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://gandcrab2pie73et.onion/cb44cde56c4e43dc
|
unknown
|
|
|
|
http://www.sfu.ca/jabber/Psi_Jabber_PC.pdf
|
unknown
|
||
|
https://www.torproject.org/
|
unknown
|
||
|
https://psi-im.org/download/
|
unknown
|
||
|
http://sj.ms/register.php
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{1a1e7d09-340c-2d0e-c48a-917c89d42600}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
707B3000
|
unkown
|
page write copy
|
|
|
|
707B3000
|
unkown
|
page write copy
|
|
|
|
707AB000
|
unkown
|
page readonly
|
|
|
|
707AB000
|
unkown
|
page readonly
|
|
|
|
146B000
|
heap
|
page read and write
|
|
|
|
707B3000
|
unkown
|
page write copy
|
|
|
|
707AB000
|
unkown
|
page readonly
|
|
|
|
707B3000
|
unkown
|
page write copy
|
|
|
|
707B3000
|
unkown
|
page write copy
|
|
|
|
3590000
|
heap
|
page read and write
|
|
|
|
3590000
|
heap
|
page read and write
|
|
|
|
707AB000
|
unkown
|
page readonly
|
|
|
|
3590000
|
heap
|
page read and write
|
|
|
|
146B000
|
heap
|
page read and write
|
|
|
|
707AB000
|
unkown
|
page readonly
|
|
|
|
707B3000
|
unkown
|
page write copy
|
|
|
|
707AB000
|
unkown
|
page readonly
|
|
|
|
146B000
|
heap
|
page read and write
|
|
|
|
35B7000
|
heap
|
page read and write
|
||
|
29E4FD7C000
|
heap
|
page read and write
|
||
|
284DA570000
|
heap
|
page read and write
|
||
|
29E4F24A000
|
heap
|
page read and write
|
||
|
6790000
|
trusted library allocation
|
page read and write
|
||
|
1EA48120000
|
heap
|
page read and write
|
||
|
D81817E000
|
stack
|
page read and write
|
||
|
AF7431E000
|
stack
|
page read and write
|
||
|
29E4F249000
|
heap
|
page read and write
|
||
|
1EE15402000
|
heap
|
page read and write
|
||
|
169E000
|
stack
|
page read and write
|
||
|
2E2A5C3C000
|
heap
|
page read and write
|
||
|
29E4FD7C000
|
heap
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
707B5000
|
unkown
|
page readonly
|
||
|
29E4FDF9000
|
heap
|
page read and write
|
||
|
AC4BFEE000
|
stack
|
page read and write
|
||
|
35B2000
|
heap
|
page read and write
|
||
|
1EE14FE0000
|
heap
|
page read and write
|
||
|
29E4F24D000
|
heap
|
page read and write
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
29E4FD7F000
|
heap
|
page read and write
|
||
|
24F15967000
|
heap
|
page read and write
|
||
|
1EE15500000
|
heap
|
page read and write
|
||
|
29E4F24B000
|
heap
|
page read and write
|
||
|
29E4F302000
|
heap
|
page read and write
|
||
|
3580000
|
remote allocation
|
page read and write
|
||
|
24F15BA0000
|
heap
|
page read and write
|
||
|
1EA48302000
|
heap
|
page read and write
|
||
|
29E4FD7E000
|
heap
|
page read and write
|
||
|
29E4FD9B000
|
heap
|
page read and write
|
||
|
EFDD1F7000
|
stack
|
page read and write
|
||
|
956B57F000
|
stack
|
page read and write
|
||
|
169E000
|
stack
|
page read and write
|
||
|
29E4FD8E000
|
heap
|
page read and write
|
||
|
284DB002000
|
trusted library allocation
|
page read and write
|
||
|
29E4FD6B000
|
heap
|
page read and write
|
||
|
6780000
|
heap
|
page read and write
|
||
|
1EE15210000
|
unkown
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
6784000
|
heap
|
page read and write
|
||
|
3200000
|
unkown
|
page read and write
|
||
|
3380000
|
remote allocation
|
page read and write
|
||
|
13285290000
|
heap
|
page read and write
|
||
|
1430000
|
unclassified section
|
page read and write
|
||
|
13285320000
|
trusted library allocation
|
page read and write
|
||
|
34EF000
|
stack
|
page read and write
|
||
|
707A1000
|
unkown
|
page execute read
|
||
|
