Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
fOsCO13KRs.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fOsCO13KRs.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\d3d9.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\fOsCO13KRs.exe
|
"C:\Users\user\Desktop\fOsCO13KRs.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
94.228.166.68:80
|
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/sc/sct
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
http://tempuri.org/Entity/Id23ResponseD
|
unknown
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
|
unknown
|
||
|
http://tempuri.org/Entity/Id12Response
|
unknown
|
||
|
http://tempuri.org/
|
unknown
|
||
|
http://tempuri.org/Entity/Id2Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
|
unknown
|
||
|
http://tempuri.org/Entity/Id21Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
|
unknown
|
||
|
http://tempuri.org/Entity/Id9
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
|
unknown
|
||
|
http://tempuri.org/Entity/Id8
|
unknown
|
||
|
http://tempuri.org/Entity/Id5
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
|
unknown
|
||
|
http://tempuri.org/Entity/Id4
|
unknown
|
||
|
http://tempuri.org/Entity/Id7
|
unknown
|
||
|
http://tempuri.org/Entity/Id6
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
|
unknown
|
||
|
http://tempuri.org/Entity/Id19Response
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
|
unknown
|
||
|
http://tempuri.org/Entity/Id15Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
|
unknown
|
||
|
http://tempuri.org/Entity/Id6Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
|
unknown
|
||
|
https://api.ip.sb/ip
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/sc
|
unknown
|
||
|
http://tempuri.org/Entity/Id1ResponseD
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
|
unknown
|
||
|
http://tempuri.org/Entity/Id9Response
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
http://tempuri.org/Entity/Id20
|
unknown
|
||
|
http://tempuri.org/Entity/Id21
|
unknown
|
||
|
http://tempuri.org/Entity/Id22
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
|
unknown
|
||
|
http://tempuri.org/Entity/Id23
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
|
unknown
|
||
|
http://tempuri.org/Entity/Id24
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
|
unknown
|
||
|
http://tempuri.org/Entity/Id24Response
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
http://tempuri.org/Entity/Id1Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
|
unknown
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressing
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/trust
|
unknown
|
||
|
http://tempuri.org/Entity/Id10
|
unknown
|
||
|
http://tempuri.org/Entity/Id11
|
unknown
|
||
|
http://tempuri.org/Entity/Id12
|
unknown
|
||
|
http://tempuri.org/Entity/Id16Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
|
unknown
|
||
|
http://tempuri.org/Entity/Id13
|
unknown
|
||
|
http://tempuri.org/Entity/Id14
|
unknown
|
||
|
http://tempuri.org/Entity/Id15
|
unknown
|
||
|
http://tempuri.org/Entity/Id16
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
|
unknown
|
||
|
http://tempuri.org/Entity/Id17
|
unknown
|
||
|
http://tempuri.org/Entity/Id18
|
unknown
|
||
|
http://tempuri.org/Entity/Id5Response
|
unknown
|
||
|
http://tempuri.org/Entity/Id19
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
|
unknown
|
||
|
http://tempuri.org/Entity/Id10Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
|
unknown
|
||
|
http://tempuri.org/Entity/Id8Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtabS
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
|
unknown
|
||
|
http://tempuri.org/Entity/Id3ResponseD
|
unknown
|
||
|
http://tempuri.org/Entity/Id23Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
|
unknown
|
||
|
http://tempuri.org/D
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
