IOC Report
RFQ_TFS-1508-AL NASR ENGINEERING.exe

loading gif

Files

File Path
Type
Category
Malicious
RFQ_TFS-1508-AL NASR ENGINEERING.exe
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RFQ_TFS-1508-AL _5b9ed2f4b716eba5ce879ab6e10a0499122638a_7b153501_3805f8aa-0467-4fc7-bfb4-1a349cea6a26\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER21E4.tmp.dmp
Mini DuMP crash report, 16 streams, Mon Nov 18 16:34:00 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2744.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2793.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CasPol.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_04ifsrck.pbp.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g355htam.phd.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h5mpkhr5.5nq.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hfah5zvq.3tw.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmp100E.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmp101F.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmp1EE2.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\tmp1F31.tmp
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmp46EF.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp46F0.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp4701.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp4712.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp4713.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp4742.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp5352.tmp
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmp6793.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmp67A4.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmp67A5.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmp67A6.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmp67B6.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmp67B7.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmp67D8.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp67E8.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp6808.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp7DB5.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\tmp7E04.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\tmpA021.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmpA031.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmpA032.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmpA053.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmpA063.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmpA084.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmpA094.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmpB419.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\tmpD83F.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmpD85F.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmpD88F.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmpE9B1.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\tmpE9D1.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\tmpE9E1.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\tmpE9F2.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\tmpEA03.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\tmpEA13.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\tmpEA24.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\tmpEA44.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\tmpFCD.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmpFDE.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmpFEE.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 46 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\RFQ_TFS-1508-AL NASR ENGINEERING.exe
"C:\Users\user\Desktop\RFQ_TFS-1508-AL NASR ENGINEERING.exe"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_TFS-1508-AL NASR ENGINEERING.exe" -Force
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5276 -s 1056

URLs

Name
IP
Malicious
193.70.111.186:13484
malicious
http://193.70.111.186:13484/
193.70.111.186
malicious
https://ipinfo.io/ip%appdata%
unknown
https://duckduckgo.com/chrome_newtab
unknown
https://duckduckgo.com/ac/?q=
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
unknown
http://tempuri.org/Endpoint/CheckConnectResponse
unknown
http://schemas.datacontract.org/2004/07/
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX
unknown
http://193.70.111.186:13484
unknown
http://tempuri.org/Endpoint/EnvironmentSettings
unknown
https://api.ip.sb/geoip%USERPEnvironmentROFILE%
unknown
https://api.ip.sb
unknown
https://api.ip.sb/geoip
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://tempuri.org/
unknown
http://upx.sf.net
unknown
http://tempuri.org/Endpoint/CheckConnect
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://193.70.111.186:13484t-
unknown
https://www.ecosia.org/newtab/
unknown
http://tempuri.org/Endpoint/VerifyUpdateResponse
unknown
http://tempuri.org/Endpoint/SetEnvironment
unknown
http://tempuri.org/Endpoint/SetEnvironmentResponse
unknown
http://tempuri.org/Endpoint/GetUpdates
unknown
https://ac.ecosia.org/autocomplete?q=
unknown
https://api.ipify.orgcookies//settinString.Removeg
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing
unknown
http://tempuri.org/Endpoint/GetUpdatesResponse
