Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Rechung-R1663322504.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_caspol.exe_5cc44e97acf31afa8e5c5ec1af53c5acde2c3_00000000_24c613c7-d23f-4749-9f08-829cc3a3e2d7\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E03.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E62.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsiF853.tmp\AdvSplash.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsiF853.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Separationerne.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun
Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Socialdirektrer\Fornices\Vingummis\Flannelled\Yndighed\Adventure_20.bmp
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=3], baseline, precision 8, 110x110, components 3
|
dropped
|
||
|
C:\Users\user\Socialdirektrer\Fornices\Vingummis\Flannelled\Yndighed\Dialektforskningen134.Luk
|
ASCII text, with very long lines (35012), with no line terminators
|
dropped
|
||
|
C:\Users\user\Socialdirektrer\Vandspildets.Shi37
|
data
|
dropped
|
||
|
C:\Users\user\Socialdirektrer\media-floppy-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\Socialdirektrer\mk.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\assembly\Desktop.ini
|
Windows desktop.ini
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Rechung-R1663322504.exe
|
C:\Users\user\Desktop\Rechung-R1663322504.exe
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
|
C:\Users\user\Desktop\Rechung-R1663322504.exe
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
|
C:\Users\user\Desktop\Rechung-R1663322504.exe
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
|
C:\Users\user\Desktop\Rechung-R1663322504.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
|
dw20.exe -x -s 2584
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://checkip.dyndns.org/
|
158.101.44.242
|
|
|
|
https://doc-04-c4-docs.googleusercontent.com/
|
unknown
|
||
|
http://crl.certum.pl/ctsca2021.crl0o
|
unknown
|
||
|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
|
https://doc-04-c4-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/eu361v78
|
unknown
|
||
|
http://repository.certum.pl/ctsca2021.cer0
|
unknown
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
http://subca.ocsp-certum.com05
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
http://subca.ocsp-certum.com02
|
unknown
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
||
|
http://crl.certum.pl/ctnca2.crl0l
|
unknown
|
||
|
http://repository.certum.pl/ctnca2.cer09
|
unknown
|
||
|
https://support.google.com/chrome/?p=plugin_flash
|
unknown
|
||
|
http://go.microsoft.
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://doc-04-c4-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/eu361v7891419i1as1r1dl2nqlomasvu/1679114250000/12853136832670220481/*/1RhzoPq21Mbz1UprqcH2DXnwFIoRgz7-l?e=download&uuid=687b7ba6-caf7-4f82-8267-8cb96e77380a
|
172.217.16.129
|
||
|
http://go.microsoft.LinkId=42127
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
||
|
http://james.newtonking.com/projects/json
|
unknown
|
||
|
http://crl.micros
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
checkip.dyndns.com
|
158.101.44.242
|
|
|
|
checkip.dyndns.org
|
unknown
|
|
|
|
drive.google.com
|
142.250.184.206
|
||
|
googlehosted.l.googleusercontent.com
|
172.217.16.129
|
||
|
doc-04-c4-docs.googleusercontent.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
158.101.44.242
|
checkip.dyndns.com
|
United States
|
|
|
|
172.217.16.129
|
googlehosted.l.googleusercontent.com
|
United States
|
||
|
142.250.184.206
|
drive.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\InstallDir32
|
Path
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Aminosyrefordelingen\Hyperesthete\Pyemias\hydrophidae
|
Opinionsdannendes
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\caspol_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
ProgramId
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
FileId
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
LongPathHash
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
Name
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
OriginalFileName
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
Publisher
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
Version
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
BinFileVersion
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
BinaryType
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
ProductName
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
ProductVersion
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
LinkDate
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
BinProductVersion
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
Size
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
Language
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
IsOsComponent
|
||
|
\REGISTRY\A\{003d9e21-e36b-e512-4d8c-d011e42a6d49}\Root\InventoryApplicationFile\caspol.exe|b7e26ad5a1be4585
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018400AF0FDC3B1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
There are 32 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
37520000
|
trusted library section
|
page read and write
|
|
|
|
690B000
|
direct allocation
|
page execute and read and write
|
|
|
|
34E8C000
|
trusted library allocation
|
page read and write
|
|
|
|
34E46000
|
trusted library allocation
|
page read and write
|
|
|
|
36F71000
|
heap
|
page read and write
|
|
|
|
42D0000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
36253000
|
trusted library allocation
|
page read and write
|
||
|
36D78000
|
trusted library allocation
|
page read and write
|
||
|
2834000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
