Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ywXeiXEvP2.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\jDownloader\config\conhost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Uninstall Information\OfficeClickToRun.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Multimedia Platform\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Photo Viewer\en-GB\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Photo Viewer\en-GB\UserOOBEBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\Templates\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\XClient.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\DCRatBuild.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\RarSFX0\Result.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\XClient.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Hypercontainercomponentnetcommon\ServerWeb.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Hypercontainercomponentnetcommon\UGsUclNNu9UBh.vbe
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\sihost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\XClient.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\ELAMBKUP\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\IME\IMEKR\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\IdentityCRL\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\9e8d7a4ca61bd9
|
ASCII text, with very long lines (609), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\jDownloader\config\088424020bedd6
|
ASCII text, with very long lines (432), with no line terminators
|
dropped
|
||
|
C:\Program Files\Uninstall Information\e6c9b481da804f
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\d908c538d2e8d0
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Multimedia Platform\d908c538d2e8d0
|
ASCII text, with very long lines (820), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Photo Viewer\en-GB\7ccfebd9e92364
|
ASCII text, with very long lines (609), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Photo Viewer\en-GB\9e8d7a4ca61bd9
|
ASCII text, with very long lines (385), with no line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Templates\d908c538d2e8d0
|
ASCII text, with very long lines (840), with no line terminators
|
dropped
|
||
|
C:\Recovery\cf20f2cf4406ff
|
ASCII text, with very long lines (448), with no line terminators
|
dropped
|
||
|
C:\Recovery\d908c538d2e8d0
|
ASCII text, with very long lines (662), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ServerWeb.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\conhost.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Hypercontainercomponentnetcommon\file.vbs
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Hypercontainercomponentnetcommon\hUqNkgIMv7nY24UYezK0etl.bat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\66fc9ff0ee96c2
|
ASCII text, with very long lines (427), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jun 11 17:07:08
2024, mtime=Tue Jun 11 17:07:08 2024, atime=Tue Jun 11 17:07:08 2024, length=34816, window=hide
|
dropped
|
||
|
C:\Windows\ELAMBKUP\d908c538d2e8d0
|
ASCII text, with very long lines (563), with no line terminators
|
dropped
|
||
|
C:\Windows\IME\IMEKR\d908c538d2e8d0
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\IdentityCRL\d908c538d2e8d0
|
ASCII text, with very long lines (982), with no line terminators
|
dropped
|
There are 30 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ywXeiXEvP2.exe
|
"C:\Users\user\Desktop\ywXeiXEvP2.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\RarSFX0\Result.exe
|
"C:\Users\user\AppData\Local\Temp\RarSFX0\Result.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\DCRatBuild.exe
|
"C:\Users\user\AppData\Local\Temp\DCRatBuild.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\XClient.exe
|
"C:\Users\user\AppData\Local\Temp\XClient.exe"
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Hypercontainercomponentnetcommon\UGsUclNNu9UBh.vbe"
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Hypercontainercomponentnetcommon\file.vbs"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Users\user\AppData\Roaming\Hypercontainercomponentnetcommon\ServerWeb.exe
|
"C:\Users\user\AppData\Roaming\Hypercontainercomponentnetcommon\ServerWeb.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwHF" /sc MINUTE /mo 14 /tr "'C:\Program Files\Windows Defender Advanced
Threat Protection\en-GB\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwH" /sc ONLOGON /tr "'C:\Program Files\Windows Defender Advanced Threat
Protection\en-GB\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwHF" /sc MINUTE /mo 6 /tr "'C:\Program Files\Windows Defender Advanced
Threat Protection\en-GB\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\microsoft\Temp\EUC7A5.tmp\RuntimeBroker.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwHF" /sc MINUTE /mo 6 /tr "'C:\Recovery\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwH" /sc ONLOGON /tr "'C:\Recovery\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'" /rl
HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwHF" /sc MINUTE /mo 8 /tr "'C:\Recovery\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwHF" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Multimedia Platform\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwH" /sc ONLOGON /tr "'C:\Program Files\Windows Multimedia Platform\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwHF" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Multimedia Platform\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 7 /tr "'C:\Users\user\SendTo\sihost.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "sihost" /sc ONLOGON /tr "'C:\Users\user\SendTo\sihost.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 8 /tr "'C:\Users\user\SendTo\sihost.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\jdownloader\config\conhost.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Program Files (x86)\jdownloader\config\conhost.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\jdownloader\config\conhost.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwHF" /sc MINUTE /mo 6 /tr "'C:\Recovery\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwH" /sc ONLOGON /tr "'C:\Recovery\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'" /rl
HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwHF" /sc MINUTE /mo 14 /tr "'C:\Recovery\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwHF" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\Templates\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwH" /sc ONLOGON /tr "'C:\Users\All Users\Templates\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwHF" /sc MINUTE /mo 14 /tr "'C:\Users\All Users\Templates\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Program Files (x86)\jDownloader\config\conhost.exe
|
"C:\Program Files (x86)\jdownloader\config\conhost.exe"
|
|
|
|
C:\Program Files (x86)\jDownloader\config\conhost.exe
|
"C:\Program Files (x86)\jdownloader\config\conhost.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwHF" /sc MINUTE /mo 10 /tr "'C:\Windows\IdentityCRL\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "FMxFFfLOKpqCLtTFEmbkPKJrDwH" /sc ONLOGON /tr "'C:\Windows\IdentityCRL\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe'"
/rl HIGHEST /f
|
|
|
|
C:\ProgramData\Microsoft\Windows\Templates\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe
|
"C:\Users\All Users\Templates\FMxFFfLOKpqCLtTFEmbkPKJrDwH.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Hypercontainercomponentnetcommon\hUqNkgIMv7nY24UYezK0etl.bat"
"
|
There are 28 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
letter-takes.gl.at.ply.gg
|
|
||
|
http://a0991799.xsph.ru/@=AjM2MDZ4kjN
|
|
||
|
127.0.0.1
|
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
letter-takes.gl.at.ply.gg
|
147.185.221.19
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
127.0.0.1
|
unknown
|
unknown
|
|
|
|
147.185.221.19
|
letter-takes.gl.at.ply.gg
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FMxFFfLOKpqCLtTFEmbkPKJrDwH
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FMxFFfLOKpqCLtTFEmbkPKJrDwH
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RuntimeBroker
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RuntimeBroker
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
sihost
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
sihost
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
conhost
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UserOOBEBroker
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UserOOBEBroker
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
OfficeClickToRun
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
XClient
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
XClient
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
PromptOnSecureDesktop
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FMxFFfLOKpqCLtTFEmbkPKJrDwH
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FMxFFfLOKpqCLtTFEmbkPKJrDwH
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FMxFFfLOKpqCLtTFEmbkPKJrDwH
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FMxFFfLOKpqCLtTFEmbkPKJrDwH
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FMxFFfLOKpqCLtTFEmbkPKJrDwH
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FMxFFfLOKpqCLtTFEmbkPKJrDwH
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FMxFFfLOKpqCLtTFEmbkPKJrDwH
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FMxFFfLOKpqCLtTFEmbkPKJrDwH
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FMxFFfLOKpqCLtTFEmbkPKJrDwH
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FMxFFfLOKpqCLtTFEmbkPKJrDwH
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FMxFFfLOKpqCLtTFEmbkPKJrDwH
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FMxFFfLOKpqCLtTFEmbkPKJrDwH
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FMxFFfLOKpqCLtTFEmbkPKJrDwH
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FMxFFfLOKpqCLtTFEmbkPKJrDwH
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RuntimeBroker
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RuntimeBroker
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
|
CheckSetting
|
||
|
HKEY_CURRENT_USER\SOFTWARE\f15d5d937f87d5f73ef23e994998f0a9066901d6
|
f9e4d8c1913ccf7b531b94f1bcd01fad12be032b
|
There are 41 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
B09000
|
heap
|
page read and write
|
|
|
|
28C1000
|
trusted library allocation
|
page read and write
|
|
|
|
482000
|
unkown
|
page readonly
|
|
|
|
2901000
|
trusted library allocation
|
page read and write
|
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
26A1000
|
trusted library allocation
|
page read and write
|
|
|
|
1290D000
|
trusted library allocation
|
page read and write
|
|
|
|
B0E000
|
heap
|
page read and write
|
|
|
|
2F1A000
|
trusted library allocation
|
page read and write
|
|
|
|
2EC1000
|
trusted library allocation
|
page read and write
|
|
|
|
7FF7C01D6000
|
unkown
|
page read and write
|
|
|
|
28DC000
|
trusted library allocation
|
page read and write
|
|
|
|
2AE6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B786000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7D1000
|
trusted library allocation
|
page execute and read and write
|
||
|
31C1000
|
trusted library allocation
|
page read and write
|
||
|
3342000
|
heap
|
page read and write
|
||
|
338F000
|
heap
|
page read and write
|
||
|
114C000
|
heap
|
page read and write
|
||
|
A5E000
|
stack
|
page read and write
|
||
|
1B5C790A000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
1BA39000
|
heap
|
page read and write
|
||
|
7FFD9B6FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B9E000
|
stack
|
page read and write
|
||
|
1B290000
|
trusted library section
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
B9D000
|
heap
|
page read and write
|
||
|
7FFD9B750000
|
trusted library allocation
|
page read and write
|
||
|
1B583000
|
stack
|
page read and write
|
||
|
1B78E000
|
stack
|
page read and write
|
||
|
2D4E000
|
trusted library allocation
|
page read and write
|
||
|
1B5C790A000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
2A79000
|
heap
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
709000
|
stack
|
page read and write
|
||
|
4DFE000
|
stack
|
page read and write
|
||
|
3319000
|
heap
|
page read and write
|
||
|
1C76E000
|
heap
|
page read and write
|
||
|
7FFD9B6AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
326F000
|
trusted library allocation
|
page read and write
|
||
