Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
msgde.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\msgde.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Windows\System32\SubDir\Client.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client.exe.log
|
CSV text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\msgde.exe
|
"C:\Users\user\Desktop\msgde.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"schtasks" /create /tn "msgde" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\SubDir\Client.exe
|
"C:\Windows\system32\SubDir\Client.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"schtasks" /create /tn "msgde" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\SubDir\Client.exe
|
C:\Windows\system32\SubDir\Client.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
185.228.82.21
|
|
||
|
https://api.ipify.org/
|
unknown
|
||
|
https://stackoverflow.com/q/14436606/23354
|
unknown
|
||
|
https://stackoverflow.com/q/2152978/23354sCannot
|
unknown
|
||
|
https://ipwho.is/
|
108.181.61.49
|
||
|
http://schemas.datacontract.org/2004/07/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ipwho.is
|
unknown
|
||
|
https://stackoverflow.com/q/11564914/23354;
|
unknown
|
||
|
https://ipwho.is
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ipwho.is
|
108.181.61.49
|
||
|
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
|
217.20.58.99
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.228.82.21
|
unknown
|
Netherlands
|
|
|
|
108.181.61.49
|
ipwho.is
|
Canada
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1B2B2000
|
heap
|
page read and write
|
|
|
|
6B0000
|
unkown
|
page readonly
|
|
|
|
392000
|
unkown
|
page readonly
|
|
|
|
2EA3000
|
trusted library allocation
|
page read and write
|
|
|
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
1B763000
|
heap
|
page read and write
|
||
|
129A1000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
unkown
|
page readonly
|
||
|
1C00E000
|
stack
|
page read and write
|
||
|
1B665000
|
heap
|
page read and write
|
||
|
2E60000
|
trusted library allocation
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
1B98C000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
12EC4290000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
87C227E000
|
unkown
|
page read and write
|
||
|
7FFD9B965000
|
trusted library allocation
|
page read and write
|
||
|
1B5C4000
|
heap
|
page read and write
|
||
|
1BCE8900000
|
heap
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BC30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E3B000
|
trusted library allocation
|
page read and write
|
||
|
1B0C3000
|
heap
|
page read and write
|
||
|
7FFD9B82C000
|
trusted library allocation
|
page execute and read and write
|
||
|
ACC000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
2E33000
|
trusted library allocation
|
page read and write
|
||
|
125F000
|
stack
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
F5B000
|
heap
|
page read and write
|
||
|
1B443000
|
heap
|
page read and write
|
||
|
7FFD9B994000
|
trusted library allocation
|
page read and write
|
||
|
1B3DF000
|
heap
|
page read and write
|
||
|
1BCE86D8000
|
heap
|
page read and write
|
||
|
10B0000
|
heap
|
page execute and read and write
|
||
|
7FFD9BBF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B6DF000
|
heap
|
page read and write
|
||
|
12EC4328000
|
heap
|
page read and write
|
||
|
1B3E0000
|
heap
|
page read and write
|
||
|
12D41000
|
trusted library allocation
|
page read and write
|
||
|
7F3000
|
stack
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
1B270000
|
heap
|
page read and write
|
||
|
1C20A000
|
stack
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
1B8BE000
|
stack
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
12D55000
|
trusted library allocation
|
page read and write
|
||
|
1CCCD000
|
stack
|
page read and write
|
||
|
2AC1000
|
trusted library allocation
|
page read and write
|
||
|
29A1000
|
trusted library allocation
|
page read and write
|
||
|
F47000
|
heap
|
page read and write
|
||
|
2E54000
|
trusted library allocation
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
2A90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
1B9BE000
|
stack
|
page read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B3CD000
|
heap
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
1BB37000
|
stack
|
page read and write
|
||
|
1C319000
|
heap
|
page read and write
|
||
|
30EC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
2D3F000
|
stack
|
page read and write
|
||
|
12A8E000
|
trusted library allocation
|
page read and write
|
||
|
12EC45E0000
|
heap
|
page read and write
|
||
|
1007000
|
heap
|
page read and write
|
||
|
7FFD9B951000
|
trusted library allocation