api.ip.sb
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.228.166.68
|
unknown
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
30B1000
|
trusted library allocation
|
page read and write
|
|
|
|
6D17E000
|
unkown
|
page read and write
|
|
|
|
17E4000
|
trusted library allocation
|
page read and write
|
||
|
452F000
|
trusted library allocation
|
page read and write
|
||
|
154E000
|
stack
|
page read and write
|
||
|
166F000
|
stack
|
page read and write
|
||
|
42AB000
|
trusted library allocation
|
page read and write
|
||
|
3697000
|
trusted library allocation
|
page read and write
|
||
|
6EBB000
|
trusted library allocation
|
page read and write
|
||
|
4281000
|
trusted library allocation
|
page read and write
|
||
|
A708000
|
heap
|
page read and write
|
||
|
4249000
|
trusted library allocation
|
page read and write
|
||
|
5680000
|
trusted library allocation
|
page read and write
|
||
|
6910000
|
trusted library allocation
|
page read and write
|
||
|
56B1000
|
trusted library allocation
|
page read and write
|
||
|
A0AF000
|
trusted library allocation
|
page read and write
|
||
|
9442000
|
trusted library allocation
|
page read and write
|
||
|
56B6000
|
trusted library allocation
|
page read and write
|
||
|
12F8000
|
stack
|
page read and write
|
||
|
3685000
|
trusted library allocation
|
page read and write
|
||
|
A190000
|
trusted library allocation
|
page read and write
|
||
|
364E000
|
trusted library allocation
|
page read and write
|
||
|
5B8C000
|
heap
|
page read and write
|
||
|
524B000
|
stack
|
page read and write
|
||
|
317A000
|
trusted library allocation
|
page read and write
|
||
|
15CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
35CA000
|
trusted library allocation
|
page read and write
|
||
|
36C6000
|
trusted library allocation
|
page read and write
|
||
|
33FA000
|
trusted library allocation
|
page read and write
|
||
|
4271000
|
trusted library allocation
|
page read and write
|
||
|
55C0000
|
heap
|
page read and write
|
||
|
1290000
|
trusted library allocation
|
page read and write
|
||
|
4486000
|
trusted library allocation
|
page read and write
|
||
|
A680000
|
heap
|
page read and write
|
||
|
6A10000
|
trusted library allocation
|
page execute and read and write
|
||
|
A69B000
|
heap
|
page read and write
|
||
|
68E0000
|
trusted library allocation
|
page read and write
|
||
|
3090000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
5BB2000
|
heap
|
page read and write
|
||
|
15BE000
|
stack
|
page read and write
|
||
|
97BE000
|
stack
|
page read and write
|
||
|
3182000
|
trusted library allocation
|
page read and write
|
||
|
4244000
|
trusted library allocation
|
page read and write
|
||
|
4469000
|
trusted library allocation
|
page read and write
|
||
|
4294000
|
trusted library allocation
|
page read and write
|
||
|
6DC0000
|
trusted library allocation
|
page read and write
|
||
|
A6E6000
|
heap
|
page read and write
|
||
|
A728000
|
heap
|
page read and write
|
||
|
17E0000
|
trusted library allocation
|
page read and write
|
||
|
A736000
|
heap
|
page read and write
|
||
|
A09F000
|
trusted library allocation
|
page read and write
|
||
|
A0B0000
|
trusted library allocation
|
page read and write
|
||
|
2E80000
|
trusted library allocation
|
page read and write
|
||
|
6A00000
|
trusted library allocation
|
page read and write
|
||
|
6E20000
|
heap
|
page read and write
|
||
|
34F1000
|
trusted library allocation
|
page read and write
|
||
|
6710000
|
trusted library allocation
|
page execute and read and write
|
||
|
A09A000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
318F000
|
stack
|
page read and write
|
||
|
A180000
|
trusted library allocation
|
page read and write
|
||
|
89C0000
|
trusted library allocation
|
page read and write
|
||
|
A76A000
|
heap
|
page read and write
|
||
|
3581000
|
trusted library allocation
