Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
msgtopstdemo.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Program Files (x86)\Datavare MSG to PST Converter - Demo Version\Aspose.Email.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Datavare MSG to PST Converter - Demo Version\Config.txt (copy)
|
data
|
dropped
|
||
|
C:\Program Files (x86)\Datavare MSG to PST Converter - Demo Version\MsgToPst.exe (copy)
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Datavare MSG to PST Converter - Demo Version\is-01BK0.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Datavare MSG to PST Converter - Demo Version\is-0L47Q.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Datavare MSG to PST Converter - Demo Version\is-4AED4.tmp
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Datavare MSG to PST Converter - Demo Version\is-4FDGP.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Datavare MSG to PST Converter - Demo Version\is-SNPO1.tmp
|
data
|
dropped
|
||
|
C:\Program Files (x86)\Datavare MSG to PST Converter - Demo Version\unins000.dat
|
InnoSetup Log Datavare MSG to PST Converter - Demo Version {B704DD12-0FC2-4CCC-A183-86D06E9674A6}, version 0x30, 19133 bytes,
216554\user, "C:\Program Files (x86)\Datavare MSG to PST Converter - Demo Version"
|
dropped
|
||
|
C:\Program Files (x86)\Datavare MSG to PST Converter - Demo Version\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Datavare MSG to PST Converter - Demo Version.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Thu Oct 3 15:22:35 2024, mtime=Thu Oct 3 15:22:35 2024, atime=Tue Dec 12 18:28:02 2017, length=1021952, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-0CF57.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-0CF57.tmp\isxdl.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-UN1KP.tmp\msgtopstdemo.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\msgtopstdemo.exe
|
"C:\Users\user\Desktop\msgtopstdemo.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\is-UN1KP.tmp\msgtopstdemo.tmp
|
"C:\Users\user\AppData\Local\Temp\is-UN1KP.tmp\msgtopstdemo.tmp" /SL5="$20450,2062666,288768,C:\Users\user\Desktop\msgtopstdemo.exe"
|
||
|
C:\Program Files (x86)\Datavare MSG to PST Converter - Demo Version\MsgToPst.exe
|
"C:\Program Files (x86)\Datavare MSG to PST Converter - Demo Version\MsgToPst.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://certificates.godaddy.com/repository/0
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
|
http://certs.godaddy.com/repository/1301
|
unknown
|
||
|
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://crl.godaddy.com/gdig2s5-2.crl0
|
unknown
|
||
|
http://www.datavare.com/
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
https://certs.godaddy.com/repository/0
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://certificates.starfieldtech.com/repository/1604
|
unknown
|
||
|
http://ocsp.starfieldtech.com/0D
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://crl.godaddy.com/gdroot-g2.crl0F
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://crl.starfieldtech.com/repository/0
|
unknown
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
http://ns.ado
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.istool.org/
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://crl.starfieldtech.com/repository/sfsroot.crl0P
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://certificates.godaddy.com/repository/gdig2.crt0
|
unknown
|
||
|
http://www.datavare.com/B
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
||
|
http://www.datavare.com/contact-us.html
|
unknown
|
There are 35 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
Inno Setup: Selected Tasks
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
Inno Setup: Deselected Tasks
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
Inno Setup: Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
MajorVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
MinorVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B704DD12-0FC2-4CCC-A183-86D06E9674A6}_is1
|
EstimatedSize
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
CE0000
|
heap
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
6D72000
|
trusted library allocation
|
page read and write
|
||
|
5310000
|
heap
|
page execute and read and write