|
page read and write
|
||
|
2AB6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
F50000
|
trusted library allocation
|
page read and write
|
||
|
1B344000
|
heap
|
page read and write
|
||
|
EF4000
|
stack
|
page read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B925000
|
trusted library allocation
|
page read and write
|
||
|
E1D000
|
heap
|
page read and write
|
||
|
1C310000
|
heap
|
page read and write
|
||
|
7FFD9B7DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
2A05BFF000
|
unkown
|
page read and write
|
||
|
7FFD9BC20000
|
trusted library allocation
|
page read and write
|
||
|
2790000
|
trusted library allocation
|
page read and write
|
||
|
1BCE86DF000
|
heap
|
page read and write
|
||
|
1155000
|
heap
|
page read and write
|
||
|
7FFD9BB97000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
1B610000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
E1B000
|
heap
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CCA000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
1C33C000
|
heap
|
page read and write
|
||
|
1BABE000
|
stack
|
page read and write
|
||
|
B54000
|
heap
|
page read and write
|
||
|
29E0000
|
heap
|
page execute and read and write
|
||
|
1AF29000
|
stack
|
page read and write
|
||
|
1B3F4000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
7FFD9B96A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
2770000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
1B6EA000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7A4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9D0000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B774000
|
trusted library allocation
|
page read and write
|
||
|
10D5000
|
heap
|
page read and write
|
||
|
7FFD9B95B000
|
trusted library allocation
|
page read and write
|
||
|
F5D000
|
heap
|
page read and write
|
||
|
F28000
|
heap
|
page read and write
|
||
|
1C30E000
|
stack
|
page read and write
|
||
|
1BBBE000
|
stack
|
page read and write
|
||
|
1B3C9000
|
heap
|
page read and write
|
||
|
12EC4260000
|
heap
|
page read and write
|
||
|
F53000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
2AD0000
|
heap
|
page execute and read and write
|
||
|
129A9000
|
trusted library allocation
|
page read and write
|
||
|
1B405000
|
heap
|
page read and write
|
||
|
7FFD9B92C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D41000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC05000
|
trusted library allocation
|
page read and write
|
||
|
AF8000
|
heap
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
F89000
|
heap
|
page read and write
|
||
|
1BA3B000
|
stack
|
page read and write
|
||
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
|
F8F000
|
stack
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
2A05B79000
|
stack
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
1AEFD000
|
stack
|
page read and write
|
||
|
7FFD9B856000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B61C000
|
heap
|
page read and write
|
||
|
3066000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B760000
|
heap
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
1CA4D000
|
stack
|
page read and write
|
||
|
1C94E000
|
stack
|
page read and write
|
||
|
2990000
|
heap
|
page execute and read and write
|
||
|
D85000
|
heap
|
page read and write
|
||
|
293E000
|
stack
|
page read and write
|
||
|
12EC45E5000
|
heap
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
ACE000
|
heap
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B941000
|
trusted library allocation
|
page read and write
|
||
|
FA5000
|
heap
|
page read and write
|
||
|
1B8E8000
|
heap
|
page read and write
|
||
|
1B5C0000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
107E000
|
stack
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
1BCE86A0000
|
heap
|
page read and write
|
||
|
F40000
|
trusted library allocation
|
page read and write
|
||
|
1BC5F000
|
stack
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A81000
|
trusted library allocation
|
page read and write
|
||
|
1B5BB000
|
heap
|
page read and write
|
||
|
7FF484130000
|
trusted library allocation
|
page execute and read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
1B540000
|
heap
|
page read and write
|
||
|
1AD70000
|
trusted library allocation
|
page read and write
|
||
|
AB6000
|
heap
|
page read and write
|
||
|
1B382000
|
heap
|
page read and write
|
||
|
30F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CC8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
F87000
|
heap
|
page read and write
|
||
|
A99000
|
heap
|
page read and write
|
||
|
1B5B0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
2EF8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
1B860000
|
heap
|
page read and write