1460000
|
heap
|
page read and write
|
||
|
29E4FD7F000
|
heap
|
page read and write
|
||
|
33B0000
|
trusted library allocation
|
page read and write
|
||
|
29E4FD65000
|
heap
|
page read and write
|
||
|
AC4C67F000
|
stack
|
page read and write
|
||
|
346E000
|
stack
|
page read and write
|
||
|
29E50202000
|
heap
|
page read and write
|
||
|
1EE15202000
|
unkown
|
page read and write
|
||
|
D818077000
|
stack
|
page read and write
|
||
|
2E2A5D13000
|
heap
|
page read and write
|
||
|
284DA600000
|
heap
|
page read and write
|
||
|
AC4C47B000
|
stack
|
page read and write
|
||
|
29E50202000
|
heap
|
page read and write
|
||
|
12FB000
|
stack
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
35C4000
|
heap
|
page read and write
|
||
|
3380000
|
trusted library allocation
|
page read and write
|
||
|
1EA48270000
|
heap
|
page read and write
|
||
|
D817C7C000
|
stack
|
page read and write
|
||
|
3070000
|
unclassified section
|
page read and write
|
||
|
F7C000
|
stack
|
page read and write
|
||
|
1EA48213000
|
heap
|
page read and write
|
||
|
33F0000
|
trusted library allocation
|
page read and write
|
||
|
32AB000
|
stack
|
page read and write
|
||
|
29E4FDA4000
|
heap
|
page read and write
|
||
|
35B7000
|
heap
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
1EA48C02000
|
trusted library allocation
|
page read and write
|
||
|
132861E0000
|
trusted library allocation
|
page read and write
|
||
|
35CA000
|
heap
|
page read and write
|
||
|
4416DF9000
|
stack
|
page read and write
|
||
|
179F000
|
stack
|
page read and write
|
||
|
EFDD3FF000
|
stack
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
30A2000
|
heap
|
page read and write
|
||
|
2DBB000
|
stack
|
page read and write
|
||
|
29E4FD99000
|
heap
|
page read and write
|
||
|
1EE15315000
|
trusted library allocation
|
page read and write
|
||
|
1430000
|
unclassified section
|
page read and write
|
||
|
284DA650000
|
heap
|
page read and write
|
||
|
35C6000
|
heap
|
page read and write
|
||
|
29E4FD9B000
|
heap
|
page read and write
|
||
|
1EA48279000
|
heap
|
page read and write
|
||
|
29E4FD7E000
|
heap
|
page read and write
|
||
|
29E50202000
|
heap
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
30B9000
|
heap
|
page read and write
|
||
|
29E50202000
|
heap
|
page read and write
|
||
|
13285340000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
29E4F23C000
|
heap
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
1EE15513000
|
heap
|
page read and write
|
||
|
29E4FD91000
|
heap
|
page read and write
|
||
|
1EA48200000
|
heap
|
page read and write
|
||
|
29E4FD99000
|
heap
|
page read and write
|
||
|
308A000
|
heap
|
page read and write
|
||
|
284DA700000
|
heap
|
page read and write
|
||
|
284DA624000
|
heap
|
page read and write
|
||
|
1EE15413000
|
heap
|
page read and write
|
||
|
707B5000
|
unkown
|
page readonly
|
||
|
284DA708000
|
heap
|
page read and write
|
||
|
179F000
|
stack
|
page read and write
|
||
|
35BC000
|
heap
|
page read and write
|
||
|
2E2A5D08000
|
heap
|
page read and write
|
||
|
352E000
|
stack
|
page read and write
|
||
|
356F000
|
stack
|
page read and write
|
||
|
35BB000
|
heap
|
page read and write
|
||
|
284DA689000
|
heap
|
page read and write
|
||
|
2E2A5C5D000
|
heap
|
page read and write
|
||
|
132855E0000
|
heap
|
page read and write
|
||
|
29E4FD7F000
|
heap
|
page read and write
|
||
|
D817E7B000
|
stack
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
29E50202000
|
heap
|
page read and write
|
||
|
3070000
|
unclassified section
|
