Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
#U0415Sh#U0430rk.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_#U0415Sh#U0430rk_4374819b0365f6888fbc19b060573179d2634f_bd242e1d_6c909fbb-e48c-4691-952e-96518334b0cd\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF90D.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Oct 14 02:43:59 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9AA.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFA19.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\#U0415Sh#U0430rk.exe
|
"C:\Users\user\Desktop\#U0415Sh#U0430rk.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 296
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
185.196.9.26:6302
|
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/sc/sct
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
http://tempuri.org/Entity/Id23ResponseD
|
unknown
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
|
unknown
|
||
|
http://tempuri.org/Entity/Id12Response
|
unknown
|
||
|
http://tempuri.org/
|
unknown
|
||
|
http://tempuri.org/Entity/Id2Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
|
unknown
|
||
|
http://tempuri.org/Entity/Id21Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
|
unknown
|
||
|
http://tempuri.org/Entity/Id9
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
|
unknown
|
||
|
http://tempuri.org/Entity/Id8
|
unknown
|
||
|
http://tempuri.org/Entity/Id5
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
|
unknown
|
||
|
http://tempuri.org/Entity/Id4
|
unknown
|
||
|
http://tempuri.org/Entity/Id7
|
unknown
|
||
|
http://tempuri.org/Entity/Id6
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
|
unknown
|
||
|
http://tempuri.org/Entity/Id19Response
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
|
unknown
|
||
|
http://tempuri.org/Entity/Id15Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
|
unknown
|
||
|
http://tempuri.org/Entity/Id6Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
|
unknown
|
||
|
https://api.ip.sb/ip
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/sc
|
unknown
|
||
|
http://tempuri.org/Entity/Id1ResponseD
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
|
unknown
|
||
|
http://www.entrust.net/rpa03
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
|
unknown
|
||
|
http://tempuri.org/Entity/Id9Response
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
http://tempuri.org/Entity/Id20
|
unknown
|
||
|
http://tempuri.org/Entity/Id21
|
unknown
|
||
|
http://tempuri.org/Entity/Id22
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
|
unknown
|
||
|
http://tempuri.org/Entity/Id23
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
|
unknown
|
||
|
http://tempuri.org/Entity/Id24
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
|
unknown
|
||
|
http://tempuri.org/Entity/Id24Response
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
http://tempuri.org/Entity/Id1Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
|
unknown
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressing
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/trust
|
unknown
|
||
|
http://tempuri.org/Entity/Id10
|
unknown
|
||
|
http://tempuri.org/Entity/Id11
|
unknown
|
||
|
http://tempuri.org/Entity/Id12
|
unknown
|
||
|
http://tempuri.org/Entity/Id16Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
|
unknown
|
||
|
http://tempuri.org/Entity/Id13
|
unknown
|
||
|
http://tempuri.org/Entity/Id14
|
unknown
|
||
|
http://tempuri.org/Entity/Id15
|
unknown
|
||
|
http://tempuri.org/Entity/Id16
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
|
unknown
|
||
|
http://tempuri.org/Entity/Id17
|
unknown
|
||
|
http://tempuri.org/Entity/Id18
|
unknown
|
||
|
http://tempuri.org/Entity/Id5Response
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
http://tempuri.org/Entity/Id19
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
|
unknown
|
||
|
https://www.entrust.net/rpa0
|
unknown
|
||
|
http://tempuri.org/Entity/Id10Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
|
unknown
|
||
|
http://tempuri.org/Entity/Id8Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
|
unknown
|
||
|
http://ocsp.entrust.net02
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.196.9.26
|
unknown
|
Switzerland
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
