Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
invoice.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_caspol.exe_d8eda6a1754a151dd5173ca6db3e65435df63db_ea830a9b_04bcfbd1-2c77-4702-aba0-8ccec9d684fc\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD36E.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Mar 17 14:34:35 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD563.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD593.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Antimodernly\trever\Hovedinteressers\icon-ui.icns
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Antimodernly\trever\Hovedinteressers\lang-1059.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Ath_CoexAgent.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Diskofils\Justiciaryship\vmusbmouse.cat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Inkshed\Mss32.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Inkshed\NMDllHost.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Stemningssvingning\Urgently.Suk
|
ASCII text, with very long lines (52812), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Udlandsrejse153\Aeroscopic\Clanging\Uskyldsrent\SourceCodePro-ExtraLight.otf
|
OpenType font data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Udlandsrejse153\Aeroscopic\Clanging\Uskyldsrent\cs.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\figuranternes.Han
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nstA9F8.tmp\AdvSplash.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nstA9F8.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF, LF line terminators
|
dropped
|
There are 10 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\invoice.exe
|
C:\Users\user\Desktop\invoice.exe
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
|
C:\Users\user\Desktop\invoice.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 2544
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://checkip.dyndns.org/
|
193.122.130.0
|
|
|
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://www.avast.com0/
|
unknown
|
||
|
https://doc-0k-a8-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/s4sbn26f
|
unknown
|
||
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://doc-0k-a8-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/s4sbn26f0am6hqllsu7edmokcls88pe1/1679060025000/12467729248612761337/*/1v9qH2HQVytFc1xq78jdiMix-1m6jIF0S?e=download&uuid=a6a0f6a4-7f4f-44fa-b2c7-5636188002aa
|
142.250.186.33
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
checkip.dyndns.com
|
193.122.130.0
|
|
|
|
checkip.dyndns.org
|
unknown
|
|
|
|
drive.google.com
|
142.250.184.206
|
||
|
googlehosted.l.googleusercontent.com
|
142.250.186.33
|
||
|
doc-0k-a8-docs.googleusercontent.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.122.130.0
|
checkip.dyndns.com
|
United States
|
|
|
|
142.250.184.206
|
drive.google.com
|
United States
|
||
|
142.250.186.33
|
googlehosted.l.googleusercontent.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Hose11\Carnel146\Poly\Hedonophobia
|
Konsekvensmager
|
||
|
HKEY_CURRENT_USER\SOFTWARE\InstallDir32
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lejekasserner
|
Fortrnelsens
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
ProgramId
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
FileId
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
LongPathHash
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
Name
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
OriginalFileName
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
Publisher
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
Version
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
BinFileVersion
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
BinaryType
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
ProductName
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
ProductVersion
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
LinkDate
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
BinProductVersion
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
Size
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
Language
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
IsOsComponent
|
||
|
\REGISTRY\A\{4f9e4f5a-c4b3-8ea8-57a2-18d364d06e4c}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C0098A0B25C6
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
There are 33 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
666B000
|
direct allocation
|
page execute and read and write
|
|
|
|
1D0000
|
unclassified section
|
page readonly
|
||
|
6E1E000
|
stack
|
page read and write
|
||
|
388A7000
|
trusted library allocation
|
page read and write
|
||
|
232C2AD8000
|
heap
|
page read and write
|
||
|
21E47600000
|
unkown
|
page read and write
|
||
|
658000
|
heap
|
page read and write
|
||
|
232C2A61000
|
heap
|
page read and write
|
||
|
37740000
|
trusted library allocation
|
page execute and read and write
|
||
|
376A0000
|