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://tempuri.org/Endpoint/EnvironmentSettingsResponse
unknown
http://tempuri.org/Endpoint/VerifyUpdate
unknown
http://193.70.111.186:13484pE
unknown
http://tempuri.org/0
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
http://schemas.xmlsoap.org/soap/actor/next
unknown
There are 29 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
api.ip.sb
unknown

IPs

IP
Domain
Country
Malicious
193.70.111.186
unknown
France
malicious

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLUA
malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CasPol_RASMANCS
FileDirectory
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
ProgramId
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
FileId
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
LowerCaseLongPath
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
LongPathHash
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
Name
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
OriginalFileName
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
Publisher
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
Version
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
BinFileVersion
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
BinaryType
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
ProductName
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
ProductVersion
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
LinkDate
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
BinProductVersion
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
AppxPackageFullName
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
AppxPackageRelativeId
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
Size
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
Language
\REGISTRY\A\{3517e23e-75a4-f6b3-8cdf-2514b1cf22b3}\Root\InventoryApplicationFile\rfq_tfs-1508-al |cc2b18b492b3af8b
Usn
There are 26 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2DBAA7A1000
trusted library allocation
page read and write
malicious
2DBBA7B1000
trusted library allocation
page read and write
malicious
28AF000
trusted library allocation
page read and write
malicious
402000
remote allocation
page execute and read and write
malicious
5362000
trusted library allocation
page read and write
5B71000
heap
page read and write
2DBC308A000
heap
page read and write
2C79000
trusted library allocation
page read and write
64F0000
heap
page execute and read and write
4D6B000
trusted library allocation
page read and write
3A41000
trusted library allocation
page read and write
63B8000
trusted library allocation
page read and write
E66A3FE000
stack
page read and write
7FF848E04000
trusted library allocation
page read and write
2DBA8B90000
heap
page read and write
39F6000
trusted library allocation
page read and write
B00000
trusted library allocation
page read and write
2C3A000
trusted library allocation
page read and write
5AB0000
heap
page read and write
3D69000
trusted library allocation
page read and write
5300000
trusted library allocation
page read and write
3923000
trusted library allocation
page read and write
4F40000
trusted library allocation
page read and write
6560000
trusted library allocation
page read and write
39F1000
trusted library allocation
page read and write
520000
heap
page read and write
4F4E000
trusted library allocation
page read and write
533A000
trusted library allocation
page read and write
63CD000
trusted library allocation
page read and write
3A39000
trusted library allocation
page read and write
6C80000
trusted library allocation
page read and write
29CC000
trusted library allocation
page read and write
64EC000
stack
page read and write
4C5E000
stack
page read and write
3966000
trusted library allocation
page read and write
2DBA8C43000
trusted library allocation
page read and write
2510000
heap
page read and write
63B4000
trusted library allocation
page read and write
5B6C000
heap
page read and write
39A8000
trusted library allocation
page read and write
4E40000
trusted library allocation
page read and write
3A24000
trusted library allocation
page read and write
771000
heap
page read and write
7FF848FF0000
trusted library allocation
page read and write
6E20000
trusted library allocation
page execute and read and write
390D000
trusted library allocation
page read and write
3917000
trusted library allocation
page read and write
7FF848EC6000
trusted library allocation
page execute and read and write
63AC000
trusted library allocation
page read and write
2961000
trusted library allocation
page read and write
39BB000
trusted library allocation
page read and write
3A3C000
trusted library allocation
page read and write
667000
trusted library allocation
page execute and read and write
7FF848E0D000
trusted library allocation
page execute and read and write
4B5E000
stack
page read and write
28D3000
trusted library allocation
page read and write
63D2000
trusted library allocation
page read and write
6E50000
trusted library allocation
page execute and read and write
2AB9000
trusted library allocation
page read and write
5320000
trusted library allocation
page read and write
778000
heap
page read and write
2AEA000
trusted library allocation
