Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
WSNBOfCAfh.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Program Files (x86)\GU_2024\AGB_D_2024.pdf (copy)
|
PDF document, version 1.4, 2 pages
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\AGB_E_2024.pdf (copy)
|
PDF document, version 1.6, 2 pages
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\AGB_F_2024.pdf (copy)
|
PDF document, version 1.5 (zip deflate encoded)
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\AGB_I_2024.pdf (copy)
|
PDF document, version 1.5 (zip deflate encoded)
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\GU.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\GU.ini (copy)
|
Generic INItialization configuration [TarifGUUser]
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\GU.mld (copy)
|
data
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\GUPlan.pts (copy)
|
data
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\Stauzuschlag.ini (copy)
|
Generic INItialization configuration [Zone1]
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\StauzuschlagStufe.ini (copy)
|
Generic INItialization configuration [Stufe01Zone01]
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\is-4FJH0.tmp
|
PDF document, version 1.6, 2 pages
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\is-6RMLS.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\is-H5DU9.tmp
|
Generic INItialization configuration [Zone1]
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\is-JJF75.tmp
|
PDF document, version 1.5 (zip deflate encoded)
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\is-JSISK.tmp
|
PDF document, version 1.4, 2 pages
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\is-OH7O9.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\is-OMS78.tmp
|
PDF document, version 1.5 (zip deflate encoded)
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\is-PHHTS.tmp
|
Generic INItialization configuration [TarifGUUser]
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\is-R8FCJ.tmp
|
Generic INItialization configuration [Stufe01Zone01]
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\is-RKLVJ.tmp
|
data
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\is-S2QOK.tmp
|
data
|
dropped
|
||
|
C:\Program Files (x86)\GU_2024\unins000.dat
|
InnoSetup Log GU Kalkulationsgrundlage 2024 {0EDBF4D3-E651-4455-AC3F-D984152B0B89}, version 0x418, 3337 bytes, 724471\37\user,
C:\Program Files (x86)\GU_2024\376\377\377
|
modified
|
||
|
C:\Program Files (x86)\GU_2024\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GU_2024\GU 2024.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Tue Apr 16 13:03:38 2024, mtime=Tue Apr 16 13:03:39 2024, atime=Wed Feb 14 13:57:06 2024, length=19850752, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GU_2024\Uninstall GU 2024.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Tue Apr 16 13:03:38 2024, mtime=Tue Apr 16 13:03:38 2024, atime=Tue Apr 16 13:03:20 2024, length=3137597, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-JH8JK.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-U1PO5.tmp\WSNBOfCAfh.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
||
|
C:\Users\user\settings\GU2024.ini
|
Generic INItialization configuration [TarifGUUser]
|
dropped
|
There are 19 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\WSNBOfCAfh.exe
|
"C:\Users\user\Desktop\WSNBOfCAfh.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\is-U1PO5.tmp\WSNBOfCAfh.tmp
|
"C:\Users\user~1\AppData\Local\Temp\is-U1PO5.tmp\WSNBOfCAfh.tmp" /SL5="$2042E,9552580,777216,C:\Users\user\Desktop\WSNBOfCAfh.exe"
|
||
|
C:\Program Files (x86)\GU_2024\GU.exe
|
"C:\Program Files (x86)\GU_2024\GU.exe"
|
||
|
C:\Windows\splwow64.exe
|