35EB7000
|
trusted library allocation
|
page read and write
|
||
|
D40000
|
trusted library allocation
|
page read and write
|
||
|
42E0000
|
heap
|
page read and write
|
||
|
42EB000
|
heap
|
page read and write
|
||
|
4296000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
42A5000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
375F6000
|
trusted library allocation
|
page read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
1100000
|
remote allocation
|
page execute and read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
375B000
|
stack
|
page read and write
|
||
|
27C73E13000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
7A6000
|
unkown
|
page read and write
|
||
|
7B3000
|
unkown
|
page read and write
|
||
|
341BE000
|
stack
|
page read and write
|
||
|
4268000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
33B30000
|
direct allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
36256000
|
trusted library allocation
|
page read and write
|
||
|
37850000
|
heap
|
page read and write
|
||
|
A6C000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
42C4000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
854000
|
heap
|
page read and write
|
||
|
37810000
|
trusted library allocation
|
page read and write
|
||
|
27C73A23000
|
unkown
|
page read and write
|
||
|
42A7000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
429A000
|
heap
|
page read and write
|
||
|
49C0000
|
direct allocation
|
page execute and read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
27C73A02000
|
unkown
|
page read and write
|
||
|
27C73A34000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
34D6E000
|
stack
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
37530000
|
trusted library allocation
|
page read and write
|
||
|
362EF000
|
trusted library allocation
|
page read and write
|
||
|
27C73E00000
|
heap
|
page read and write
|
||
|
36249000
|
trusted library allocation
|
page read and write
|
||
|
375F0000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
348CE000
|
stack
|
page read and write
|
||
|
37570000
|
trusted library allocation
|
page read and write
|
||
|
34C3B000
|
trusted library allocation
|
page read and write
|
||
|
37780000
|
heap
|
page read and write
|
||
|
33AD0000
|
direct allocation
|
page read and write
|
||
|
25FE000
|
stack
|
page read and write
|
||
|
461F000
|
stack
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
730B000
|
direct allocation
|
page execute and read and write
|
||
|
412E000
|
stack
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
27C73A10000
|
unkown
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
33BCE000
|
stack
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
34B70000
|
trusted library allocation
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
4315000
|
heap
|
page read and write
|
||
|
40E0000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
344AE000
|
stack
|
page read and write
|
||
|
34DD1000
|
trusted library allocation
|
page read and write
|
||
|
304B000
|
remote allocation
|
page execute and read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
CE0000
|
unclassified section
|
page readonly
|
||
|
34B9A000
|
trusted library allocation
|
page execute and read and write
|
||
|
42A7000
|
heap
|
page read and write
|
||
|
34EB1000
|
trusted library allocation
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
10005000
|
unkown
|
page readonly
|
||
|
42BC000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
362F9000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
4B0B000
|
direct allocation
|
page execute and read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
34BAB000
|
trusted library allocation
|
page execute and read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
27C73F02000
|
heap
|
page read and write
|
||
|
27C73870000
|
heap
|
page read and write
|
||
|
27C73A13000
|
unkown
|
page read and write
|
||
|
34B50000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
4295000
|
heap
|
page read and write
|
||
|
34EBB000
|
trusted library allocation
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
42A5000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
375E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
37530000
|
trusted library allocation
|
page read and write
|
||
|
345EE000
|
stack
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
37530000
|
trusted library allocation
|
page read and write
|
||
|
37520000
|
trusted library allocation
|
page read and write
|
||
|
36233000
|
trusted library allocation
|
page read and write
|
||
|
362E1000
|
trusted library allocation
|
page read and write
|
||
|
339D7000
|
heap
|
page read and write
|
||
|
34A0B000
|
stack
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
42D3000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
34B72000
|
trusted library allocation
|
page execute and read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
429D000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
B60000
|
direct allocation
|
page read and write
|
||
|
4297000
|
heap
|
page read and write
|
||
|
37550000
|
trusted library allocation
|
page read and write
|
||
|
349CE000
|
stack
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
34B80000
|
trusted library allocation
|
page read and write
|
||
|
339C5000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
36F30000
|
trusted library allocation
|
page read and write
|
||
|
34E3B000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
27C73F02000
|
heap
|
page read and write
|
||
|
375D0000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
339DF000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
34DD8000
|
trusted library allocation
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
35F86000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