page read and write
E66ABFE000
stack
page read and write
3A33000
trusted library allocation
page read and write
5338000
trusted library allocation
page read and write
E66ADFD000
stack
page read and write
2DBA8CA0000
heap
page read and write
7FF848FC0000
trusted library allocation
page read and write
7FF848E9C000
trusted library allocation
page execute and read and write
2DBA8DE0000
heap
page execute and read and write
2DBC3030000
heap
page read and write
5325000
trusted library allocation
page read and write
708000
heap
page read and write
613F000
stack
page read and write
6372000
trusted library allocation
page read and write
6187000
heap
page read and write
24A0000
heap
page execute and read and write
4F1E000
stack
page read and write
39AB000
trusted library allocation
page read and write
2DBA8CDD000
heap
page read and write
4DC0000
trusted library allocation
page execute and read and write
2DBA8CB3000
heap
page read and write
4D60000
trusted library allocation
page read and write
38D4000
trusted library allocation
page read and write
6C3E000
stack
page read and write
638C000
trusted library allocation
page read and write
3930000
trusted library allocation
page read and write
B4E000
stack
page read and write
396B000
trusted library allocation
page read and write
5E2E000
stack
page read and write
6F9E000
stack
page read and write
7FF848E90000
trusted library allocation
page read and write
24EE000
stack
page read and write
ADC000
stack
page read and write
2490000
trusted library allocation
page read and write
5AE2000
heap
page read and write
66B000
trusted library allocation
page execute and read and write
B80000
heap
page read and write
7FF848E3C000
trusted library allocation
page execute and read and write
6370000
trusted library allocation
page read and write
39E5000
trusted library allocation
page read and write
3959000
trusted library allocation
page read and write
534F000
trusted library allocation
page read and write
4E90000
trusted library allocation
page read and write
2DBA8BD0000
heap
page read and write
2DBAA790000
heap
page read and write
6C70000
trusted library allocation
page execute and read and write
7FF848F90000
trusted library allocation
page read and write
4D71000
trusted library allocation
page read and write
640000
trusted library allocation
page read and write
E66A7FD000
stack
page read and write
5CA0000
trusted library allocation
page execute and read and write
4D5E000
stack
page read and write
5B7E000
heap
page read and write
63D5000
trusted library allocation
page read and write
2D19000
trusted library allocation
page read and write
6C60000
trusted library allocation
page read and write
2DBBA7A8000
trusted library allocation
page read and write
63C6000
trusted library allocation
page read and write
5360000
trusted library allocation
page read and write
E66A5FF000
stack
page read and write
5D1E000
stack
page read and write
B87000
heap
page read and write
2B2A000
trusted library allocation
page read and write
6550000
trusted library allocation
page read and write
391D000
trusted library allocation
page read and write
650000
trusted library allocation
page read and write
3A7F000
trusted library allocation
page read and write
39E8000
trusted library allocation
page read and write
7FF848F00000
trusted library allocation
page execute and read and write
2DBA8A90000
heap
page read and write
9FE000
stack
page read and write
3A7C000
trusted library allocation
page read and write
6CFE000
stack
page read and write
6173000
heap
page read and write
395D000
trusted library allocation
page read and write
39A2000
trusted library allocation
page read and write
4E80000
trusted library allocation
page execute and read and write
39EE000
trusted library allocation
page read and write
2DBAA81D000
trusted library allocation
page read and write
533F000
trusted library allocation
page read and write
2DBA8BC5000
heap
page read and write
6D00000
heap
page read and write
3968000
trusted library allocation
page read and write
4D82000
trusted library allocation
page read and write
2DBC30BC000
heap
page read and write
2DBA8E40000
heap
page read and write
4E60000
trusted library allocation
page read and write
2DBBA7A1000
trusted library allocation
page read and write
B54000
trusted library allocation
page read and write
7FF848DE0000
trusted library allocation
page read and write
5E60000
trusted library allocation
page read and write
7FF848FE5000
trusted library allocation
page read and write
620000
heap
page read and write
65A000
trusted library allocation
page execute and read and write
61AE000
heap
page read and write
3A01000
trusted library allocation
page read and write
63A4000
trusted library allocation
page read and write
6470000
trusted library allocation
page execute and read and write
6390000
trusted library allocation
page read and write
3D7B000
trusted library allocation
page read and write
5370000
trusted library allocation
page read and write
8FF000
stack
page read and write
6C90000
heap
page read and write
4960000
heap
page read and write
4F4B000
trusted library allocation
page read and write
73E000
heap
page read and write
2480000
trusted library allocation
page read and write
52EE000
stack
page read and write
2471000
