IOC Report

loading gif

Files

File Path
Type
Category
Malicious
knigger.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_88c9a135c9b22294e84c86e44fa262283b2da9a_82810a17_122904ea\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF4EC.tmp.dmp
Mini DuMP crash report, 14 streams, Wed Feb 2 23:42:46 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF8A6.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFA2E.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
MS Windows registry file, NT/2000 or above
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\knigger.dll",#1
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\knigger.dll",#1
 malicious
C:\Windows\System32\loaddll32.exe
loaddll32.exe "C:\Users\user\Desktop\knigger.dll"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 700

URLs

Name
IP
Malicious
http://upx.sf.net
unknown
http://www.kazanfirst.ruDVarFileInfo$
unknown

IPs

IP
Domain
Country
Malicious
188.214.241.242
unknown
Spain
malicious
93.104.209.107
unknown
Germany
malicious
144.91.122.100
unknown
Germany
malicious
5.189.190.214
unknown
Germany
malicious

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHivePermissionsCorrect
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHiveOwnerCorrect
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
ProgramId
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
FileId
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
LowerCaseLongPath
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
LongPathHash
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Name
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Publisher
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Version
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
BinFileVersion
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
BinaryType
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
ProductName
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
ProductVersion
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
LinkDate
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
BinProductVersion
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Size
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Language
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
IsPeFile
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
IsOsComponent
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
ExceptionRecord
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
ApplicationFlags
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
001880054D5B1D3E
There are 14 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
6F271000
unkown
page execute read
 malicious
6F271000
unkown
page execute read
 malicious
6F271000
unkown
page execute read
 malicious
1B1FEC5B000
unkown
page read and write
5B29B7E000
stack
page read and write
20D6A480000
unkown
page read and write
1B1FECAB000
unkown
page read and write
2D7D6B23000
heap
page read and write
331E000
trusted library allocation
page read and write
1B701483000
unkown
page read and write
1B1FEFC0000
trusted library allocation
page read and write
1B1FEC13000
unkown
page read and write
120E000
stack
page read and write
6F28F000
unkown
page readonly
22D6F755000
unkown
page read and write
1B7012E0000
heap
page read and write
33C3000
heap
page read and write
22D6EE54000
unkown
page read and write
57EE57B000
stack
page read and write
22D6EEF8000
unkown
page read and write
57EE677000
stack
page read and write
22D6FC02000
unkown
page read and write
1ED5800D000
heap
page read and write
22D6EEE8000
unkown
page read and write
33C3000
heap
page read and write
22D6EEB1000
unkown
page read and write
32B0000
trusted library allocation
page read and write
6F28D000
unkown
page read and write
1B1FEF00000
trusted library allocation
page read and write
1B701413000
unkown
page read and write
33A0000
heap
page read and write
1B701488000
unkown
page read and write
20D6A500000
unkown
page read and write
91B597B000
stack
page read and write
91B517B000
stack
page read and write
1B1F9890000
unkown
page read and write
20D6A270000
heap
page read and write
6F28A000
unkown
page readonly
22D6F79B000
unkown
page read and write
1ED57FC8000
heap
page read and write
22D6F77B000
unkown
page read and write
20D6A200000
heap
page read and write
5B29D7F000
stack
page read and write
6F270000
unkown
page readonly
1B70144D000
unkown
page read and write
1B1FA015000
unkown
page read and write
118E000
stack
page read and write
6F28F000
unkown
page readonly
1B1FEF34000
trusted library allocation
page read and write
1DD04BB000
stack
page read and write
22D6F77D000
unkown
page read and write
2D7D6900000
unkown