ProgramId
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
FileId
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
LongPathHash
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
Name
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
OriginalFileName
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
Publisher
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
Version
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
BinFileVersion
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
BinaryType
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
ProductName
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
ProductVersion
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
LinkDate
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
BinProductVersion
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
Size
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
Language
|
||
|
\REGISTRY\A\{311c2fd0-7e1a-4b67-0eb4-d9b43bf45bfc}\Root\InventoryApplicationFile\#u0415sh#u0430rk|30e9822b8f4a9ef9
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 16 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2E34000
|
trusted library allocation
|
page read and write
|
|
|
|
F1B000
|
unkown
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2DA1000
|
trusted library allocation
|
page read and write
|
|
|
|
4106000
|
trusted library allocation
|
page read and write
|
||
|
1010000
|
heap
|
page execute and read and write
|
||
|
3F44000
|
trusted library allocation
|
page read and write
|
||
|
712E000
|
stack
|
page read and write
|
||
|
30ED000
|
trusted library allocation
|
page read and write
|
||
|
329A000
|
trusted library allocation
|
page read and write
|
||
|
2F81000
|
trusted library allocation
|
page read and write
|
||
|
6D66000
|
heap
|
page read and write
|
||
|
54F0000
|
trusted library allocation
|
page read and write
|
||
|
25BD000
|
stack
|
page read and write
|
||
|
FA0000
|
trusted library allocation
|
page read and write
|
||
|
54EB000
|
trusted library allocation
|
page read and write
|
||
|
3E3F000
|
trusted library allocation
|
page read and write
|
||
|
318A000
|
trusted library allocation
|
page read and write
|
||
|
336E000
|
trusted library allocation
|
page read and write
|
||
|
2EEE000
|
trusted library allocation
|
page read and write
|
||
|
EF1000
|
unkown
|
page execute read
|
||
|
2D75000
|
trusted library allocation
|
page read and write
|
||
|
530A000
|
trusted library allocation
|
page read and write
|
||
|
BEF000
|
stack
|
page read and write
|
||
|
4068000
|
trusted library allocation
|
page read and write
|
||
|
3EEF000
|
trusted library allocation
|
page read and write
|
||
|
413C000
|
trusted library allocation
|
page read and write
|
||
|
6DC1000
|
heap
|
page read and write
|
||
|
EB5000
|
heap
|
page read and write
|
||
|
3226000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
trusted library allocation
|
page read and write
|
||
|
6CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
321C000
|
trusted library allocation
|
page read and write
|
||
|
6CF0000
|
trusted library allocation
|
page read and write
|
||
|
3229000
|
trusted library allocation
|
page read and write
|
||
|
5E64000
|
heap
|
page read and write
|
||
|
321A000
|
trusted library allocation
|
page read and write
|
||
|
F1B000
|
unkown
|
page write copy
|
||
|
3003000
|
trusted library allocation
|
page read and write
|
||
|
2F53000
|
trusted library allocation
|
page read and write
|
||
|
3FAB000
|
trusted library allocation
|
page read and write
|
||
|
6E22000
|
heap
|
page read and write
|
||
|
1410000
|
trusted library allocation
|
page read and write
|
||
|
30F3000
|
trusted library allocation
|
page read and write
|
||
|
33A3000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
heap
|
page read and write
|
||
|
4004000
|
trusted library allocation
|
page read and write
|
||
|
FEB000
|
trusted library allocation
|
page execute and read and write
|
||
|
3DDC000
|
trusted library allocation
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
4047000
|
trusted library allocation
|
page read and write
|
||
|
EF0000
|
unkown
|
page readonly
|
||
|
6CD4000
|
trusted library allocation
|
page read and write
|
||
|
6DC8000
|
heap
|
page read and write
|
||
|
3DEE000
|
trusted library allocation
|