trusted library allocation
page read and write
5B68000
heap
page read and write
7FF848E00000
trusted library allocation
page read and write
2DBA8DA0000
heap
page read and write
B70000
trusted library allocation
page read and write
A08000
trusted library allocation
page read and write
39FC000
trusted library allocation
page read and write
7FF848FB0000
trusted library allocation
page read and write
6360000
trusted library allocation
page execute and read and write
4DE0000
trusted library allocation
page read and write
246E000
stack
page read and write
700000
heap
page read and write
2B21000
trusted library allocation
page read and write
3925000
trusted library allocation
page read and write
2DBA8A02000
unkown
page readonly
E66A2F3000
stack
page read and write
545000
heap
page read and write
5322000
trusted library allocation
page read and write
394C000
trusted library allocation
page read and write
2DBC2F90000
heap
page read and write
3A1D000
trusted library allocation
page read and write
7FF848DE3000
trusted library allocation
page execute and read and write
3A63000
trusted library allocation
page read and write
4DD0000
trusted library allocation
page execute and read and write
7FF848EA0000
trusted library allocation
page execute and read and write
4F50000
trusted library allocation
page read and write
2DBBB24F000
trusted library allocation
page read and write
2DBA8E45000
heap
page read and write
2DBA8C60000
heap
page execute and read and write
7FF848E0B000
trusted library allocation
page execute and read and write
5CE000
stack
page read and write
3A70000
trusted library allocation
page read and write
6480000
trusted library allocation
page read and write
5D0000
heap
page read and write
28E0000
trusted library allocation
page read and write
2C58000
trusted library allocation
page read and write
5B1D000
heap
page read and write
7F0000
heap
page read and write
28D8000
trusted library allocation
page read and write
28CD000
trusted library allocation
page read and write
7F4D0000
trusted library allocation
page execute and read and write
63AF000
trusted library allocation
page read and write
7FF848E96000
trusted library allocation
page read and write
4E5A000
trusted library allocation
page read and write
B5A000
trusted library allocation
page read and write
5B82000
heap
page read and write
2DBC3033000
heap
page read and write
7FF848F99000
trusted library allocation
page read and write
5AF3000
heap
page read and write
6E0000
trusted library allocation
page execute and read and write
6F5E000
stack
page read and write
242E000
stack
page read and write
392B000
trusted library allocation
page read and write
4E70000
trusted library allocation
page execute and read and write
2C5B000
trusted library allocation
page read and write
3953000
trusted library allocation
page read and write
3920000
trusted library allocation
page read and write
3992000
trusted library allocation
page read and write
63A2000
trusted library allocation
page read and write
3A87000
trusted library allocation
page read and write
5B91000
heap
page read and write
4EDD000
stack
page read and write
5E50000
heap
page read and write
660000
trusted library allocation
page read and write
6160000
heap
page read and write
665000
trusted library allocation
page execute and read and write
399F000
trusted library allocation
page read and write
2AAF000
trusted library allocation
page read and write
63A6000
trusted library allocation
page read and write
3A2E000
trusted library allocation
page read and write
63C1000
trusted library allocation
page read and write
5B8D000
heap
page read and write
5302000
trusted library allocation
page read and write
3D6E000
trusted library allocation
page read and write
2DBA8CDF000
heap
page read and write
3892000
trusted library allocation
page read and write
63C8000
trusted library allocation
page read and write
3962000
trusted library allocation
page read and write
39B1000
trusted library allocation
page read and write
3A37000
trusted library allocation
page read and write
6E10000
trusted library allocation
page execute and read and write
2861000
trusted library allocation
page read and write
495D000
stack
page read and write
2C77000
trusted library allocation
page read and write
5B31000
heap
page read and write
7FF848DF2000
trusted library allocation
page read and write
3A94000
trusted library allocation
page read and write
5329000
trusted library allocation
page read and write
24A3000
heap
page execute and read and write
29D6000
trusted library allocation
page read and write
639A000
trusted library allocation
page read and write
6380000
trusted library allocation
page read and write
2DBA8C30000
trusted library allocation
page read and write
3872000
trusted library allocation
page read and write
7FF848FE0000
trusted library allocation
page read and write
64D000
trusted library allocation
page execute and read and write
39F4000
trusted library allocation
page read and write
39AE000
trusted library allocation
page read and write
39D8000
trusted library allocation
page read and write
7FF848DED000
trusted library allocation
page execute and read and write
3914000
trusted library allocation
page read and write
2DBBB10D000
trusted library allocation
page read and write
B50000