page read and write
22D6F778000
unkown
page read and write
85D907F000
stack
page read and write
E45617E000
stack
page read and write
1B1FAB80000
trusted library allocation
page read and write
22D6F7CE000
unkown
page read and write
1B1FEBE0000
trusted library allocation
page read and write
1ED581E0000
heap
page readonly
1A01D500000
unkown
page read and write
6F28D000
unkown
page read and write
1A01DC02000
unkown
page read and write
1B1F9FF0000
trusted library allocation
page read and write
1B1F9FE3000
trusted library allocation
page read and write
1ED58200000
trusted library allocation
page read and write
22D6EE84000
unkown
page read and write
5B29A78000
stack
page read and write
1B1FEBF0000
trusted library allocation
page read and write
1ED57FB0000
trusted library allocation
page read and write
1B1F98A7000
unkown
page read and write
6F501000
unkown
page execute read
91B587F000
stack
page read and write
22D6F786000
unkown
page read and write
22D6F76D000
unkown
page read and write
1A01D465000
unkown
page read and write
1B1FEC0A000
unkown
page read and write
23D264A5000
heap
page read and write
32AF000
stack
page read and write
22D6F797000
unkown
page read and write
2D7D6F13000
unkown
page read and write
1B1F9856000
unkown
page read and write
1B1FEF08000
trusted library allocation
page read and write
4AADB7A000
stack
page read and write
32AF000
stack
page read and write
1B1FF020000
trusted library allocation
page read and write
22D6F77F000
unkown
page read and write
3390000
heap
page read and write
22D6F78A000
unkown
page read and write
22D6F784000
unkown
page read and write
2D7D6A00000
unkown
page read and write
4AADE7E000
stack
page read and write
1B1FA002000
unkown
page read and write
23D25F90000
heap
page read and write
1B1FF010000
trusted library allocation
page read and write
22D6EF02000
unkown
page read and write
22D6EC40000
heap
page read and write
94B000
heap
page read and write
1A01D49D000
unkown
page read and write
22D6F784000
unkown
page read and write
4C70000
heap
page read and write
1B1F9813000
unkown
page read and write
57EE47B000
stack
page read and write
1B1FF050000
trusted library allocation
page read and write
22D6EE3C000
unkown
page read and write
1B1FEC40000
unkown
page read and write
22D6F797000
unkown
page read and write
22D6F785000
unkown
page read and write
1B1F9790000
unkown
page read and write
1B1FF050000
remote allocation
page read and write
1B1FEBF0000
trusted library allocation
page read and write
1DD09FB000
stack
page read and write
1ED57F00000
heap
page read and write
85D8D7B000
stack
page read and write
22D6F774000
unkown
page read and write
1B1FEC63000
unkown
page read and write
22D6F778000
unkown
page read and write
33A0000
heap
page read and write
1B1F9925000
unkown
page read and write
22D6F783000
unkown
page read and write
1A01D45E000
unkown
page read and write
20D6A413000
unkown
page read and write
22D6F786000
unkown
page read and write
22D6EE57000
unkown
page read and write
32AF000
stack
page read and write
23D261E7000
heap
page read and write
1DD0A7E000
stack
page read and write
1B1FECFA000
unkown
page read and write
1110000
trusted library allocation
page read and write
22D6F4C0000
remote allocation
page read and write
22D6F7A9000
unkown
page read and write
32B0000
trusted library allocation
page read and write
1B70144B000
unkown
page read and write
22D6EE00000
unkown
page read and write
D30000
unkown
page read and write
22D6F7CE000
unkown
page read and write
1B1F9876000
unkown
page read and write
1B1F98B9000
unkown
page read and write
22D6FC63000
unkown
page read and write
DDB000
stack
page read and write
91B567A000
stack
page read and write
1DD0D7F000
stack
page read and write
20D6A465000
unkown
page read and write
22D6F71D000
unkown
page read and write
23D261E0000
heap
page read and write
E4564F9000
stack
page read and write
1B1FEC00000
unkown
page read and write
4CDDDAC000
stack
page read and write
1B1F9620000
heap
page read and write
22D6FC00000
unkown
page read and write
1B1FEF20000
trusted library allocation
page read and write
1B1F9800000
unkown
page read and write
22D6F766000
unkown
page read and write
22D6EEC5000
unkown
page read and write
1DD05BE000
stack
page read and write
22D6F602000
unkown
page read and write
22D6F787000
unkown
page read and write
2D7D6E13000
unkown
page read and write
1B701508000
unkown
page read and write
1ED58D70000
trusted library allocation
page read and write
91B5CFD000
stack
page read and write
1A01D460000
unkown
page read and write
2D7D6A02000
unkown
page read and write
2D7D6A6C000
unkown
page read and write
57EE27B000
stack
page read and write
1B701500000
unkown
page read and write
1B701449000
unkown
page read and write