C:\Windows\splwow64.exe 12288
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.aiim.org/pdfa/ns/property#
|
unknown
|
||
|
https://code.google.com/apis/console
|
unknown
|
||
|
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
|
https://www.digital-metaphors.com/orderU
|
unknown
|
||
|
http://localhostOEmailSettings.ConnectionSettings.WebMail.Outlook365Settings.OAuth2.RedirectPort
|
unknown
|
||
|
http://www.adobe.ch
|
unknown
|
||
|
http://localhostJEmailSettings.ConnectionSettings.WebMail.GmailSettings.OAuth2.RedirectPort
|
unknown
|
||
|
http://localhost6CloudDriveSettings.DropBoxSettings.OAuth2.RedirectPort
|
unknown
|
||
|
http://www.aiim.org/pdfa/ns/id/
|
unknown
|
||
|
https://www.remobjects.com/ps
|
unknown
|
||
|
http://localhost:CloudDriveSettings.GoogleDriveSettings.OAuth2.RedirectPort
|
unknown
|
||
|
http://www.aiim.org/pdfa/ns/schema#
|
unknown
|
||
|
https://www.digital-metaphors.com
|
unknown
|
||
|
http://www.google.com/maps/SV
|
unknown
|
||
|
http://www.npes.org/pdfx/ns/id/
|
unknown
|
||
|
https://www.innosetup.com/
|
unknown
|
||
|
http://www.aiim.org/pdfa/ns/extension/
|
unknown
|
||
|
https://indy.fulgan.com/SSL/OpenSSL_add_all_ciphersOpenSSL_add_all_digestsERR_get_errorERR_peek_erro
|
unknown
|
||
|
http://localhost7CloudDriveSettings.OneDriveSettings.OAuth2.RedirectPort
|
unknown
|
||
|
http://www.color.org)/S/GTS_PDFX/Type/OutputIntent
|
unknown
|
||
|
https://www.digital-metaphors.com/supportU
|
unknown
|
There are 11 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EDBF4D3-E651-4455-AC3F-D984152B0B89}_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EDBF4D3-E651-4455-AC3F-D984152B0B89}_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EDBF4D3-E651-4455-AC3F-D984152B0B89}_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EDBF4D3-E651-4455-AC3F-D984152B0B89}_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EDBF4D3-E651-4455-AC3F-D984152B0B89}_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EDBF4D3-E651-4455-AC3F-D984152B0B89}_is1
|
Inno Setup: Selected Tasks
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EDBF4D3-E651-4455-AC3F-D984152B0B89}_is1
|
Inno Setup: Deselected Tasks
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EDBF4D3-E651-4455-AC3F-D984152B0B89}_is1
|
Inno Setup: Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EDBF4D3-E651-4455-AC3F-D984152B0B89}_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EDBF4D3-E651-4455-AC3F-D984152B0B89}_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EDBF4D3-E651-4455-AC3F-D984152B0B89}_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EDBF4D3-E651-4455-AC3F-D984152B0B89}_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EDBF4D3-E651-4455-AC3F-D984152B0B89}_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EDBF4D3-E651-4455-AC3F-D984152B0B89}_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EDBF4D3-E651-4455-AC3F-D984152B0B89}_is1
|
EstimatedSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\splwow64.exe
|
JScriptSetScriptStateStarted
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
ABC000
|
heap
|
page read and write
|
||
|
96D000
|
heap
|
page read and write
|
||
|
A09000
|
heap
|
page read and write
|
||
|
B4F000
|
stack
|
page read and write
|
||
|
363A000
|
direct allocation
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
24F7000
|
direct allocation
|
page read and write
|
||
|
410B000
|
direct allocation
|
page read and write
|
||
|
5D2E000
|
stack
|
page read and write
|
||
|
6044000
|
direct allocation
|
page read and write
|
||
|
3BA6000
|
direct allocation
|
page read and write
|
||
|
19D2000
|
unkown
|
page read and write
|
||
|
45B5000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
997000
|
heap
|
