Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
wUSt04rfJ0.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\wUSt04rfJ0.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Windows\System32\SubDir\Client.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client.exe.log
|
CSV text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\wUSt04rfJ0.exe
|
"C:\Users\user\Desktop\wUSt04rfJ0.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\SubDir\Client.exe
|
"C:\Windows\system32\SubDir\Client.exe"
|
|
|
|
C:\Windows\System32\SubDir\Client.exe
|
C:\Windows\system32\SubDir\Client.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
43.138.147.74
|
|
||
|
https://api.ipify.org/
|
unknown
|
||
|
https://stackoverflow.com/q/14436606/23354
|
unknown
|
||
|
https://stackoverflow.com/q/2152978/23354sCannot
|
unknown
|
||
|
https://ipwho.is/
|
108.181.61.49
|
||
|
http://schemas.datacontract.org/2004/07/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ipwho.is
|
unknown
|
||
|
https://stackoverflow.com/q/11564914/23354;
|
unknown
|
||
|
https://ipwho.is
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ipwho.is
|
108.181.61.49
|
||
|
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
|
217.20.58.101
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
43.138.147.74
|
unknown
|
Japan
|
|
|
|
108.181.61.49
|
ipwho.is
|
Canada
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
27E9000
|
trusted library allocation
|
page read and write
|
|
|
|
D40000
|
unkown
|
page readonly
|
|
|
|
2358E630000
|
heap
|
page read and write
|
|
|
|
3040000
|
trusted library allocation
|
page read and write
|
|
|
|
2C49000
|
trusted library allocation
|
page read and write
|
|
|
|
2358E638000
|
heap
|
page read and write
|
|
|
|
2C9A079000
|
stack
|
page read and write
|
|
|
|
1BBC0000
|
heap
|
page read and write
|
|
|
|
14C2ACF9000
|
heap
|
page read and write
|
|
|
|
2358E8A0000
|
heap
|
page read and write
|
|
|
|
3061000
|
trusted library allocation
|
page read and write
|
|
|
|
14C2ACF0000
|
heap
|
page read and write
|
|
|
|
6DD9BC9000
|
stack
|
page read and write
|
|
|
|
2358E8A5000
|
heap
|
page read and write
|
|
|
|
14C2ACC5000
|
heap
|
page read and write
|
|
|
|
14C2ACC0000
|
heap
|
page read and write
|
|
|
|
A22000
|
unkown
|
page readonly
|
|
|
|
2670000
|
heap
|
page execute and read and write
|
||
|
1BCBB000
|
stack
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
1B46C000
|
heap
|
page read and write
|
||
|
7FFD9BB2C000
|
trusted library allocation
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
7FFD9B6D2000
|
trusted library allocation
|
page read and write
|
||
|
1B080000
|
heap
|
page read and write
|
||
|
1BEB7000
|
stack
|
page read and write
|
||
|
2C46000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
13069000
|
trusted library allocation
|
page read and write
|
||
|
1BA03000
|
heap
|
page read and write
|
||
|
1B240000
|
heap
|
page read and write
|
||
|
3289000
|
trusted library allocation
|
page read and write
|
||
|
1B8C0000
|
heap
|
page read and write
|
||
|
1B78E000
|
stack
|
page read and write
|
||
|
7FFD9B75C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CD7D000
|
stack
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
1C640000
|
heap
|
page read and write
|
||
|
120C000
|
heap
|
page read and write
|
||
|
27AF000
|
stack
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C20000
|
trusted library allocation
|
page read and write
|
||
|
10D0000
|
trusted library allocation
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
FA9000
|
heap
|
page read and write
|
||
|
7FFD9B786000
|
trusted library allocation
|
page read and write
|
||
|
2ACE000
|
stack
|
page read and write
|
||
|
F7D000
|
heap
|
page read and write
|
||
|
7FFD9B78C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B90B000
|
trusted library allocation
|
page read and write
|
||
|
12C28000
|
trusted library allocation
|
page read and write
|
||
|
27B1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
1B948000
|
heap
|
page read and write
|
||
|
328F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
998000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB02000
|
trusted library allocation
|
page read and write
|
||
|
1B9EF000
|
heap
|
page read and write
|
||
|
DB5000
|
heap
|
page read and write
|
||
|
12C3D000
|
trusted library allocation
|
page read and write
|
||
|
1BFBE000
|
stack
|
page read and write
|
||
|
11D9000
|
heap
|
page read and write
|
||
|
3284000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6A4000
|
trusted library allocation
|
page read and write
|
||
|
1BAC0000
|
heap
|
page execute and read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BAB2000
|
heap
|
page read and write
|
||
|
13075000
|
trusted library allocation
|
page read and write
|
||
|
F7B000
|
heap
|
page read and write
|
||
|
7FFD9B875000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
9F9000
|
heap
|
page read and write
|
||
|
7FFD9B8BB000
|
trusted library allocation
|
page read and write
|
||
|
1B5E9000
|
stack
|
page read and write
|
||
|
7FFD9B6D4000
|
trusted library allocation
|
page read and write
|
||
|
2C51000
|
trusted library allocation
|
page read and write
|
||
|
27E6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8C5000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AC40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