page read and write
|
||
|
1EA48313000
|
heap
|
page read and write
|
||
|
326C000
|
stack
|
page read and write
|
||
|
30AF000
|
heap
|
page read and write
|
||
|
165E000
|
stack
|
page read and write
|
||
|
707A0000
|
unkown
|
page readonly
|
||
|
308A000
|
heap
|
page read and write
|
||
|
34A0000
|
trusted library allocation
|
page read and write
|
||
|
1C4272C000
|
stack
|
page read and write
|
||
|
30CB000
|
heap
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
29E4FDAC000
|
heap
|
page read and write
|
||
|
3200000
|
unkown
|
page read and write
|
||
|
707A0000
|
unkown
|
page readonly
|
||
|
29E4FD9E000
|
heap
|
page read and write
|
||
|
29E4FDC5000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
13285130000
|
heap
|
page read and write
|
||
|
33F0000
|
trusted library allocation
|
page read and write
|
||
|
956B07E000
|
stack
|
page read and write
|
||
|
24F15980000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
441699D000
|
stack
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
29E4FD7E000
|
heap
|
page read and write
|
||
|
29E4FD99000
|
heap
|
page read and write
|
||
|
2E2A6402000
|
trusted library allocation
|
page read and write
|
||
|
2D7A000
|
stack
|
page read and write
|
||
|
29E4F2EA000
|
heap
|
page read and write
|
||
|
1EA48252000
|
heap
|
page read and write
|
||
|
356F000
|
stack
|
page read and write
|
||
|
284DA63C000
|
heap
|
page read and write
|
||
|
29E4F200000
|
heap
|
page read and write
|
||
|
29E4FD00000
|
heap
|
page read and write
|
||
|
956B0FF000
|
stack
|
page read and write
|
||
|
336F000
|
stack
|
page read and write
|
||
|
1EE15213000
|
unkown
|
page read and write
|
||
|
24F157E0000
|
heap
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
169E000
|
stack
|
page read and write
|
||
|
284DA713000
|
heap
|
page read and write
|
||
|
AC4C8F9000
|
stack
|
page read and write
|
||
|
308A000
|
heap
|
page read and write
|
||
|
29E4FDAE000
|
heap
|
page read and write
|
||
|
29E50202000
|
heap
|
page read and write
|
||
|
29E4FD9C000
|
heap
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
AC4BEEB000
|
stack
|
page read and write
|
||
|
29E4F1A0000
|
trusted library allocation
|
page read and write
|
||
|
D817F7B000
|
stack
|
page read and write
|
||
|
EFDD2FE000
|
stack
|
page read and write
|
||
|
2E2A5C74000
|
heap
|
page read and write
|
||
|
132855D0000
|
trusted library allocation
|
page read and write
|
||
|
707A1000
|
unkown
|
page execute read
|
||
|
29E50252000
|
heap
|
page read and write
|
||
|
2E2A5CA0000
|
heap
|
page read and write
|
||
|
13285FA0000
|
trusted library allocation
|
page read and write
|
||
|
29E4FC02000
|
heap
|
page read and write
|
||
|
1EE15323000
|
heap
|
page read and write
|
||
|
29E4FD1C000
|
heap
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
29E4F110000
|
heap
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
1EA4823C000
|
heap
|
page read and write
|
||
|
1328537D000
|
heap
|
page read and write
|
||
|
356E000
|
stack
|
page read and write
|
||
|
284DA64B000
|
heap
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
2E2A5C13000
|
heap
|
page read and write
|
||
|
AF747FA000
|
stack
|
page read and write
|
||
|
1EA48229000
|
heap
|
page read and write
|
||
|
F10000
|
unkown
|
page read and write
|
||
|
29E4FD7E000
|
heap
|
page read and write
|
||
|
29E4F170000
|
heap
|
page read and write
|
||
|
707A0000
|
unkown
|
page readonly
|
||
|
29E4FD7F000
|
heap
|
page read and write
|
||
|
1EA48256000
|
heap
|
page read and write
|
||
|
44171F9000
|
stack
|
page read and write