trusted library allocation
page read and write
2D50000
trusted library allocation
page read and write
6CE000
stack
page read and write
5CD0000
trusted library allocation
page read and write
2958000
trusted library allocation
page read and write
2DBAAB27000
trusted library allocation
page read and write
4D8E000
trusted library allocation
page read and write
2DBA8A06000
unkown
page readonly
3A2A000
trusted library allocation
page read and write
2A07000
trusted library allocation
page read and write
7FF848F80000
trusted library allocation
page read and write
610000
trusted library allocation
page read and write
24F0000
trusted library allocation
page read and write
6460000
trusted library allocation
page read and write
AE0000
trusted library allocation
page read and write
400000
remote allocation
page execute and read and write
E66A9FF000
stack
page read and write
58E000
stack
page read and write
7FF848FD0000
trusted library allocation
page execute and read and write
3975000
trusted library allocation
page read and write
63BE000
trusted library allocation
page read and write
540000
heap
page read and write
2DBA8BC0000
heap
page read and write
2DBC3040000
heap
page read and write
2DBA8CB6000
heap
page read and write
5C9E000
stack
page read and write
E66A4FE000
stack
page read and write
7FF848DF0000
trusted library allocation
page read and write
680000
trusted library allocation
page read and write
2DBA8B70000
heap
page read and write
618D000
heap
page read and write
63D000
trusted library allocation
page execute and read and write
B60000
trusted library allocation
page read and write
E66A6FE000
stack
page read and write
5B3C000
heap
page read and write
5A9E000
stack
page read and write
BB000
stack
page read and write
3A73000
trusted library allocation
page read and write
2A47000
trusted library allocation
page read and write
7FF848FA0000
trusted library allocation
page read and write
5365000
trusted library allocation
page read and write
2DBAA700000
trusted library section
page read and write
2D59000
trusted library allocation
page read and write
7FF848F94000
trusted library allocation
page read and write
52AF000
stack
page read and write
3971000
trusted library allocation
page read and write
2DBBAFB1000
trusted library allocation
page read and write
2DBA8CE9000
heap
page read and write
7FF848DE4000
trusted library allocation
page read and write
3861000
trusted library allocation
page read and write
7FF4B92B0000
trusted library allocation
page execute and read and write
5DEE000
stack
page read and write
709E000
stack
page read and write
4D76000
trusted library allocation
page read and write
39B6000
trusted library allocation
page read and write
6540000
trusted library allocation
page read and write
2DBA8C70000
heap
page read and write
3907000
trusted library allocation
page read and write
AF0000
heap
page execute and read and write
7FF848DFD000
trusted library allocation
page execute and read and write
5345000
trusted library allocation
page read and write
2DBC27D0000
trusted library allocation
page read and write
E66AEFE000
stack
page read and write
652000
trusted library allocation
page read and write
2500000
trusted library allocation
page read and write
440000
heap
page read and write
3A69000
trusted library allocation
page read and write
3A81000
trusted library allocation
page read and write
2A3D000
trusted library allocation
page read and write
656000
trusted library allocation
page execute and read and write
4979000
heap
page read and write
1B8000
stack
page read and write
2995000
trusted library allocation
page read and write
3998000
trusted library allocation
page read and write
5DAE000
stack
page read and write
E66AAFE000
stack
page read and write
633000
trusted library allocation
page execute and read and write
E66AFFB000
stack
page read and write
2DBA8C7C000
heap
page read and write
7FF848FCD000
trusted library allocation
page read and write
5D5E000
stack
page read and write
2DBA8C40000
trusted library allocation
page read and write
2DBBB50D000
trusted library allocation
page read and write
3AA4000
trusted library allocation
page read and write
3CDA000
trusted library allocation
page read and write
4E5D000
trusted library allocation
page read and write
3A79000
trusted library allocation
page read and write
3A46000
trusted library allocation
page read and write
2A78000
trusted library allocation
page read and write
534A000
trusted library allocation
page read and write
5354000
trusted library allocation
page read and write
5310000
trusted library allocation
page execute and read and write
5AA0000
heap
page read and write
5350000
trusted library allocation
page read and write
630000
trusted library allocation
page read and write
39DE000
trusted library allocation
page read and write
2DBA8A00000
unkown
page readonly
4DF0000
trusted library allocation
page read and write
2DBA8C10000
trusted library allocation
page read and write
662000
trusted library allocation
page read and write
2DBC309C000
heap
page read and write
3D75000
trusted library allocation
page read and write
634000
trusted library allocation
page read and write
7FF848DE2000
trusted library allocation
page read and write
There are 365 hidden memdumps, click here to show them.