338A000
|
trusted library allocation
|
page read and write
|
||
|
2FF0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
6DD9E7F000
|
unkown
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page execute and read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
1C693000
|
heap
|
page read and write
|
||
|
1C136000
|
stack
|
page read and write
|
||
|
1C67C000
|
heap
|
page read and write
|
||
|
7FFD9B7B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
10E3000
|
trusted library allocation
|
page read and write
|
||
|
1CC7E000
|
stack
|
page read and write
|
||
|
7FFD9BB07000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6E3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
1B090000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
C5F000
|
stack
|
page read and write
|
||
|
7FFD9B6D0000
|
trusted library allocation
|
page read and write
|
||
|
2358E540000
|
heap
|
page read and write
|
||
|
1B964000
|
heap
|
page read and write
|
||
|
7FFD9B6DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B88B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page execute and read and write
|
||
|
2358E730000
|
heap
|
page read and write
|
||
|
1BBBE000
|
stack
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B756000
|
trusted library allocation
|
page read and write
|
||
|
1B93E000
|
stack
|
page read and write
|
||
|
7FFD9B6BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B972000
|
heap
|
page read and write
|
||
|
1C43E000
|
stack
|
page read and write
|
||
|
1BCEF000
|
heap
|
page read and write
|
||
|
2FEC000
|
trusted library allocation
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
1C235000
|
stack
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B895000
|
trusted library allocation
|
page read and write
|
||
|
12C9000
|
heap
|
page read and write
|
||
|
1B5EC000
|
heap
|
page read and write
|
||
|
9B7000
|
heap
|
page read and write
|
||
|
2FCF000
|
trusted library allocation
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
123A000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
1B6F0000
|
heap
|
page execute and read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
1B200000
|
heap
|
page execute and read and write
|
||
|
12CB000
|
heap
|
page read and write
|
||
|
1BA28000
|
heap
|
page read and write
|
||
|
1B9F6000
|
heap
|
page read and write
|
||
|
153E000
|
stack
|
page read and write
|
||
|
2C9A0FF000
|
unkown
|
page read and write
|
||
|
1C681000
|
heap
|
page read and write
|
||
|
1BA10000
|
heap
|
page read and write
|
||
|
1B73F000
|
stack
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B904000
|
trusted library allocation
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
7FFD9B78C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B699000
|
heap
|
page read and write
|
||
|
1B7C3000
|
heap
|
page read and write
|
||
|
2F9E000
|
stack
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C9A17E000
|
stack
|
page read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
1B09A000
|
heap
|
page read and write
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
127B1000
|
trusted library allocation
|
page read and write
|
||
|
2C11000
|
trusted library allocation
|
page read and write
|
||
|
12C5D000
|
trusted library allocation
|
page read and write
|
||
|
D05000
|
heap
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
1BA05000
|
heap
|
page read and write
|
||
|
1AD39000
|
stack
|
page read and write
|
||
|
7FFD9B6A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1335000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
15F5000
|
heap
|
page read and write
|
||
|
1B084000
|
heap
|
page read and write
|
||
|
2C0E000
|
stack
|
page read and write
|
||
|
2FFD000
|
trusted library allocation
|
page read and write
|
||
|
13061000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B750000
|
trusted library allocation
|
page read and write
|
||
|
14C2AC60000
|
heap
|
page read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8C5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
120F000
|
heap
|
page read and write
|
||
|
1CE7D000
|
stack
|
page read and write
|
||
|
7FFD9B6F4000
|
trusted library allocation
|
page read and write
|
||
|
1C0BF000
|
stack
|
page read and write
|
||
|
7FFD9BB40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6C4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
1C33E000
|
stack
|
page read and write
|
||
|
7FFD9B8CA000
|
trusted library allocation
|
page read and write
|
||
|
9C9000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
3388000
|
trusted library allocation
|
page read and write
|
||
|
9F7000
|
heap
|
page read and write
|
||
|
CD0000
|
trusted library allocation
|
page read and write
|
||
|
FA7000
|
heap
|
page read and write
|
||
|
6DD9EFF000
|
stack
|
page read and write
|
||
|
10F4000
|
stack
|
page read and write
|
||
|
1C53E000
|
stack
|
page read and write
|
||
|
7FFD9B6C0000
|
trusted library allocation
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
7FFD9B6E3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B888000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6B3000
|
trusted library allocation
|
page read and write
|
||
|
1105000
|
heap
|
page read and write
|
||
|
1B9F8000
|
heap
|
page read and write
|
||
|
7FFD9B786000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