|
page read and write
|
||
|
35F2000
|
trusted library allocation
|
page read and write
|
||
|
33FC000
|
trusted library allocation
|
page read and write
|
||
|
3368000
|
trusted library allocation
|
page read and write
|
||
|
A6C4000
|
heap
|
page read and write
|
||
|
446F000
|
trusted library allocation
|
page read and write
|
||
|
5B7C000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
4225000
|
trusted library allocation
|
page read and write
|
||
|
6EBE000
|
trusted library allocation
|
page read and write
|
||
|
57EA000
|
trusted library allocation
|
page read and write
|
||
|
55B0000
|
heap
|
page read and write
|
||
|
35F9000
|
trusted library allocation
|
page read and write
|
||
|
55A3000
|
heap
|
page read and write
|
||
|
5B70000
|
heap
|
page read and write
|
||
|
35E4000
|
trusted library allocation
|
page read and write
|
||
|
A7B9000
|
heap
|
page read and write
|
||
|
346E000
|
trusted library allocation
|
page read and write
|
||
|
5CAD000
|
stack
|
page read and write
|
||
|
5590000
|
heap
|
page read and write
|
||
|
423F000
|
trusted library allocation
|
page read and write
|
||
|
134E000
|
heap
|
page read and write
|
||
|
35C2000
|
trusted library allocation
|
page read and write
|
||
|
68C0000
|
trusted library allocation
|
page read and write
|
||
|
3610000
|
trusted library allocation
|
page read and write
|
||
|
15C0000
|
trusted library allocation
|
page read and write
|
||
|
69B0000
|
trusted library allocation
|
page read and write
|
||
|
15DA000
|
heap
|
page read and write
|
||
|
97E0000
|
trusted library allocation
|
page read and write
|
||
|
2EB0000
|
trusted library allocation
|
page read and write
|
||
|
5BDB000
|
heap
|
page read and write
|
||
|
42B3000
|
trusted library allocation
|
page read and write
|
||
|
424E000
|
trusted library allocation
|
page read and write
|
||
|
5780000
|
trusted library allocation
|
page read and write
|
||
|
4462000
|
trusted library allocation
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
A780000
|
heap
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
591E000
|
stack
|
page read and write
|
||
|
5683000
|
trusted library allocation
|
page read and write
|
||
|
6D1CA000
|
unkown
|
page readonly
|
||
|
1436000
|
heap
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
trusted library allocation
|
page execute and read and write
|
||
|
A0AA000
|
trusted library allocation
|
page read and write
|
||
|
6DD1000
|
trusted library allocation
|
page read and write
|
||
|
2E95000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B78000
|
heap
|
page read and write
|
||
|
2E82000
|
trusted library allocation
|
page read and write
|
||
|
EFC000
|
unkown
|
page readonly
|
||
|
6720000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E11000
|
trusted library allocation
|
page read and write
|
||
|
A79B000
|
heap
|
page read and write
|
||
|
A16E000
|
stack
|
page read and write
|
||
|
3552000
|
trusted library allocation
|
page read and write
|
||
|
5C4F000
|
heap
|
page read and write
|
||
|
4232000
|
trusted library allocation
|
page read and write
|
||
|
1392000
|
heap
|
page read and write
|
||
|
A082000
|
trusted library allocation
|
page read and write
|
||
|
A6A4000
|
heap
|
page read and write
|
||
|
A6D7000
|
heap
|
page read and write
|
||
|
A77A000
|
heap
|
page read and write
|
||
|
A59A000
|
heap
|
page read and write
|
||
|
A950000
|
heap
|
page read and write
|
||
|
421E000
|
trusted library allocation
|
page read and write
|
||
|
A6CA000
|
heap
|
page read and write
|
||
|
A23E000
|
stack
|
page read and write
|
||
|
1840000
|
heap
|
page read and write
|
||
|
2E97000
|
trusted library allocation
|
page execute and read and write
|
||
|
3479000
|
trusted library allocation
|
page read and write
|
||
|
9550000
|
trusted library allocation
|
page read and write
|
||
|
17D0000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page read and write
