IOC Report
a.exe

loading gif

Files

File Path
Type
Category
Malicious
a.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\Settings.ini
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\nse33B7.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\nsf36C6.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\Forbydende173.ini
ASCII text, with CRLF line terminators
dropped
C:\Users\user\tndingers\idyllion\Anegalleriet\Behaget\Birder\astmatikerne\landgrevskabet.afl
data
dropped
C:\Users\user\tndingers\idyllion\Anegalleriet\Behaget\Birder\astmatikerne\spildevandsledningen.hur
data
dropped
C:\Users\user\tndingers\idyllion\Anegalleriet\Behaget\Birder\astmatikerne\spp.fav
data
dropped
C:\Users\user\tndingers\idyllion\Blodbestnkedes\echeneis.ver
data
dropped
C:\Users\user\tndingers\idyllion\Respektstridigeres\Kresterne\Dkner86\Argusblikkets\trskerne.Try124
data
dropped
C:\Users\user\tndingers\idyllion\Yves231.txt
ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\a.exe
"C:\Users\user\Desktop\a.exe"
 malicious
C:\Users\user\Desktop\a.exe
"C:\Users\user\Desktop\a.exe"
 malicious
C:\Program Files (x86)\vdMeXjzUHkjyzgCaRoWCAuDAyxnRKseZLSzAdUYFFCGKCBnRBzsjethVWjGBneJ\DQQJUqjNpfsuRoehxlGNlXd.exe
"C:\Program Files (x86)\vdMeXjzUHkjyzgCaRoWCAuDAyxnRKseZLSzAdUYFFCGKCBnRBzsjethVWjGBneJ\DQQJUqjNpfsuRoehxlGNlXd.exe"
malicious
C:\Windows\SysWOW64\wevtutil.exe
"C:\Windows\SysWOW64\wevtutil.exe"
 malicious
C:\Program Files (x86)\vdMeXjzUHkjyzgCaRoWCAuDAyxnRKseZLSzAdUYFFCGKCBnRBzsjethVWjGBneJ\DQQJUqjNpfsuRoehxlGNlXd.exe
"C:\Program Files (x86)\vdMeXjzUHkjyzgCaRoWCAuDAyxnRKseZLSzAdUYFFCGKCBnRBzsjethVWjGBneJ\DQQJUqjNpfsuRoehxlGNlXd.exe"
malicious

URLs

Name
IP
Malicious
http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
unknown
https://www.google.com
unknown
http://www.quovadis.bm0
unknown
https://drive.usercontent.google.com/
unknown
https://drive.google.com/;
unknown
https://apis.google.com
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
https://ocsp.quovadisoffshore.com0
unknown
https://drive.usercontent.google.com/p
unknown
http://www.gopher.ftp://ftp.
unknown
https://drive.google.com/
unknown
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
unknown
There are 2 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.benappetit.co.uk
213.171.195.105
 malicious
www.nurse-job2535.life
64.190.62.22
 malicious
drive.google.com
142.250.31.102
drive.usercontent.google.com
172.253.122.132