|
||
|
2E2A5C7C000
|
heap
|
page read and write
|
||
|
34EF000
|
stack
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
2E2A5990000
|
heap
|
page read and write
|
||
|
34EF000
|
stack
|
page read and write
|
||
|
326C000
|
stack
|
page read and write
|
||
|
6484000
|
heap
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
29E4FD7F000
|
heap
|
page read and write
|
||
|
35C0000
|
heap
|
page read and write
|
||
|
29E4FD90000
|
heap
|
page read and write
|
||
|
34AA000
|
heap
|
page read and write
|
||
|
3390000
|
trusted library allocation
|
page read and write
|
||
|
31A0000
|
trusted library allocation
|
page read and write
|
||
|
32AB000
|
stack
|
page read and write
|
||
|
18DF000
|
stack
|
page read and write
|
||
|
30B7000
|
heap
|
page read and write
|
||
|
30AB000
|
heap
|
page read and write
|
||
|
29E4FAD0000
|
remote allocation
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
24F15A40000
|
heap
|
page read and write
|
||
|
33B0000
|
trusted library allocation
|
page read and write
|
||
|
165E000
|
stack
|
page read and write
|
||
|
29E4F2E1000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
1C42C79000
|
stack
|
page read and write
|
||
|
2DBB000
|
stack
|
page read and write
|
||
|
30AC000
|
heap
|
page read and write
|
||
|
1450000
|
remote allocation
|
page read and write
|
||
|
1EA4824D000
|
heap
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
30A7000
|
heap
|
page read and write
|
||
|
132861D0000
|
heap
|
page readonly
|
||
|
359A000
|
heap
|
page read and write
|
||
|
2E2A5C5A000
|
heap
|
page read and write
|
||
|
AC4CAFD000
|
stack
|
page read and write
|
||
|
AF74679000
|
stack
|
page read and write
|
||
|
13285380000
|
heap
|
page read and write
|
||
|
1EE14FF0000
|
trusted library allocation
|
page read and write
|
||
|
1EE15513000
|
heap
|
page read and write
|
||
|
332E000
|
stack
|
page read and write
|
||
|
29E4F2BA000
|
heap
|
page read and write
|
||
|
35C1000
|
heap
|
page read and write
|
||
|
13285310000
|
trusted library allocation
|
page read and write
|
||
|
3580000
|
remote allocation
|
page read and write
|
||
|
1EE15248000
|
heap
|
page read and write
|
||
|
44170F9000
|
stack
|
page read and write
|
||
|
29E4F2C5000
|
heap
|
page read and write
|
||
|
352E000
|
stack
|
page read and write
|
||
|
956ADBC000
|
stack
|
page read and write
|
||
|
1EA48300000
|
heap
|
page read and write
|
||
|
142E000
|
stack
|
page read and write
|
||
|
29E4FD99000
|
heap
|
page read and write
|
||
|
132855E5000
|
heap
|
page read and write
|
||
|
346E000
|
stack
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
1EE15248000
|
heap
|
page read and write
|
||
|
359A000
|
heap
|
page read and write
|
||
|
34A7000
|
heap
|
page read and write
|
||
|
17DE000
|
stack
|
page read and write
|
||
|
F7C000
|
stack
|
page read and write
|
||
|
29E4FD7F000
|
heap
|
page read and write
|
||
|
2D7D000
|
stack
|
page read and write
|
||
|
24F15971000
|
heap
|
page read and write
|
||
|
29E4FD8C000
|
heap
|
page read and write
|
||
|
30B7000
|
heap
|
page read and write
|
||
|
29E4F286000
|
heap
|
page read and write
|
||
|
707A0000
|
unkown
|
page readonly
|
||
|
24F15956000
|
heap
|
page read and write
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
29E4F229000
|
heap
|
page read and write
|
||
|
326A000
|
stack
|
page read and write
|
||
|
3020000
|
trusted library allocation
|
page read and write
|
||
|
F7C000
|
stack
|
page read and write
|
||
|
29E50200000
|
heap
|
page read and write
|
||
|
2E2A5C62000
|
heap
|
page read and write