|
||
|
2950000
|
trusted library allocation
|
page read and write
|
||
|
2370000
|
direct allocation
|
page read and write
|
||
|
2295000
|
heap
|
page read and write
|
||
|
5080000
|
trusted library allocation
|
page read and write
|
||
|
4906000
|
direct allocation
|
page read and write
|
||
|
3B8A000
|
trusted library allocation
|
page read and write
|
||
|
21B8000
|
direct allocation
|
page read and write
|
||
|
2370000
|
direct allocation
|
page read and write
|
||
|
4FF0000
|
heap
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
23D0000
|
direct allocation
|
page read and write
|
||
|
5DE000
|
heap
|
page read and write
|
||
|
53C0000
|
trusted library allocation
|
page read and write
|
||
|
57F000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
DDE000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5091000
|
heap
|
page read and write
|
||
|
5E2000
|
heap
|
page read and write
|
||
|
D8A000
|
trusted library allocation
|
page execute and read and write
|
||
|
DDB000
|
heap
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page read and write
|
||
|
4E6000
|
unkown
|
page readonly
|
||
|
2458000
|
direct allocation
|
page read and write
|
||
|
5EA000
|
heap
|
page read and write
|
||
|
3B1E000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
49B000
|
unkown
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
2100000
|
direct allocation
|
page read and write
|
||
|
7810000
|
trusted library allocation
|
page read and write
|
||
|
593000
|
heap
|
page read and write
|
||
|
2190000
|
direct allocation
|
page read and write
|
||
|
12E0000
|
trusted library allocation
|
page read and write
|
||
|
417000
|
unkown
|
page readonly
|
||
|
325E000
|
stack
|
page read and write
|
||
|
DF8000
|
heap
|
page read and write
|
||
|
412000
|
unkown
|
page readonly
|
||
|
3130000
|
heap
|
page read and write
|
||
|
4890000
|
direct allocation
|
page read and write
|
||
|
CE5000
|
heap
|
page read and write
|
||
|
5500000
|
heap
|
page read and write
|
||
|
2168000
|
direct allocation
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
21A0000
|
direct allocation
|
page read and write
|
||
|
5EC000
|
heap
|
page read and write
|
||
|
3B58000
|
trusted library allocation
|
page read and write
|
||
|
D97000
|
trusted library allocation
|
page execute and read and write
|
||
|
D60000
|
trusted library allocation
|
page read and write
|
||
|
3B51000
|
trusted library allocation
|
page read and write
|
||
|
5370000
|
trusted library section
|
page readonly
|
||
|
23D0000
|
direct allocation
|
page read and write
|
||
|
29C0000
|
trusted library allocation
|
page read and write
|
||
|
21BC000
|
direct allocation
|
page read and write
|
||
|
5E2000
|
heap
|
page read and write
|
||
|
5050000
|
trusted library allocation
|
page read and write
|
||
|
503F000
|
trusted library allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
D6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
D70000
|
trusted library allocation
|
page read and write
|
||
|
2174000
|
direct allocation
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
76A000
|
unkown
|
page readonly
|
||
|
412000
|
unkown
|
page readonly
|
||
|
5EF000
|
heap
|
page read and write
|
||
|
53F6000
|
heap
|
page read and write
|
||
|
4B3000
|
unkown
|
page readonly
|
||
|
E7C000
|
heap
|
page read and write
|
||
|
4915000
|
direct allocation
|
page read and write
|
||
|
218C000
|
direct allocation
|
page read and write
|
||
|
737000
|
unkown
|
page readonly
|
||
|
D9B000
|
trusted library allocation
|
page execute and read and write
|
||
|
49D000
|
unkown
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page execute and read and write
|
||
|
297B000
|
trusted library allocation
|
page read and write
|
||
|
215C000
|
direct allocation
|
page read and write
|
||
|
EA6000
|
heap
|
page read and write
|
||
|
4898000
|
direct allocation
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
54E000
|
stack
|
page read and write
|
||
|
5040000
|
trusted library allocation
|
page execute and read and write
|
||
|
254A000
|
direct allocation
|
page read and write
|
||
|
3441000
|
heap
|
page read and write
|
||
|
23E4000
|
heap
|
page read and write
|
||
|
2B11000
|
trusted library allocation
|
page read and write
|
||
|
21B8000
|
direct allocation
|
page read and write
