IOC Report

loading gif

Files

File Path
Type
Category
Malicious
knigger.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_88c9a135c9b22294e84c86e44fa262283b2da9a_82810a17_12540027\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER79C1.tmp.dmp
Mini DuMP crash report, 14 streams, Wed Feb 2 23:52:35 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7F40.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8135.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
MS Windows registry file, NT/2000 or above
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_88c9a135c9b22294e84c86e44fa262283b2da9a_82810a17_122904ea\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF4EC.tmp.dmp
Mini DuMP crash report, 14 streams, Wed Feb 2 23:42:46 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF8A6.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFA2E.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\knigger.dll",#1
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\knigger.dll",#1
 malicious
C:\Windows\System32\loaddll32.exe
loaddll32.exe "C:\Users\user\Desktop\knigger.dll"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 696
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 700

URLs

Name
IP
Malicious
http://upx.sf.net
unknown
http://www.kazanfirst.ruDVarFileInfo$
unknown

IPs

IP
Domain
Country
Malicious
188.214.241.242
unknown
Spain
malicious
93.104.209.107
unknown
Germany
malicious
144.91.122.100
unknown
Germany
malicious
5.189.190.214
unknown
Germany
malicious

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHivePermissionsCorrect
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHiveOwnerCorrect
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
ProgramId
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
FileId
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
LowerCaseLongPath
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
LongPathHash
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Name
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Publisher
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Version
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
BinFileVersion
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
BinaryType
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
ProductName
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
ProductVersion
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
LinkDate
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
BinProductVersion
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Size
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Language
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
IsPeFile
\REGISTRY\A\{38982dfb-1a08-ba7a-64bc-8c6ec4a428be}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
IsOsComponent
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
ExceptionRecord
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
ApplicationFlags
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
0018C0047F295E48
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
ProgramId
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
FileId
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
LowerCaseLongPath
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
LongPathHash
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Name
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Publisher
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Version
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
BinFileVersion
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
BinaryType
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
ProductName
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
ProductVersion
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
LinkDate
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
BinProductVersion
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Size
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Language
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
IsPeFile
\REGISTRY\A\{0b841a5e-a088-d05c-585d-1a4e7d166f9e}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
IsOsComponent
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
001880054D5B1D3E
There are 32 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
6ED81000
unkown
page execute read
 malicious
26D03300000
unkown
page read and write
6F014000
unkown
page execute read
20571BB8000
heap
page read and write
1E7F2475000
unkown
page read and write
21492913000
unkown
page read and write
1CA1A500000
unkown
page read and write
1C2E525B000