IPs

IP
Domain
Country
Malicious
142.250.31.102
drive.google.com
United States
172.253.122.132
drive.usercontent.google.com
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
HKEY_CURRENT_USER\SOFTWARE\Astro
Collisi
There are 216 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2C00000
trusted library allocation
page read and write
 malicious
D90000
system
page execute and read and write
 malicious
A0000
unclassified section
page execute and read and write
 malicious
36270000
unclassified section
page execute and read and write
 malicious
2C40000
trusted library allocation
page read and write
 malicious
3C0000
system
page execute and read and write
 malicious
595A000
direct allocation
page execute and read and write
 malicious
3A90000
unkown
page execute and read and write
 malicious
ED0000
unkown
page readonly
527A000
heap
page read and write
4E98000
remote allocation
page execute and read and write
34CED000
stack
page read and write
5430000
direct allocation
page read and write
58E000
stack
page read and write
19A000
stack
page read and write
AF7000
unkown
page readonly
A01000
heap
page read and write
2E0000
heap
page read and write
940000
heap
page read and write
A01000
heap
page read and write
3812B000
unclassified section
page execute and read and write
4498000
remote allocation
page execute and read and write
5266000
heap
page read and write
170A000
remote allocation
page execute and read and write
A01000
heap
page read and write
2C80000
trusted library allocation
page read and write
3B4B000
unkown
page execute and read and write
D20000
unkown
page read and write
630000
heap
page read and write
34EF0000
heap
page read and write
34EE0000
heap
page read and write
52D0000
heap
page read and write
A01000
heap
page read and write
5420000
direct allocation
page read and write
634000
heap
page read and write
33A0000
direct allocation
page read and write
1611000
unkown
page readonly
A90000
unkown
page readonly
2D82000
unkown
page read and write
1190000
unkown
page read and write
D61000
unkown
page readonly
10005000
unkown
page readonly
1520000
unkown
page readonly
53C0000
direct allocation
page read and write
AF7000
unkown
page readonly
693000
heap
page read and write
A0000
direct allocation
page read and write
53E0000
direct allocation
page read and write
5D0000
heap
page read and write
A01000
heap
page read and write
F20000
unkown
page read and write
427000
unkown
page read and write
2D82000
unkown
page read and write
1660000
remote allocation
page execute and read and write
F88000
heap
page read and write
2E9E000
stack
page read and write
AE0000
unkown
page readonly
A01000
heap
page read and write
18B1000
unkown
page readonly
682000
heap
page read and write
400000
unkown
page readonly
634000
heap
page read and write
53AF000
stack
page read and write
2275000
heap
page read and write
5281000
heap
page read and write
A01000
heap
page read and write
EFC000
stack
page read and write
527E000
heap
page read and write
3A98000
remote allocation
page execute and read and write
8CE000
stack
page read and write
A01000
heap
page read and write
34D8F000
stack
page read and write
A5A000
stack
page read and write
A10000
heap
page read and write
F87000
heap
page read and write
540000
heap
page read and write
634000
heap
page read and write
401000
unkown
page execute read
A01000
heap
page read and write
5480000
heap
page read and write
F9F000
heap
page read and write
B40000
heap
page read and write
7CF000
stack
page read and write
A0F000
stack
page read and write
34DA0000
heap
page read and write
2350000
heap
page read and write
D80000
heap
page read and write
677000
heap
page read and write
34C000
stack
page read and write
670000
heap
page read and write
452000
unkown
page read and write
51CF000
stack
page read and write
B40000
heap
page read and write
68D000
heap
page read and write
AE1000
unkown
page execute read
53D0000
direct allocation
page read and write
B30000
unkown
page readonly
3632B000
unclassified section
page execute and read and write
D20000
unkown
page read and write
518E000
stack
page read and write
EF0000
unkown
page read and write
A01000
heap
page read and write
351C6000
heap
page read and write
B30000
unkown
page readonly
F10000
unkown
page readonly
38B000
stack
page read and write
33E0000
direct allocation
page read and write
34C2E000
stack
page read and write
34E8F000
stack
page read and write
18B1000
unkown
page readonly
400000
unkown
page readonly
2D27000
heap
page read and write
815A000
direct allocation
page execute and read and write
BF1000
unkown
page readonly
3549F000
heap
page read and write
3410000
direct allocation
page read and write
633000
heap
page read and write
422000
unkown
page read and write
3564D000
direct allocation
page execute and read and write
362C1000
unclassified section
page execute and read and write
357EC000
direct allocation
page execute and read and write
A01000
heap
page read and write
352E9000
heap
page read and write
98000
stack
page read and write
3089000
direct allocation