page read and write
|
||
|
5550000
|
trusted library allocation
|
page read and write
|
||
|
4035000
|
trusted library allocation
|
page read and write
|
||
|
3F3E000
|
trusted library allocation
|
page read and write
|
||
|
333F000
|
trusted library allocation
|
page read and write
|
||
|
FB4000
|
trusted library allocation
|
page read and write
|
||
|
4094000
|
trusted library allocation
|
page read and write
|
||
|
54E5000
|
trusted library allocation
|
page read and write
|
||
|
5330000
|
trusted library allocation
|
page read and write
|
||
|
401C000
|
trusted library allocation
|
page read and write
|
||
|
4011000
|
trusted library allocation
|
page read and write
|
||
|
57FE000
|
stack
|
page read and write
|
||
|
5E52000
|
heap
|
page read and write
|
||
|
409B000
|
trusted library allocation
|
page read and write
|
||
|
553E000
|
trusted library allocation
|
page read and write
|
||
|
40EC000
|
trusted library allocation
|
page read and write
|
||
|
610E000
|
stack
|
page read and write
|
||
|
3E78000
|
trusted library allocation
|
page read and write
|
||
|
3FD3000
|
trusted library allocation
|
page read and write
|
||
|
71AE000
|
stack
|
page read and write
|
||
|
7059000
|
trusted library allocation
|
page read and write
|
||
|
11D0000
|
trusted library allocation
|
page read and write
|
||
|
5E57000
|
heap
|
page read and write
|
||
|
3280000
|
trusted library allocation
|
page read and write
|
||
|
4062000
|
trusted library allocation
|
page read and write
|
||
|
756E000
|
stack
|
page read and write
|
||
|
1038000
|
heap
|
page read and write
|
||
|
5E9B000
|
heap
|
page read and write
|
||
|
5640000
|
trusted library allocation
|
page read and write
|
||
|
3E71000
|
trusted library allocation
|
page read and write
|
||
|
5ECD000
|
heap
|
page read and write
|
||
|
6CF2000
|
trusted library allocation
|
page read and write
|
||
|
3161000
|
trusted library allocation
|
page read and write
|
||
|
10EF000
|
heap
|
page read and write
|
||
|
52A3000
|
heap
|
page read and write
|
||
|
74EE000
|
stack
|
page read and write
|
||
|
F4F000
|
unkown
|
page read and write
|
||
|
6DEB000
|
heap
|
page read and write
|
||
|
141C000
|
trusted library allocation
|
page read and write
|
||
|
314F000
|
trusted library allocation
|
page read and write
|
||
|
2EF4000
|
trusted library allocation
|
page read and write
|
||
|
310F000
|
trusted library allocation
|
page read and write
|
||
|
5300000
|
trusted library allocation
|
page read and write
|
||
|
40E1000
|
trusted library allocation
|
page read and write
|
||
|
5F05000
|
heap
|
page read and write
|
||
|
524D000
|
trusted library allocation
|
page read and write
|
||
|
5241000
|
trusted library allocation
|
page read and write
|
||
|
3378000
|
trusted library allocation
|
page read and write
|
||
|
400E000
|
trusted library allocation
|
page read and write
|
||
|
6DE2000
|
heap
|
page read and write
|
||
|
1000000
|
trusted library allocation
|
page read and write
|
||
|
2D6C000
|
stack
|
page read and write
|
||
|
70EE000
|
stack
|
page read and write
|
||
|
3FF8000
|
trusted library allocation
|
page read and write
|
||
|
328C000
|
trusted library allocation
|
page read and write
|
||
|
3E1D000
|
trusted library allocation
|
page read and write
|
||
|
30F8000
|
trusted library allocation
|
page read and write
|
||
|
3E35000
|
trusted library allocation
|
page read and write
|
||
|
5EFB000
|
heap
|
page read and write
|
||
|
3F4B000
|
trusted library allocation
|
page read and write
|
||
|
63EE000
|
stack
|
page read and write
|
||
|
EF1000
|
unkown
|
page execute read
|
||
|
2EE4000
|
trusted library allocation
|
page read and write
|
||
|
3234000
|
trusted library allocation
|
page read and write
|
||
|
13F0000
|
trusted library allocation
|
page read and write
|
||
|
7068000
|
trusted library allocation
|
page read and write
|
||
|
5308000
|
trusted library allocation
|
page read and write
|
||
|
4070000
|
trusted library allocation
|
page read and write
|
||
|
11AB000
|
stack
|
page read and write
|
||
|
3F74000
|
trusted library allocation
|
page read and write
|
||
|
F68000
|
unkown
|
page read and write
|
||
|
2F56000
|
trusted library allocation
|
page read and write
|
||
|
31CE000
|
trusted library allocation
|
page read and write
|
||
|
31D9000
|
trusted library allocation
|