unkown
page read and write
7CBA179000
stack
page read and write
1CA199E0000
heap
page read and write
6F018000
unkown
page readonly
1CA1A518000
unkown
page read and write
1C2E5255000
unkown
page read and write
26D03388000
unkown
page read and write
12550802000
unkown
page read and write
273D5E71000
unkown
page read and write
87B18FF000
stack
page read and write
26D031A0000
remote allocation
page read and write
A96DBCD000
stack
page read and write
223FFB000
stack
page read and write
EA3E27F000
stack
page read and write
26D033A7000
unkown
page read and write
12550280000
unkown
page read and write
1E7F2430000
unkown
page read and write
1CA1F219000
unkown
page read and write
1CA1F260000
unkown
page read and write
1CA1F410000
remote allocation
page read and write
1255024E000
unkown
page read and write
1CA1F0F0000
trusted library allocation
page read and write
1CA1F2F8000
unkown
page read and write
19D50B00000
unkown
page read and write
21493100000
unkown
page read and write
29451502000
unkown
page read and write
1CA199F0000
heap
page read and write
1CA19D02000
unkown
page read and write
26D033B1000
unkown
page read and write
1C2E5100000
heap
page read and write
A96DF7E000
stack
page read and write
26D033B4000
unkown
page read and write
29451475000
unkown
page read and write
26D0338B000
unkown
page read and write
223E7F000
stack
page read and write
1CA1F2FC000
unkown
page read and write
1F220913000
unkown
page read and write
1F220879000
unkown
page read and write
26D033D7000
unkown
page read and write
1CA19D02000
unkown
page read and write
1F220813000
unkown
page read and write
7CBA0FF000
stack
page read and write
1CA1F2DE000
unkown
page read and write
273D5E00000
unkown
page read and write
20571DE0000
trusted library allocation
page read and write
273D5DE0000
unkown
page read and write
87B1C7A000
stack
page read and write
A96DEFE000
stack
page read and write
20571BFC000
heap
page read and write
26D03363000
unkown
page read and write
26D02A8C000
unkown
page read and write
1F220841000
unkown
page read and write
26D03370000
unkown
page read and write
273D5D40000
heap
page read and write
1E7F244D000
unkown
page read and write
26D03396000
unkown
page read and write
9CBB67E000
stack
page read and write
26D02A00000
unkown
page read and write
26D0338C000
unkown
page read and write
26D0336E000
unkown
page read and write
26D02AC3000
unkown
page read and write
ABF447D000
stack
page read and write
ABF3FBC000
stack
page read and write
26D02AA5000
unkown
page read and write
1C2E5259000
unkown
page read and write
FF93BFE000
stack
page read and write
5FC82FB000
stack
page read and write
2149283D000
unkown
page read and write
26D033A5000
unkown
page read and write
26D02A4E000
unkown
page read and write
13AB000
heap
page read and write
1F22086B000
unkown
page read and write
19D50A4E000
unkown
page read and write
26D02980000
heap
page read and write
9CBB477000
stack
page read and write
26D03863000
unkown
page read and write
1254FFC0000
heap
page read and write
456E000
trusted library allocation
page read and write
1CA1F0B0000
trusted library allocation
page read and write
2BA3000
heap
page read and write
214928E6000
unkown
page read and write
1CA1F2A6000
unkown
page read and write
87B1B7F000
stack
page read and write
1CA1F200000
trusted library allocation
page read and write
29451448000
unkown
page read and write
12550313000
unkown
page read and write
1E7F2400000
unkown
page read and write
26D02A5B000
unkown
page read and write
26D02B08000
unkown
page read and write
16099FD000
stack
page read and write
9CBB37B000
stack
page read and write
2794CDB0000
heap
page read and write
26D02A39000
unkown
page read and write
FF940FC000
stack
page read and write
ABF43FC000
stack
page read and write
EA3D6FB000
stack
page read and write
1CA19C3D000
unkown
page read and write
26D033D1000
unkown
page read and write
26D02A29000
unkown
page read and write
19D50A48000
unkown
page read and write
87B19FA000
stack
page read and write
1CA1F2F8000
unkown
page read and write
A96DB4E000
stack
page read and write
1E7F247C000
unkown
page read and write
21492780000
unkown
page read and write
26D02B16000
unkown
page read and write
1CA19CFC000
unkown
page read and write
9CBB0FE000
stack
page read and write
1CA1A3C0000
trusted library allocation
page read and write
ABF487F000
stack
page read and write
ABF477F000
stack
page read and write
2243FE000
stack
page read and write
26D02AC0000
unkown
page read and write
7CBA07F000
stack
page read and write
1CA1F0D4000
trusted library allocation
page read and write
2945143C000
unkown
page read and write
5FC7D4B000
stack