trusted library allocation
|
page read and write
|
||
|
37637000
|
stack
|
page read and write
|
||
|
39B46000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
39BB0000
|
trusted library allocation
|
page read and write
|
||
|
232C2A7C000
|
heap
|
page read and write
|
||
|
21E47702000
|
trusted library allocation
|
page read and write
|
||
|
21E47570000
|
trusted library allocation
|
page read and write
|
||
|
46A0000
|
direct allocation
|
page execute and read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
6F1D000
|
heap
|
page read and write
|
||
|
232C31D1000
|
trusted library allocation
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
6E8B000
|
heap
|
page read and write
|
||
|
37959000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
37780000
|
trusted library allocation
|
page read and write
|
||
|
3777B000
|
trusted library allocation
|
page read and write
|
||
|
232CC670000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
39A97000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
36910000
|
heap
|
page read and write
|
||
|
232C3315000
|
heap
|
page read and write
|
||
|
232C3320000
|
heap
|
page read and write
|
||
|
6EA7000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
371FF000
|
stack
|
page read and write
|
||
|
687000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
8A0000
|
direct allocation
|
page read and write
|
||
|
435000
|
unkown
|
page read and write
|
||
|
232C3300000
|
heap
|
page read and write
|
||
|
733F000
|
stack
|
page read and write
|
||
|
E7A387E000
|
stack
|
page read and write
|
||
|
10020000
|
trusted library allocation
|
page read and write
|
||
|
37660000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232C2B13000
|
heap
|
page read and write
|
||
|
846B000
|
direct allocation
|
page execute and read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
10003000
|
unkown
|
page readonly
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232C2A5B000
|
heap
|
page read and write
|
||
|
37956000
|
trusted library allocation
|
page read and write
|
||
|
368C0000
|
direct allocation
|
page read and write
|
||
|
3767D000
|
trusted library allocation
|
page execute and read and write
|
||
|
232CC780000
|
trusted library allocation
|
page read and write
|
||
|
69E000
|
heap
|
page read and write
|
||
|
B50000
|
unclassified section
|
page readonly
|
||
|
232C2B02000
|
heap
|
page read and write
|
||
|
232C2A22000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
6ECA000
|
heap
|
page read and write
|
||
|
6EFD000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
6ED6000
|
heap
|
page read and write
|
||
|
43B000
|
unkown
|
page read and write
|
||
|
39BED000
|
stack
|
page read and write
|
||
|
706B000
|
direct allocation
|
page execute and read and write
|
||
|
6EBB000
|
heap
|
page read and write
|
||
|
232C3326000
|
heap
|
page read and write
|
||
|
6EC7000
|
heap
|
page read and write
|
||
|
6A1000
|
heap
|
page read and write
|
||
|
37766000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
6ED3000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
373EE000
|
stack
|
page read and write
|
||
|
36720000
|
heap
|
page read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
21E47813000
|
heap
|
page read and write
|
||
|
37680000
|
trusted library allocation
|
page read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
232CC760000
|
trusted library allocation
|
page read and write
|
||
|
37780000
|
trusted library allocation
|
page read and write
|
||
|
343C000
|
stack
|
page read and write
|
||
|
232C85C0000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
6EA2000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
37937000
|
trusted library allocation
|
page read and write
|
||
|
232C2A3F000
|
heap
|
page read and write
|
||
|
431000
|
unkown
|
page read and write
|
||
|
232CC660000
|
trusted library allocation
|
page read and write
|
||
|
E7A367D000
|
stack
|
page read and write
|
||
|
39C30000
|
trusted library allocation
|
page read and write
|
||
|
3753C000
|
stack
|
page read and write
|
||
|
10CB000
|
remote allocation
|
page execute and read and write
|
||
|
39C30000
|
trusted library allocation
|
page read and write
|
||
|
39B50000
|
trusted library allocation
|
page read and write
|
||
|
37750000
|
trusted library allocation
|
page read and write
|
||
|
232C330D000
|
heap
|
page read and write
|
||
|
368E0000
|
direct allocation
|
page read and write
|
||
|
6E97000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232CC670000
|
trusted library allocation
|
page read and write
|
||
|
39B50000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
39B60000
|
heap
|
page read and write
|
||
|
370B0000
|
trusted library allocation
|
page read and write
|
||
|
232C2B00000
|
heap
|
page read and write
|
||
|
232C2AF4000
|
heap
|
page read and write
|
||
|
3773E000
|
stack
|
page read and write
|
||
|
21E47622000
|
unkown
|
page read and write
|
||
|
232CC688000
|
trusted library allocation
|
page read and write