BA0000
|
direct allocation
|
page read and write
|
||
|
34DE3000
|
trusted library allocation
|
page read and write
|
||
|
DFE000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
19A000
|
stack
|
page read and write
|
||
|
441F000
|
stack
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
264B000
|
remote allocation
|
page execute and read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
37550000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
3CCE000
|
remote allocation
|
page execute and read and write
|
||
|
1D0000
|
unclassified section
|
page readonly
|
||
|
362D7000
|
trusted library allocation
|
page read and write
|
||
|
42E4000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
10003000
|
unkown
|
page readonly
|
||
|
36F5D000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
42E1000
|
heap
|
page read and write
|
||
|
36F60000
|
heap
|
page read and write
|
||
|
34BA2000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
34B92000
|
trusted library allocation
|
page execute and read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
34BA0000
|
trusted library allocation
|
page read and write
|
||
|
374BE000
|
stack
|
page read and write
|
||
|
37540000
|
trusted library allocation
|
page read and write
|
||
|
42A9000
|
heap
|
page read and write
|
||
|
27C73A00000
|
unkown
|
page read and write
|
||
|
375F0000
|
trusted library allocation
|
page read and write
|
||
|
37520000
|
trusted library allocation
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
36F43000
|
heap
|
page read and write
|
||
|
345AE000
|
stack
|
page read and write
|
||
|
37530000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
343FE000
|
stack
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
451F000
|
stack
|
page read and write
|
||
|
82CB07B000
|
stack
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
34B7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
37540000
|
trusted library allocation
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page execute and read and write
|
||
|
37520000
|
trusted library allocation
|
page read and write
|
||
|
42A9000
|
heap
|
page read and write
|
||
|
3623D000
|
trusted library allocation
|
page read and write
|
||
|
82CAD7F000
|
stack
|
page read and write
|
||
|
34C60000
|
heap
|
page read and write
|
||
|
4220000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
36F10000
|
trusted library allocation
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
782000
|
unkown
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
37560000
|
trusted library allocation
|
page read and write
|
||
|
36F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
34B10000
|
heap
|
page execute and read and write
|
||
|
34740000
|
remote allocation
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
34E1C000
|
trusted library allocation
|
page read and write
|
||
|
339C0000
|
heap
|
page read and write
|
||
|
375F0000
|
trusted library allocation
|
page read and write
|
||
|
82CA8AD000
|
stack
|
page read and write
|
||
|
854000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
2675000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
34740000
|
remote allocation
|
page read and write
|
||
|
37800000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
37800000
|
trusted library allocation
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page read and write
|
||
|
37520000
|
trusted library allocation
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
5F0B000
|
direct allocation
|
page execute and read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
370D0000
|
unclassified section
|
page read and write
|
||
|
36F0F000
|
stack
|
page read and write
|
||
|
37520000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
361E8000
|
trusted library allocation
|
page read and write
|
||
|
34B86000
|
trusted library allocation
|
page execute and read and write
|
||
|
3755F000
|
trusted library allocation
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
375D0000
|
trusted library allocation
|
page read and write
|
||
|
27C73C00000
|
trusted library allocation
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
32CE000
|
remote allocation
|
page execute and read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
A6D000
|
heap
|
page read and write
|
||
|
34E37000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
7D3000
|
unkown
|
page readonly
|
||
|
342BF000
|
stack
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
37560000
|
trusted library allocation
|
page read and write
|
||
|
40DE000
|
stack
|
page read and write
|
||
|
362FC000
|
trusted library allocation
|
page read and write
|
||
|
365C000
|
stack
|
page read and write
|
||
|
3727D000
|
stack
|
page read and write
|
||
|
42B3000
|
heap
|
page read and write
|
||
|
AB7000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
42C9000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
42DD000
|
heap
|
page read and write
|
||
|
34400000
|
heap
|
page read and write
|
||
|
40E4000
|
heap
|
page read and write
|
||
|
37810000
|
trusted library allocation
|
page read and write
|
||
|
A38000
|
heap
|
page read and write
|
||
|
362BD000
|
trusted library allocation
|
page read and write
|
||
|
37520000
|
trusted library allocation
|
page read and write
|
||
|
34DDD000
|
trusted library allocation
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
34BEE000
|
stack
|
page read and write
|
||
|
3477E000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
124B000
|
remote allocation
|
page execute and read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
34740000
|
remote allocation
|
page read and write
|
||
|
854000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
A77000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