127BE000
|
trusted library allocation
|
page read and write
|
||
|
1550000
|
trusted library allocation
|
page read and write
|
||
|
1C67F000
|
heap
|
page read and write
|
||
|
1B63E000
|
stack
|
page read and write
|
||
|
1B5E0000
|
heap
|
page read and write
|
||
|
7FFD9B6FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
1B5F8000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
2FD7000
|
trusted library allocation
|
page read and write
|
||
|
1B622000
|
heap
|
page read and write
|
||
|
1B3E2000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
127C5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAE2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6D4000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
9CD000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
1B930000
|
heap
|
page read and write
|
||
|
A3A000
|
heap
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
|
12C1E000
|
trusted library allocation
|
page read and write
|
||
|
3094000
|
trusted library allocation
|
page read and write
|
||
|
11F8000
|
heap
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1583000
|
heap
|
page read and write
|
||
|
1C1BE000
|
stack
|
page read and write
|
||
|
913000
|
stack
|
page read and write
|
||
|
7FFD9B6F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B845000
|
trusted library allocation
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
7FFD9B8B8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8B8000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
1A7E0000
|
trusted library allocation
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
7FFD9B904000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8D4000
|
trusted library allocation
|
page read and write
|
||
|
1405000
|
heap
|
page read and write
|
||
|
7FFD9B8EF000
|
trusted library allocation
|
page read and write
|
||
|
1BEBF000
|
stack
|
page read and write
|
||
|
328B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BCEC000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B786000
|
trusted library allocation
|
page execute and read and write
|
||
|
1306E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
F65000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
A20000
|
unkown
|
page readonly
|
||
|
143E000
|
stack
|
page read and write
|
||
|
2FF1000
|
trusted library allocation
|
page read and write
|
||
|
14C2AC80000
|
heap
|
page read and write
|
||
|
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
127B9000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
7FFD9B84C000
|
trusted library allocation
|
page read and write
|
||
|
1B243000
|
heap
|
page read and write
|
||
|
7FFD9B6FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
16FF000
|
stack
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6D2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B871000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FB7000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
trusted library allocation
|
page read and write
|
||
|
127B3000
|
trusted library allocation
|
page read and write
|
||
|
1B83E000
|
stack
|
page read and write
|
||
|
2A80000
|
heap
|
page execute and read and write
|
||
|
1B7C0000
|
heap
|
page read and write
|
||
|
7FFD9B6A2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
265E000
|
stack
|
page read and write
|
||
|
7FFD9BB75000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FBA000
|
trusted library allocation
|
page read and write
|
||
|
F48000
|
heap
|
page read and write
|
||
|
7FF4F4BC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB3D000
|
heap
|
page read and write
|
||
|
7FFD9B72C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B6F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6F4000
|
trusted library allocation
|
page read and write
|
||
|
11F6000
|
heap
|
page read and write
|
||
|
BF1000
|
stack
|
page read and write
|
||
|
13063000
|
trusted library allocation
|
page read and write
|
||
|
14C2AB80000
|
heap
|
page read and write
|
||
|
2AD6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB25000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
1B683000
|
heap
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
A20000
|
unkown
|
page readonly
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
1BAB4000
|
heap
|
page read and write
|
||
|
1BDBD000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB90000
|
trusted library allocation
|
page read and write
|
||
|
1BA61000
|
heap
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
7FFD9B6DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AD4000
|
trusted library allocation
|
page read and write
|
||
|
1B470000
|
heap
|
page read and write
|
||
|
1B0C2000
|
heap
|
page read and write
|
||
|
1B340000
|
heap
|
page read and write
|
||
|
1B9FA000
|
heap
|
page read and write
|
||
|
12C11000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B29D000
|
stack
|
page read and write
|
||
|
7FFD9B6AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
1C63D000
|
stack
|
page read and write
|
||
|
7FFD9B72C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B8A1000
|
trusted library allocation
|
page read and write
|
||
|
27C0000
|
trusted library allocation
|
page read and write
|
||
|
2358E750000
|
heap
|
page read and write
|
There are 337 hidden memdumps, click here to show them.