|
||
|
56BD000
|
trusted library allocation
|
page read and write
|
||
|
4546000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
6C9E000
|
stack
|
page read and write
|
||
|
5782000
|
trusted library allocation
|
page read and write
|
||
|
5700000
|
trusted library allocation
|
page read and write
|
||
|
1177000
|
stack
|
page read and write
|
||
|
34A8000
|
trusted library allocation
|
page read and write
|
||
|
1374000
|
heap
|
page read and write
|
||
|
A6EB000
|
heap
|
page read and write
|
||
|
5720000
|
trusted library allocation
|
page read and write
|
||
|
16DE000
|
stack
|
page read and write
|
||
|
35B8000
|
trusted library allocation
|
page read and write
|
||
|
1452000
|
heap
|
page read and write
|
||
|
A6C0000
|
heap
|
page read and write
|
||
|
12A0000
|
trusted library allocation
|
page read and write
|
||
|
68BF000
|
stack
|
page read and write
|
||
|
368F000
|
trusted library allocation
|
page read and write
|
||
|
69A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DE2000
|
trusted library allocation
|
page read and write
|
||
|
A089000
|
trusted library allocation
|
page read and write
|
||
|
66FC000
|
stack
|
page read and write
|
||
|
5C5D000
|
heap
|
page read and write
|
||
|
677D000
|
stack
|
page read and write
|
||
|
6D9E000
|
stack
|
page read and write
|
||
|
33F2000
|
trusted library allocation
|
page read and write
|
||
|
141E000
|
heap
|
page read and write
|
||
|
12AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1817000
|
trusted library allocation
|
page execute and read and write
|
||
|
447C000
|
trusted library allocation
|
page read and write
|
||
|
6D161000
|
unkown
|
page execute read
|
||
|
4478000
|
trusted library allocation
|
page read and write
|
||
|
A1FE000
|
stack
|
page read and write
|
||
|
9490000
|
trusted library allocation
|
page read and write
|
||
|
34E9000
|
trusted library allocation
|
page read and write
|
||
|
9560000
|
trusted library allocation
|
page read and write
|
||
|
3620000
|
trusted library allocation
|
page read and write
|
||
|
423B000
|
trusted library allocation
|
page read and write
|
||
|
2E8A000
|
trusted library allocation
|
page execute and read and write
|
||
|
933E000
|
stack
|
page read and write
|
||
|
5960000
|
trusted library allocation
|
page read and write
|
||
|
A778000
|
heap
|
page read and write
|
||
|
1830000
|
trusted library allocation
|
page read and write
|
||
|
2E90000
|
trusted library allocation
|
page read and write
|
||
|
137F000
|
heap
|
page read and write
|
||
|
569B000
|
trusted library allocation
|
page read and write
|
||
|
5B80000
|
heap
|
page read and write
|
||
|
430000
|
remote allocation
|
page execute and read and write
|
||
|
17F4000
|
trusted library allocation
|
page read and write
|
||
|
56B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
595E000
|
stack
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
FF5C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
44F6000
|
trusted library allocation
|
page read and write
|
||
|
3520000
|
trusted library allocation
|
page read and write
|
||
|
6730000
|
heap
|
page execute and read and write
|
||
|
69C0000
|
trusted library allocation
|
page read and write
|
||
|
65BE000
|
stack
|
page read and write
|
||
|
17ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
5750000
|
heap
|
page read and write
|
||
|
4214000
|
trusted library allocation
|
page read and write
|
||
|
4481000
|
trusted library allocation
|
page read and write
|
||
|
56F0000
|
trusted library allocation
|
page read and write
|
||
|
427B000
|
trusted library allocation
|
page read and write
|
||
|
A12D000
|
stack
|
page read and write
|
||
|
34FE000
|
trusted library allocation
|
page read and write
|
||
|
55A0000
|
heap
|
page read and write
|
||
|
4244000
|
trusted library allocation
|
page read and write
|
||
|
454B000
|
trusted library allocation