page read and write
|
||
|
1BB1000
|
unkown
|
page readonly
|
||
|
6006000
|
direct allocation
|
page read and write
|
||
|
A7C000
|
heap
|
page read and write
|
||
|
1C0D000
|
unkown
|
page readonly
|
||
|
1C23000
|
unkown
|
page readonly
|
||
|
254C000
|
direct allocation
|
page read and write
|
||
|
940000
|
direct allocation
|
page read and write
|
||
|
2247000
|
direct allocation
|
page read and write
|
||
|
5800000
|
direct allocation
|
page read and write
|
||
|
1C25000
|
unkown
|
page readonly
|
||
|
A82000
|
heap
|
page read and write
|
||
|
1B83000
|
unkown
|
page readonly
|
||
|
4C2000
|
unkown
|
page write copy
|
||
|
605A000
|
direct allocation
|
page read and write
|
||
|
602A000
|
direct allocation
|
page read and write
|
||
|
603C000
|
direct allocation
|
page read and write
|
||
|
607A000
|
direct allocation
|
page read and write
|
||
|
582F000
|
direct allocation
|
page read and write
|
||
|
420C000
|
direct allocation
|
page read and write
|
||
|
6067000
|
direct allocation
|
page read and write
|
||
|
2800000
|
heap
|
page read and write
|
||
|
1BFD000
|
unkown
|
page readonly
|
||
|
7FCD0000
|
direct allocation
|
page read and write
|
||
|
5FCF000
|
direct allocation
|
page read and write
|
||
|
24FE000
|
direct allocation
|
page read and write
|
||
|
1BF0000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5FD7000
|
direct allocation
|
page read and write
|
||
|
44FA000
|
direct allocation
|
page read and write
|
||
|
1995000
|
unkown
|
page read and write
|
||
|
2480000
|
heap
|
page read and write
|
||
|
24BB000
|
direct allocation
|
page read and write
|
||
|
45BC000
|
direct allocation
|
page read and write
|
||
|
21F6000
|
direct allocation
|
page read and write
|
||
|
1BF2000
|
unkown
|
page readonly
|
||
|
A81000
|
heap
|
page read and write
|
||
|
5E2F000
|
stack
|
page read and write
|
||
|
1C00000
|
unkown
|
page readonly
|
||
|
19B3000
|
unkown
|
page read and write
|
||
|
42D0000
|
trusted library section
|
page read and write
|
||
|
1B71000
|
unkown
|
page readonly
|
||
|
7FB50000
|
direct allocation
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
99A000
|
heap
|
page read and write
|
||
|
995000
|
heap
|
page read and write
|
||
|
940000
|
direct allocation
|
page read and write
|
||
|
24C5000
|
direct allocation
|
page read and write
|
||
|
1C27000
|
unkown
|
page readonly
|
||
|
790000
|
heap
|
page read and write
|
||
|
21FE000
|
direct allocation
|
page read and write
|
||
|
4B7000
|
unkown
|
page write copy
|
||
|
40F3000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
1BC4000
|
unkown
|
page readonly
|
||
|
D00000
|
heap
|
page read and write
|
||
|
1BA5000
|
unkown
|
page readonly
|
||
|
1B94000
|
unkown
|
page readonly
|
||
|
6C7000
|
unkown
|
page read and write
|
||
|
C51000
|
unkown
|
page execute read
|
||
|
9F1000
|
heap
|
page read and write
|
||
|
9AD000
|
heap
|
page read and write
|
||
|
2272000
|
direct allocation
|
page read and write
|
||
|
6022000
|
direct allocation
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
1A0C000
|
unkown
|
page write copy
|
||
|
3917000
|
direct allocation
|
page read and write
|
||
|
41E1000
|
direct allocation
|
page read and write
|
||
|
41B2000
|
direct allocation
|
page read and write
|
||
|
3770000
|
direct allocation
|
page read and write
|
||
|
41B8000
|
direct allocation
|
page read and write
|
||
|
4510000
|
direct allocation
|
page read and write
|
||
|
414B000
|
direct allocation
|
page read and write
|
||
|
6F4000
|
unkown
|
page readonly
|
||
|
2564000
|
direct allocation
|
page read and write
|
||
|
A81000
|
heap
|
page read and write
|
||
|
1BBE000
|
unkown
|
page readonly
|
||
|
6085000
|
direct allocation
|
page read and write
|
||
|
987000
|
heap
|
