Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
mtgjyX9gHF.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\mtgjyX9gHF.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\SubDir\Clienty.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Clienty.exe.log
|
CSV text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\mtgjyX9gHF.exe
|
"C:\Users\user\Desktop\mtgjyX9gHF.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\user\AppData\Roaming\SubDir\Clienty.exe" /rl HIGHEST
/f
|
|
|
|
C:\Users\user\AppData\Roaming\SubDir\Clienty.exe
|
"C:\Users\user\AppData\Roaming\SubDir\Clienty.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\user\AppData\Roaming\SubDir\Clienty.exe" /rl HIGHEST
/f
|
|
|
|
C:\Users\user\AppData\Roaming\SubDir\Clienty.exe
|
C:\Users\user\AppData\Roaming\SubDir\Clienty.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
39.102.36.209
|
|
||
|
https://api.ipify.org/
|
unknown
|
||
|
https://stackoverflow.com/q/14436606/23354
|
unknown
|
||
|
https://stackoverflow.com/q/2152978/23354sCannot
|
unknown
|
||
|
https://ipwho.is/
|
108.181.98.179
|
||
|
http://schemas.datacontract.org/2004/07/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ipwho.is
|
unknown
|
||
|
https://stackoverflow.com/q/11564914/23354;
|
unknown
|
||
|
https://ipwho.is
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ipwho.is
|
108.181.98.179
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
39.102.36.209
|
unknown
|
China
|
|
|
|
108.181.98.179
|
ipwho.is
|
Canada
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Clienty_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Clienty_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Clienty_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Clienty_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Clienty_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Clienty_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Clienty_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Clienty_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Clienty_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Clienty_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Clienty_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Clienty_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Clienty_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Clienty_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
26FF6A55000
|
heap
|
page read and write
|
|
|
|
2EB9000
|
trusted library allocation
|
page read and write
|
|
|
|
2B938AC0000
|
heap
|
page read and write
|
|
|
|
492000
|
unkown
|
page readonly
|
|
|
|
CA288A9000
|
stack
|
page read and write
|
|
|
|
2B938880000
|
heap
|
page read and write
|
|
|
|
2A31000
|
trusted library allocation
|
page read and write
|
|
|
|
32B3000
|
trusted library allocation
|
page read and write
|
|
|
|
26FF6830000
|
heap
|
page read and write
|
|
|
|
2B938AC5000
|
heap
|
page read and write
|
|
|
|
2E51000
|
trusted library allocation
|
page read and write
|
|
|
|
FE32879000
|
stack
|
page read and write
|
|
|
|
2B938888000
|
heap
|
page read and write
|
|
|
|
7B0000
|
unkown
|
page readonly
|
|
|
|
26FF683F000
|
heap
|
page read and write
|
|
|
|
26FF6A50000
|
heap
|
page read and write
|
|
|
|
1078000
|
heap
|
page read and write
|
||
|
7FFD342B0000
|
trusted library allocation
|
page read and write
|
||
|
1018000
|
heap
|
page read and write
|
||
|
7FFD343E0000
|
trusted library allocation
|
page read and write
|
||
|
26FF6A10000
|
heap
|
page read and write
|
||
|
7FFD34540000
|
trusted library allocation
|
page read and write
|
||
|
CA289AF000
|
stack
|
page read and write
|
||
|
7FFD34092000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34094000
|
trusted library allocation
|
page read and write
|
||
|
7FFD343B0000
|
trusted library allocation
|
page read and write
|
||
|
1B792000
|
heap
|
page read and write
|
||
|
7FFD34250000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD341B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
1B342000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
7FFD34176000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B836000
|
heap
|
page read and write
|
||
|
7FFD3427B000
|
trusted library allocation
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
7FFD344D5000
|
trusted library allocation
|
page read and write
|
||
|
1B7EB000
|
heap
|
page read and write
|
||
|
1B7E7000
|
heap
|
page read and write
|
||
|
7FFD340AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34330000
|
trusted library allocation
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
B9F000
|
heap
|
page read and write
|
||
|
1B200000
|
heap
|
page read and write
|
||
|
7FFD34290000
|
trusted library allocation
|
page read and write
|
||
|
1B74C000
|
heap
|
page read and write
|
||
|
2E81000
|
trusted library allocation
|
page read and write
|
||
|
12A39000
|
trusted library allocation
|
page read and write
|
||
|
2EB6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342F0000
|
trusted library allocation
|
page read and write
|
||
|
1B730000
|
heap
|
page read and write
|
||
|
12E65000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34130000
|
trusted library allocation
|