|
||
|
D63000
|
trusted library allocation
|
page execute and read and write
|
||
|
2517000
|
direct allocation
|
page read and write
|
||
|
3BC4000
|
trusted library allocation
|
page read and write
|
||
|
5A4000
|
heap
|
page read and write
|
||
|
52E0000
|
trusted library section
|
page read and write
|
||
|
2780000
|
heap
|
page read and write
|
||
|
12DE000
|
stack
|
page read and write
|
||
|
D86000
|
trusted library allocation
|
page execute and read and write
|
||
|
555F000
|
heap
|
page read and write
|
||
|
5F4000
|
heap
|
page read and write
|
||
|
DB0000
|
trusted library allocation
|
page read and write
|
||
|
3130000
|
direct allocation
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
2260000
|
direct allocation
|
page execute and read and write
|
||
|
347E000
|
heap
|
page read and write
|
||
|
6D50000
|
trusted library allocation
|
page read and write
|
||
|
417000
|
unkown
|
page readonly
|
||
|
9B000
|
stack
|
page read and write
|
||
|
3150000
|
direct allocation
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
4AD000
|
unkown
|
page readonly
|
||
|
5190000
|
heap
|
page read and write
|
||
|
6F5000
|
unkown
|
page readonly
|
||
|
57C000
|
heap
|
page read and write
|
||
|
2299000
|
heap
|
page read and write
|
||
|
728000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
548F000
|
stack
|
page read and write
|
||
|
2996000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7790000
|
trusted library allocation
|
page read and write
|
||
|
29B5000
|
trusted library allocation
|
page read and write
|
||
|
51E0000
|
heap
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
49B000
|
unkown
|
page write copy
|
||
|
3B11000
|
trusted library allocation
|
page read and write
|
||
|
21C0000
|
direct allocation
|
page read and write
|
||
|
12F9000
|
heap
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
E5B000
|
heap
|
page read and write
|
||
|
6B2000
|
unkown
|
page readonly
|
||
|
D80000
|
trusted library allocation
|
page read and write
|
||
|
5090000
|
heap
|
page read and write
|
||
|
21A4000
|
direct allocation
|
page read and write
|
||
|
5B9000
|
heap
|
page read and write
|
||
|
347C000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
E78000
|
heap
|
page read and write
|
||
|
2178000
|
direct allocation
|
page read and write
|
||
|
D7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B0000
|
unkown
|
page readonly
|
||
|
27B0000
|
trusted library allocation
|
page read and write
|
||
|
57C000
|
heap
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page read and write
|
||
|
4954000
|
direct allocation
|
page read and write
|
||
|
FCE000
|
stack
|
page read and write
|
||
|
5313000
|
heap
|
page execute and read and write
|
||
|
751F000
|
stack
|
page read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
2157000
|
direct allocation
|
page read and write
|
||
|
8AF000
|
stack
|
page read and write
|
||
|
5E6000
|
heap
|
page read and write
|
||
|
5020000
|
heap
|
page read and write
|
||
|
5E6000
|
heap
|
page read and write
|
||
|
20F4000
|
direct allocation
|
page read and write
|
||
|
60A000
|
heap
|
page read and write
|
||
|
20F0000
|
direct allocation
|
page read and write
|
||
|
91000
|
stack
|
page read and write
|
||
|
29B0000
|
trusted library allocation
|
page read and write
|
||
|
347C000
|
heap
|
page read and write
|
||
|
755E000
|
stack
|
page read and write
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
568000
|
heap
|
page read and write
|
||
|
53E0000
|
trusted library allocation
|
page read and write
|
||
|
3162000
|
direct allocation
|
page read and write
|
||
|
9AF000
|
stack
|
page read and write
|
||
|
219C000
|
direct allocation
|
page read and write
|
||
|
5E8000
|
heap
|
page read and write
|
||
|
D64000
|
trusted library allocation
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
936E000
|
stack
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
2446000
|
direct allocation
|
page read and write
|
||
|
51DB000
|
stack
|
page read and write
|
||
|
48CB000
|
direct allocation
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
2960000
|
heap
|
page execute and read and write
|
||
|
5DE000
|
heap
|
page read and write
|
||
|
51E3000
|
heap
|
page read and write
|
||
|
53A0000
|
heap
|
page read and write
|
||
|
2B0F000
|
stack