|
||
|
EFDCE7E000
|
stack
|
page read and write
|
||
|
2D10000
|
unkown
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
1328537D000
|
heap
|
page read and write
|
||
|
6490000
|
trusted library allocation
|
page read and write
|
||
|
707A1000
|
unkown
|
page execute read
|
||
|
68A0000
|
trusted library allocation
|
page read and write
|
||
|
29E50202000
|
heap
|
page read and write
|
||
|
1EE15400000
|
heap
|
page read and write
|
||
|
13285376000
|
heap
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
24F15956000
|
heap
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
29E4F213000
|
heap
|
page read and write
|
||
|
1328537F000
|
heap
|
page read and write
|
||
|
1EA48130000
|
heap
|
page read and write
|
||
|
AC4BF6F000
|
stack
|
page read and write
|
||
|
29E4FD7E000
|
heap
|
page read and write
|
||
|
3020000
|
trusted library allocation
|
page read and write
|
||
|
30AF000
|
heap
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
13285300000
|
trusted library allocation
|
page read and write
|
||
|
17DE000
|
stack
|
page read and write
|
||
|
29E4FD4E000
|
heap
|
page read and write
|
||
|
29E4FD7C000
|
heap
|
page read and write
|
||
|
2E2A5C5C000
|
heap
|
page read and write
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
12FB000
|
stack
|
page read and write
|
||
|
1EA48286000
|
heap
|
page read and write
|
||
|
29E4F2A5000
|
heap
|
page read and write
|
||
|
29E4FD91000
|
heap
|
page read and write
|
||
|
29E4F24F000
|
heap
|
page read and write
|
||
|
956B67F000
|
stack
|
page read and write
|
||
|
29E4F316000
|
heap
|
page read and write
|
||
|
2E2A5C5F000
|
heap
|
page read and write
|
||
|
13285330000
|
heap
|
page read and write
|
||
|
332E000
|
stack
|
page read and write
|
||
|
1EE15229000
|
heap
|
page read and write
|
||
|
132855F0000
|
trusted library allocation
|
page read and write
|
||
|
33BA000
|
heap
|
page read and write
|
||
|
24F1597D000
|
heap
|
page read and write
|
||
|
352E000
|
stack
|
page read and write
|
||
|
284DA670000
|
heap
|
page read and write
|
||
|
2E2A5C9A000
|
heap
|
page read and write
|
||
|
29E4FD9E000
|
heap
|
page read and write
|
||
|
956B37B000
|
stack
|
page read and write
|
||
|
1EE15302000
|
trusted library allocation
|
page read and write
|
||
|
30AF000
|
heap
|
page read and write
|
||
|
707A1000
|
unkown
|
page execute read
|
||
|
13285140000
|
trusted library allocation
|
page read and write
|
||
|
35D5000
|
heap
|
page read and write
|
||
|
29E4F2F6000
|
heap
|
page read and write
|
||
|
142E000
|
stack
|
page read and write
|
||
|
24F15968000
|
heap
|
page read and write
|
||
|
284DA64D000
|
heap
|
page read and write
|
||
|
17DE000
|
stack
|
page read and write
|
||
|
284DA500000
|
heap
|
page read and write
|
||
|
707A0000
|
unkown
|
page readonly
|
||
|
2E2A5C74000
|
heap
|
page read and write
|
||
|
2E2A5C00000
|
heap
|
page read and write
|
||
|
32AB000
|
stack
|
page read and write
|
||
|
3380000
|
remote allocation
|
page read and write
|
||
|
1328537E000
|
heap
|
page read and write
|
||
|
2E2A5C67000
|
heap
|
page read and write
|
||
|
13286240000
|
trusted library allocation
|
page read and write
|
||
|
332E000
|
stack
|
page read and write
|
||
|
179F000
|
stack
|
page read and write
|
||
|
3020000
|
trusted library allocation
|
page read and write
|
||
|
956B27F000
|
stack
|
page read and write
|
||
|
1EA481C0000
|
trusted library allocation
|
page read and write
|
||
|
29E4F27E000
|
heap
|
page read and write
|
||
|
956B477000
|
stack
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