|
||
|
21E47624000
|
unkown
|
page read and write
|
||
|
232C31F0000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
39ACD000
|
heap
|
page read and write
|
||
|
3789E000
|
stack
|
page read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
21E47740000
|
heap
|
page read and write
|
||
|
232C2A5B000
|
heap
|
page read and write
|
||
|
37760000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
5E487FE000
|
stack
|
page read and write
|
||
|
232C2AC9000
|
heap
|
page read and write
|
||
|
42CB000
|
remote allocation
|
page execute and read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
232C2A56000
|
heap
|
page read and write
|
||
|
21E47613000
|
unkown
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
E7A3BF9000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6A8000
|
heap
|
page read and write
|
||
|
6DDD000
|
stack
|
page read and write
|
||
|
6F02000
|
heap
|
page read and write
|
||
|
37673000
|
trusted library allocation
|
page execute and read and write
|
||
|
36880000
|
direct allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
36F8D000
|
stack
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
6ED2000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232CC643000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
36D0E000
|
stack
|
page read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
232C3319000
|
heap
|
page read and write
|
||
|
21E4766B000
|
heap
|
page read and write
|
||
|
232C331F000
|
heap
|
page read and write
|
||
|
39A58000
|
heap
|
page read and write
|
||
|
69F000
|
heap
|
page read and write
|
||
|
8B69000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
378A1000
|
trusted library allocation
|
page read and write
|
||
|
39FDE000
|
stack
|
page read and write
|
||
|
37780000
|
trusted library allocation
|
page read and write
|
||
|
6EF3000
|
heap
|
page read and write
|
||
|
232CC68B000
|
trusted library allocation
|
page read and write
|
||
|
232C2A5B000
|
heap
|
page read and write
|
||
|
232C3303000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
39C30000
|
trusted library allocation
|
page read and write
|
||
|
24CB000
|
remote allocation
|
page execute and read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
25A0000
|
heap
|
page read and write
|
||
|
6EAC000
|
heap
|
page read and write
|
||
|
36E4E000
|
stack
|
page read and write
|
||
|
6E30000
|
heap
|
page read and write
|
||
|
441000
|
unkown
|
page readonly
|
||
|
723E000
|
stack
|
page read and write
|
||
|
43F000
|
unkown
|
page read and write
|
||
|
21E47602000
|
unkown
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
6D90000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232CC620000
|
trusted library allocation
|
page read and write
|
||
|
1ACB000
|
remote allocation
|
page execute and read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
36736000
|
heap
|
page read and write
|
||
|
232CC5C0000
|
trusted library allocation
|
page read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
232C27F0000
|
heap
|
page read and write
|
||
|
6ECD000
|
heap
|
page read and write
|
||
|
10059000
|
trusted library allocation
|
page read and write
|
||
|
232C3311000
|
heap
|
page read and write
|
||
|
7A6B000
|
direct allocation
|
page execute and read and write
|
||
|
709000
|
heap
|
page read and write
|
||
|
232C2A3C000
|
heap
|
page read and write
|
||
|
441000
|
unkown
|
page readonly
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
10005000
|
unkown
|
page readonly
|
||
|
388A1000
|
trusted library allocation
|
page read and write
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
232CC710000
|
trusted library allocation
|
page read and write
|
||
|
232C2A56000
|
heap
|
page read and write
|
||
|
232CC640000
|
trusted library allocation
|
page read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
39A3E000
|
stack
|
page read and write
|
||
|
6E3B000
|
heap
|
page read and write
|
||
|
232CC900000
|
trusted library allocation
|
page read and write
|
||
|
232CC630000
|
trusted library allocation
|
page read and write
|
||
|
232CC685000
|
trusted library allocation
|
page read and write
|
||
|
232C2A25000
|
heap
|
page read and write
|
||
|
21E4762A000
|
heap
|
page read and write
|
||
|
37690000
|
trusted library allocation
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
F00000
|
remote allocation
|
page execute and read and write
|
||
|
232C2A72000
|
heap
|
page read and write
|
||
|
986B000
|
direct allocation
|
page execute and read and write
|
||
|
232C3215000
|
heap
|
page read and write
|
||
|
39C30000
|
trusted library allocation
|
page read and write
|
||
|
39C30000
|
trusted library allocation
|
page read and write
|
||
|
39B50000
|
trusted library allocation
|
page read and write
|
||
|
232C3200000
|
heap
|
page read and write
|
||
|
37780000
|
trusted library allocation
|
page read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
6EBB000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
232C3202000
|
heap
|