1B1F9FE0000
trusted library allocation
page read and write
1ED58005000
heap
page read and write
1B1FA000000
unkown
page read and write
11A0000
trusted library allocation
page execute and read and write
22D6F76E000
unkown
page read and write
2D7D6A0D000
unkown
page read and write
22D6F700000
unkown
page read and write
22D6EE4A000
unkown
page read and write
20D6A508000
unkown
page read and write
1B1FA600000
trusted library allocation
page read and write
11A0000
trusted library allocation
page execute and read and write
22D6F78A000
unkown
page read and write
6F270000
unkown
page readonly
1B1FECEF000
unkown
page read and write
20D6A429000
unkown
page read and write
22D6F756000
unkown
page read and write
22D6EEAC000
unkown
page read and write
5B29977000
stack
page read and write
22D6EEE0000
unkown
page read and write
6F28A000
unkown
page readonly
22D6F77D000
unkown
page read and write
22D6F7B3000
unkown
page read and write
33AA000
heap
page read and write
1B70145E000
unkown
page read and write
57EE77F000
stack
page read and write
22D6F76D000
unkown
page read and write
22D6F784000
unkown
page read and write
2D7D6B00000
unkown
page read and write
33AA000
heap
page read and write
1A01D390000
unkown
page read and write
124E000
stack
page read and write
22D6F766000
unkown
page read and write
1DD0C7F000
stack
page read and write
22D6F76C000
unkown
page read and write
23D26207000
heap
page read and write
1B1F9874000
unkown
page read and write
4C40000
remote allocation
page read and write
23D260E0000
heap
page read and write
1B701513000
unkown
page read and write
5B29CFE000
stack
page read and write
1ED5800D000
heap
page read and write
1B1FEC98000
unkown
page read and write
DDB000
stack
page read and write
D9C000
stack
page read and write
20D6A46E000
unkown
page read and write
22D6F784000
unkown
page read and write
22D6EE53000
unkown
page read and write
20D6A491000
unkown
page read and write
22D6F7CF000
unkown
page read and write
1110000
trusted library allocation
page read and write
20D6AC02000
unkown
page read and write
1ED58AE0000
trusted library allocation
page read and write
6F504000
unkown
page execute read
20D6A460000
unkown
page read and write
120E000
stack
page read and write
22D6EF13000
unkown
page read and write
1B701400000
unkown
page read and write
4CDE2FB000
stack
page read and write
124E000
stack
page read and write
20D6A513000
unkown
page read and write
1B1FECFD000
unkown
page read and write
1B1F9902000
unkown
page read and write
85D8A7B000
stack
page read and write
1B1FA159000
unkown
page read and write
91B5578000
stack
page read and write
1ED581F9000
heap
page read and write
1A01D290000
heap
page read and write
E455D8D000
stack
page read and write
120E000
stack
page read and write
32B0000
trusted library allocation
page read and write
2D7D6A28000
unkown
page read and write
22D6F797000
unkown
page read and write
22D6F795000
unkown
page read and write
23D26210000
heap
page read and write
1B701350000
heap
page read and write
4C70000
heap
page read and write
22D6F4C0000
remote allocation
page read and write
22D6F76C000
unkown
page read and write
22D6F786000
unkown
page read and write
85D8C7B000
stack
page read and write
23D261F7000
heap
page read and write
22D6EE47000
unkown
page read and write
22D6F789000
unkown
page read and write
1B1FF050000
remote allocation
page read and write
1B701448000
unkown
page read and write
4ED0000
heap
page read and write
1B701502000
unkown
page read and write
22D6F77D000
unkown
page read and write
23D26210000
heap
page read and write
1B1FF030000
trusted library allocation
page read and write
1ED58D10000
trusted library allocation
page read and write
2D7D6E02000
unkown
page read and write
22D6F7A8000
unkown
page read and write
22D6F78E000
unkown
page read and write
22D6EC30000
heap
page read and write
22D6F766000
unkown
page read and write
1DD0B77000
stack
page read and write
91B5FFC000
stack
page read and write
1B1F9878000
unkown
page read and write
1ED57F70000
trusted library allocation
page read and write
22D6F788000
unkown
page read and write
22D6F795000
unkown
page read and write
1B1FECFB000
unkown
page read and write
20D6A370000
unkown
page read and write
1B1FEFE0000
trusted library allocation
page read and write
22D6F784000
unkown
page read and write
1A01D502000
unkown
page read and write
6F28D000
unkown
page read and write
1B1FECDE000
unkown
page read and write
940000
heap
page read and write
1B1F988C000
unkown
page read and write
1B70144C000
unkown
page read and write
22D6EE13000
unkown
page read and write
118E000
stack
page read and write
1B1FEBD0000
trusted library allocation
page read and write
22D6F774000
unkown
page read and write