page read and write
|
||
|
BF9000
|
heap
|
page read and write
|
||
|
7FFD34136000
|
trusted library allocation
|
page read and write
|
||
|
7FFD340EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
11CE000
|
stack
|
page read and write
|
||
|
1140000
|
trusted library allocation
|
page read and write
|
||
|
1BA88000
|
heap
|
page read and write
|
||
|
7FFD3414C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD340A4000
|
trusted library allocation
|
page read and write
|
||
|
1B7FE000
|
heap
|
page read and write
|
||
|
12A45000
|
trusted library allocation
|
page read and write
|
||
|
1B9E0000
|
heap
|
page read and write
|
||
|
10AE000
|
heap
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
7FFD34525000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342AA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34370000
|
trusted library allocation
|
page read and write
|
||
|
1B9E3000
|
heap
|
page read and write
|
||
|
7FFD34083000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
1BB1E000
|
stack
|
page read and write
|
||
|
104E000
|
heap
|
page read and write
|
||
|
7FFD34220000
|
trusted library allocation
|
page read and write
|
||
|
1AE80000
|
trusted library allocation
|
page read and write
|
||
|
1B91E000
|
stack
|
page read and write
|
||
|
7FFD3409D000
|
trusted library allocation
|
page execute and read and write
|
||
|
F31000
|
stack
|
page read and write
|
||
|
7FFD3413C000
|
trusted library allocation
|
page execute and read and write
|
||
|
FE328FF000
|
unkown
|
page read and write
|
||
|
1B762000
|
heap
|
page read and write
|
||
|
AF4000
|
stack
|
page read and write
|
||
|
3176000
|
trusted library allocation
|
page read and write
|
||
|
1B460000
|
heap
|
page read and write
|
||
|
7FFD34500000
|
trusted library allocation
|
page read and write
|
||
|
7FF4F1600000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B940000
|
heap
|
page read and write
|
||
|
7FFD34281000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342C4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3416C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CD4A000
|
stack
|
page read and write
|
||
|
1CA4A000
|
stack
|
page read and write
|
||
|
12FF000
|
stack
|
page read and write
|
||
|
144E000
|
stack
|
page read and write
|
||
|
FE3297F000
|
stack
|
page read and write
|
||
|
7FFD3423C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34170000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B750000
|
heap
|
page read and write
|
||
|
7FFD34520000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
12ECD000
|
trusted library allocation
|
page read and write
|
||
|
1B300000
|
heap
|
page read and write
|
||
|
7FFD34280000
|
trusted library allocation
|
page read and write
|
||
|
F05000
|
heap
|
page read and write
|
||
|
3174000
|
trusted library allocation
|
page read and write
|
||
|
7FFD340DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
12E51000
|
trusted library allocation
|
page read and write
|
||
|
3305000
|
trusted library allocation
|
page read and write
|
||
|
C27000
|
heap
|
page read and write
|
||
|
7FFD341A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
26FF6930000
|
heap
|
page read and write
|
||
|
1BA83000
|
heap
|
page read and write
|
||
|
7FFD34084000
|
trusted library allocation
|
page read and write
|
||
|
12A33000
|
trusted library allocation
|
page read and write
|
||
|
1078000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
12E98000
|
trusted library allocation
|
page read and write
|
||
|
1C207000
|
stack
|
page read and write
|
||
|
7FFD34290000
|
trusted library allocation
|
page read and write
|
||
|
12E5E000
|
trusted library allocation
|
page read and write
|
||
|
1B40D000
|
stack
|
page read and write
|
||
|
490000
|
unkown
|
page readonly
|
||
|
1290000
|
heap
|
page read and write
|
||
|
1B1D9000
|
heap
|
page read and write
|
||
|
1AA60000
|
trusted library allocation
|
page read and write
|
||
|
1BC3F000
|
stack
|
page read and write
|
||
|
7FFD340A3000
|
trusted library allocation
|
page read and write
|
||
|
12E59000
|
trusted library allocation
|
page read and write
|
||
|
7FFD344DC000
|
trusted library allocation
|
page read and write
|
||
|
1AFB9000
|
stack
|
page read and write
|
||
|
1BC1E000
|
stack
|
page read and write
|
||
|
1C40F000
|
stack
|
page read and write
|
||
|
EF4000
|
stack
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
1BA4C000
|
heap
|
page read and write
|
||
|
1BDDE000
|
stack
|
page read and write
|
||
|
1B6A8000
|
heap
|
page read and write
|
||
|
1B764000
|
heap
|
page read and write
|
||
|
7FFD342B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34410000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD340D4000
|
trusted library allocation
|
page read and write
|
||
|
102B000
|
heap
|
page read and write
|
||
|
7FFD34082000
|
trusted library allocation
|
page read and write
|
||
|
1038000
|
heap
|
page read and write
|
||
|
7FFD344E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
1B308000
|
heap
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
7FFD34390000
|
trusted library allocation
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
B99000
|
heap