|
1B413000
|
stack
|
page read and write
|
||
|
1BA63000
|
heap
|
page read and write
|
||
|
4920000
|
heap
|
page read and write
|
||
|
1B46E000
|
stack
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
1BA30000
|
heap
|
page execute and read and write
|
||
|
1BA8C000
|
stack
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
1BD00000
|
trusted library section
|
page read and write
|
||
|
7FFD9B6E0000
|
trusted library allocation
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
3059000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6A0000
|
trusted library allocation
|
page read and write
|
||
|
31C9000
|
trusted library allocation
|
page read and write
|
||
|
363E000
|
stack
|
page read and write
|
||
|
1B06E000
|
stack
|
page read and write
|
||
|
CF6000
|
heap
|
page read and write
|
||
|
B8E000
|
heap
|
page read and write
|
||
|
1C940000
|
heap
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
2EB0000
|
heap
|
page execute and read and write
|
||
|
1B58C000
|
stack
|
page read and write
|
||
|
2AFB000
|
heap
|
page read and write
|
||
|
2A7E000
|
heap
|
page read and write
|
||
|
18795000
|
trusted library allocation
|
page read and write
|
||
|
1BF70000
|
trusted library section
|
page read and write
|
||
|
1B100000
|
trusted library section
|
page read and write
|
||
|
1B5C969A000
|
trusted library allocation
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page read and write
|
||
|
2AB7000
|
heap
|
page read and write
|
||
|
7FFD9B6C4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8C4000
|
trusted library allocation
|
page read and write
|
||
|
F94000
|
heap
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
1B5C97C0000
|
heap
|
page read and write
|
||
|
12BEF000
|
trusted library allocation
|
page read and write
|
||
|
38BC000
|
stack
|
page read and write
|
||
|
36BE000
|
stack
|
page read and write
|
||
|
1C853000
|
heap
|
page read and write
|
||
|
7FFD9B6A4000
|
trusted library allocation
|
page read and write
|
||
|
4E00000
|
heap
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
1B5C7984000
|
heap
|
page read and write
|
||
|
7FFD9BA91000
|
trusted library allocation
|
page read and write
|
||
|
1B732000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
7FFD9B84C000
|
trusted library allocation
|
page read and write
|
||
|
1B28E000
|
stack
|
page read and write
|
||
|
7FFD9B80A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
2A6C000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
7FFD9BAD2000
|
trusted library allocation
|
page read and write
|
||
|
D55000
|
heap
|
page read and write
|
||
|
4EB0000
|
heap
|
page read and write
|
||
|
7FFD9B976000
|
trusted library allocation
|
page read and write
|
||
|
BB6000
|
heap
|
page read and write
|
||
|
1BA35000
|
heap
|
page read and write
|
||
|
31B9000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
2F12000
|
trusted library allocation
|
page read and write
|
||
|
2AA3000
|
heap
|
page read and write
|
||
|
1201000
|
heap
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
7FFD9B6C4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B88C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6C0000
|
trusted library allocation
|
page read and write
|
||
|
1B5C7981000
|
heap
|
page read and write
|
||
|
4B6000
|
stack
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
1B5C78EA000
|
heap
|
page read and write
|
||
|
338F000
|
heap
|
page read and write
|
||
|
2A62000
|
heap
|
page read and write
|
||
|
2F77000
|
trusted library allocation
|
page read and write
|
||
|
39BC000
|
stack
|
page read and write
|
||
|
3311000
|
heap
|
page read and write
|
||
|
7FFD9B6F3000
|
trusted library allocation
|
page read and write
|
||
|
4CAF000
|
stack
|
page read and write
|
||
|
1BECC000
|
stack
|
page read and write
|
||
|
1BF3E000
|
stack
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
1B741000
|
heap
|
page read and write
|
||
|
2AA4000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
1B5C9850000
|
trusted library allocation
|
page read and write
|
||
|
1A6D0000
|
trusted library allocation
|
page read and write
|
||
|
1B5C796E000
|
heap
|
page read and write
|
||
|
7FFD9B750000
|
trusted library allocation
|
page read and write
|
||
|
1B9DF000
|
heap
|
page read and write
|
||
|
31D7000
|
trusted library allocation
|
page read and write
|
||
|
2F6E000
|
trusted library allocation
|
page read and write
|
||
|
2690000
|
heap
|
page read and write
|
||
|
1B00E000
|
stack
|
page read and write
|
||
|
34BF000
|
stack
|
page read and write
|
||
|
28D0000
|
trusted library section
|
page read and write
|
||
|
1790D000
|
trusted library allocation
|
page read and write
|
||
|
2AFA000
|
heap
|
page read and write
|
||
|
36E9000
|
heap
|
page read and write
|
||
|
1B5C7903000
|
heap
|
page read and write
|
||
|
1BF40000
|
trusted library section
|
page read and write
|
||
|
7FFD9B700000
|
trusted library allocation
|
page read and write
|
||
|
2978000
|
trusted library allocation
|
page read and write
|
||
|
405000
|
unkown
|
page write copy
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
2AFA000
|
heap
|
page read and write
|
||
|
33CC000
|
heap
|
page read and write
|
||
|
3AB5BFE000
|
stack
|
page read and write
|
||
|
7FFD9B6AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BA2000
|
trusted library allocation
|
page read and write
|
||
|
325E000
|
heap
|
page read and write
|
||
|
126A1000
|
trusted library allocation
|
page read and write
|
||
|
305D000
|
trusted library allocation
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
1BA6C000
|
heap
|
page read and write
|
||
|
2C73000
|
trusted library allocation
|
page read and write
|
||
|
1B68E000
|
stack
|
page read and write
|
||
|
B5C000
|
heap
|
page read and write
|
||
|
1B5C7800000
|
heap
|
page readonly
|
||
|
3330000
|
heap
|
page read and write
|
||
|
2DE7000
|
trusted library allocation
|
page read and write
|
||
|
AE4000
|
heap
|
page read and write
|
||
|
2F14000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B896000
|
trusted library allocation
|
page read and write
|
||
|
3354000
|
heap
|
page read and write
|
||
|
2AAD000
|
heap
|
page read and write
|
||
|
334B000
|
heap
|
page read and write
|
||
|
31C3000
|
trusted library allocation
|
page read and write