|
page read and write
|
||
|
2413000
|
direct allocation
|
page read and write
|
||
|
4CAD000
|
stack
|
page read and write
|
||
|
2970000
|
trusted library allocation
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
2188000
|
direct allocation
|
page read and write
|
||
|
596000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
53B0000
|
trusted library allocation
|
page read and write
|
||
|
218A000
|
direct allocation
|
page read and write
|
||
|
69E000
|
stack
|
page read and write
|
||
|
FF0000
|
trusted library allocation
|
page read and write
|
||
|
2158000
|
direct allocation
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
5DE000
|
heap
|
page read and write
|
||
|
3130000
|
direct allocation
|
page read and write
|
||
|
2108000
|
direct allocation
|
page read and write
|
||
|
4960000
|
heap
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
2470000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3360000
|
trusted library allocation
|
page read and write
|
||
|
5680000
|
heap
|
page read and write
|
||
|
5E9000
|
heap
|
page read and write
|
||
|
5DE000
|
heap
|
page read and write
|
||
|
5E2000
|
heap
|
page read and write
|
||
|
48D3000
|
direct allocation
|
page read and write
|
||
|
299D000
|
trusted library allocation
|
page read and write
|
||
|
35BE000
|
stack
|
page read and write
|
||
|
2991000
|
trusted library allocation
|
page read and write
|
||
|
5E2000
|
heap
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
5B8000
|
heap
|
page read and write
|
||
|
6D7000
|
heap
|
page read and write
|
||
|
72C0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
90F000
|
stack
|
page read and write
|
||
|
5541000
|
heap
|
page read and write
|
||
|
741E000
|
stack
|
page read and write
|
||
|
53F0000
|
heap
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
49F000
|
unkown
|
page write copy
|
||
|
40E000
|
unkown
|
page write copy
|
||
|
4E6000
|
unkown
|
page readonly
|
||
|
5545000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
335F000
|
stack
|
page read and write
|
||
|
54FD000
|
stack
|
page read and write
|
||
|
2198000
|
direct allocation
|
page read and write
|
||
|
D82000
|
trusted library allocation
|
page read and write
|
||
|
B37000
|
stack
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
4987000
|
direct allocation
|
page read and write
|
||
|
D73000
|
trusted library allocation
|
page read and write
|
||
|
2194000
|
direct allocation
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
57A000
|
heap
|
page read and write
|
||
|
4948000
|
direct allocation
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
A38000
|
stack
|
page read and write
|
||
|
210C000
|
direct allocation
|
page read and write
|
||
|
4B3000
|
unkown
|
page readonly
|
||
|
3B91000
|
trusted library allocation
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
777000
|
unkown
|
page readonly
|
||
|
5320000
|
trusted library allocation
|
page execute and read and write
|
||
|
7AA000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5DF000
|
heap
|
page read and write
|
||
|
21D0000
|
direct allocation
|
page read and write
|
||
|
21D0000
|
direct allocation
|
page read and write
|
||
|
D92000
|
trusted library allocation
|
page read and write
|
||
|
40C000
|
unkown
|
page write copy
|
||
|
2390000
|
heap
|
page read and write
|
||
|
5F4000
|
heap
|
page read and write
|
||
|
3B19000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
29E0000
|
trusted library allocation
|
page read and write
|
||
|
633000
|
heap
|
page read and write
|
||
|
5380000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BA000
|
unkown
|
page readonly
|
||
|
579000
|
heap
|
page read and write
|
||
|
2150000
|
direct allocation
|
page read and write
|
||
|
298E000
|
trusted library allocation
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
49C000
|
unkown
|
page write copy
|
||
|
DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
538F000
|
stack
|
page read and write
|
||
|
21B8000
|
direct allocation
|
page read and write
|
||
|
357E000
|
stack
|
page read and write
|
||
|
5350000
|
heap
|
page execute and read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
4AD000
|
unkown
|
page readonly
|
||
|
5E2000
|
heap
|
page read and write
|
There are 279 hidden memdumps, click here to show them.