page read and write
26D03802000
unkown
page read and write
32958F7000
stack
page read and write
1CA1F1C0000
trusted library allocation
page read and write
294513B0000
unkown
page read and write
12550308000
unkown
page read and write
26D02A3C000
unkown
page read and write
26D03367000
unkown
page read and write
1E7F2441000
unkown
page read and write
29451C02000
unkown
page read and write
1C2E5A02000
unkown
page read and write
26D03370000
unkown
page read and write
29451513000
unkown
page read and write
1CA1AA00000
trusted library allocation
page read and write
273D5E5C000
unkown
page read and write
1E7F247B000
unkown
page read and write
26D03819000
unkown
page read and write
26D033D1000
unkown
page read and write
2B7E000
stack
page read and write
26D03802000
unkown
page read and write
1CA1AAF0000
trusted library allocation
page read and write
26D02AAF000
unkown
page read and write
21492800000
unkown
page read and write
20571BF4000
heap
page read and write
1E7F2485000
unkown
page read and write
20571E50000
trusted library allocation
page read and write
26D03372000
unkown
page read and write
1C2E5110000
heap
page read and write
2945144E000
unkown
page read and write
1CA1F1D0000
trusted library allocation
page read and write
26D03322000
unkown
page read and write
26D02AA7000
unkown
page read and write
A7C9FE000
stack
page read and write
12550250000
unkown
page read and write
EA3DC7E000
stack
page read and write
2794D041000
unkown
page read and write
205729C0000
trusted library allocation
page read and write
1CA19C71000
unkown
page read and write
1E7F246A000
unkown
page read and write
26D02A5A000
unkown
page read and write
20571E00000
trusted library allocation
page read and write
1255028C000
unkown
page read and write
26D02920000
heap
page read and write
26D02A58000
unkown
page read and write
1F220900000
unkown
page read and write
1C2E5213000
unkown
page read and write
26D03394000
unkown
page read and write
1E7F244B000
unkown
page read and write
FF936DB000
stack
page read and write
1CA1F2DB000
unkown
page read and write
18819FF2000
heap
page read and write
2240FB000
stack
page read and write
1E7F246E000
unkown
page read and write
FF93B7E000
stack
page read and write
4500000
trusted library allocation
page read and write
2794CDA0000
heap
page read and write
12550300000
unkown
page read and write
7CB9CEA000
stack
page read and write
26D03396000
unkown
page read and write
26D02910000
heap
page read and write
1CA19A50000
heap
page read and write
6ED9A000
unkown
page readonly
29451250000
heap
page read and write
1C2E5260000
unkown
page read and write
1CA19C8E000
unkown
page read and write
29451400000
unkown
page read and write
19D50A93000
unkown
page read and write
2794D5A0000
remote allocation
page read and write
29451413000
unkown
page read and write
5FC83FE000
stack
page read and write
1CA1F4F0000
trusted library allocation
page read and write
1CA1F0B8000
trusted library allocation
page read and write
26D03385000
unkown
page read and write
1E7F22C0000
heap
page read and write
20571BFC000
heap
page read and write
26D02A4F000
unkown
page read and write
1CA1F2A3000
unkown
page read and write
160915B000
stack
page read and write
2945142A000
unkown
page read and write
134C3FE000
stack
page read and write
3295CFB000
stack
page read and write
32954EB000
stack
page read and write
19D50840000
heap
page read and write
2794D102000
unkown
page read and write
1CA1F0E0000
trusted library allocation
page read and write
1F2206E0000
heap
page read and write
1C2E5170000
heap
page read and write
1CA1A518000
unkown
page read and write
12550271000
unkown
page read and write
26D031A0000
remote allocation
page read and write
1C2E5300000
unkown
page read and write
1E7F2478000
unkown
page read and write
6F010000
unkown
page readonly
26D03374000
unkown
page read and write
26D03397000
unkown
page read and write
1E7F243E000
unkown
page read and write
29451480000
unkown
page read and write
26D0334B000
unkown
page read and write
1609A7C000
stack
page read and write
1CA19C13000
unkown
page read and write
26D0336E000
unkown
page read and write
1C2E5265000
unkown
page read and write
29451453000
unkown
page read and write
26D02A13000
unkown
page read and write
EA3E07F000
stack
page read and write
19D50A75000
unkown
page read and write
26D02A4C000
unkown
page read and write
1E7F2464000
unkown
page read and write
26D03396000
unkown
page read and write
1881A260000
heap
page read and write
2945146F000
unkown
page read and write
1CA1A400000
unkown
page read and write
26D03390000
unkown
page read and write
29451474000
unkown
page read and write
1CA1F530000