|
||
|
3357000
|
heap
|
page read and write
|
||
|
335E000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
28B0000
|
heap
|
page execute and read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page read and write
|
||
|
1B5C7981000
|
heap
|
page read and write
|
||
|
B0C000
|
heap
|
page read and write
|
||
|
3351000
|
heap
|
page read and write
|
||
|
1BBC0000
|
heap
|
page read and write
|
||
|
7FFD9B700000
|
trusted library allocation
|
page read and write
|
||
|
55EF000
|
stack
|
page read and write
|
||
|
1B9DE000
|
stack
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
335E000
|
heap
|
page read and write
|
||
|
1C86F000
|
heap
|
page read and write
|
||
|
9F0000
|
trusted library allocation
|
page read and write
|
||
|
831000
|
heap
|
page read and write
|
||
|
7FFD9B856000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B5C78B8000
|
heap
|
page read and write
|
||
|
7FFD9B6E4000
|
trusted library allocation
|
page read and write
|
||
|
3354000
|
heap
|
page read and write
|
||
|
531B000
|
stack
|
page read and write
|
||
|
932000
|
unkown
|
page write copy
|
||
|
7FFD9B6F7000
|
trusted library allocation
|
page read and write
|
||
|
274D000
|
heap
|
page read and write
|
||
|
1BA51000
|
heap
|
page read and write
|
||
|
480000
|
unkown
|
page readonly
|
||
|
13E5000
|
heap
|
page read and write
|
||
|
18665000
|
trusted library allocation
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
377E000
|
stack
|
page read and write
|
||
|
8D5000
|
heap
|
page read and write
|
||
|
2A6E000
|
heap
|
page read and write
|
||
|
7FFD9B8AB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3342000
|
heap
|
page read and write
|
||
|
7FFD9B883000
|
trusted library allocation
|
page read and write
|
||
|
54EF000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
1C979000
|
heap
|
page read and write
|
||
|
2BAC000
|
trusted library allocation
|
page read and write
|
||
|
1BF50000
|
trusted library section
|
page read and write
|
||
|
7FFD9B6BC000
|
trusted library allocation
|
page read and write
|
||
|
333B000
|
heap
|
page read and write
|
||
|
3378000
|
heap
|
page read and write
|
||
|
918000
|
heap
|
page read and write
|
||
|
12EC8000
|
trusted library allocation
|
page read and write
|
||
|
1C781000
|
heap
|
page read and write
|
||
|
304D000
|
trusted library allocation
|
page read and write
|
||
|
890000
|
trusted library allocation
|
page read and write
|
||
|
2CB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA58000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6C0000
|
trusted library allocation
|
page read and write
|
||
|
1B5C7916000
|
heap
|
page read and write
|
||
|
2AA7000
|
heap
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
E45000
|
heap
|
page read and write
|
||
|
2A6F000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
2B1F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
126A1000
|
trusted library allocation
|
page read and write
|
||
|
1183000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
335E000
|
heap
|
page read and write
|
||
|
872000
|
heap
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AE4D000
|
stack
|
page read and write
|
||
|
2A64000
|
heap
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
2C28000
|
trusted library allocation
|
page read and write
|
||
|
3051000
|
trusted library allocation
|
page read and write
|
||
|
1B5C790A000
|
heap
|
page read and write
|
||
|
1C82E000
|
heap
|
page read and write
|
||
|
7FFD9B70B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B6B3000
|
trusted library allocation
|
page read and write
|
||
|
1872F000
|
trusted library allocation
|
page read and write
|
||
|
529E000
|
stack
|
page read and write
|
||
|
3047000
|
trusted library allocation
|
page read and write
|
||
|
3337000
|
heap
|
page read and write
|
||
|
2C6F000
|
trusted library allocation
|
page read and write
|
||
|
2875000
|
trusted library allocation
|
page read and write
|
||
|
8D0000
|
unkown
|
page readonly
|
||
|
8D8000
|
heap
|
page read and write
|
||
|
2D2000
|
unkown
|
page readonly
|
||
|
7FFD9B80F000
|
trusted library allocation
|
page execute and read and write
|
||
|
AAF000
|
heap
|
page read and write
|
||
|
1BA68000
|
heap
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
2D0000
|
unkown
|
page readonly
|
||
|
2DEB000
|
trusted library allocation
|
page read and write
|
||
|
1B5C798A000
|
heap
|
page read and write
|
||
|
2AE4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6A4000
|
trusted library allocation
|
page read and write
|
||
|
776000
|
stack
|
page read and write
|
||
|
D34000
|
heap
|
page read and write
|
||
|
67D0000
|
trusted library allocation
|
page read and write
|
||
|
1C7B5000
|
heap
|
page read and write
|
||
|
2AE2000
|
trusted library allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
31D1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9FD000
|
trusted library allocation
|
page read and write
|
||
|
65EA000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
B8E000
|
heap
|
page read and write
|
||
|
7FFD9B6FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
96A000
|
heap
|
page read and write
|
||
|
57EE000
|
stack
|
page read and write
|
||
|
126A3000
|
trusted library allocation
|
page read and write
|
||
|
5B2000
|
stack
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
1BA60000
|
heap
|
page read and write
|
||
|
7FFD9B863000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B796000
|
trusted library allocation
|
page read and write
|
||
|
2D52000
|
trusted library allocation
|
page read and write
|
||
|
1D0FE000
|
stack
|
page read and write
|
||
|
4E9F000
|
stack
|
page read and write
|
||
|
2630000
|
heap
|
page read and write
|
||
|
1AEF0000
|
trusted library allocation
|
page read and write
|
||
|
B9E000
|
heap
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
3378000
|
heap
|
page read and write
|
||
|
2CE5000
|
trusted library allocation
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
1B330000
|
trusted library section
|
page read and write
|
||
|
2E6B000
|
trusted library allocation
|
page read and write
|
||
|
1B110000
|
trusted library section
|
page read and write
|
||
|
3334000
|
heap
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
334E000
|
heap