6B50000
|
trusted library allocation
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
29E4FDB1000
|
heap
|
page read and write
|
||
|
24F15BA5000
|
heap
|
page read and write
|
||
|
AC4C9FD000
|
stack
|
page read and write
|
||
|
132861F0000
|
trusted library allocation
|
page read and write
|
||
|
1C42AF9000
|
stack
|
page read and write
|
||
|
29E4FAD0000
|
remote allocation
|
page read and write
|
||
|
29E4FD91000
|
heap
|
page read and write
|
||
|
29E4F100000
|
heap
|
page read and write
|
||
|
142E000
|
stack
|
page read and write
|
||
|
2D7D000
|
stack
|
page read and write
|
||
|
29E4FD99000
|
heap
|
page read and write
|
||
|
35C0000
|
heap
|
page read and write
|
||
|
284DA67E000
|
heap
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
29E4F24E000
|
heap
|
page read and write
|
||
|
D817D7E000
|
stack
|
page read and write
|
||
|
29E4FDC2000
|
heap
|
page read and write
|
||
|
12FB000
|
stack
|
page read and write
|
||
|
284DA510000
|
heap
|
page read and write
|
||
|
24F15951000
|
heap
|
page read and write
|
||
|
2E2A5C29000
|
heap
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
AF746FE000
|
stack
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
707A1000
|
unkown
|
page execute read
|
||
|
29E4FD16000
|
heap
|
page read and write
|
||
|
284DA613000
|
heap
|
page read and write
|
||
|
30CB000
|
heap
|
page read and write
|
||
|
284DA702000
|
heap
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
31A0000
|
trusted library allocation
|
page read and write
|
||
|
24F15910000
|
heap
|
page read and write
|
||
|
29E4FDD2000
|
heap
|
page read and write
|
||
|
AC4C37E000
|
stack
|
page read and write
|
||
|
AC4CBFF000
|
stack
|
page read and write
|
||
|
29E4FDA2000
|
heap
|
page read and write
|
||
|
2E2A5D00000
|
heap
|
page read and write
|
||
|
346E000
|
stack
|
page read and write
|
||
|
2E2A5A00000
|
heap
|
page read and write
|
||
|
EFDD0FE000
|
stack
|
page read and write
|
||
|
29E4F313000
|
heap
|
page read and write
|
||
|
29E4FD7F000
|
heap
|
page read and write
|
||
|
13285270000
|
heap
|
page read and write
|
||
|
1C42B79000
|
stack
|
page read and write
|
||
|
1450000
|
remote allocation
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
707B5000
|
unkown
|
page readonly
|
||
|
29E4FD8C000
|
heap
|
page read and write
|
||
|
1EE15300000
|
trusted library allocation
|
page read and write
|
||
|
29E4F2E7000
|
heap
|
page read and write
|
||
|
2E2A59A0000
|
heap
|
page read and write
|
||
|
29E4F26F000
|
heap
|
page read and write
|
||
|
29E4FD90000
|
heap
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
29E4FD7C000
|
heap
|
page read and write
|
||
|
29E4FD7F000
|
heap
|
page read and write
|
||
|
24F15971000
|
heap
|
page read and write
|
||
|
336F000
|
stack
|
page read and write
|
||
|
3580000
|
trusted library allocation
|
page read and write
|
||
|
D817CFE000
|
stack
|
page read and write
|
||
|
AF7439F000
|
stack
|
page read and write
|
||
|
D81827F000
|
stack
|
page read and write
|
||
|
165E000
|
stack
|
page read and write
|
||
|
4F20000
|
trusted library allocation
|
page read and write
|
||
|
3480000
|
unclassified section
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
18DF000
|
stack
|
page read and write
|
||
|
33F0000
|
trusted library allocation
|
page read and write
|
||
|
359A000
|
heap
|
page read and write
|
||
|
35B4000
|
heap
|
page read and write
|
||
|
AC4C777000
|
stack
|
page read and write
|
||
|
29E4FD91000
|
heap
|
page read and write
|
||
|
29E4F2EB000
|
heap
|
page read and write