trusted library allocation
page read and write
18819FE7000
heap
page read and write
1CA19C9E000
unkown
page read and write
1CA19BF0000
trusted library allocation
page read and write
19D50A4B000
unkown
page read and write
A96DFF9000
stack
page read and write
20571A40000
heap
page read and write
2149282A000
unkown
page read and write
273D5DB0000
heap
page read and write
21493112000
unkown
page read and write
A7C7FE000
stack
page read and write
19D50A9B000
unkown
page read and write
48A0000
heap
page read and write
1CA1F180000
trusted library allocation
page read and write
1CA1F243000
unkown
page read and write
1F220802000
unkown
page read and write
1CA1F1F0000
trusted library allocation
page read and write
1CA1F1E0000
trusted library allocation
page read and write
26D02B02000
unkown
page read and write
1CA1F0F4000
trusted library allocation
page read and write
1E7F242E000
unkown
page read and write
2794D602000
unkown
page read and write
EA3E47F000
stack
page read and write
1E7F2250000
heap
page read and write
134BE7F000
stack
page read and write
26D03390000
unkown
page read and write
26D02B13000
unkown
page read and write
1CA19C00000
unkown
page read and write
ABF42FE000
stack
page read and write
26D02A54000
unkown
page read and write
273D5F13000
unkown
page read and write
2242FE000
stack
page read and write
1CA19CA4000
unkown
page read and write
2D3E000
stack
page read and write
A96DACC000
stack
page read and write
1CA19C56000
unkown
page read and write
27AB000
stack
page read and write
134C0FB000
stack
page read and write
26D03394000
unkown
page read and write
6ED9D000
unkown
page read and write
2794D034000
unkown
page read and write
FC0000
trusted library allocation
page read and write
1CA1F2F5000
unkown
page read and write
1CA1A402000
unkown
page read and write
26D0337F000
unkown
page read and write
FF93F7D000
stack
page read and write
18819FE0000
heap
page read and write
1CA1F0D1000
trusted library allocation
page read and write
134C1F7000
stack
page read and write
1CA1EFA0000
trusted library allocation
page read and write
2945144B000
unkown
page read and write
21492902000
unkown
page read and write
12550213000
unkown
page read and write
1E7F2444000
unkown
page read and write
214928BA000
unkown
page read and write
26D02A4A000
unkown
page read and write
2A60000
heap
page read and write
26D03388000
unkown
page read and write
1C2E5313000
unkown
page read and write
A7CAFF000
stack
page read and write
1C2E522A000
unkown
page read and write
1CA19C29000
unkown
page read and write
1E7F246C000
unkown
page read and write
26D03388000
unkown
page read and write
EA3E17F000
stack
page read and write
26D03396000
unkown
page read and write
29451240000
heap
page read and write
87B147E000
stack
page read and write
2794D5A0000
remote allocation
page read and write
26D031A0000
remote allocation
page read and write
19D50A47000
unkown
page read and write
26D02A51000
unkown
page read and write
7CBA1FF000
stack
page read and write
2CBE000
stack
page read and write
1E7F2465000
unkown
page read and write
1CA19CA9000
unkown
page read and write
1609E7E000
stack
page read and write
87B157C000
stack
page read and write
1CA19C7A000
unkown
page read and write
1CA19D16000
unkown
page read and write
1881A265000
heap
page read and write
1C2E5279000
unkown
page read and write
FF93CFF000
stack
page read and write
1E7F2451000
unkown
page read and write
6ED80000
unkown
page readonly
26D02A70000
unkown
page read and write
9CBB17E000
stack
page read and write
26D03394000
unkown
page read and write
87B15FE000
stack
page read and write
26D02AE3000
unkown
page read and write
EA3DAFB000
stack
page read and write
20571CB0000
heap
page read and write
12550302000
unkown
page read and write
12550200000
unkown
page read and write
EA3DF7D000
stack
page read and write
1E7F2445000
unkown
page read and write
18819EE0000
heap
page read and write
26D02A4B000
unkown
page read and write
1E7F2430000
unkown
page read and write
1CA1F2FB000
unkown
page read and write
7CB9D6E000
stack
page read and write
1CA1A559000
unkown
page read and write
2794D013000
unkown
page read and write
160957C000
stack
page read and write
7CBA27D000
stack
page read and write
12FD000
stack
page read and write
160987F000
stack
page read and write
1E7F2450000
unkown
page read and write
19D50A51000
unkown
page read and write
FF93DFD000
stack
page read and write
26D03394000
unkown
page read and write
1CA1A502000
unkown
page read and write
273D5E78000
unkown
page read and write
19D50B13000
unkown
page read and write
12550229000
unkown
page read and write
21492750000
heap
page read and write
1E7F244E000