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
B5E000
|
heap
|
page read and write
|
||
|
12901000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
ECF000
|
stack
|
page read and write
|
||
|
8A5000
|
heap
|
page read and write
|
||
|
333F000
|
heap
|
page read and write
|
||
|
B71000
|
heap
|
page read and write
|
||
|
33CA000
|
heap
|
page read and write
|
||
|
7FFD9B932000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
A8E000
|
heap
|
page read and write
|
||
|
CAE000
|
stack
|
page read and write
|
||
|
26EF000
|
stack
|
page read and write
|
||
|
65E2000
|
heap
|
page read and write
|
||
|
128CD000
|
trusted library allocation
|
page read and write
|
||
|
1C720000
|
heap
|
page read and write
|
||
|
B78000
|
heap
|
page read and write
|
||
|
387F000
|
stack
|
page read and write
|
||
|
636000
|
unkown
|
page readonly
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
2CC2000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
5A7000
|
stack
|
page read and write
|
||
|
3354000
|
heap
|
page read and write
|
||
|
2CAB000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0181000
|
unkown
|
page execute read
|
||
|
27EF000
|
stack
|
page read and write
|
||
|
7FFD9B8A3000
|
trusted library allocation
|
page read and write
|
||
|
2A79000
|
heap
|
page read and write
|
||
|
7FFD9B98B000
|
trusted library allocation
|
page read and write
|
||
|
325A000
|
heap
|
page read and write
|
||
|
2DE9000
|
trusted library allocation
|
page read and write
|
||
|
BBB000
|
heap
|
page read and write
|
||
|
2D50000
|
trusted library allocation
|
page read and write
|
||
|
3199000
|
trusted library allocation
|
page read and write
|
||
|
4B50000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
2E71000
|
trusted library allocation
|
page read and write
|
||
|
1B763000
|
stack
|
page read and write
|
||
|
2D5A000
|
trusted library allocation
|
page read and write
|
||
|
2AB6000
|
heap
|
page read and write
|
||
|
128C1000
|
trusted library allocation
|
page read and write
|
||
|
5CDC000
|
stack
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
3AB5FFE000
|
stack
|
page read and write
|
||
|
7FFD9B863000
|
trusted library allocation
|
page read and write
|
||
|
2CAF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B70D000
|
trusted library allocation
|
page execute and read and write
|
||
|
B25000
|
heap
|
page read and write
|
||
|
7FFD9B88A000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C01EC000
|
unkown
|
page readonly
|
||
|
1BF60000
|
trusted library section
|
page read and write
|
||
|
632000
|
unkown
|
page readonly
|
||
|
1C84A000
|
heap
|
page read and write
|
||
|
1B970000
|
heap
|
page read and write
|
||
|
1B5C7919000
|
heap
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C69000
|
trusted library allocation
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
2DE5000
|
trusted library allocation
|
page read and write
|
||
|
28C0000
|
trusted library section
|
page read and write
|
||
|
1C82A000
|
heap
|
page read and write
|
||
|
2755000
|
trusted library allocation
|
page read and write
|
||
|
1B5C78EA000
|
heap
|
page read and write
|
||
|
1B040000
|
heap
|
page execute and read and write
|
||
|
1BE3E000
|
stack
|
page read and write
|
||
|
3333000
|
heap
|
page read and write
|
||
|
1AD7C000
|
stack
|
page read and write
|
||
|
1B5C7B7E000
|
heap
|
page read and write
|
||
|
842000
|
heap
|
page read and write
|
||
|
11AC000
|
heap
|
page read and write
|
||
|
34EE000
|
stack
|
page read and write
|
||
|
2B23000
|
trusted library allocation
|
page read and write
|
||
|
87D000
|
stack
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3057000
|
trusted library allocation
|
page read and write
|
||
|
5C9F000
|
stack
|
page read and write
|
||
|
7FFD9B6F7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB83000
|
trusted library allocation
|
page read and write
|
||
|
29B4000
|
heap
|
page read and write
|
||
|
7FFD9B6ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B6BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BCE0000
|
trusted library section
|
page read and write
|
||
|
7FFD9B79C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BA6000
|
trusted library allocation
|
page read and write
|
||
|
97A000
|
heap
|
page read and write
|
||
|
7FFD9B79C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B6AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B28F000
|
stack
|
page read and write
|
||
|
34FE000
|
stack
|
page read and write
|
||
|
1B5C7922000
|
heap
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
3AB5766000
|
stack
|
page read and write
|
||
|
E3E000
|
stack
|
page read and write
|
||
|
525E000
|
stack
|
page read and write
|
||
|
2DE1000
|
trusted library allocation
|
page read and write
|
||
|
1BCD0000
|
trusted library section
|
page read and write
|
||
|
128C3000
|
trusted library allocation
|
page read and write
|
||
|
1BF80000
|
trusted library section
|
page read and write
|
||
|
1C759000
|
heap
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page execute and read and write
|
||
|
B71000
|
heap
|
page read and write
|
||
|
1BDCE000
|
stack
|
page read and write
|
||
|
4F9F000
|
stack
|
page read and write
|
||
|
8D1000
|
unkown
|
page execute read
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
7FFD9B756000
|
trusted library allocation
|
page read and write
|
||
|
8B8000
|
heap
|
page read and write
|
||
|
1B88F000
|
stack
|
page read and write
|
||
|
133F000
|
stack
|
page read and write
|
||
|
126A8000
|
trusted library allocation
|
page read and write
|
||
|
515D000
|
stack
|
page read and write
|
||
|
2AFA000
|
heap
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
12ECD000
|
trusted library allocation
|
page read and write
|
||
|
B46000
|
heap
|
page read and write
|
||
|
AFC000
|
heap
|
page read and write
|
||
|
AB2000
|
heap
|
page read and write
|
||
|
3053000
|
trusted library allocation
|
page read and write
|
||
|
A76000
|
heap
|
page read and write
|
||
|
1B966000
|
stack
|
page read and write
|
||
|
1BA14000
|
heap
|
page read and write
|
||
|
2DDF000
|
trusted library allocation
|
page read and write
|
||
|
1C732000
|
heap
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
1BF40000
|
heap
|
page read and write
|
||
|
2E69000
|