page read and write
|
||
|
31C3000
|
trusted library allocation
|
page read and write
|
||
|
3FC0000
|
trusted library allocation
|
page read and write
|
||
|
3FFF000
|
trusted library allocation
|
page read and write
|
||
|
2F15000
|
trusted library allocation
|
page read and write
|
||
|
315B000
|
trusted library allocation
|
page read and write
|
||
|
6410000
|
trusted library allocation
|
page read and write
|
||
|
3FBA000
|
trusted library allocation
|
page read and write
|
||
|
6D58000
|
heap
|
page read and write
|
||
|
6D99000
|
heap
|
page read and write
|
||
|
3E4D000
|
trusted library allocation
|
page read and write
|
||
|
5780000
|
trusted library allocation
|
page read and write
|
||
|
52E2000
|
trusted library allocation
|
page read and write
|
||
|
FF1B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D6C000
|
heap
|
page read and write
|
||
|
328F000
|
trusted library allocation
|
page read and write
|
||
|
F6A000
|
unkown
|
page readonly
|
||
|
3E7D000
|
trusted library allocation
|
page read and write
|
||
|
3DC1000
|
trusted library allocation
|
page read and write
|
||
|
13EE000
|
stack
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
330B000
|
trusted library allocation
|
page read and write
|
||
|
707F000
|
trusted library allocation
|
page read and write
|
||
|
54EE000
|
trusted library allocation
|
page read and write
|
||
|
6B4C000
|
stack
|
page read and write
|
||
|
F5E000
|
unkown
|
page read and write
|
||
|
6290000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F6C000
|
trusted library allocation
|
page read and write
|
||
|
3DD0000
|
trusted library allocation
|
page read and write
|
||
|
3FBD000
|
trusted library allocation
|
page read and write
|
||
|
5526000
|
trusted library allocation
|
page read and write
|
||
|
6CF5000
|
trusted library allocation
|
page read and write
|
||
|
1418000
|
trusted library allocation
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
5560000
|
trusted library allocation
|
page read and write
|
||
|
55C0000
|
trusted library allocation
|
page read and write
|
||
|
3125000
|
trusted library allocation
|
page read and write
|
||
|
8FC000
|
stack
|
page read and write
|
||
|
4065000
|
trusted library allocation
|
page read and write
|
||
|
3E17000
|
trusted library allocation
|
page read and write
|
||
|
5EE6000
|
heap
|
page read and write
|
||
|
3DC9000
|
trusted library allocation
|
page read and write
|
||
|
404C000
|
trusted library allocation
|
page read and write
|
||
|
3FC8000
|
trusted library allocation
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
5ECA000
|
heap
|
page read and write
|
||
|
5503000
|
heap
|
page execute and read and write
|
||
|
3255000
|
trusted library allocation
|
page read and write
|
||
|
105A000
|
heap
|
page read and write
|
||
|
FCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
407B000
|
trusted library allocation
|
page read and write
|
||
|
4058000
|
trusted library allocation
|
page read and write
|
||
|
4027000
|
trusted library allocation
|
page read and write
|
||
|
10F7000
|
heap
|
page read and write
|
||
|
2F61000
|
trusted library allocation
|
page read and write
|
||
|
3E45000
|
trusted library allocation
|
page read and write
|
||
|
6DCA000
|
heap
|
page read and write
|
||
|
3F9F000
|
trusted library allocation
|
page read and write
|
||
|
628C000
|
stack
|
page read and write
|
||
|
E7E000
|
stack
|
page read and write
|
||
|
110F000
|
heap
|
page read and write
|
||
|
5EF1000
|
heap
|
page read and write
|
||
|
412F000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
551B000
|
trusted library allocation
|
page read and write
|
||
|
2EFC000
|
trusted library allocation
|
page read and write
|
||
|
714C000
|
trusted library allocation
|
page read and write
|
||
|
7140000
|
trusted library allocation
|
page read and write
|
||
|
32F7000
|
trusted library allocation
|
page read and write
|
||
|
323F000
|
trusted library allocation
|
page read and write
|
||
|
10F3000
|
heap
|
page read and write
|
||
|
FD6000
|
trusted library allocation
|
page execute and read and write
|
||
|
32BA000
|
trusted library allocation
|
page read and write
|
||
|
F11000
|
unkown
|
page readonly
|
||
|
4115000
|
trusted library allocation
|
page read and write
|
||
|
5246000
|
trusted library allocation
|
page read and write
|
||
|