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
CA2892E000
|
unkown
|
page read and write
|
||
|
7FFD34093000
|
trusted library allocation
|
page read and write
|
||
|
3249000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34166000
|
trusted library allocation
|
page read and write
|
||
|
2A2E000
|
stack
|
page read and write
|
||
|
7FFD342A0000
|
trusted library allocation
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
1B76C000
|
heap
|
page read and write
|
||
|
32AF000
|
trusted library allocation
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
1155000
|
heap
|
page read and write
|
||
|
7FFD340AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
490000
|
unkown
|
page readonly
|
||
|
7FFD34340000
|
trusted library allocation
|
page read and write
|
||
|
2E90000
|
trusted library allocation
|
page read and write
|
||
|
26FF6838000
|
heap
|
page read and write
|
||
|
7FFD34230000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3409D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B410000
|
heap
|
page read and write
|
||
|
7FFD34235000
|
trusted library allocation
|
page read and write
|
||
|
1ADBE000
|
heap
|
page read and write
|
||
|
7FFD34268000
|
trusted library allocation
|
page read and write
|
||
|
7FFD340B4000
|
trusted library allocation
|
page read and write
|
||
|
104C000
|
heap
|
page read and write
|
||
|
7FFD344D0000
|
trusted library allocation
|
page read and write
|
||
|
34F9000
|
trusted library allocation
|
page read and write
|
||
|
1B610000
|
heap
|
page execute and read and write
|
||
|
7FFD344B2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD340B2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34530000
|
trusted library allocation
|
page read and write
|
||
|
100E000
|
stack
|
page read and write
|
||
|
325E000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD343C0000
|
trusted library allocation
|
page read and write
|
||
|
1BA8E000
|
heap
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
1C305000
|
stack
|
page read and write
|
||
|
1CECE000
|
stack
|
page read and write
|
||
|
7FFD3429B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34300000
|
trusted library allocation
|
page read and write
|
||
|
1BFDE000
|
stack
|
page read and write
|
||
|
7FFD34261000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34270000
|
trusted library allocation
|
page read and write
|
||
|
1B812000
|
heap
|
page read and write
|
||
|
B6C000
|
heap
|
page read and write
|
||
|
1120000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34310000
|
trusted library allocation
|
page read and write
|
||
|
1BA6A000
|
heap
|
page read and write
|
||
|
7FFD34150000
|
trusted library allocation
|
page execute and read and write
|
||
|
12E8E000
|
trusted library allocation
|
page read and write
|
||
|
2E4F000
|
stack
|
page read and write
|
||
|
1345000
|
heap
|
page read and write
|
||
|
7FFD34278000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34166000
|
trusted library allocation
|
page execute and read and write
|
||
|
10D7000
|
heap
|
page read and write
|
||
|
7FFD344B7000
|
trusted library allocation
|
page read and write
|
||
|
B57000
|
heap
|
page read and write
|
||
|
2C5E000
|
stack
|
page read and write
|
||
|
7FFD34510000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B80F000
|
heap
|
page read and write
|
||
|
7FFD34380000
|
trusted library allocation
|
page read and write
|
||
|
1B3D9000
|
stack
|
page read and write
|
||
|
1BA89000
|
heap
|
page read and write
|
||
|
7FFD343F0000
|
trusted library allocation
|
page read and write
|
||
|
2D5A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342C0000
|
trusted library allocation
|
page read and write
|
||
|
156F000
|
stack
|
page read and write
|
||
|
7FFD342A5000
|
trusted library allocation
|
page read and write
|
||
|
1BCDE000
|
stack
|
page read and write
|
||
|
2B938800000
|
heap
|
page read and write
|
||
|
7FFD342E0000
|
trusted library allocation
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
1BA1E000
|
stack
|
page read and write
|
||
|
12E53000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34140000
|
trusted library allocation
|
page execute and read and write
|
||
|
26FF6A30000
|
heap
|
page read and write
|
||
|
1585000
|
heap
|
page read and write
|
||
|
C13000
|
heap
|
page read and write
|
||
|
7FFD340C3000
|
trusted library allocation
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
7FFD34196000
|
trusted library allocation
|
page execute and read and write
|
||
|
12E81000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342E0000
|
trusted library allocation
|
page read and write
|
||
|
1B82C000
|
heap
|
page read and write
|
||
|
7FFD343D0000
|
trusted library allocation
|
page read and write
|
||
|
1B818000
|
heap
|
page read and write
|
||
|
7FFD34360000
|
trusted library allocation
|
page read and write
|
||
|
1B720000
|
heap
|
page read and write
|
||
|
12A31000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
34FF000
|
trusted library allocation
|
page read and write
|
||
|
1CB4E000
|
stack
|
page read and write
|
||
|
7FFD34492000
|
trusted library allocation
|
page read and write
|
||
|
3296000
|
trusted library allocation
|
page read and write
|
||