page read and write
|
||
|
9B1000
|
heap
|
page read and write
|
||
|
1A12000
|
unkown
|
page read and write
|
||
|
3B46000
|
direct allocation
|
page read and write
|
||
|
602C000
|
direct allocation
|
page read and write
|
||
|
1B8F000
|
unkown
|
page readonly
|
||
|
3644000
|
direct allocation
|
page read and write
|
||
|
5FDD000
|
direct allocation
|
page read and write
|
||
|
1BF4000
|
unkown
|
page readonly
|
||
|
1C31000
|
unkown
|
page readonly
|
||
|
19C2000
|
unkown
|
page read and write
|
||
|
1B6E000
|
unkown
|
page readonly
|
||
|
1BAC000
|
unkown
|
page readonly
|
||
|
5FAF000
|
direct allocation
|
page read and write
|
||
|
24E9000
|
direct allocation
|
page read and write
|
||
|
1B98000
|
unkown
|
page readonly
|
||
|
796000
|
heap
|
page read and write
|
||
|
411A000
|
direct allocation
|
page read and write
|
||
|
1B68000
|
unkown
|
page readonly
|
||
|
5F96000
|
direct allocation
|
page read and write
|
||
|
3B5C000
|
direct allocation
|
page read and write
|
||
|
5700000
|
direct allocation
|
page read and write
|
||
|
1F24000
|
unkown
|
page readonly
|
||
|
1C52000
|
unkown
|
page readonly
|
||
|
603A000
|
direct allocation
|
page read and write
|
||
|
1BE3000
|
unkown
|
page readonly
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
38F7000
|
direct allocation
|
page read and write
|
||
|
1BDF000
|
unkown
|
page readonly
|
||
|
41EE000
|
direct allocation
|
page read and write
|
||
|
2556000
|
direct allocation
|
page read and write
|
||
|
1C4E000
|
unkown
|
page readonly
|
||
|
608B000
|
direct allocation
|
page read and write
|
||
|
2281000
|
direct allocation
|
page read and write
|
||
|
4173000
|
direct allocation
|
page read and write
|
||
|
254F000
|
direct allocation
|
page read and write
|
||
|
411E000
|
direct allocation
|
page read and write
|
||
|
3AED000
|
direct allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
24F0000
|
direct allocation
|
page read and write
|
||
|
24B0000
|
direct allocation
|
page read and write
|
||
|
5FA9000
|
direct allocation
|
page read and write
|
||
|
96F000
|
stack
|
page read and write
|
||
|
2190000
|
heap
|
page read and write
|
||
|
9F1000
|
heap
|
page read and write
|
||
|
413B000
|
direct allocation
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
1C1C000
|
unkown
|
page readonly
|
||
|
6D6000
|
unkown
|
page read and write
|
||
|
2591000
|
direct allocation
|
page read and write
|
||
|
9F2000
|
heap
|
page read and write
|
||
|
5F76000
|
direct allocation
|
page read and write
|
||
|
1C64000
|
unkown
|
page readonly
|
||
|
A04000
|
heap
|
page read and write
|
||
|
A3E000
|
heap
|
page read and write
|
||
|
3660000
|
heap
|
page read and write
|
||
|
2529000
|
direct allocation
|
page read and write
|
||
|
1C2F000
|
unkown
|
page readonly
|
||
|
421D000
|
direct allocation
|
page read and write
|
||
|
A7A000
|
heap
|
page read and write
|
||
|
417C000
|
direct allocation
|
page read and write
|
||
|
2440000
|
heap
|
page read and write
|
||
|
C50000
|
unkown
|
page readonly
|
||
|
600C000
|
direct allocation
|
page read and write
|
||
|
22D8000
|
direct allocation
|
page read and write
|
||
|
4114000
|
direct allocation
|
page read and write
|
||
|
6056000
|
direct allocation
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
6042000
|
direct allocation
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
25C4000
|
direct allocation
|
page read and write
|
||
|
9ED000
|
heap
|
page read and write
|
||
|
5CEE000
|
stack
|
page read and write
|
||
|
1651000
|
unkown
|
page execute read
|
||
|
5FF7000
|
direct allocation
|
page read and write
|
||
|
6076000
|
direct allocation
|
page read and write
|
||
|
25AF000
|
direct allocation
|
page read and write
|
||
|
25A8000
|
direct allocation