3E42000
|
trusted library allocation
|
page read and write
|
||
|
3F39000
|
trusted library allocation
|
page read and write
|
||
|
32A5000
|
trusted library allocation
|
page read and write
|
||
|
3E12000
|
trusted library allocation
|
page read and write
|
||
|
26BD000
|
stack
|
page read and write
|
||
|
5EC7000
|
heap
|
page read and write
|
||
|
2F59000
|
trusted library allocation
|
page read and write
|
||
|
6B8E000
|
stack
|
page read and write
|
||
|
3F57000
|
trusted library allocation
|
page read and write
|
||
|
6D84000
|
heap
|
page read and write
|
||
|
32F4000
|
trusted library allocation
|
page read and write
|
||
|
403A000
|
trusted library allocation
|
page read and write
|
||
|
31C6000
|
trusted library allocation
|
page read and write
|
||
|
5510000
|
trusted library allocation
|
page read and write
|
||
|
EF0000
|
unkown
|
page readonly
|
||
|
12EE000
|
stack
|
page read and write
|
||
|
57B0000
|
heap
|
page execute and read and write
|
||
|
ACA000
|
stack
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
2D80000
|
trusted library allocation
|
page read and write
|
||
|
5320000
|
trusted library allocation
|
page read and write
|
||
|
322C000
|
trusted library allocation
|
page read and write
|
||
|
3DAF000
|
trusted library allocation
|
page read and write
|
||
|
5305000
|
trusted library allocation
|
page read and write
|
||
|
31B6000
|
trusted library allocation
|
page read and write
|
||
|
5341000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
trusted library allocation
|
page read and write
|
||
|
3151000
|
trusted library allocation
|
page read and write
|
||
|
FE2000
|
trusted library allocation
|
page read and write
|
||
|
3E24000
|
trusted library allocation
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
3DE1000
|
trusted library allocation
|
page read and write
|
||
|
2FE3000
|
trusted library allocation
|
page read and write
|
||
|
6CD0000
|
trusted library allocation
|
page read and write
|
||
|
5500000
|
heap
|
page execute and read and write
|
||
|
5EE0000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
511E000
|
stack
|
page read and write
|
||
|
31E7000
|
trusted library allocation
|
page read and write
|
||
|
339D000
|
trusted library allocation
|
page read and write
|
||
|
2EE2000
|
trusted library allocation
|
page read and write
|
||
|
7080000
|
trusted library allocation
|
page read and write
|
||
|
6DB0000
|
heap
|
page read and write
|
||
|
7050000
|
trusted library allocation
|
page read and write
|
||
|
5F0D000
|
heap
|
page read and write
|
||
|
3DF1000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
trusted library allocation
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
7075000
|
trusted library allocation
|
page read and write
|
||
|
2F7A000
|
trusted library allocation
|
page read and write
|
||
|
FE5000
|
trusted library allocation
|
page execute and read and write
|
||
|
5EDB000
|
heap
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
3FE1000
|
trusted library allocation
|
page read and write
|
||
|
54E0000
|
trusted library allocation
|
page read and write
|
||
|
9FE000
|
heap
|
page read and write
|
||
|
522B000
|
trusted library allocation
|
page read and write
|
||
|
104E000
|
heap
|
page read and write
|
||
|
3104000
|
trusted library allocation
|
page read and write
|
||
|
624E000
|
stack
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
3FB0000
|
trusted library allocation
|
page read and write
|
||
|
30F0000
|
trusted library allocation
|
page read and write
|
||
|
6E00000
|
heap
|
page read and write
|
||
|
5EA3000
|
heap
|
page read and write
|
||
|
3F5C000
|
trusted library allocation
|
page read and write
|
||
|
3174000
|
trusted library allocation
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
6CE0000
|
trusted library allocation
|
page read and write
|
||
|
3F66000
|
trusted library allocation
|
page read and write
|
||
|
5E80000
|
heap
|
page read and write
|
||
|
2F08000
|
trusted library allocation
|
page read and write
|
||
|
3DD5000
|
trusted library allocation
|
page read and write
|
||
|
116E000
|
stack
|
page read and write
|
||
|
6CE4000
|
trusted library allocation
|
page read and write
|
||
|
600E000
|
stack
|
page read and write
|
||
|
7200000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E6B000
|