trusted library allocation
|
page read and write
|
||
|
13B5000
|
heap
|
page read and write
|
||
|
2F83000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B881000
|
trusted library allocation
|
page read and write
|
||
|
592F000
|
stack
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3333000
|
heap
|
page read and write
|
||
|
16F0D000
|
trusted library allocation
|
page read and write
|
||
|
335D000
|
heap
|
page read and write
|
||
|
1B38E000
|
stack
|
page read and write
|
||
|
2850000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
B92000
|
heap
|
page read and write
|
||
|
7FFD9B7CF000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B5C78D6000
|
heap
|
page read and write
|
||
|
2C75000
|
trusted library allocation
|
page read and write
|
||
|
12EC1000
|
trusted library allocation
|
page read and write
|
||
|
A9A000
|
heap
|
page read and write
|
||
|
12ED1000
|
trusted library allocation
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
1B360000
|
heap
|
page execute and read and write
|
||
|
8BB000
|
heap
|
page read and write
|
||
|
2660000
|
heap
|
page read and write
|
||
|
7FFD9B6E6000
|
trusted library allocation
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
305B000
|
trusted library allocation
|
page read and write
|
||
|
2E67000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page execute and read and write
|
||
|
25DE000
|
stack
|
page read and write
|
||
|
2C2E000
|
trusted library allocation
|
page read and write
|
||
|
1B21E000
|
stack
|
page read and write
|
||
|
5957000
|
heap
|
page read and write
|
||
|
52DE000
|
stack
|
page read and write
|
||
|
31E0000
|
trusted library allocation
|
page read and write
|
||
|
3AB575B000
|
stack
|
page read and write
|
||
|
1B2B0000
|
trusted library section
|
page read and write
|
||
|
2B01000
|
heap
|
page read and write
|
||
|
2CB7000
|
heap
|
page read and write
|
||
|
1B38F000
|
stack
|
page read and write
|
||
|
7FFD9B884000
|
trusted library allocation
|
page read and write
|
||
|
66DF000
|
stack
|
page read and write
|
||
|
1B2A0000
|
trusted library section
|
page read and write
|
||
|
1B720000
|
heap
|
page read and write
|
||
|
B78000
|
heap
|
page read and write
|
||
|
DBF000
|
stack
|
page read and write
|
||
|
1BCF0000
|
trusted library section
|
page read and write
|
||
|
3335000
|
heap
|
page read and write
|
||
|
14EF000
|
stack
|
page read and write
|
||
|
32F8000
|
heap
|
page read and write
|
||
|
12950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
2A96000
|
heap
|
page read and write
|
||
|
7FF7C01F0000
|
unkown
|
page readonly
|
||
|
1B270000
|
trusted library section
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
7FFD9B8A7000
|
trusted library allocation
|
page read and write
|
||
|
186C9000
|
trusted library allocation
|
page read and write
|
||
|
305F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B01000
|
heap
|
page read and write
|
||
|
B21000
|
heap
|
page read and write
|
||
|
1A8F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BFA0000
|
trusted library section
|
page read and write
|
||
|
334C000
|
heap
|
page read and write
|
||
|
903000
|
unkown
|
page readonly
|
||
|
7FFD9B89B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B851000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
3312000
|
heap
|
page read and write
|
||
|
C8F000
|
stack
|
page read and write
|
||
|
3055000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B808000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BA000
|
stack
|
page read and write
|
||
|
1172000
|
heap
|
page read and write
|
||
|
1B5C78F0000
|
heap
|
page read and write
|
||
|
480000
|
unkown
|
page readonly
|
||
|
1146000
|
heap
|
page read and write
|
||
|
31BF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B84A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA9F000
|
trusted library allocation
|
page read and write
|
||
|
90E000
|
unkown
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
7FFD9B811000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B6B2000
|
trusted library allocation
|
page read and write
|
||
|
1C937000
|
heap
|
page read and write
|
||
|
AAE000
|
stack
|
page read and write
|
||
|
12B70000
|
trusted library allocation
|
page read and write
|
||
|
B97000
|
heap
|
page read and write
|
||
|
7FFD9B6BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B6BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B8A3000
|
trusted library allocation
|
page read and write
|
||
|
2AF9000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
3AB5EFD000
|
stack
|
page read and write
|
||
|
596000
|
stack
|
page read and write
|
||
|
1650D000
|
trusted library allocation
|
page read and write
|
||
|
1C997000
|
heap
|
page read and write
|
||
|
337A000
|
heap
|
page read and write
|
||
|
26A1000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
stack
|
page read and write
|
||
|
1B320000
|
trusted library section
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C81F000
|
heap
|
page read and write
|
||
|
7FFD9BB90000
|
trusted library allocation
|
page read and write
|
||
|
28DA000
|
trusted library allocation
|
page read and write
|
||
|
B65000
|
heap
|
page read and write
|
||
|
5940000
|
heap
|
page read and write
|
||
|
7FF7C01CD000
|
unkown
|
page write copy
|
||
|
7FFD9BB8D000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
3335000
|
heap
|
page read and write
|
||
|
2ADC000
|
trusted library allocation
|
page read and write
|
||
|
3386000
|
heap
|
page read and write
|
||
|
36E0000
|
heap
|
page read and write
|
||
|
1330D000
|
trusted library allocation
|
page read and write
|
||
|
1CFFE000
|
stack
|
page read and write
|
||
|
1B61E000
|
stack
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
7FFD9B6B3000
|
trusted library allocation
|
page read and write
|
||
|
914000
|
unkown
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
1B5C7906000
|
heap
|
page read and write
|
||
|
333B000
|
heap
|
page read and write
|
||
|
1830D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
1B44C000
|
stack
|
page read and write
|
||
|
2D56000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B786000
|
trusted library allocation
|
page execute and read and write
|
||
|
11FF000
|
heap
|
page read and write
|
||
|
5C4000
|
stack