|
||
|
AF7477E000
|
stack
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
F10000
|
unkown
|
page read and write
|
||
|
29E4FD86000
|
heap
|
page read and write
|
||
|
29E4FD7E000
|
heap
|
page read and write
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
2E2A5D02000
|
heap
|
page read and write
|
||
|
284DA5A0000
|
trusted library allocation
|
page read and write
|
||
|
33B7000
|
heap
|
page read and write
|
||
|
707A1000
|
unkown
|
page execute read
|
||
|
30AF000
|
heap
|
page read and write
|
||
|
707A0000
|
unkown
|
page readonly
|
||
|
29E4FD7D000
|
heap
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
13285338000
|
heap
|
page read and write
|
||
|
34A0000
|
trusted library allocation
|
page read and write
|
||
|
AC4C577000
|
stack
|
page read and write
|
||
|
EFDD07B000
|
stack
|
page read and write
|
||
|
24F15940000
|
heap
|
page read and write
|
||
|
29E4FDAA000
|
heap
|
page read and write
|
||
|
1EE15200000
|
unkown
|
page read and write
|
||
|
29E4FD8D000
|
heap
|
page read and write
|
||
|
1EA48308000
|
heap
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
29E4F29E000
|
heap
|
page read and write
|
||
|
29E4F2AF000
|
heap
|
page read and write
|
||
|
29E4FAD0000
|
remote allocation
|
page read and write
|
||
|
29E4FD7F000
|
heap
|
page read and write
|
||
|
29E4FDDA000
|
heap
|
page read and write
|
||
|
1EE15502000
|
heap
|
page read and write
|
||
|
30C3000
|
heap
|
page read and write
|
||
|
EFDCB7B000
|
stack
|
page read and write
|
||
|
29E4FD9A000
|
heap
|
page read and write
|
||
|
1EA48190000
|
heap
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
EFDCBFD000
|
stack
|
page read and write
|
||
|
29E4F308000
|
heap
|
page read and write
|
||
|
1C42BFE000
|
stack
|
page read and write
|
||
|
2E2A5C56000
|
heap
|
page read and write
|
||
|
29E50203000
|
heap
|
page read and write
|
||
|
284DA652000
|
heap
|
page read and write
|
||
|
29E4FD99000
|
heap
|
page read and write
|
||
|
AF7429A000
|
stack
|
page read and write
|
||
|
29E4FD81000
|
heap
|
page read and write
|
||
|
132855E9000
|
heap
|
page read and write
|
||
|
6480000
|
heap
|
page read and write
|
||
|
18DF000
|
stack
|
page read and write
|
||
|
29E4FD88000
|
heap
|
page read and write
|
||
|
29E50220000
|
heap
|
page read and write
|
||
|
29E4FD80000
|
heap
|
page read and write
|
||
|
30A7000
|
heap
|
page read and write
|
||
|
1EA4822D000
|
heap
|
page read and write
|
||
|
29E4F2D5000
|
heap
|
page read and write
|
||
|
1EE15050000
|
heap
|
page read and write
|
||
|
29E4FD9E000
|
heap
|
page read and write
|
||
|
2DBB000
|
stack
|
page read and write
|
||
|
336F000
|
stack
|
page read and write
|
||
|
29E4FD81000
|
heap
|
page read and write
|
||
|
29E4FD9B000
|
heap
|
page read and write
|
||
|
29E4F2A6000
|
heap
|
page read and write
|
||
|
35DB000
|
heap
|
page read and write
|
||
|
3480000
|
unclassified section
|
page read and write
|
||
|
29E4FD9B000
|
heap
|
page read and write
|
||
|
1EE15248000
|
heap
|
page read and write
|
||
|
707B5000
|
unkown
|
page readonly
|
||
|
2D10000
|
unkown
|
page read and write
|
||
|
29E4FD7F000
|
heap
|
page read and write
|
||
|
707B5000
|
unkown
|
page readonly
|
||
|
2E2A5B00000
|
trusted library allocation
|
page read and write
|
||
|
1EE15502000
|
heap
|
page read and write
|
||
|
24F15971000
|
heap
|
page read and write
|
||
|
707B5000
|
unkown
|
page readonly
|
||
|
29E4FD7F000
|
heap
|
page read and write
|
||
|
AC4C7FE000
|
stack
|
page read and write
|
There are 510 hidden memdumps, click here to show them.