22D6F7AF000
unkown
page read and write
1B1F9630000
heap
page read and write
1ED581F0000
heap
page read and write
22D6FC02000
unkown
page read and write
6F270000
unkown
page readonly
20D6A486000
unkown
page read and write
22D6F78A000
unkown
page read and write
20D6A46E000
unkown
page read and write
91B61FF000
stack
page read and write
1B1FEF00000
trusted library allocation
page read and write
4ED0000
trusted library allocation
page read and write
22D6F784000
unkown
page read and write
22D6F76C000
unkown
page read and write
D30000
unkown
page read and write
4AADFFE000
stack
page read and write
DDB000
stack
page read and write
2D7D6A13000
unkown
page read and write
1B1F9690000
heap
page read and write
1ED5800D000
heap
page read and write
4AADBFE000
stack
page read and write
D30000
heap
page read and write
22D6F789000
unkown
page read and write
22D6F788000
unkown
page read and write
23D264A0000
heap
page read and write
2D7D6B02000
unkown
page read and write
22D6F757000
unkown
page read and write
22D6EE29000
unkown
page read and write
23D26210000
heap
page read and write
22D6F784000
unkown
page read and write
22D6EE89000
unkown
page read and write
118E000
stack
page read and write
540000
heap
page read and write
91B5E7F000
stack
page read and write
1B1F986E000
unkown
page read and write
22D6F787000
unkown
page read and write
5B2936C000
stack
page read and write
22D6EE60000
unkown
page read and write
1B701402000
unkown
page read and write
1B1F98FB000
unkown
page read and write
1A01D429000
unkown
page read and write
2D7D6960000
heap
page read and write
22D6F797000
unkown
page read and write
1B1FED02000
unkown
page read and write
22D6F4C0000
remote allocation
page read and write
1A01D400000
unkown
page read and write
1B1FECFA000
unkown
page read and write
1DD08FC000
stack
page read and write
20D6A502000
unkown
page read and write
5B2967E000
stack
page read and write
23D261EA000
heap
page read and write
22D6F7D6000
unkown
page read and write
1A01D508000
unkown
page read and write
1B1FEC60000
unkown
page read and write
1B1FEFC0000
trusted library allocation
page read and write
1B70142A000
unkown
page read and write
85D8AFE000
stack
page read and write
22D6F799000
unkown
page read and write
1A01D513000
unkown
page read and write
11A0000
trusted library allocation
page execute and read and write
1B1FA118000
unkown
page read and write
1ED581F5000
heap
page read and write
2D7D6B15000
unkown
page read and write
1110000
trusted library allocation
page read and write
20D6A400000
unkown
page read and write
22D6F77F000
unkown
page read and write
33A0000
heap
page read and write
1A01D220000
heap
page read and write
22D6F796000
unkown
page read and write
11C0000
heap
page read and write
1B1FF180000
trusted library allocation
page read and write
23D26218000
heap
page read and write
1B1FECF5000
unkown
page read and write
22D6EEBF000
unkown
page read and write
1B1FF140000
trusted library allocation
page read and write
5F0000
trusted library allocation
page read and write
1B1FA159000
unkown
page read and write
1B7012F0000
heap
page read and write
22D6EE70000
unkown
page read and write
22D6EE56000
unkown
page read and write
22D6EE50000
unkown
page read and write
22D6F7B3000
unkown
page read and write
4AADEFF000
stack
page read and write
23D26218000
heap
page read and write
22D6F774000
unkown
page read and write
124E000
stack
page read and write
22D6FC02000
unkown
page read and write
1B1FEF21000
trusted library allocation
page read and write
1B70145E000
unkown
page read and write
22D6EF16000
unkown
page read and write
4CDE1F9000
stack
page read and write
2D7D6F02000
unkown
page read and write
1A01D45A000
unkown
page read and write
4C70000
heap
page read and write
23D261F2000
heap
page read and write
23D2621C000
heap
page read and write
5B29C78000
stack
page read and write
1DD053E000
stack
page read and write
20D6A402000
unkown
page read and write
1B1FEC2A000
unkown
page read and write
4ED0000
trusted library allocation
page read and write
1B1F983D000
unkown
page read and write
2D7D6A21000
unkown
page read and write
1B1FA100000
unkown
page read and write
57EE37E000
stack
page read and write
22D6EE51000
unkown
page read and write
6F500000
unkown
page readonly
22D6EE58000
unkown
page read and write
1B1FF050000
remote allocation
page read and write
4AADF79000
stack
page read and write
22D6EE4D000
unkown
page read and write
1B1FEF0E000
trusted library allocation
page read and write
22D6F788000
unkown
page read and write
6F508000
unkown
page readonly
22D6F77E000
unkown
page read and write
23D2621D000
heap
page read and write
5B29877000
stack
page read and write
22D6F7A8000
unkown
page read and write
1ED57DA0000