|
page read and write
|
||
|
A87000
|
heap
|
page read and write
|
||
|
2520000
|
direct allocation
|
page read and write
|
||
|
221A000
|
direct allocation
|
page read and write
|
||
|
5FD5000
|
direct allocation
|
page read and write
|
||
|
2520000
|
direct allocation
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
3610000
|
direct allocation
|
page read and write
|
||
|
1BE1000
|
unkown
|
page readonly
|
||
|
41CB000
|
direct allocation
|
page read and write
|
||
|
229F000
|
direct allocation
|
page read and write
|
||
|
797000
|
heap
|
page read and write
|
||
|
4300000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
1B7F000
|
unkown
|
page readonly
|
||
|
5F92000
|
direct allocation
|
page read and write
|
||
|
413E000
|
direct allocation
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
24BD000
|
direct allocation
|
page read and write
|
||
|
1EFD000
|
unkown
|
page readonly
|
||
|
3B2E000
|
direct allocation
|
page read and write
|
||
|
C30000
|
direct allocation
|
page execute and read and write
|
||
|
2539000
|
direct allocation
|
page read and write
|
||
|
3B08000
|
direct allocation
|
page read and write
|
||
|
42D0000
|
trusted library allocation
|
page read and write
|
||
|
AB6000
|
heap
|
page read and write
|
||
|
604F000
|
direct allocation
|
page read and write
|
||
|
24DA000
|
direct allocation
|
page read and write
|
||
|
5FC9000
|
direct allocation
|
page read and write
|
||
|
37BE000
|
stack
|
page read and write
|
||
|
6CE000
|
unkown
|
page read and write
|
||
|
41EA000
|
direct allocation
|
page read and write
|
||
|
257B000
|
direct allocation
|
page read and write
|
||
|
41BB000
|
direct allocation
|
page read and write
|
||
|
9A9000
|
heap
|
page read and write
|
||
|
22AD000
|
direct allocation
|
page read and write
|
||
|
394F000
|
direct allocation
|
page read and write
|
||
|
1C6F000
|
unkown
|
page readonly
|
||
|
5F72000
|
direct allocation
|
page read and write
|
||
|
9A4000
|
heap
|
page read and write
|
||
|
2213000
|
direct allocation
|
page read and write
|
||
|
24B8000
|
direct allocation
|
page read and write
|
||
|
4C0000
|
unkown
|
page read and write
|
||
|
A7C000
|
heap
|
page read and write
|
||
|
3BCA000
|
direct allocation
|
page read and write
|
||
|
21C4000
|
direct allocation
|
page read and write
|
||
|
96B000
|
heap
|
page read and write
|
||
|
41BF000
|
direct allocation
|
page read and write
|
||
|
678000
|
heap
|
page read and write
|
||
|
6C9000
|
unkown
|
page read and write
|
||
|
4122000
|
direct allocation
|
page read and write
|
||
|
9ED000
|
heap
|
page read and write
|
||
|
2E10000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
3BD8000
|
direct allocation
|
page read and write
|
||
|
6E0000
|
unkown
|
page readonly
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
3AFA000
|
direct allocation
|
page read and write
|
||
|
97A000
|
heap
|
page read and write
|
||
|
1C59000
|
unkown
|
page readonly
|
||
|
21DA000
|
direct allocation
|
page read and write
|
||
|
40DC000
|
stack
|
page read and write
|
||
|
9FD000
|
heap
|
page read and write
|
||
|
258A000
|
direct allocation
|
page read and write
|
||
|
3AA1000
|
direct allocation
|
page read and write
|
||
|
86F000
|
stack
|
page read and write
|
||
|
1993000
|
unkown
|
page read and write
|
||
|
1C1E000
|
unkown
|
page readonly
|
||
|
199B000
|
unkown
|
page read and write
|
||
|
D09000
|
heap
|
page read and write
|
||
|
21AC000
|
direct allocation
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
1C71000
|
unkown
|
page readonly
|
||
|
3631000
|
direct allocation
|
page read and write
|
||
|
5B9C000
|
stack
|
page read and write
|
||
|
19CD000
|
unkown
|
page read and write
|
||
|
3B37000
|
direct allocation
|
page read and write