page read and write
|
||
|
6E8F000
|
heap
|
page read and write
|
||
|
21E47800000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232C45C5000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232C2ADD000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
408000
|
unkown
|
page readonly
|
||
|
36721000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
37780000
|
trusted library allocation
|
page read and write
|
||
|
486B000
|
direct allocation
|
page execute and read and write
|
||
|
38CB000
|
remote allocation
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
860000
|
direct allocation
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
6ACB000
|
remote allocation
|
page execute and read and write
|
||
|
6E7C000
|
heap
|
page read and write
|
||
|
232C45C3000
|
trusted library allocation
|
page read and write
|
||
|
56CB000
|
remote allocation
|
page execute and read and write
|
||
|
21E47470000
|
heap
|
page read and write
|
||
|
6EB4000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
6EEB000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
21E4763B000
|
heap
|
page read and write
|
||
|
36E0E000
|
stack
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232C3322000
|
heap
|
page read and write
|
||
|
37945000
|
trusted library allocation
|
page read and write
|
||
|
376B0000
|
heap
|
page read and write
|
||
|
3793F000
|
trusted library allocation
|
page read and write
|
||
|
6EE1000
|
heap
|
page read and write
|
||
|
232C2A80000
|
heap
|
page read and write
|
||
|
232CC68E000
|
trusted library allocation
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
21E47639000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232C2AD0000
|
heap
|
page read and write
|
||
|
376AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
232CC900000
|
trusted library allocation
|
page read and write
|
||
|
25A4000
|
heap
|
page read and write
|
||
|
3A0DE000
|
stack
|
page read and write
|
||
|
37780000
|
trusted library allocation
|
page read and write
|
||
|
5E4814B000
|
stack
|
page read and write
|
||
|
232CC910000
|
trusted library allocation
|
page read and write
|
||
|
8B20000
|
trusted library allocation
|
page read and write
|
||
|
388C9000
|
trusted library allocation
|
page read and write
|
||
|
232C2A27000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232C2860000
|
heap
|
page read and write
|
||
|
232C2A27000
|
heap
|
page read and write
|
||
|
232C2A72000
|
heap
|
page read and write
|
||
|
232C2980000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
60CB000
|
remote allocation
|
page execute and read and write
|
||
|
232C2A69000
|
heap
|
page read and write
|
||
|
6D94000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
373B0000
|
remote allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232C2960000
|
unclassified section
|
page readonly
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232C2AD8000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232CC640000
|
trusted library allocation
|
page read and write
|
||
|
232C2A87000
|
heap
|
page read and write
|
||
|
232C29D0000
|
trusted library allocation
|
page read and write
|
||
|
232C331C000
|
heap
|
page read and write
|
||
|
370FE000
|
stack
|
page read and write
|
||
|
6EC0000
|
heap
|
page read and write
|
||
|
232CC740000
|
trusted library allocation
|
page read and write
|
||
|
39C30000
|
trusted library allocation
|
page read and write
|
||
|
6EE1000
|
heap
|
page read and write
|
||
|
6EEB000
|
heap
|
page read and write
|
||
|
3734E000
|
stack
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
39A40000
|
heap
|
page read and write
|
||
|
6D10000
|
unclassified section
|
page readonly
|
||
|
376A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
232C3326000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
23E5000
|
heap
|
page read and write
|
||
|
232C2AC9000
|
heap
|
page read and write
|
||
|
373B0000
|
remote allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
69C000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232C2970000
|
unclassified section
|
page readonly
|
||
|
21E47900000
|
heap
|
page read and write
|
||
|
6EC0000
|
heap
|
page read and write
|
||
|
232CC900000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232C2A69000
|
heap
|
page read and write
|
||
|
39B50000
|
trusted library allocation
|
page read and write
|
||
|
232C2A80000
|
heap
|
page read and write
|
||
|
6E77000
|
heap
|
page read and write
|
||
|
37696000
|
trusted library allocation
|
page execute and read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
723000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
37780000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
21E47400000
|
heap
|
page read and write
|
||
|
232C2A76000
|
heap
|
page read and write
|
||
|
39C2E000
|
stack
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
374EE000
|
stack
|
page read and write
|
||
|
232C3307000
|
heap
|
page read and write
|
||
|
333C000
|
stack
|
page read and write
|
||
|