heap
page read and write
1B70143C000
unkown
page read and write
57EE87F000
stack
page read and write
1B1FA113000
unkown
page read and write
22D6F7B4000
unkown
page read and write
22D6EED3000
unkown
page read and write
6F28F000
unkown
page readonly
D9C000
stack
page read and write
22D6EDA0000
unkown
page read and write
331E000
trusted library allocation
page read and write
3390000
heap
page read and write
22D6F784000
unkown
page read and write
22D6F76C000
unkown
page read and write
22D6EEA7000
unkown
page read and write
1B1FEC37000
unkown
page read and write
1B1F9829000
unkown
page read and write
1A01D426000
unkown
page read and write
1B1FED00000
unkown
page read and write
1ED58D20000
trusted library allocation
page read and write
23D261F7000
heap
page read and write
1B1FEC4D000
unkown
page read and write
1ED57FD1000
heap
page read and write
22D6F76D000
unkown
page read and write
1B1FA104000
unkown
page read and write
22D6F779000
unkown
page read and write
6F57F000
unkown
page readonly
22D6F7CF000
unkown
page read and write
1B1FEF20000
trusted library allocation
page read and write
85D8B7E000
stack
page read and write
4CDE17C000
stack
page read and write
1B1F9902000
unkown
page read and write
22D6F784000
unkown
page read and write
8FD000
stack
page read and write
11C0000
heap
page read and write
20D6A45D000
unkown
page read and write
22D6EEA0000
unkown
page read and write
22D6F7B9000
unkown
page read and write
1B1F9895000
unkown
page read and write
20D6A45A000
unkown
page read and write
23D26217000
heap
page read and write
1B1F98A7000
unkown
page read and write
33C3000
heap
page read and write
22D6EF08000
unkown
page read and write
20D6A43C000
unkown
page read and write
22D6F7A8000
unkown
page read and write
331E000
trusted library allocation
page read and write
3390000
heap
page read and write
22D6F7B7000
unkown
page read and write
1B1F9897000
unkown
page read and write
22D6F77C000
unkown
page read and write
1A01D47D000
unkown
page read and write
22D6EE4B000
unkown
page read and write
2D7D6F00000
unkown
page read and write
23D260C0000
heap
page read and write
1B701380000
unkown
page read and write
23D261EE000
heap
page read and write
22D6F784000
unkown
page read and write
22D6EE48000
unkown
page read and write
1B1FECAE000
unkown
page read and write
1B1FA118000
unkown
page read and write
1B701470000
unkown
page read and write
1A01D230000
heap
page read and write
1ED57F80000
trusted library allocation
page read and write
22D6FC02000
unkown
page read and write
22D6F78B000
unkown
page read and write
1B1FF000000
trusted library allocation
page read and write
1ED57FC0000
heap
page read and write
85D8F7F000
stack
page read and write
22D6F786000
unkown
page read and write
1B1FEFC0000
trusted library allocation
page read and write
1B1F98FB000
unkown
page read and write
11C0000
heap
page read and write
1ED57F90000
trusted library allocation
page read and write
22D6F715000
unkown
page read and write
22D6F77D000
unkown
page read and write
22D6EE49000
unkown
page read and write
1B1F9907000
unkown
page read and write
1B1FEF30000
trusted library allocation
page read and write
5AC000
stack
page read and write
20D6A210000
heap
page read and write
1B1FA102000
unkown
page read and write
1B701C02000
unkown
page read and write
1B1F988A000
unkown
page read and write
22D6F74A000
unkown
page read and write
22D6F784000
unkown
page read and write
AA0000
heap
page read and write
2D7D6A3C000
unkown
page read and write
4CDE27E000
stack
page read and write
6F28A000
unkown
page readonly
1ED57EE0000
heap
page read and write
1B1FECDB000
unkown
page read and write
91B577B000
stack
page read and write
1ED57DB0000
trusted library allocation
page read and write
1A01D43C000
unkown
page read and write
1B1FEF24000
trusted library allocation
page read and write
22D6EE4E000
unkown
page read and write
1B70144F000
unkown
page read and write
1A01D413000
unkown
page read and write
D9C000
stack
page read and write
1B1FA700000
trusted library allocation
page read and write
22D6F778000
unkown
page read and write
23D26206000
heap
page read and write
4C40000
remote allocation
page read and write
6F578000
unkown
page write copy
33AA000
heap
page read and write
22D6F713000
unkown
page read and write
22D6F79B000
unkown
page read and write
22D6ECA0000
heap
page read and write
2D7D68F0000
heap
page read and write
22D6F76A000
unkown
page read and write
22D6F77D000
unkown
page read and write
85D8E77000
stack
page read and write
57EE2FE000
stack
page read and write
22D6EE60000
unkown
page read and write
5B293EE000
stack
page read and write
22D6F7C8000
unkown
page read and write
There are 505 hidden memdumps, click here to show them.