|
page read and write
|
||
|
A6E9000
|
heap
|
page read and write
|
||
|
57E0000
|
trusted library allocation
|
page read and write
|
||
|
33F8000
|
trusted library allocation
|
page read and write
|
||
|
352B000
|
trusted library allocation
|
page read and write
|
||
|
3537000
|
trusted library allocation
|
page read and write
|
||
|
3184000
|
trusted library allocation
|
page read and write
|
||
|
43A7000
|
trusted library allocation
|
page read and write
|
||
|
12A4000
|
trusted library allocation
|
page read and write
|
||
|
135A000
|
heap
|
page read and write
|
||
|
360B000
|
trusted library allocation
|
page read and write
|
||
|
3463000
|
trusted library allocation
|
page read and write
|
||
|
16AE000
|
stack
|
page read and write
|
||
|
A743000
|
heap
|
page read and write
|
||
|
4556000
|
trusted library allocation
|
page read and write
|
||
|
6D177000
|
unkown
|
page readonly
|
||
|
42C6000
|
trusted library allocation
|
page read and write
|
||
|
879E000
|
stack
|
page read and write
|
||
|
952B000
|
stack
|
page read and write
|
||
|
127E000
|
stack
|
page read and write
|
||
|
6DCB000
|
trusted library allocation
|
page read and write
|
||
|
9558000
|
trusted library allocation
|
page read and write
|
||
|
50B8000
|
trusted library allocation
|
page read and write
|
||
|
A0B5000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
6DEE000
|
trusted library allocation
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page execute and read and write
|
||
|
A085000
|
trusted library allocation
|
page read and write
|
||
|
42B2000
|
trusted library allocation
|
page read and write
|
||
|
D72000
|
unkown
|
page readonly
|
||
|
428F000
|
trusted library allocation
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
92FC000
|
stack
|
page read and write
|
||
|
5770000
|
heap
|
page read and write
|
||
|
307B000
|
stack
|
page read and write
|
||
|
5B88000
|
heap
|
page read and write
|
||
|
3070000
|
trusted library allocation
|
page execute and read and write
|
||
|
1444000
|
heap
|
page read and write
|
||
|
2E92000
|
trusted library allocation
|
page read and write
|
||
|
4278000
|
trusted library allocation
|
page read and write
|
||
|
36BE000
|
trusted library allocation
|
page read and write
|
||
|
17B0000
|
heap
|
page read and write
|
||
|
44C3000
|
trusted library allocation
|
page read and write
|
||
|
9480000
|
trusted library allocation
|
page read and write
|
||
|
63BE000
|
stack
|
page read and write
|
||
|
40D1000
|
trusted library allocation
|
page read and write
|
||
|
6920000
|
trusted library allocation
|
page read and write
|
||
|
2E86000
|
trusted library allocation
|
page execute and read and write
|
||
|
11B5000
|
heap
|
page read and write
|
||
|
A098000
|
trusted library allocation
|
page read and write
|
||
|
9555000
|
trusted library allocation
|
page read and write
|
||
|
33F4000
|
trusted library allocation
|
page read and write
|
||
|
9570000
|
heap
|
page read and write
|
||
|
A7B6000
|
heap
|
page read and write
|
||
|
12E6000
|
heap
|
page read and write
|
||
|
A1B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
426B000
|
trusted library allocation
|
page read and write
|
||
|
3190000
|
trusted library allocation
|
page read and write
|
||
|
450E000
|
trusted library allocation
|
page read and write
|
||
|
33EC000
|
trusted library allocation
|
page read and write
|
||
|
A170000
|
trusted library allocation
|
page execute and read and write
|
||
|
69F0000
|
trusted library allocation
|
page read and write
|
||
|
6EB5000
|
trusted library allocation
|
page read and write
|
||
|
447E000
|
trusted library allocation
|
page read and write
|
||
|
533E000
|
stack
|
page read and write
|
||
|
57E8000
|
trusted library allocation
|
page read and write
|
||
|
143B000
|
heap
|
page read and write
|
||
|
5690000
|
trusted library allocation
|
page read and write
|