|
||
|
EAA000
|
unkown
|
page execute read
|
||
|
6054000
|
direct allocation
|
page read and write
|
||
|
22BC000
|
direct allocation
|
page read and write
|
||
|
ABF000
|
heap
|
page read and write
|
||
|
98F000
|
heap
|
page read and write
|
||
|
1F76000
|
unkown
|
page readonly
|
||
|
3ABE000
|
direct allocation
|
page read and write
|
||
|
4C4000
|
unkown
|
page readonly
|
||
|
A08000
|
heap
|
page read and write
|
||
|
40F0000
|
heap
|
page read and write
|
||
|
9A7000
|
heap
|
page read and write
|
||
|
A7F000
|
heap
|
page read and write
|
||
|
38F0000
|
direct allocation
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
19A4000
|
unkown
|
page write copy
|
||
|
9AB000
|
heap
|
page read and write
|
||
|
3AD7000
|
direct allocation
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
2574000
|
direct allocation
|
page read and write
|
||
|
5E6E000
|
stack
|
page read and write
|
||
|
1C69000
|
unkown
|
page readonly
|
||
|
3B64000
|
direct allocation
|
page read and write
|
||
|
600F000
|
direct allocation
|
page read and write
|
||
|
2803000
|
heap
|
page read and write
|
||
|
6DE000
|
unkown
|
page readonly
|
||
|
5100000
|
heap
|
page read and write
|
||
|
3941000
|
direct allocation
|
page read and write
|
||
|
978000
|
heap
|
page read and write
|
||
|
24D3000
|
direct allocation
|
page read and write
|
||
|
3B01000
|
direct allocation
|
page read and write
|
||
|
9A7000
|
heap
|
page read and write
|
||
|
1A15000
|
unkown
|
page readonly
|
||
|
A79000
|
heap
|
page read and write
|
||
|
1BD9000
|
unkown
|
page readonly
|
||
|
4185000
|
direct allocation
|
page read and write
|
||
|
220C000
|
direct allocation
|
page read and write
|
||
|
5F6E000
|
stack
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
21E8000
|
direct allocation
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
1BF7000
|
unkown
|
page readonly
|
||
|
2222000
|
direct allocation
|
page read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
25E8000
|
direct allocation
|
page read and write
|
||
|
1C3F000
|
unkown
|
page readonly
|
||
|
1BA9000
|
unkown
|
page readonly
|
||
|
2240000
|
direct allocation
|
page read and write
|
||
|
2205000
|
direct allocation
|
page read and write
|
||
|
5F88000
|
direct allocation
|
page read and write
|
||
|
1A13000
|
unkown
|
page readonly
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
603E000
|
direct allocation
|
page read and write
|
||
|
2231000
|
direct allocation
|
page read and write
|
||
|
5F80000
|
direct allocation
|
page read and write
|
||
|
37FE000
|
stack
|
page read and write
|
||
|
958000
|
heap
|
page read and write
|
||
|
5FC4000
|
direct allocation
|
page read and write
|
||
|
459B000
|
direct allocation
|
page read and write
|
||
|
22A6000
|
direct allocation
|
page read and write
|
||
|
3BD1000
|
direct allocation
|
page read and write
|
||
|
227A000
|
direct allocation
|
page read and write
|
||
|
3928000
|
direct allocation
|
page read and write
|
||
|
3945000
|
direct allocation
|
page read and write
|
||
|
25CC000
|
direct allocation
|
page read and write
|
||
|
22D1000
|
direct allocation
|
page read and write
|
||
|
4B7000
|
unkown
|
page read and write
|
||
|
5FF3000
|
direct allocation
|
page read and write
|
||
|
260A000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4534000
|
direct allocation
|
page read and write
|
||
|
5F8A000
|
direct allocation
|
page read and write
|
||
|
451C000
|
direct allocation
|
page read and write
|
||
|
6013000
|
direct allocation
|
page read and write
|
||
|
3B74000
|
direct allocation
|
page read and write
|
||
|
3BC3000
|
direct allocation
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
A14000
|
heap
|
page read and write
|
||
|
457B000
|
direct allocation