unkown
page read and write
19D508A0000
heap
page read and write
1CA1F2D8000
unkown
page read and write
1CA1F232000
unkown
page read and write
26D0336C000
unkown
page read and write
214928CB000
unkown
page read and write
160977F000
stack
page read and write
26D03383000
unkown
page read and write
1CA19C8C000
unkown
page read and write
3295DFB000
stack
page read and write
26D033C6000
unkown
page read and write
26D03802000
unkown
page read and write
1255024C000
unkown
page read and write
29451508000
unkown
page read and write
20571DF0000
trusted library allocation
page read and write
2B8A000
heap
page read and write
1CA1A504000
unkown
page read and write
1C2E5308000
unkown
page read and write
1CA19D07000
unkown
page read and write
18819F40000
heap
page read and write
214928C8000
unkown
page read and write
1C2E5302000
unkown
page read and write
1CA19C8A000
unkown
page read and write
87B117C000
stack
page read and write
26D03392000
unkown
page read and write
26D03396000
unkown
page read and write
1CA19C76000
unkown
page read and write
18819FF7000
heap
page read and write
FF93E7F000
stack
page read and write
134BEFF000
stack
page read and write
1C2E523C000
unkown
page read and write
6F088000
unkown
page write copy
1E7F2260000
heap
page read and write
1CA1F210000
trusted library allocation
page read and write
6ED9F000
unkown
page readonly
2794D061000
unkown
page read and write
26D03800000
unkown
page read and write
87B17F7000
stack
page read and write
9CBB27B000
stack
page read and write
1E7F2468000
unkown
page read and write
1609D7C000
stack
page read and write
1CA1F0D0000
trusted library allocation
page read and write
2241F7000
stack
page read and write
1F220829000
unkown
page read and write
214926F0000
heap
page read and write
21493002000
unkown
page read and write
6F08F000
unkown
page readonly
26D033C9000
unkown
page read and write
26D03396000
unkown
page read and write
EF0000
heap
page read and write
1CA19CFC000
unkown
page read and write
1CA1F410000
remote allocation
page read and write
273D5F02000
unkown
page read and write
1881A01F000
heap
page read and write
1F221002000
unkown
page read and write
20572780000
trusted library allocation
page read and write
4740000
heap
page read and write
273D5D50000
heap
page read and write
329647E000
stack
page read and write
19D50A3C000
unkown
page read and write
21492813000
unkown
page read and write
1F220902000
unkown
page read and write
26D0338C000
unkown
page read and write
223EFF000
stack
page read and write
1E7F2C02000
unkown
page read and write
12550790000
unkown
page read and write
1C2E525D000
unkown
page read and write
87B1A7F000
stack
page read and write
16098FC000
stack
page read and write
1CA19BE0000
trusted library allocation
page read and write
26D033A5000
unkown
page read and write
1E7F244F000
unkown
page read and write
1E7F2476000
unkown
page read and write
20572990000
trusted library allocation
page read and write
A7C3EE000
stack
page read and write
3296279000
stack
page read and write
1E7F247F000
unkown
page read and write
32959FD000
stack
page read and write
26D02AE6000
unkown
page read and write
1E7F2429000
unkown
page read and write
26D03202000
unkown
page read and write
19D50A71000
unkown
page read and write
2D50000
heap
page read and write
1E7F2442000
unkown
page read and write
87B16F7000
stack
page read and write
273D5E13000
unkown
page read and write
20571BFC000
heap
page read and write
21492888000
unkown
page read and write
2B80000
heap
page read and write
1C2E5200000
unkown
page read and write
2794D05D000
unkown
page read and write
F5D000
stack
page read and write
20571A50000
trusted library allocation
page read and write
26D03819000
unkown
page read and write
1CA1F2FC000
unkown
page read and write
26D0338A000
unkown
page read and write
26D03388000
unkown
page read and write
7CB9DEE000
stack
page read and write
2149286D000
unkown
page read and write
5FC85FF000
stack
page read and write
3295BFF000
stack
page read and write
1E7F2413000
unkown
page read and write
26D033C2000
unkown
page read and write
273D5E02000
unkown
page read and write
26D02AF6000
unkown
page read and write
26D03396000
unkown
page read and write
1CA1F0BE000
trusted library allocation
page read and write
2794D000000
unkown
page read and write
1CA19CA7000
unkown
page read and write
ABF4677000
stack
page read and write
18819F60000
heap
page read and write
20571BB0000
heap
page read and write
14D0000
heap
page read and write
1CA19BE3000
trusted library allocation
page read and write
134BFFB000
stack
page read and write
1881A00A000
heap
page read and write
26D029B0000
unkown