page execute and read and write
10001000
unkown
page execute read
68D000
heap
page read and write
AE0000
unkown
page readonly
536E000
stack
page read and write
684000
heap
page read and write
13A0000
unkown
page read and write
AF7000
unkown
page readonly
ED0000
unkown
page readonly
AF7000
unkown
page readonly
401000
unkown
page execute read
3098000
remote allocation
page execute and read and write
2EE1000
heap
page read and write
3270000
direct allocation
page read and write
C0C000
stack
page read and write
10000000
unkown
page readonly
A01000
heap
page read and write
A01000
heap
page read and write
EE0000
unkown
page readonly
5260000
heap
page read and write
A01000
heap
page read and write
A5A000
stack
page read and write
3772B000
unclassified section
page execute and read and write
527A000
heap
page read and write
3420000
direct allocation
page read and write
401000
unkown
page execute read
34CAD000
stack
page read and write
A01000
heap
page read and write
7F0000
heap
page read and write
612000
heap
page read and write
AF5000
unkown
page read and write
3B4C000
stack
page read and write
2D70000
heap
page read and write
51F8000
heap
page read and write
FE0000
unkown
page readonly
40A000
unkown
page write copy
AE1000
unkown
page execute read
635A000
direct allocation
page execute and read and write
52C7000
heap
page read and write
3502E000
stack
page read and write
10003000
unkown
page readonly
DF1000
system
page execute and read and write
BE0000
unkown
page readonly
52CE000
heap
page read and write
A01000
heap
page read and write
2DE0000
trusted library allocation
page read and write
EFC000
stack
page read and write
2DD0000
unkown
page read and write
5D8000
heap
page read and write
AF5000
unkown
page read and write
2F60000
direct allocation
page execute and read and write
D80000
heap
page read and write
A01000
heap
page read and write
A0000
direct allocation
page read and write
7E0000
unkown
page readonly
36D2B000
unclassified section
page execute and read and write
525C000
heap
page read and write
2270000
heap
page read and write
5E8000
unkown
page execute read
40A000
unkown
page read and write
11A0000
heap
page read and write
594B000
unkown
page execute and read and write
AEE000
unkown
page readonly
F80000
heap
page read and write
F10000
unkown
page readonly
3AE1000
unkown
page execute and read and write
33B0000
direct allocation
page read and write
1190000
unkown
page read and write
408000
unkown
page readonly
455000
unkown
page readonly
545000
heap
page read and write
2E80000
heap
page read and write
A01000
heap
page read and write
E6F000
system
page execute and read and write
2D30000
trusted library allocation
page execute and read and write
527E000
heap
page read and write
A01000
heap
page read and write
FF0000
unkown
page readonly
F20000
unkown
page read and write
35372000
heap
page read and write
35649000
direct allocation
page execute and read and write
AE1000
unkown
page execute read
B40000
trusted library allocation
page read and write
1611000
unkown
page readonly
3084000
heap
page read and write
33F0000
direct allocation
page read and write
52D0000
heap
page read and write
436000
unkown
page read and write
AEE000
unkown
page readonly
EF0000
unkown
page read and write
1000000
heap
page read and write
D61000
unkown
page readonly
1280000
unkown
page readonly
6D5A000
direct allocation
page execute and read and write
2CD0000
unkown
page readonly
52C7000
heap
page read and write
527E000
heap
page read and write
624000
heap
page read and write
682000
heap
page read and write
2D70000
heap
page read and write
291F000
stack
page read and write
351C0000
heap
page read and write
3400000
direct allocation
page read and write
A01000
heap
page read and write
40A000
unkown
page write copy
5251000
heap
page read and write
4F4B000
unkown
page execute and read and write
11A8000
heap
page read and write
7E0000
unkown
page readonly
60C000
heap
page read and write
351C1000
heap
page read and write
53F0000
direct allocation
page read and write
AA0000
unkown
page read and write
24D4000
heap
page read and write
689000
heap
page read and write
2A20000
unkown
page readonly
A01000
heap
page read and write
11A0000
heap
page read and write
34BAE000
stack
page read and write
430000
unkown
page read and write
60000
direct allocation
page read and write
62A000
heap
page read and write
1000000
heap
page read and write
AE0000
unkown
page readonly
2DE0000
trusted library allocation
page read and write
450000
unkown
page read and write
EE0000
unkown
page readonly
7F0000
heap
page read and write
A01000
heap
page read and write
2C04000
heap
page read and write
50C0000
heap
page read and write
34FF0000
remote allocation
page read and write
210A000
remote allocation
page execute and read and write
52C4000
heap
page read and write
30000
heap
page read and write
3430000
direct allocation
page read and write
A01000
heap
page read and write
3290000
heap
page read and write
322C000
direct allocation
page execute and read and write
2A20000
unkown
page readonly
AF5000
unkown