trusted library allocation
|
page read and write
|
||
|
FDA000
|
trusted library allocation
|
page execute and read and write
|
||
|
40A0000
|
trusted library allocation
|
page read and write
|
||
|
1066000
|
heap
|
page read and write
|
||
|
437000
|
remote allocation
|
page execute and read and write
|
||
|
324D000
|
trusted library allocation
|
page read and write
|
||
|
5630000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E28000
|
heap
|
page read and write
|
||
|
6F50000
|
heap
|
page read and write
|
||
|
3182000
|
trusted library allocation
|
page read and write
|
||
|
5521000
|
trusted library allocation
|
page read and write
|
||
|
3DA1000
|
trusted library allocation
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
7052000
|
trusted library allocation
|
page read and write
|
||
|
411B000
|
trusted library allocation
|
page read and write
|
||
|
3FE6000
|
trusted library allocation
|
page read and write
|
||
|
5220000
|
trusted library allocation
|
page read and write
|
||
|
32FF000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
trusted library allocation
|
page read and write
|
||
|
7055000
|
trusted library allocation
|
page read and write
|
||
|
40AA000
|
trusted library allocation
|
page read and write
|
||
|
4040000
|
trusted library allocation
|
page read and write
|
||
|
766E000
|
stack
|
page read and write
|
||
|
3169000
|
trusted library allocation
|
page read and write
|
||
|
5EAD000
|
heap
|
page read and write
|
||
|
3FEC000
|
trusted library allocation
|
page read and write
|
||
|
30FF000
|
trusted library allocation
|
page read and write
|
||
|
3292000
|
trusted library allocation
|
page read and write
|
||
|
7160000
|
trusted library allocation
|
page read and write
|
||
|
6416000
|
trusted library allocation
|
page read and write
|
||
|
3E58000
|
trusted library allocation
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page execute and read and write
|
||
|
FE7000
|
trusted library allocation
|
page execute and read and write
|
||
|
3FA4000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
5224000
|
trusted library allocation
|
page read and write
|
||
|
2FC0000
|
trusted library allocation
|
page read and write
|
||
|
F11000
|
unkown
|
page readonly
|
||
|
4014000
|
trusted library allocation
|
page read and write
|
||
|
554A000
|
trusted library allocation
|
page read and write
|
||
|
5770000
|
trusted library allocation
|
page execute and read and write
|
||
|
3DFA000
|
trusted library allocation
|
page read and write
|
||
|
3DEB000
|
trusted library allocation
|
page read and write
|
||
|
583E000
|
stack
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
57A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
F6A000
|
unkown
|
page readonly
|
||
|
446000
|
remote allocation
|
page execute and read and write
|
||
|
3322000
|
trusted library allocation
|
page read and write
|
||
|
7130000
|
trusted library allocation
|
page read and write
|
||
|
31B4000
|
trusted library allocation
|
page read and write
|
||
|
10FD000
|
heap
|
page read and write
|
||
|
2F6C000
|
trusted library allocation
|
page read and write
|
||
|
6CDA000
|
trusted library allocation
|
page read and write
|
||
|
2F1D000
|
trusted library allocation
|
page read and write
|
||
|
30FC000
|
trusted library allocation
|
page read and write
|
||
|
706A000
|
trusted library allocation
|
page read and write
|
||
|
5EA9000
|
heap
|
page read and write
|
||
|
F66000
|
unkown
|
page execute and read and write
|
||
|
3F92000
|
trusted library allocation
|
page read and write
|
||
|
C2E000
|
stack
|
page read and write
|
||
|
1020000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BD8000
|
trusted library allocation
|
page read and write
|
||
|
40A7000
|
trusted library allocation
|
page read and write
|
||
|
5EB2000
|
heap
|
page read and write
|
||
|
52E0000
|
trusted library allocation
|
page read and write
|
||
|
4119000
|
trusted library allocation
|
page read and write
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
7150000
|
trusted library allocation
|
page execute and read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
3E04000
|
trusted library allocation
|
page read and write
|
||
|
10ED000
|
heap
|
page read and write
|
||
|
2D70000
|
trusted library allocation
|
page read and write
|
||
|
5E10000
|
heap
|