|
page read and write
|
||
|
6D9000
|
unkown
|
page write copy
|
||
|
41F2000
|
direct allocation
|
page read and write
|
||
|
21D2000
|
direct allocation
|
page read and write
|
||
|
2486000
|
heap
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
2298000
|
direct allocation
|
page read and write
|
||
|
9C9000
|
heap
|
page read and write
|
||
|
1BED000
|
unkown
|
page readonly
|
||
|
2D8F000
|
stack
|
page read and write
|
||
|
41AC000
|
direct allocation
|
page read and write
|
||
|
3B1F000
|
direct allocation
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
1BF9000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1B6A000
|
unkown
|
page readonly
|
||
|
419F000
|
direct allocation
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
601B000
|
direct allocation
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
4060000
|
heap
|
page read and write
|
||
|
4154000
|
direct allocation
|
page read and write
|
||
|
2532000
|
direct allocation
|
page read and write
|
||
|
25BD000
|
direct allocation
|
page read and write
|
||
|
1C3B000
|
unkown
|
page readonly
|
||
|
22B4000
|
direct allocation
|
page read and write
|
||
|
41FC000
|
direct allocation
|
page read and write
|
||
|
5F98000
|
direct allocation
|
page read and write
|
||
|
609F000
|
direct allocation
|
page read and write
|
||
|
2540000
|
direct allocation
|
page read and write
|
||
|
19E7000
|
unkown
|
page read and write
|
||
|
604D000
|
direct allocation
|
page read and write
|
||
|
3B3E000
|
direct allocation
|
page read and write
|
||
|
5FA4000
|
direct allocation
|
page read and write
|
||
|
AE3000
|
heap
|
page read and write
|
||
|
5BEE000
|
stack
|
page read and write
|
||
|
5F7C000
|
direct allocation
|
page read and write
|
||
|
1B77000
|
unkown
|
page readonly
|
||
|
452C000
|
direct allocation
|
page read and write
|
||
|
3D6F000
|
stack
|
page read and write
|
||
|
4230000
|
direct allocation
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
24E1000
|
direct allocation
|
page read and write
|
||
|
7FE36000
|
direct allocation
|
page read and write
|
||
|
97F000
|
heap
|
page read and write
|
||
|
3E6F000
|
stack
|
page read and write
|
||
|
25B6000
|
direct allocation
|
page read and write
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
65E0000
|
trusted library allocation
|
page read and write
|
||
|
41F6000
|
direct allocation
|
page read and write
|
||
|
6015000
|
direct allocation
|
page read and write
|
||
|
3921000
|
direct allocation
|
page read and write
|
||
|
1C29000
|
unkown
|
page readonly
|
||
|
41B0000
|
direct allocation
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
1B9D000
|
unkown
|
page readonly
|
||
|
222A000
|
direct allocation
|
page read and write
|
||
|
5FEE000
|
direct allocation
|
page read and write
|
||
|
98B000
|
heap
|
page read and write
|
||
|
2470000
|
heap
|
page read and write
|
||
|
2239000
|
direct allocation
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
3B27000
|
direct allocation
|
page read and write
|
||
|
1B7B000
|
unkown
|
page readonly
|
||
|
A83000
|
heap
|
page read and write
|
||
|
21CB000
|
direct allocation
|
page read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
5FB5000
|
direct allocation
|
page read and write
|
||
|
1C5D000
|
unkown
|
page readonly
|
||
|
3A70000
|
heap
|
page read and write
|
||
|
4146000
|
direct allocation
|
page read and write
|
||
|
3610000
|
direct allocation
|
page read and write
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
976000
|
heap
|
page read and write
|
||
|
3BAD000
|
direct allocation
|
page read and write
|
||
|
8F0000
|
direct allocation
|
page execute and read and write
|
||
|
5FFD000
|
direct allocation
|
page read and write
|
||
|
5FD9000
|
