Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
EQxFL1u3m1.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Windows\System32\SubDir\Client.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\EQxFL1u3m1.exe.log
|
CSV text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\EQxFL1u3m1.exe
|
"C:\Users\user\Desktop\EQxFL1u3m1.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\SubDir\Client.exe
|
"C:\Windows\system32\SubDir\Client.exe"
|
|
|
|
C:\Windows\System32\SubDir\Client.exe
|
C:\Windows\system32\SubDir\Client.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
xm.wintk.vip
|
|
||
|
https://api.ipify.org/
|
unknown
|
||
|
https://stackoverflow.com/q/14436606/23354
|
unknown
|
||
|
https://stackoverflow.com/q/2152978/23354sCannot
|
unknown
|
||
|
https://ipwho.is/
|
108.181.47.111
|
||
|
http://schemas.datacontract.org/2004/07/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://crl.v
|
unknown
|
||
|
http://ipwho.is
|
unknown
|
||
|
https://stackoverflow.com/q/11564914/23354;
|
unknown
|
||
|
https://ipwho.is
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
xm.wintk.vip
|
192.144.128.196
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
ipwho.is
|
108.181.47.111
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.144.128.196
|
xm.wintk.vip
|
China
|
|
|
|
108.181.47.111
|
ipwho.is
|
Canada
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Client_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
938B5C9000
|
stack
|
page read and write
|
|
|
|
33A4000
|
trusted library allocation
|
page read and write
|
|
|
|
2D61000
|
trusted library allocation
|
page read and write
|
|
|
|
1BD327A5000
|
heap
|
page read and write
|
|
|
|
1BD32800000
|
heap
|
page read and write
|
|
|
|
6E2000
|
unkown
|
page readonly
|
|
|
|
251EAB9000
|
stack
|
page read and write
|
|
|
|
1ADFB540000
|
heap
|
page read and write
|
|
|
|
1ADFB7F0000
|
heap
|
page read and write
|
|
|
|
1BD3280F000
|
heap
|
page read and write
|
|
|
|
A00000
|
unkown
|
page readonly
|
|
|
|
1ADFB7F5000
|
heap
|
page read and write
|
|
|
|
1ADFB548000
|
heap
|
page read and write
|
|
|
|
28F1000
|
trusted library allocation
|
page read and write
|
|
|
|
1BD327A0000
|
heap
|
page read and write
|
|
|
|
2FA9000
|
trusted library allocation
|
page read and write
|
|
|
|
2D30000
|
heap
|
page read and write
|
||
|
7FF848E03000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FDB000
|
trusted library allocation
|
page read and write
|
||
|
1ADFB520000
|
heap
|
page read and write
|
||
|
7FF849232000
|
trusted library allocation
|
page read and write
|
||
|
EF8000
|
heap
|
page read and write
|
||
|
1C76C000
|
stack
|
page read and write
|
||
|
1CEAD000
|
stack
|
page read and write
|
||
|
1B8CF000
|
heap
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF2000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849230000
|
trusted library allocation
|
page read and write
|
||
|
1B1D4000
|
heap
|
page read and write
|
||
|
28EF000
|
stack
|
page read and write
|
||
|
134C000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
7FF848DF4000
|
trusted library allocation
|
page read and write
|
||
|
7FF8492E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849013000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C770000
|
heap
|
page read and write
|
||
|
1BC9E000
|
stack
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
C08000
|
heap
|
page read and write
|
||
|
1B854000
|
heap
|
page read and write
|
||
|
33F9000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849054000
|
trusted library allocation
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
2C80000
|
trusted library allocation
|
page read and write
|
||
|
1B9CC000
|
heap
|
page read and write
|
||
|
7FF84900F000
|
trusted library allocation
|
page read and write
|
||
|
333B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F9C000
|
trusted library allocation
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
1B1C0000
|
heap
|
page read and write
|
||
|
7FF849270000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12CE000
|
stack
|
page read and write
|
||
|
12F71000
|
trusted library allocation
|
page read and write
|
||
|
14DE000
|
stack
|
page read and write
|
||
|
7FF848EA6000
|
trusted library allocation
|
page read and write
|
||
|
1BBDF000
|
stack
|
page read and write
|
||
|
1BD32808000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
1B9CF000
|
heap
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
12F88000
|
trusted library allocation
|
page read and write
|
||
|
12E9000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD32760000
|
heap
|
page read and write
|
||
|
1BBE0000
|
heap
|
page execute and read and write
|
||
|
12F9D000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2750000
|
heap
|
page execute and read and write
|
||
|
270F000
|
stack
|
page read and write
|
||
|
1B330000
|
heap
|
page read and write
|
||
|
331B000
|
trusted library allocation
|
page read and write
|
||
|
12FBD000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC1000
|
trusted library allocation
|
page read and write
|
||
|
7FF84905B000
|
trusted library allocation
|
page read and write
|
||
|
1B682000
|
heap
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B9E3000
|
heap
|
page read and write
|
||
|
7FF848FE5000
|
trusted library allocation
|
page read and write
|
||
|
251EBBF000
|
stack
|
page read and write
|
||
|
1B840000
|
heap
|
page read and write
|
||
|
1368000
|
heap
|
page read and write
|
||
|
7FF848DF4000
|
trusted library allocation
|
page read and write
|
||
|
10F1000
|
stack
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