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
7FFD9B75C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A930000
|
trusted library allocation
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
2B01000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
7FFD9B786000
|
trusted library allocation
|
page execute and read and write
|
||
|
303D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6C4000
|
trusted library allocation
|
page read and write
|
||
|
3319000
|
heap
|
page read and write
|
||
|
1C920000
|
heap
|
page read and write
|
||
|
932000
|
unkown
|
page readonly
|
||
|
7FFD9B84C000
|
trusted library allocation
|
page read and write
|
||
|
3344000
|
heap
|
page read and write
|
||
|
1B56E000
|
stack
|
page read and write
|
||
|
2BA8000
|
trusted library allocation
|
page read and write
|
||
|
C6F000
|
stack
|
page read and write
|
||
|
7FFD9B7CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B5C9840000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
1C78B000
|
heap
|
page read and write
|
||
|
1BFB0000
|
trusted library section
|
page read and write
|
||
|
304B000
|
trusted library allocation
|
page read and write
|
||
|
1B5C78DD000
|
heap
|
page read and write
|
||
|
A7C000
|
heap
|
page read and write
|
||
|
1B5C78EA000
|
heap
|
page read and write
|
||
|
BB3000
|
heap
|
page read and write
|
||
|
B93000
|
heap
|
page read and write
|
||
|
31D3000
|
trusted library allocation
|
page read and write
|
||
|
B71000
|
heap
|
page read and write
|
||
|
1C75D000
|
heap
|
page read and write
|
||
|
2ADF000
|
heap
|
page read and write
|
||
|
2DE3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB60000
|
trusted library allocation
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
2CAD000
|
trusted library allocation
|
page read and write
|
||
|
833000
|
heap
|
page read and write
|
||
|
2B01000
|
heap
|
page read and write
|
||
|
1B31F000
|
stack
|
page read and write
|
||
|
2752000
|
trusted library allocation
|
page read and write
|
||
|
2B1D000
|
trusted library allocation
|
page read and write
|
||
|
1B5C7B70000
|
heap
|
page read and write
|
||
|
7FFD9B70D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CE1000
|
trusted library allocation
|
page read and write
|
||
|
2C3F000
|
stack
|
page read and write
|
||
|
1BF09000
|
stack
|
page read and write
|
||
|
31CD000
|
trusted library allocation
|
page read and write
|
||
|
3343000
|
heap
|
page read and write
|
||
|
7FFD9B6F3000
|
trusted library allocation
|
page read and write
|
||
|
1B664000
|
stack
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
3AB60FF000
|
stack
|
page read and write
|
||
|
8F6000
|
stack
|
page read and write
|
||
|
7FFD9B704000
|
trusted library allocation
|
page read and write
|
||
|
8DD000
|
heap
|
page read and write
|
||
|
2F71000
|
trusted library allocation
|
page read and write
|
||
|
1B48F000
|
stack
|
page read and write
|
||
|
931000
|
unkown
|
page read and write
|
||
|
7FFD9B6E4000
|
trusted library allocation
|
page read and write
|
||
|
31C5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BADB000
|
trusted library allocation
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
3338000
|
heap
|
page read and write
|
||
|
F1E000
|
stack
|
page read and write
|
||
|
4E8D000
|
heap
|
page read and write
|
||
|
116A000
|
heap
|
page read and write
|
||
|
7FFD9B75C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3AB61FB000
|
stack
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
1BA17000
|
heap
|
page read and write
|
||
|
1C754000
|
heap
|
page read and write
|
||
|
1510D000
|
trusted library allocation
|
page read and write
|
||
|
1B0F0000
|
trusted library section
|
page read and write
|
||
|
1BBC4000
|
heap
|
page read and write
|
||
|
404000
|
unkown
|
page read and write
|
||
|
1C84F000
|
heap
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
338F000
|
heap
|
page read and write
|
||
|
1B5C78F1000
|
heap
|
page read and write
|
||
|
337A000
|
heap
|
page read and write
|
||
|
5A9000
|
stack
|
page read and write
|
||
|
13170000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B756000
|
trusted library allocation
|
page read and write
|
||
|
1BB6D000
|
stack
|
page read and write
|
||
|
7FFD9B6CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
128D1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
2B01000
|
heap
|
page read and write
|
||
|
1BF49000
|
heap
|
page read and write
|
||
|
1B5C791C000
|
heap
|
page read and write
|
||
|
1C7B2000
|
heap
|
page read and write
|
||
|
7FFD9B6ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
3386000
|
heap
|
page read and write
|
||
|
7FFD9B843000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A7A000
|
heap
|
page read and write
|
||
|
3378000
|
heap
|
page read and write
|
||
|
1C8A3000
|
heap
|
page read and write
|
||
|
2A7D000
|
heap
|
page read and write
|
||
|
338F000
|
heap
|
page read and write
|
||
|
1BF20000
|
trusted library section
|
page read and write
|
||
|
1B150000
|
trusted library section
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
2B01000
|
heap
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page read and write
|
||
|
2F74000
|
trusted library allocation
|
page read and write
|
||
|
1B160000
|
heap
|
page read and write
|
||
|
67FF000
|
stack
|
page read and write
|
||
|
1C86C000
|
heap
|
page read and write
|
||
|
7FFD9B73C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CD4000
|
trusted library allocation
|
page read and write
|
||
|
51DF000
|
stack
|
page read and write
|
||
|
7FFD9BB8A000
|
trusted library allocation
|
page read and write
|
||
|
1BF10000
|
trusted library section
|
page read and write
|
||
|
7FFD9B6B0000
|
trusted library allocation
|
page read and write
|
||
|
3344000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
1C80A000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
F60000
|
heap
|
page execute and read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
7FFD9BB66000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C01EF000
|
unkown
|
page write copy
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
1B5C7830000
|
heap
|
page read and write
|
||
|
306F000
|
stack
|
page read and write
|
||
|
3AB5AFD000
|
stack
|
page read and write
|
||
|
1C810000
|
heap
|