|
||
|
1BCE8905000
|
heap
|
page read and write
|
||
|
12EC4320000
|
heap
|
page read and write
|
||
|
E46000
|
heap
|
page read and write
|
||
|
7FFD9B772000
|
trusted library allocation
|
page read and write
|
||
|
1BCE88A0000
|
heap
|
page read and write
|
||
|
F4C000
|
heap
|
page read and write
|
||
|
D0F000
|
stack
|
page read and write
|
||
|
7FFD9BB92000
|
trusted library allocation
|
page read and write
|
||
|
2A05E7F000
|
stack
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B955000
|
trusted library allocation
|
page read and write
|
||
|
B76000
|
heap
|
page read and write
|
||
|
2A4E000
|
stack
|
page read and write
|
||
|
30E8000
|
trusted library allocation
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
87C1FF9000
|
stack
|
page read and write
|
||
|
12D49000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB72000
|
trusted library allocation
|
page read and write
|
||
|
129AE000
|
trusted library allocation
|
page read and write
|
||
|
12A98000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B915000
|
trusted library allocation
|
page read and write
|
||
|
1B284000
|
heap
|
page read and write
|
||
|
1B5E6000
|
heap
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B83E000
|
stack
|
page read and write
|
||
|
1B440000
|
heap
|
page read and write
|
||
|
2E63000
|
trusted library allocation
|
page read and write
|
||
|
F59000
|
heap
|
page read and write
|
||
|
7FFD9B975000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
1B652000
|
heap
|
page read and write
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
12D43000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B96B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
2AB9000
|
trusted library allocation
|
page read and write
|
||
|
3064000
|
trusted library allocation
|
page read and write
|
||
|
10F5000
|
heap
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
AFA000
|
heap
|
page read and write
|
||
|
1BCE86D0000
|
heap
|
page read and write
|
||
|
E48000
|
heap
|
page read and write
|
||
|
390000
|
unkown
|
page readonly
|
||
|
1BF05000
|
stack
|
page read and write
|
||
|
7FFD9B826000
|
trusted library allocation
|
page read and write
|
||
|
1BB5E000
|
stack
|
page read and write
|
||
|
E05000
|
heap
|
page read and write
|
||
|
12D4E000
|
trusted library allocation
|
page read and write
|
||
|
1B354000
|
heap
|
page read and write
|
||
|
2883000
|
heap
|
page read and write
|
||
|
7FFD9B968000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
7FFD9B958000
|
trusted library allocation
|
page read and write
|
||
|
87C22FF000
|
stack
|
page read and write
|
||
|
1BD5E000
|
stack
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
1B663000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
1B93D000
|
stack
|
page read and write
|
||
|
12AAD000
|
trusted library allocation
|
page read and write
|
||
|
1BE5E000
|
stack
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
1B66E000
|
heap
|
page read and write
|
||
|
1AAB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
1B63A000
|
heap
|
page read and write
|
||
|
12EC4270000
|
heap
|
page read and write
|
||
|
1AD23000
|
heap
|
page read and write
|
||
|
1BE06000
|
stack
|
page read and write
|
||
|
1B33E000
|
stack
|
page read and write
|
||
|
129B5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
2A60000
|
heap
|
page execute and read and write
|
||
|
7FFD9BC00000
|
trusted library allocation
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
1B3E3000
|
heap
|
page read and write
|
||
|
7FFD9B762000
|
trusted library allocation
|
page read and write
|
||
|
12A81000
|
trusted library allocation
|
page read and write
|
||
|
961000
|
stack
|
page read and write
|
||
|
7FFD9BBB5000
|
trusted library allocation
|
page read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
129A3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
F75000
|
heap
|
page read and write
|
||
|
7FFD9B9B4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page read and write
|
||
|
2A40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
1B98F000
|
heap
|
page read and write
|
||
|
7FFD9B948000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B99B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
DE8000
|
heap
|
page read and write
|
||
|
1B2C9000
|
stack
|
page read and write
|
||
|
2A20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
12ACD000
|
trusted library allocation
|
page read and write
|
||
|
1B673000
|
heap
|
page read and write
|
||
|
1BCE8690000
|
heap
|
page read and write
|
||
|
7FFD9BBBC000
|
trusted library allocation
|
page read and write
|
||
|
2E9F000
|
trusted library allocation
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
There are 331 hidden memdumps, click here to show them.