5DC0000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
550B000
|
direct allocation
|
page execute and read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
3786A000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
27C738E0000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
33C70000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
3487E000
|
stack
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
422B000
|
heap
|
page read and write
|
||
|
42B3000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339DC000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7A4000
|
unkown
|
page read and write
|
||
|
34C30000
|
trusted library allocation
|
page read and write
|
||
|
36246000
|
trusted library allocation
|
page read and write
|
||
|
37570000
|
trusted library allocation
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page read and write
|
||
|
34B6A000
|
trusted library allocation
|
page execute and read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
27C73F13000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
370F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
42D0000
|
heap
|
page read and write
|
||
|
42BB000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
27C73B15000
|
trusted library allocation
|
page read and write
|
||
|
36F40000
|
heap
|
page read and write
|
||
|
41E0000
|
heap
|
page read and write
|
||
|
35D71000
|
trusted library allocation
|
page read and write
|
||
|
34B76000
|
trusted library allocation
|
page execute and read and write
|
||
|
A63000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
42A3000
|
heap
|
page read and write
|
||
|
34D71000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
27C73A2A000
|
heap
|
page read and write
|
||
|
A7D000
|
heap
|
page read and write
|
||
|
375D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
42AE000
|
heap
|
page read and write
|
||
|
37600000
|
trusted library section
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
42A1000
|
heap
|
page read and write
|
||
|
34C2E000
|
stack
|
page read and write
|
||
|
340BF000
|
stack
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
277F000
|
stack
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
42AE000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
346EC000
|
stack
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
42DD000
|
heap
|
page read and write
|
||
|
A77000
|
heap
|
page read and write
|
||
|
42CA000
|
heap
|
page read and write
|
||
|
3625C000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
10059000
|
trusted library allocation
|
page read and write
|
||
|
77C000
|
unkown
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
7D0000
|
unkown
|
page read and write
|
||
|
42D3000
|
heap
|
page read and write
|
||
|
27C73B40000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
42C5000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
D90000
|
unclassified section
|
page readonly
|
||
|
428E000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
4130000
|
heap
|
page read and write
|
||
|
373BE000
|
stack
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
27C73B02000
|
trusted library allocation
|
page read and write
|
||
|
33B8E000
|
stack
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
34EB7000
|
trusted library allocation
|
page read and write
|
||
|
37800000
|
trusted library allocation
|
page read and write
|
||
|
33C0D000
|
stack
|
page read and write
|
||
|
D40000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
33B10000
|
direct allocation
|
page read and write
|
||
|
27C73F00000
|
heap
|
page read and write
|
||
|
A7F000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
362E4000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
36F51000
|
heap
|
page read and write
|
||
|
20000
|
unclassified section
|
page readonly
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
34E42000
|
trusted library allocation
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
4283000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
37520000
|
trusted library allocation
|
page read and write
|
||
|
10020000
|
trusted library allocation
|
page read and write
|
||
|
370C0000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
27C73E02000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
34B06000
|
stack
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
27C73F13000
|
heap
|
page read and write
|
||
|
786000
|
unkown
|
page read and write
|
||
|
34B8A000
|
trusted library allocation
|
page execute and read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
37530000
|
trusted library allocation
|
page read and write
|
||
|
37940000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7D3000
|
unkown
|
page readonly
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
A67000
|
heap
|
page read and write
|
||
|
42E9000
|
heap
|
page read and write
|
||
|
37580000
|
trusted library allocation
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
34B62000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C4B000
|
remote allocation
|
page execute and read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
34BA7000
|
trusted library allocation
|
page execute and read and write
|
||
|
854000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
342FE000
|
stack
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
A7F000
|
heap
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
789000
|
unkown
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
27C73B00000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
D40000
|
trusted library allocation
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
36240000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
339C1000
|
heap
|
page read and write
|
||
|
3737E000
|
stack
|
page read and write
|
There are 484 hidden memdumps, click here to show them.