page read and write
|
||
|
3E29000
|
trusted library allocation
|
page read and write
|
||
|
5E90000
|
heap
|
page read and write
|
||
|
3F98000
|
trusted library allocation
|
page read and write
|
||
|
71EE000
|
stack
|
page read and write
|
||
|
55A0000
|
trusted library allocation
|
page read and write
|
||
|
3F69000
|
trusted library allocation
|
page read and write
|
||
|
3FF3000
|
trusted library allocation
|
page read and write
|
||
|
32E6000
|
trusted library allocation
|
page read and write
|
||
|
521F000
|
stack
|
page read and write
|
||
|
3F7F000
|
trusted library allocation
|
page read and write
|
||
|
55D0000
|
trusted library allocation
|
page read and write
|
||
|
31EF000
|
trusted library allocation
|
page read and write
|
||
|
50C000
|
stack
|
page read and write
|
||
|
5E18000
|
heap
|
page read and write
|
||
|
6F60000
|
heap
|
page read and write
|
||
|
5252000
|
trusted library allocation
|
page read and write
|
||
|
2F47000
|
trusted library allocation
|
page read and write
|
||
|
5532000
|
trusted library allocation
|
page read and write
|
||
|
3318000
|
trusted library allocation
|
page read and write
|
||
|
752E000
|
stack
|
page read and write
|
||
|
523E000
|
trusted library allocation
|
page read and write
|
||
|
6C8D000
|
stack
|
page read and write
|
||
|
6E37000
|
heap
|
page read and write
|
||
|
40FB000
|
trusted library allocation
|
page read and write
|
||
|
4089000
|
trusted library allocation
|
page read and write
|
||
|
9F9000
|
heap
|
page read and write
|
||
|
5270000
|
trusted library allocation
|
page read and write
|
||
|
FD2000
|
trusted library allocation
|
page read and write
|
||
|
2EB6000
|
trusted library allocation
|
page read and write
|
||
|
FBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E84000
|
trusted library allocation
|
page read and write
|
||
|
614E000
|
stack
|
page read and write
|
||
|
408E000
|
trusted library allocation
|
page read and write
|
||
|
2EF1000
|
trusted library allocation
|
page read and write
|
||
|
55B0000
|
trusted library allocation
|
page read and write
|
||
|
5620000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DA9000
|
heap
|
page read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
4053000
|
trusted library allocation
|
page read and write
|
||
|
3391000
|
trusted library allocation
|
page read and write
|
||
|
432000
|
remote allocation
|
page execute and read and write
|
||
|
5541000
|
trusted library allocation
|
page read and write
|
||
|
5570000
|
trusted library allocation
|
page execute and read and write
|
||
|
315E000
|
trusted library allocation
|
page read and write
|
||
|
6CD7000
|
trusted library allocation
|
page read and write
|
||
|
4123000
|
trusted library allocation
|
page read and write
|
||
|
31C0000
|
trusted library allocation
|
page read and write
|
||
|
32B3000
|
trusted library allocation
|
page read and write
|
||
|
3EBE000
|
trusted library allocation
|
page read and write
|
||
|
10E1000
|
heap
|
page read and write
|
||
|
D2F000
|
stack
|
page read and write
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
3E30000
|
trusted library allocation
|
page read and write
|
||
|
639C000
|
stack
|
page read and write
|
||
|
32F1000
|
trusted library allocation
|
page read and write
|
||
|
40D7000
|
trusted library allocation
|
page read and write
|
||
|
707A000
|
trusted library allocation
|
page read and write
|
||
|
5EBD000
|
heap
|
page read and write
|
||
|
63F0000
|
trusted library allocation
|
page read and write
|
||
|
3383000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
FB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
52A0000
|
heap
|
page read and write
|
||
|
3F50000
|
trusted library allocation
|
page read and write
|
||
|
311D000
|
trusted library allocation
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page read and write
|
||
|
BC7000
|
stack
|
page read and write
|
||
|
3F8D000
|
trusted library allocation
|
page read and write
|
||
|
6D9F000
|
heap
|
page read and write
|
||
|
3E96000
|
trusted library allocation
|
page read and write
|
||
|
410B000
|
trusted library allocation
|
page read and write
|
||
|
3E66000
|
trusted library allocation
|
page read and write
|
||
|
706F000
|
trusted library allocation
|
page read and write
|
There are 417 hidden memdumps, click here to show them.