232CC670000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
39BA5000
|
trusted library allocation
|
page read and write
|
||
|
7340000
|
heap
|
page read and write
|
||
|
71FE000
|
stack
|
page read and write
|
||
|
36C60000
|
heap
|
page read and write
|
||
|
232CC750000
|
trusted library allocation
|
page read and write
|
||
|
37780000
|
trusted library allocation
|
page read and write
|
||
|
39B50000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
2ECB000
|
remote allocation
|
page execute and read and write
|
||
|
232C3326000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232C2AD0000
|
heap
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
6ED9000
|
heap
|
page read and write
|
||
|
6EC5000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
39C40000
|
trusted library allocation
|
page read and write
|
||
|
37674000
|
trusted library allocation
|
page read and write
|
||
|
21E47902000
|
heap
|
page read and write
|
||
|
21E47900000
|
heap
|
page read and write
|
||
|
21E47902000
|
heap
|
page read and write
|
||
|
232CC660000
|
trusted library allocation
|
page read and write
|
||
|
3673E000
|
heap
|
page read and write
|
||
|
21E47802000
|
heap
|
page read and write
|
||
|
37770000
|
trusted library allocation
|
page read and write
|
||
|
21E4766B000
|
heap
|
page read and write
|
||
|
6ECD000
|
heap
|
page read and write
|
||
|
70FE000
|
stack
|
page read and write
|
||
|
232C3311000
|
heap
|
page read and write
|
||
|
232C2A25000
|
heap
|
page read and write
|
||
|
8E6B000
|
direct allocation
|
page execute and read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
232C2A00000
|
heap
|
page read and write
|
||
|
526B000
|
direct allocation
|
page execute and read and write
|
||
|
232C2A20000
|
heap
|
page read and write
|
||
|
232C45C3000
|
trusted library allocation
|
page read and write
|
||
|
5E4887C000
|
stack
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232C3313000
|
heap
|
page read and write
|
||
|
21E47715000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
232C41A0000
|
trusted library allocation
|
page read and write
|
||
|
373B0000
|
remote allocation
|
page read and write
|
||
|
21E47913000
|
heap
|
page read and write
|
||
|
39C30000
|
trusted library allocation
|
page read and write
|
||
|
21E47913000
|
heap
|
page read and write
|
||
|
232CC720000
|
trusted library allocation
|
page read and write
|
||
|
37780000
|
trusted library allocation
|
page read and write
|
||
|
232C2B0C000
|
heap
|
page read and write
|
||
|
6EB9000
|
heap
|
page read and write
|
||
|
A26B000
|
direct allocation
|
page execute and read and write
|
||
|
20000
|
unclassified section
|
page readonly
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
232CC710000
|
trusted library allocation
|
page read and write
|
||
|
39B50000
|
trusted library allocation
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
376FE000
|
stack
|
page read and write
|
||
|
37790000
|
heap
|
page execute and read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
3769A000
|
trusted library allocation
|
page execute and read and write
|
||
|
232C2A5E000
|
heap
|
page read and write
|
||
|
232C2A7C000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
5E481CF000
|
stack
|
page read and write
|
||
|
39ED0000
|
heap
|
page execute and read and write
|
||
|
39B74000
|
trusted library allocation
|
page read and write
|
||
|
36F4F000
|
stack
|
page read and write
|
||
|
232C2A13000
|
heap
|
page read and write
|
||
|
683000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
3708C000
|
stack
|
page read and write
|
||
|
39C30000
|
trusted library allocation
|
page read and write
|
||
|
6E7E000
|
heap
|
page read and write
|
||
|
6EFD000
|
heap
|
page read and write
|
||
|
37942000
|
trusted library allocation
|
page read and write
|
||
|
39B40000
|
trusted library allocation
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
4CCB000
|
remote allocation
|
page execute and read and write
|
||
|
3724D000
|
stack
|
page read and write
|
||
|
232CC910000
|
trusted library allocation
|
page read and write
|
||
|
5C6B000
|
direct allocation
|
page execute and read and write
|
||
|
39C40000
|
trusted library allocation
|
page read and write
|
||
|
6F0D000
|
heap
|
page read and write
|
||
|
232C2A2A000
|
heap
|
page read and write
|
||
|
555000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
232CC680000
|
trusted library allocation
|
page read and write
|
||
|
232C2A80000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
232C2A3D000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
6EF3000
|
heap
|
page read and write
|
||
|
36721000
|
heap
|
page read and write
|
||
|
6EBC000
|
heap
|
page read and write
|
||
|
232C2A7C000
|
heap
|
page read and write
|
||
|
21E47700000
|
trusted library allocation
|
page read and write
|
||
|
376A2000
|
trusted library allocation
|
page read and write
|
||
|
232C2A5D000
|
heap
|
page read and write
|
There are 447 hidden memdumps, click here to show them.