|
1B74F000
|
heap
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
1523000
|
heap
|
page read and write
|
||
|
7FFD340A0000
|
trusted library allocation
|
page read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
1B79E000
|
heap
|
page read and write
|
||
|
7FFD34160000
|
trusted library allocation
|
page read and write
|
||
|
3503000
|
trusted library allocation
|
page read and write
|
||
|
1B620000
|
heap
|
page read and write
|
||
|
1BA4F000
|
heap
|
page read and write
|
||
|
3309000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD340BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD342C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD342BB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34350000
|
trusted library allocation
|
page read and write
|
||
|
7FFD343A0000
|
trusted library allocation
|
page read and write
|
||
|
2EC1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34275000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD340B0000
|
trusted library allocation
|
page read and write
|
||
|
110E000
|
stack
|
page read and write
|
||
|
7FFD344A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34080000
|
trusted library allocation
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
1B463000
|
heap
|
page read and write
|
||
|
7FFD340D0000
|
trusted library allocation
|
page read and write
|
||
|
3245000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34140000
|
trusted library allocation
|
page read and write
|
||
|
7FFD340DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C410000
|
heap
|
page read and write
|
||
|
326E000
|
trusted library allocation
|
page read and write
|
||
|
1BA8B000
|
heap
|
page read and write
|
||
|
1163000
|
heap
|
page read and write
|
||
|
7FFD340BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34146000
|
trusted library allocation
|
page read and write
|
||
|
2B938810000
|
heap
|
page read and write
|
||
|
12A3E000
|
trusted library allocation
|
page read and write
|
||
|
B39000
|
heap
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
7FFD342E4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34255000
|
trusted library allocation
|
page read and write
|
||
|
14F0000
|
heap
|
page execute and read and write
|
||
|
7FFD340B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD3410C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD344F0000
|
trusted library allocation
|
page read and write
|
||
|
3241000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3408D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1096000
|
heap
|
page read and write
|
||
|
7FFD34490000
|
trusted library allocation
|
page read and write
|
||
|
11F5000
|
heap
|
page read and write
|
||
|
10AC000
|
heap
|
page read and write
|
||
|
102F000
|
heap
|
page read and write
|
||
|
E3F000
|
stack
|
page read and write
|
||
|
7FFD342D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD342D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34400000
|
trusted library allocation
|
page read and write
|
||
|
1BF37000
|
stack
|
page read and write
|
||
|
7FFD341D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3229000
|
trusted library allocation
|
page read and write
|
||
|
12EAD000
|
trusted library allocation
|
page read and write
|
||
|
2B938830000
|
heap
|
page read and write
|
||
|
7FFD342B4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34280000
|
trusted library allocation
|
page read and write
|
||
|
107A000
|
heap
|
page read and write
|
||
|
E45000
|
heap
|
page read and write
|
||
|
1320000
|
trusted library allocation
|
page read and write
|
||
|
B9B000
|
heap
|
page read and write
|
||
|
1323000
|
trusted library allocation
|
page read and write
|
||
|
B59000
|
heap
|
page read and write
|
||
|
3263000
|
trusted library allocation
|
page read and write
|
||
|
1175000
|
heap
|
page read and write
|
||
|
7FFD342B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34298000
|
trusted library allocation
|
page read and write
|
||
|
2E70000
|
heap
|
page execute and read and write
|
||
|
1BEDE000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
1036000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
3501000
|
trusted library allocation
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
7FFD340B4000
|
trusted library allocation
|
page read and write
|
||
|
2900000
|
heap
|
page execute and read and write
|
||
|
B6E000
|
heap
|
page read and write
|
||
|
7FFD342C0000
|
trusted library allocation
|
page read and write
|
||
|
2D40000
|
heap
|
page execute and read and write
|
||
|
7FFD340CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
7FFD340AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B8E0000
|
heap
|
page execute and read and write
|
||
|
1B816000
|
heap
|
page read and write
|
||
|
7FFD34285000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34093000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34320000
|
trusted library allocation
|
page read and write
|
||
|
C2E000
|
heap
|
page read and write
|
||
|
1B81B000
|
heap
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
1AEB0000
|
trusted library allocation
|
page read and write
|
There are 343 hidden memdumps, click here to show them.