1B333000
|
heap
|
page read and write
|
||
|
3350000
|
trusted library allocation
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
FB1000
|
heap
|
page read and write
|
||
|
1BB9E000
|
stack
|
page read and write
|
||
|
1B82F000
|
stack
|
page read and write
|
||
|
DFF000
|
stack
|
page read and write
|
||
|
7FF848E7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
12D63000
|
trusted library allocation
|
page read and write
|
||
|
7FF849024000
|
trusted library allocation
|
page read and write
|
||
|
7FF849024000
|
trusted library allocation
|
page read and write
|
||
|
1B430000
|
heap
|
page read and write
|
||
|
F39000
|
heap
|
page read and write
|
||
|
7FF849252000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12D75000
|
trusted library allocation
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
C27000
|
heap
|
page read and write
|
||
|
1B9DA000
|
heap
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page read and write
|
||
|
12F7E000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD32680000
|
heap
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
C69000
|
heap
|
page read and write
|
||
|
7FF848EAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7A3000
|
heap
|
page read and write
|
||
|
1AD90000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E44000
|
trusted library allocation
|
page read and write
|
||
|
12D6E000
|
trusted library allocation
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
7FF8491B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F95000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490D0000
|
trusted library allocation
|
page read and write
|
||
|
AF4000
|
stack
|
page read and write
|
||
|
1B9E0000
|
heap
|
page read and write
|
||
|
7FF8490E0000
|
trusted library allocation
|
page read and write
|
||
|
1BEED000
|
stack
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
1B8FC000
|
heap
|
page read and write
|
||
|
7FF849015000
|
trusted library allocation
|
page read and write
|
||
|
1B882000
|
heap
|
page read and write
|
||
|
938B87F000
|
unkown
|
page read and write
|
||
|
1C0E6000
|
stack
|
page read and write
|
||
|
131F000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD8000
|
trusted library allocation
|
page read and write
|
||
|
35F1000
|
trusted library allocation
|
page read and write
|
||
|
1B72E000
|
stack
|
page read and write
|
||
|
7FF848E4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B844000
|
heap
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
7FF848FC1000
|
trusted library allocation
|
page read and write
|
||
|
1B640000
|
heap
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8492F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12D69000
|
trusted library allocation
|
page read and write
|
||
|
EF6000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
35EA000
|
trusted library allocation
|
page read and write
|
||
|
7FF8492A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BFED000
|
stack
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
1C465000
|
stack
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B8A0000
|
heap
|
page read and write
|
||
|
251EB3E000
|
unkown
|
page read and write
|
||
|
7FF849150000
|
trusted library allocation
|
page read and write
|
||
|
1C66A000
|
stack
|
page read and write
|
||
|
13CE000
|
stack
|
page read and write
|
||
|
128FE000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
128F1000
|
trusted library allocation
|
page read and write
|
||
|
2D90000
|
heap
|
page execute and read and write
|
||
|
7FF848DF6000
|
trusted library allocation
|
page read and write
|
||
|
1CDAE000
|
stack
|
page read and write
|
||
|
3088000
|
trusted library allocation
|
page read and write
|
||
|
1ADFB500000
|
heap
|
page read and write
|
||
|
1120000
|
trusted library allocation
|
page read and write
|
||
|
2CB3000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490F0000
|
trusted library allocation
|
page read and write
|
||
|
1175000
|
heap
|
page read and write
|
||
|
7FF848E03000
|
trusted library allocation
|
page read and write
|
||
|
11B0000
|
heap
|
page execute and read and write
|
||
|
1ADFB569000
|
heap
|
page read and write
|
||
|
7FF8492D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
128F9000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
CDF000
|
heap
|
page read and write
|
||
|
2CB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849240000
|
trusted library allocation
|
page read and write
|
||
|
25E0000
|
trusted library allocation
|
page read and write
|
||
|
F0F000
|
heap
|
page read and write
|
||
|
1B64C000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
ED9000
|
heap
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
7FF848FEA000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
2F71000
|
trusted library allocation
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849100000
|
trusted library allocation
|
page read and write
|
||
|
7FF849130000
|
trusted library allocation
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page execute and read and write
|
||
|
33A0000
|
trusted library allocation
|
page read and write
|
||
|
1BC04000
|
heap
|
page read and write
|
||
|
C39000
|
heap
|
page read and write
|
||
|
1AE79000
|
stack
|
page read and write
|
||
|
1BC13000
|
heap
|
page read and write
|
||
|
7FF848FE5000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
308A000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
1BC07000
|
heap
|
page read and write
|
||
|
7FF848E33000
|
trusted library allocation
|
page read and write
|
||
|
7FF849120000
|
trusted library allocation