||
|
A580000
|
heap
|
page read and write
|
||
|
943C000
|
stack
|
page read and write
|
||
|
3532000
|
trusted library allocation
|
page read and write
|
||
|
57D3000
|
heap
|
page execute and read and write
|
||
|
4241000
|
trusted library allocation
|
page read and write
|
||
|
A69F000
|
heap
|
page read and write
|
||
|
453A000
|
trusted library allocation
|
page read and write
|
||
|
9470000
|
trusted library allocation
|
page execute and read and write
|
||
|
69D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
36ED000
|
trusted library allocation
|
page read and write
|
||
|
A591000
|
heap
|
page read and write
|
||
|
5690000
|
trusted library allocation
|
page read and write
|
||
|
33EA000
|
trusted library allocation
|
page read and write
|
||
|
5B6E000
|
stack
|
page read and write
|
||
|
3230000
|
heap
|
page execute and read and write
|
||
|
4236000
|
trusted library allocation
|
page read and write
|
||
|
157E000
|
stack
|
page read and write
|
||
|
1237000
|
heap
|
page read and write
|
||
|
40B1000
|
trusted library allocation
|
page read and write
|
||
|
422C000
|
trusted library allocation
|
page read and write
|
||
|
36B1000
|
trusted library allocation
|
page read and write
|
||
|
4541000
|
trusted library allocation
|
page read and write
|
||
|
4241000
|
trusted library allocation
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
967E000
|
stack
|
page read and write
|
||
|
A1A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
146D000
|
heap
|
page read and write
|
||
|
A75C000
|
heap
|
page read and write
|
||
|
362B000
|
trusted library allocation
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
56EE000
|
trusted library allocation
|
page read and write
|
||
|
4502000
|
trusted library allocation
|
page read and write
|
||
|
57C0000
|
trusted library allocation
|
page read and write
|
||
|
6700000
|
trusted library allocation
|
page read and write
|
||
|
435000
|
remote allocation
|
page execute and read and write
|
||
|
306E000
|
stack
|
page read and write
|
||
|
3604000
|
trusted library allocation
|
page read and write
|
||
|
96BE000
|
stack
|
page read and write
|
||
|
A690000
|
heap
|
page read and write
|
||
|
353C000
|
trusted library allocation
|
page read and write
|
||
|
4473000
|
trusted library allocation
|
page read and write
|
||
|
33F0000
|
trusted library allocation
|
page read and write
|
||
|
A51E000
|
stack
|
page read and write
|
||
|
D70000
|
unkown
|
page readonly
|
||
|
107A000
|
stack
|
page read and write
|
||
|
36D8000
|
trusted library allocation
|
page read and write
|
||
|
6DD6000
|
trusted library allocation
|
page read and write
|
||
|
A6AD000
|
heap
|
page read and write
|
||
|
3547000
|
trusted library allocation
|
page read and write
|
||
|
57E5000
|
trusted library allocation
|
page read and write
|
||
|
A0A5000
|
trusted library allocation
|
page read and write
|
||
|
4289000
|
trusted library allocation
|
page read and write
|
||
|
4456000
|
trusted library allocation
|
page read and write
|
||
|
6EC0000
|
trusted library allocation
|
page read and write
|
||
|
A0C0000
|
trusted library allocation
|
page read and write
|
||
|
4249000
|
trusted library allocation
|
page read and write
|
||
|
2E9B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3145000
|
trusted library allocation
|
page read and write
|
||
|
A080000
|
trusted library allocation
|
page read and write
|
||
|
6EB0000
|
trusted library allocation
|
page read and write
|
||
|
A6DC000
|
heap
|
page read and write
|
||
|
1810000
|
trusted library allocation
|
page read and write
|
||
|
12B8000
|
heap
|
page read and write
|
||
|
A730000
|
heap
|
page read and write
|
||
|
6940000
|
trusted library allocation
|
page execute and read and write
|
||
|
4287000
|
trusted library allocation
|
page read and write
|
||
|
6930000
|
trusted library allocation
|
page read and write
|
||
|