page read and write
34FF0000
remote allocation
page read and write
B30000
heap
page read and write
24D0000
heap
page read and write
BAA000
stack
page read and write
3A50000
heap
page read and write
A01000
heap
page read and write
5440000
direct allocation
page read and write
350BC000
stack
page read and write
60000
direct allocation
page read and write
4F5A000
direct allocation
page execute and read and write
52C7000
heap
page read and write
525E000
heap
page read and write
42D000
unkown
page read and write
35520000
direct allocation
page execute and read and write
5EA000
unkown
page execute read
34D4E000
stack
page read and write
52F0000
heap
page read and write
34FF0000
remote allocation
page read and write
3080000
heap
page read and write
70A000
heap
page read and write
3C4C000
stack
page read and write
AEE000
unkown
page readonly
33D0000
direct allocation
page read and write
234E000
stack
page read and write
693000
heap
page read and write
2924000
heap
page read and write
A01000
heap
page read and write
AE1000
unkown
page execute read
A01000
heap
page read and write
4EB0000
direct allocation
page execute and read and write
2BC0000
heap
page read and write
684000
heap
page read and write
AF5000
unkown
page read and write
527A000
heap
page read and write
3230000
direct allocation
page execute and read and write
68D000
heap
page read and write
510E000
stack
page read and write
51F0000
heap
page read and write
A01000
heap
page read and write
34C6E000
stack
page read and write
523A000
heap
page read and write
2DD0000
unkown
page read and write
5266000
heap
page read and write
514E000
stack
page read and write
B40000
heap
page read and write
BAA000
stack
page read and write
3390000
direct allocation
page read and write
2DC0000
unkown
page readonly
2D74000
heap
page read and write
414000
unkown
page read and write
2BC0000
heap
page read and write
308D000
direct allocation
page execute and read and write
400000
unkown
page readonly
5410000
direct allocation
page read and write
351F5000
heap
page read and write
1520000
unkown
page readonly
AEE000
unkown
page readonly
A01000
heap
page read and write
52D0000
heap
page read and write
F80000
heap
page read and write
2D93000
unkown
page read and write
A0000
direct allocation
page read and write
68D000
heap
page read and write
AE0000
unkown
page readonly
68D000
heap
page read and write
BF1000
unkown
page readonly
A01000
heap
page read and write
455000
unkown
page readonly
2D74000
heap
page read and write
32B2000
unclassified section
page read and write
454B000
unkown
page execute and read and write
68D000
heap
page read and write
3220000
heap
page read and write
A90000
unkown
page readonly
2EDD000
heap
page read and write
226E000
stack
page read and write
616000
heap
page read and write
525E000
heap
page read and write
34BEF000
stack
page read and write
90E000
stack
page read and write
401000
unkown
page execute read
2280000
heap
page read and write
A00000
heap
page read and write
5F0000
unkown
page execute read
245F000
stack
page read and write
351BD000
stack
page read and write
3549B000
heap
page read and write
5266000
heap
page read and write
34E4E000
stack
page read and write
13A0000
unkown
page read and write
A01000
heap
page read and write
32A0000
heap
page read and write
5260000
heap
page read and write
3090000
unkown
page execute and read and write
5281000
heap
page read and write
A01000
heap
page read and write
53B0000
direct allocation
page read and write
5EC000
unkown
page execute read
FE0000
unkown
page readonly
357F0000
direct allocation
page execute and read and write
BE0000
unkown
page readonly
A01000
heap
page read and write
775A000
direct allocation
page execute and read and write
5EE000
unkown
page execute read
2DB4000
heap
page read and write
649000
unkown
page execute read
527A000
heap
page read and write
30000
heap
page read and write
A01000
heap
page read and write
A01000
heap
page read and write
FF0000
unkown
page readonly
2E80000
heap
page read and write
5CE000
stack
page read and write
2DC0000
unkown
page readonly
32C3000
unclassified section
page read and write
2CD0000
unkown
page readonly
455000
unkown
page readonly
2698000
remote allocation
page execute and read and write
2E5D000
stack
page read and write
50C5000
heap
page read and write
A01000
heap
page read and write
11A7000
heap
page read and write
408000
unkown
page readonly
3080000
heap
page read and write
33C0000
direct allocation
page read and write
626000
unkown
page execute read
35870000
unclassified section
page execute and read and write
C0C000
stack
page read and write
1280000
unkown
page readonly
3506F000
stack
page read and write
5F2000
unkown
page execute read
5400000
direct allocation
page read and write
2D93000
unkown
page read and write
2DE0000
trusted library allocation
page read and write
3084000
heap
page read and write
A01000
heap
page read and write
A01000
heap
page read and write
408000
unkown
page readonly
5281000
heap
page read and write
There are 394 hidden memdumps, click here to show them.