|
page read and write
|
||
|
1AFA0000
|
trusted library allocation
|
page read and write
|
||
|
1B92E000
|
stack
|
page read and write
|
||
|
1BD9E000
|
stack
|
page read and write
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
1AC7B000
|
heap
|
page read and write
|
||
|
7FF848F06000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C366000
|
stack
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
6E0000
|
unkown
|
page readonly
|
||
|
BE5000
|
heap
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
C3D000
|
heap
|
page read and write
|
||
|
2C30000
|
heap
|
page execute and read and write
|
||
|
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF8492B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B8E2000
|
heap
|
page read and write
|
||
|
7FF8492C0000
|
trusted library allocation
|
page read and write
|
||
|
1B4FD000
|
stack
|
page read and write
|
||
|
12905000
|
trusted library allocation
|
page read and write
|
||
|
7FF849290000
|
trusted library allocation
|
page read and write
|
||
|
2780000
|
heap
|
page execute and read and write
|
||
|
2C14000
|
trusted library allocation
|
page read and write
|
||
|
3361000
|
trusted library allocation
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
2CA0000
|
trusted library allocation
|
page read and write
|
||
|
D85000
|
heap
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
1BD1C000
|
heap
|
page read and write
|
||
|
7FF8492C5000
|
trusted library allocation
|
page read and write
|
||
|
1BBF0000
|
heap
|
page read and write
|
||
|
1B928000
|
heap
|
page read and write
|
||
|
1B202000
|
heap
|
page read and write
|
||
|
7FF849190000
|
trusted library allocation
|
page read and write
|
||
|
128F3000
|
trusted library allocation
|
page read and write
|
||
|
F0C000
|
heap
|
page read and write
|
||
|
7FF849090000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FDC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F95000
|
trusted library allocation
|
page read and write
|
||
|
2FB2000
|
trusted library allocation
|
page read and write
|
||
|
11C5000
|
heap
|
page read and write
|
||
|
7FF8491A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849275000
|
trusted library allocation
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
7FF848EDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A920000
|
trusted library allocation
|
page read and write
|
||
|
1BE9E000
|
stack
|
page read and write
|
||
|
7FF848E24000
|
trusted library allocation
|
page read and write
|
||
|
C2E000
|
heap
|
page read and write
|
||
|
7FF848DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
3333000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849257000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EA6000
|
trusted library allocation
|
page read and write
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
1CFAA000
|
stack
|
page read and write
|
||
|
1C56F000
|
stack
|
page read and write
|
||
|
120E000
|
stack
|
page read and write
|
||
|
7FF848DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FD8000
|
trusted library allocation
|
page read and write
|
||
|
1BDD5000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
1BD32780000
|
heap
|
page read and write
|
||
|
B43000
|
stack
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
1B2F9000
|
stack
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7A0000
|
heap
|
page read and write
|
||
|
1B2F9000
|
heap
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
131D000
|
heap
|
page read and write
|
||
|
7FF44E7B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849140000
|
trusted library allocation
|
page read and write
|
||
|
3355000
|
trusted library allocation
|
page read and write
|
||
|
7FF849160000
|
trusted library allocation
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490B0000
|
trusted library allocation
|
page read and write
|
||
|
2F80000
|
trusted library allocation
|
page read and write
|
||
|
1B9D6000
|
heap
|
page read and write
|
||
|
2C16000
|
trusted library allocation
|
page read and write
|
||
|
C1F000
|
heap
|
page read and write
|
||
|
DC5000
|
heap
|
page read and write
|
||
|
7FF848E22000
|
trusted library allocation
|
page read and write
|
||
|
7FF84927C000
|
trusted library allocation
|
page read and write
|
||
|
35E8000
|
trusted library allocation
|
page read and write
|
||
|
C67000
|
heap
|
page read and write
|
||
|
938B8FE000
|
stack
|
page read and write
|
||
|
7FF849008000
|
trusted library allocation
|
page read and write
|
||
|
3337000
|
trusted library allocation
|
page read and write
|
||
|
1ADFB4F0000
|
heap
|
page read and write
|
||
|
1BA2F000
|
stack
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
35ED000
|
trusted library allocation
|
page read and write
|
||
|
7FF849180000
|
trusted library allocation
|
page read and write
|
||
|
2600000
|
trusted library allocation
|
page read and write
|
||
|
10CE000
|
stack
|
page read and write
|
||
|
7FF849110000
|
trusted library allocation
|
page read and write
|
||
|
7FF849170000
|
trusted library allocation
|
page read and write
|
||
|
1B0EF000
|
heap
|
page read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E0000
|
unkown
|
page readonly
|
||
|
12D61000
|
trusted library allocation
|
page read and write
|
||
|
2DDE000
|
stack
|
page read and write
|
||
|
1BD7E000
|
heap
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F6F000
|
stack
|
page read and write
|
||
|
2FA6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B930000
|
heap
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
There are 327 hidden memdumps, click here to show them.