Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PSAbout.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_ac7a4fc5b84473d26fc49234f984b16b262e2c8_7522e4b5_3d48e3d7-7135-41ac-a87c-8d7dc7ca6b79\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_ac7a4fc5b84473d26fc49234f984b16b262e2c8_7522e4b5_56d3a75f-5829-405b-ad15-41ebb152a4ec\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_ac7a4fc5b84473d26fc49234f984b16b262e2c8_7522e4b5_808f954a-53f1-4397-b5c1-6356f3c5f3fc\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_d6e6e8b58b7a0a9a6bb978481c3782f98cadcf_7522e4b5_38ca8843-afa9-4f41-a8ef-8e9775b40cf2\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_d6e6e8b58b7a0a9a6bb978481c3782f98cadcf_7522e4b5_6122d459-8098-4c10-8204-ad092330c3b0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_d6e6e8b58b7a0a9a6bb978481c3782f98cadcf_7522e4b5_79daa82b-bcfe-4dc5-a6f2-0092226be9e7\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_d6e6e8b58b7a0a9a6bb978481c3782f98cadcf_7522e4b5_dfd94030-e641-470d-9dff-0a9fb81ecb98\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2714.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Oct 10 13:37:17 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2733.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Oct 10 13:37:17 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER280F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER282F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER287D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER289D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F8F.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Oct 10 13:37:19 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER300D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER303D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A0F.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Oct 10 13:37:22 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A7D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3AAD.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER48F3.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Oct 10 13:37:26 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4913.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Oct 10 13:37:26 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4970.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Oct 10 13:37:26 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A6B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A9B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4AAA.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4AC9.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B18.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 19 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\PSAbout.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\PSAbout.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\PSAbout.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\PSAbout.dll,_GetAppVersion@8
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 628
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 648
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\PSAbout.dll,_ShowAbout@4
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 632
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\PSAbout.dll,_ShowAboutExt@8
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 632
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\PSAbout.dll",_GetAppVersion@8
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\PSAbout.dll",_ShowAbout@4
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\PSAbout.dll",_ShowAboutExt@8
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\PSAbout.dll",_ShowSplash@4
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 628
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 628
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 628
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProgramId
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
FileId
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LongPathHash
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Name
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
OriginalFileName
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Publisher
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Version
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinFileVersion
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinaryType
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductName
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductVersion
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LinkDate
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinProductVersion
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Size
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Language
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
IsOsComponent
|
||
|
\REGISTRY\A\{56e42df4-c2e0-b144-55df-0fa925964413}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00B8F8B0D2B
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 16 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
10000000
|
unkown
|
page readonly
|
||
|
1000A000
|
unkown
|
page readonly
|
||
|
2EFC000
|
stack
|
page read and write
|
||
|
1000A000
|
unkown
|
page readonly
|
||
|
1177000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
1000A000
|
unkown
|
page readonly
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
4060000
|
heap
|
page read and write
|
||
|
10006000
|
unkown
|
page readonly
|
||
|
4A60000
|
heap
|
page read and write
|
||
|
48E0000
|
heap
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
10006000
|
unkown
|
page readonly
|
||
|
45CF000
|
stack
|
page read and write
|
||
|
4740000
|
heap
|
page read and write
|
||
|
4654000
|
heap
|