17AF000
|
stack
|
page read and write
|
||
|
9564000
|
trusted library allocation
|
page read and write
|
||
|
181B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3080000
|
trusted library allocation
|
page read and write
|
||
|
2FFF000
|
stack
|
page read and write
|
||
|
5694000
|
trusted library allocation
|
page read and write
|
||
|
12DA000
|
heap
|
page read and write
|
||
|
4113000
|
trusted library allocation
|
page read and write
|
||
|
34DF000
|
trusted library allocation
|
page read and write
|
||
|
A702000
|
heap
|
page read and write
|
||
|
36E2000
|
trusted library allocation
|
page read and write
|
||
|
5C6B000
|
heap
|
page read and write
|
||
|
6990000
|
trusted library allocation
|
page execute and read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
3519000
|
trusted library allocation
|
page read and write
|
||
|
57D0000
|
heap
|
page execute and read and write
|
||
|
6D160000
|
unkown
|
page readonly
|
||
|
11B8000
|
heap
|
page read and write
|
||
|
350B000
|
trusted library allocation
|
page read and write
|
||
|
A6B5000
|
heap
|
page read and write
|
||
|
5C49000
|
heap
|
page read and write
|
||
|
36D1000
|
trusted library allocation
|
page read and write
|
||
|
141A000
|
heap
|
page read and write
|
||
|
F8C000
|
stack
|
page read and write
|
||
|
58DE000
|
stack
|
page read and write
|
||
|
3030000
|
heap
|
page execute and read and write
|
||
|
3366000
|
trusted library allocation
|
page read and write
|
||
|
A0B2000
|
trusted library allocation
|
page read and write
|
||
|
A6FB000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
3615000
|
trusted library allocation
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
65F9000
|
stack
|
page read and write
|
||
|
56C2000
|
trusted library allocation
|
page read and write
|
||
|
889F000
|
stack
|
page read and write
|
||
|
64BF000
|
stack
|
page read and write
|
||
|
12A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
43CE000
|
trusted library allocation
|
page read and write
|
||
|
A694000
|
heap
|
page read and write
|
||
|
56F5000
|
trusted library allocation
|
page read and write
|
||
|
A240000
|
heap
|
page read and write
|
||
|
56E0000
|
trusted library allocation
|
page read and write
|
||
|
5753000
|
heap
|
page read and write
|
||
|
A55F000
|
stack
|
page read and write
|
||
|
67BE000
|
stack
|
page read and write
|
||
|
35D7000
|
trusted library allocation
|
page read and write
|
||
|
451B000
|
trusted library allocation
|
page read and write
|
||
|
FC5000
|
heap
|
page read and write
|
||
|
68D0000
|
trusted library allocation
|
page read and write
|
||
|
36DD000
|
trusted library allocation
|
page read and write
|
||
|
6E00000
|
trusted library allocation
|
page read and write
|
||
|
A19F000
|
trusted library allocation
|
page read and write
|
||
|
33E6000
|
trusted library allocation
|
page read and write
|
||
|
56AE000
|
trusted library allocation
|
page read and write
|
||
|
40BF000
|
trusted library allocation
|
page read and write
|
||
|
3241000
|
trusted library allocation
|
page read and write
|
||
|
15D6000
|
heap
|
page read and write
|
||
|
444000
|
remote allocation
|
page execute and read and write
|
||
|
36A4000
|
trusted library allocation
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
9440000
|
trusted library allocation
|
page read and write
|
||
|
4528000
|
trusted library allocation
|
page read and write
|
||
|
4284000
|
trusted library allocation
|
page read and write
|
||
|
5970000
|
heap
|
page read and write
|
||
|
17E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
302E000
|
stack
|
page read and write
|
||
|
449B000
|
trusted library allocation
|
page read and write
|
||
|
3194000
|
trusted library allocation
|
page read and write
|
||
|
91FC000
|
stack
|
page read and write
|
||
|
6C5E000
|
stack
|
page read and write
|
There are 404 hidden memdumps, click here to show them.