page read and write
19D50A29000
unkown
page read and write
27F0000
trusted library allocation
page read and write
1881A00B000
heap
page read and write
A7C8FE000
stack
page read and write
1CA19C93000
unkown
page read and write
1CA1A513000
unkown
page read and write
19D50B02000
unkown
page read and write
273D5E3D000
unkown
page read and write
1CA1F180000
trusted library allocation
page read and write
2CFE000
stack
page read and write
214926E0000
heap
page read and write
5FC84FB000
stack
page read and write
20571E49000
heap
page read and write
26D033AB000
unkown
page read and write
1609B7D000
stack
page read and write
1CA19B50000
unkown
page read and write
ABF427E000
stack
page read and write
273D5E29000
unkown
page read and write
20571B80000
heap
page read and write
19D50B08000
unkown
page read and write
1E7F242F000
unkown
page read and write
2700000
heap
page read and write
26D02A38000
unkown
page read and write
20572A10000
trusted library allocation
page read and write
19D509A0000
unkown
page read and write
1F220857000
unkown
page read and write
1CA1F225000
unkown
page read and write
1E7F2452000
unkown
page read and write
1CA1F200000
unkown
page read and write
273D5E68000
unkown
page read and write
3295AFA000
stack
page read and write
9CBB07C000
stack
page read and write
2794D002000
unkown
page read and write
1CA1F262000
unkown
page read and write
294512B0000
heap
page read and write
26D033B4000
unkown
page read and write
26D03316000
unkown
page read and write
1CA1F410000
remote allocation
page read and write
19D50A13000
unkown
page read and write
1C2E5283000
unkown
page read and write
20571E45000
heap
page read and write
1E7F2447000
unkown
page read and write
EA3DD7C000
stack
page read and write
87B11FE000
stack
page read and write
1CA1F180000
trusted library allocation
page read and write
1CA1F190000
trusted library allocation
page read and write
12550030000
heap
page read and write
1254FFD0000
heap
page read and write
1F2207E0000
unkown
page read and write
19D50A00000
unkown
page read and write
273D6602000
unkown
page read and write
26D03374000
unkown
page read and write
ABF457B000
stack
page read and write
1881A020000
heap
page read and write
1CA1A415000
unkown
page read and write
1E7F23C0000
unkown
page read and write
A7C36B000
stack
page read and write
29451500000
unkown
page read and write
2794CFE0000
unkown
page read and write
1E7F2449000
unkown
page read and write
13A0000
heap
page read and write
205729A0000
heap
page readonly
1CA1F0E0000
trusted library allocation
page read and write
19D50A54000
unkown
page read and write
1F220680000
heap
page read and write
134C2FF000
stack
page read and write
1CA1F2EF000
unkown
page read and write
26D02A9E000
unkown
page read and write
19D51202000
unkown
page read and write
2D40000
trusted library allocation
page execute and read and write
1E7F243B000
unkown
page read and write
20571E40000
heap
page read and write
1F220670000
heap
page read and write
26D03388000
unkown
page read and write
1CA1F0B0000
trusted library allocation
page read and write
1CA1F250000
unkown
page read and write
1CA1F2AD000
unkown
page read and write
1F220800000
unkown
page read and write
1E7F242C000
unkown
page read and write
205729B0000
trusted library allocation
page read and write
26D02A52000
unkown
page read and write
19D50830000
heap
page read and write
276C000
stack
page read and write
1609C7E000
stack
page read and write
2794D029000
unkown
page read and write
1C2E51A0000
unkown
page read and write
223BDB000
stack
page read and write
26D02AE7000
unkown
page read and write
2794CE10000
heap
page read and write
2794D5A0000
remote allocation
page read and write
1E7F242D000
unkown
page read and write
273D5E59000
unkown
page read and write
A96DE79000
stack
page read and write
26D0336E000
unkown
page read and write
1255024D000
unkown
page read and write
20571C1E000
heap
page read and write
1CA1A559000
unkown
page read and write
26D02ABA000
unkown
page read and write
EA3E37E000
stack
page read and write
1255023C000
unkown
page read and write
26D03383000
unkown
page read and write
134BB8C000
stack
page read and write
1E7F244A000
unkown
page read and write
1E7F2446000
unkown
page read and write
1E7F2502000
unkown
page read and write
1CA1AF70000
trusted library allocation
page read and write
6F011000
unkown
page execute read
9CBB57F000
stack
page read and write
1E7F2453000
unkown
page read and write
26D02A56000
unkown
page read and write
26D02ADE000
unkown
page read and write
A7C67E000
stack
page read and write
26D03802000
unkown
page read and write
There are 573 hidden memdumps, click here to show them.