page read and write
|
||
|
495F000
|
stack
|
page read and write
|
||
|
10006000
|
unkown
|
page readonly
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
2FDA000
|
heap
|
page read and write
|
||
|
27CC000
|
stack
|
page read and write
|
||
|
47D0000
|
heap
|
page read and write
|
||
|
1000A000
|
unkown
|
page readonly
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
F20000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
4960000
|
heap
|
page read and write
|
||
|
47D4000
|
heap
|
page read and write
|
||
|
2AC8000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
302A000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
12C000
|
stack
|
page read and write
|
||
|
2A7C000
|
stack
|
page read and write
|
||
|
464E000
|
stack
|
page read and write
|
||
|
47E0000
|
heap
|
page read and write
|
||
|
458E000
|
stack
|
page read and write
|
||
|
339F000
|
stack
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
2FBA000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
2A7A000
|
heap
|
page read and write
|
||
|
334E000
|
stack
|
page read and write
|
||
|
4920000
|
heap
|
page read and write
|
||
|
28FC000
|
stack
|
page read and write
|
||
|
2E6D000
|
heap
|
page read and write
|
||
|
2BAA000
|
heap
|
page read and write
|
||
|
2F0D000
|
heap
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
2690000
|
heap
|
page read and write
|
||
|
135F000
|
stack
|
page read and write
|
||
|
2F0A000
|
heap
|
page read and write
|
||
|
28BB000
|
stack
|
page read and write
|
||
|
1000A000
|
unkown
|
page readonly
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
266E000
|
stack
|
page read and write
|
||
|
4AC0000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
269A000
|
heap
|
page read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
2EBB000
|
stack
|
page read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
10006000
|
unkown
|
page readonly
|
||
|
4650000
|
heap
|
page read and write
|
||
|
10008000
|
unkown
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
468F000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2788000
|
stack
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
10006000
|
unkown
|
page readonly
|
||
|
116B000
|
heap
|
page read and write
|
||
|
4960000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
145E000
|
stack
|
page read and write
|
||
|
4950000
|
heap
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
25AF000
|
stack
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
4964000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
10008000
|
unkown
|
page read and write
|
||
|
2DAF000
|
stack
|
page read and write
|
||
|
10006000
|
unkown
|
page readonly
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
2EBF000
|
stack
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
45E0000
|
heap
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
48DE000
|
stack
|
page read and write
|
||
|
2A9B000
|
heap
|
page read and write
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
116F000
|
heap
|
page read and write
|
||
|
304A000
|
heap
|
page read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
10008000
|
unkown
|
page read and write
|
||
|
2BCA000
|
heap
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
4B14000
|
heap
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
4750000
|
heap
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
256E000
|
stack
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
4880000
|
remote allocation
|
page read and write
|
||
|
2D7D000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
10006000
|
unkown
|
page readonly
|
||
|
1000A000
|
unkown
|
page readonly
|
||
|
468F000
|
stack
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
10008000
|
unkown
|
page read and write
|
||
|
2B3C000
|
stack
|
page read and write
|
||
|
BAC000
|
stack
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
EB000
|
stack
|
page read and write
|
||
|
44AF000
|
stack
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
48F0000
|
heap
|
page read and write
|
||
|
EFC000
|
stack
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
2BAD000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
10008000
|
unkown
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
1000A000
|
unkown
|
page readonly
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
2C3A000
|
heap
|
page read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
2EEA000
|
heap
|
page read and write
|
||
|
33FA000
|
heap
|
page read and write
|
||
|
491F000
|
stack
|
page read and write
|
||
|
3F8F000
|
stack
|
page read and write
|
||
|
446E000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
4850000
|
heap
|
page read and write
|
||
|
2EAF000
|
stack
|
page read and write
|
||
|
32CD000
|
heap
|
page read and write
|
||
|
29A8000
|
stack
|
page read and write
|
||
|
491E000
|
stack
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2AFA000
|
stack
|
page read and write
|
||
|
10008000
|
unkown
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
2A38000
|
stack
|
page read and write
|
||
|
2B0C000
|
stack
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
2DBD000
|
stack
|
page read and write
|
||
|
1000A000
|
unkown
|
page readonly
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
4954000
|
heap
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
FAE000
|
stack
|
page read and write
|
||
|
2520000
|
heap
|
page read and write
|
||
|
4B10000
|
heap
|
page read and write
|
||
|
10008000
|
unkown
|
page read and write
|
||
|
10006000
|
unkown
|
page readonly
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
29EC000
|
stack
|
page read and write
|
||
|
29FE000
|
stack
|
page read and write
|
||
|
10008000
|
unkown
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
There are 180 hidden memdumps, click here to show them.