direct allocation
|
page read and write
|
||
|
24CC000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
8AE000
|
stack
|
page read and write
|
||
|
25D3000
|
direct allocation
|
page read and write
|
||
|
1C47000
|
unkown
|
page readonly
|
||
|
A13000
|
heap
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
4305000
|
heap
|
page read and write
|
||
|
1BE6000
|
unkown
|
page readonly
|
||
|
1CCD000
|
unkown
|
page readonly
|
||
|
41AA000
|
direct allocation
|
page read and write
|
||
|
4C6000
|
unkown
|
page readonly
|
||
|
A82000
|
heap
|
page read and write
|
||
|
60AE000
|
direct allocation
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
6034000
|
direct allocation
|
page read and write
|
||
|
1BBC000
|
unkown
|
page readonly
|
||
|
21E1000
|
direct allocation
|
page read and write
|
||
|
2288000
|
direct allocation
|
page read and write
|
||
|
1993000
|
unkown
|
page write copy
|
||
|
5FAB000
|
direct allocation
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
19C6000
|
unkown
|
page read and write
|
||
|
1C0F000
|
unkown
|
page readonly
|
||
|
41A6000
|
direct allocation
|
page read and write
|
||
|
591000
|
stack
|
page read and write
|
||
|
1B87000
|
unkown
|
page readonly
|
||
|
945000
|
heap
|
page read and write
|
||
|
3B6C000
|
direct allocation
|
page read and write
|
||
|
3B7A000
|
direct allocation
|
page read and write
|
||
|
419B000
|
direct allocation
|
page read and write
|
||
|
4102000
|
direct allocation
|
page read and write
|
||
|
2598000
|
direct allocation
|
page read and write
|
||
|
4B9000
|
unkown
|
page read and write
|
||
|
22CA000
|
direct allocation
|
page read and write
|
||
|
25E1000
|
direct allocation
|
page read and write
|
||
|
5FAD000
|
direct allocation
|
page read and write
|
||
|
A0C000
|
heap
|
page read and write
|
||
|
93000
|
stack
|
page read and write
|
||
|
C4F000
|
stack
|
page read and write
|
||
|
199E000
|
unkown
|
page read and write
|
||
|
6C7000
|
unkown
|
page write copy
|
||
|
A77000
|
heap
|
page read and write
|
||
|
25DA000
|
direct allocation
|
page read and write
|
||
|
3B55000
|
direct allocation
|
page read and write
|
||
|
5FE8000
|
direct allocation
|
page read and write
|
||
|
A79000
|
heap
|
page read and write
|
||
|
D05000
|
heap
|
page read and write
|
||
|
A01000
|
heap
|
page read and write
|
||
|
5F86000
|
direct allocation
|
page read and write
|
||
|
2582000
|
direct allocation
|
page read and write
|
||
|
255D000
|
direct allocation
|
page read and write
|
||
|
5FDF000
|
direct allocation
|
page read and write
|
||
|
5F90000
|
direct allocation
|
page read and write
|
||
|
99A000
|
heap
|
page read and write
|
||
|
18D000
|
stack
|
page read and write
|
||
|
3B89000
|
direct allocation
|
page read and write
|
||
|
987000
|
heap
|
page read and write
|
||
|
41C3000
|
direct allocation
|
page read and write
|
||
|
6D1000
|
unkown
|
page read and write
|
||
|
1F46000
|
unkown
|
page readonly
|
||
|
1BEA000
|
unkown
|
page readonly
|
||
|
AB6000
|
heap
|
page read and write
|
||
|
C61000
|
unkown
|
page execute read
|
||
|
3B70000
|
heap
|
page read and write
|
||
|
1BA0000
|
unkown
|
page readonly
|
||
|
A81000
|
heap
|
page read and write
|
||
|
3B18000
|
direct allocation
|
page read and write
|
||
|
21EF000
|
direct allocation
|
page read and write
|
||
|
995000
|
heap
|
page read and write
|
||
|
22C3000
|
direct allocation
|
page read and write
|
||
|
3656000
|
direct allocation
|
page read and write
|
||
|
41C7000
|
direct allocation
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
6040000
|
direct allocation
|
page read and write
|
||
|
8FB000
|
stack
|
page read and write
|
||
|
1B8B000
|
unkown
|
page readonly
|
There are 470 hidden memdumps, click here to show them.