page read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page read and write
|
||
|
2BAA000
|
trusted library allocation
|
page read and write
|
||
|
2AFA000
|
heap
|
page read and write
|
||
|
3066000
|
trusted library allocation
|
page read and write
|
||
|
1B310000
|
trusted library section
|
page read and write
|
||
|
28B0000
|
trusted library section
|
page read and write
|
||
|
7FFD9BA68000
|
trusted library allocation
|
page read and write
|
||
|
1C96A000
|
heap
|
page read and write
|
||
|
7FFD9B6B7000
|
trusted library allocation
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
31D5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A68000
|
heap
|
page read and write
|
||
|
7FFD9B6E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
1B5C7981000
|
heap
|
page read and write
|
||
|
1B5C790E000
|
heap
|
page read and write
|
||
|
1B51E000
|
stack
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
1C773000
|
heap
|
page read and write
|
||
|
338F000
|
heap
|
page read and write
|
||
|
7FF7C0181000
|
unkown
|
page execute read
|
||
|
1AC2C000
|
stack
|
page read and write
|
||
|
CC3000
|
trusted library allocation
|
page read and write
|
||
|
7FF4053D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD3E000
|
stack
|
page read and write
|
||
|
7FFD9B796000
|
trusted library allocation
|
page read and write
|
||
|
2AFA000
|
heap
|
page read and write
|
||
|
B34000
|
heap
|
page read and write
|
||
|
1B68E000
|
stack
|
page read and write
|
||
|
2F0F000
|
trusted library allocation
|
page read and write
|
||
|
1D1FC000
|
stack
|
page read and write
|
||
|
1B0E0000
|
trusted library section
|
page read and write
|
||
|
7FFD9B9C9000
|
trusted library allocation
|
page read and write
|
||
|
2D0000
|
unkown
|
page readonly
|
||
|
31CB000
|
trusted library allocation
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
E86000
|
heap
|
page read and write
|
||
|
2AFA000
|
heap
|
page read and write
|
||
|
7FFD9B6A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C0CA000
|
stack
|
page read and write
|
||
|
320E000
|
stack
|
page read and write
|
||
|
3257000
|
heap
|
page read and write
|
||
|
1B5C796E000
|
heap
|
page read and write
|
||
|
7FFD9B7C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
274F000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6E0000
|
trusted library allocation
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
1BCC0000
|
trusted library section
|
page read and write
|
||
|
4CFA000
|
trusted library allocation
|
page read and write
|
||
|
2AF9000
|
heap
|
page read and write
|
||
|
2AF9000
|
heap
|
page read and write
|
||
|
2C2C000
|
trusted library allocation
|
page read and write
|
||
|
1B5C790E000
|
heap
|
page read and write
|
||
|
AB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B84E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
1B974000
|
heap
|
page read and write
|
||
|
1C896000
|
heap
|
page read and write
|
||
|
8B5000
|
heap
|
page read and write
|
||
|
2F10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
1B26E000
|
stack
|
page read and write
|
||
|
185B1000
|
trusted library allocation
|
page read and write
|
||
|
2B01000
|
heap
|
page read and write
|
||
|
7FFD9B704000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B5C77F0000
|
heap
|
page read and write
|
||
|
1B5C7984000
|
heap
|
page read and write
|
||
|
3338000
|
heap
|
page read and write
|
||
|
CEE000
|
stack
|
page read and write
|
||
|
95C000
|
heap
|
page read and write
|
||
|
2AF8000
|
heap
|
page read and write
|
||
|
1B5C796E000
|
heap
|
page read and write
|
||
|
25F2000
|
heap
|
page read and write
|
||
|
8D1000
|
unkown
|
page execute read
|
||
|
4FA0000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
1BB3E000
|
stack
|
page read and write
|
||
|
5960000
|
heap
|
page read and write
|
||
|
15B0D000
|
trusted library allocation
|
page read and write
|
||
|
2AB2000
|
heap
|
page read and write
|
||
|
12908000
|
trusted library allocation
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
36C0000
|
heap
|
page read and write
|
||
|
25FF000
|
stack
|
page read and write
|
||
|
6710000
|
heap
|
page read and write
|
||
|
1B140000
|
trusted library section
|
page read and write
|
||
|
5A3000
|
stack
|
page read and write
|
||
|
7FFD9B88E000
|
trusted library allocation
|
page read and write
|
||
|
126A8000
|
trusted library allocation
|
page read and write
|
||
|
82C000
|
heap
|
page read and write
|
||
|
11D9000
|
heap
|
page read and write
|
||
|
7FFD9B6E2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E2000
|
trusted library allocation
|
page read and write
|
||
|
1B5C7984000
|
heap
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
3348000
|
heap
|
page read and write
|
||
|
65EB000
|
heap
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page execute and read and write
|
||
|
8DB000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
1B130000
|
trusted library section
|
page read and write
|
||
|
8CB000
|
heap
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
337A000
|
heap
|
page read and write
|
||
|
C9B000
|
stack
|
page read and write
|
||
|
B85000
|
heap
|
page read and write
|
||
|
3378000
|
heap
|
page read and write
|
||
|
2E6D000
|
trusted library allocation
|
page read and write
|
||
|
AB1000
|
heap
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
7FF7C01CD000
|
unkown
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
3343000
|
heap
|
page read and write
|
||
|
308D000
|
trusted library allocation
|
page read and write
|
||
|
1B5C78F4000
|
heap
|
page read and write
|
||
|
1B5C9681000
|
trusted library allocation
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
2761000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B756000
|
trusted library allocation
|
page read and write
|
||
|
B78000
|
heap
|
page read and write
|
||
|
3386000
|
heap
|
page read and write
|
||
|
128C8000
|
trusted library allocation
|
page read and write
|
||
|
126B1000
|
trusted library allocation
|
page read and write
|
||
|
2A71000
|
heap
|
page read and write
|
||
|
11DC000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1A6D0000
|
trusted library allocation
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
A50000
|
heap
|
page execute and read and write
|
||
|
4BE0000
|
heap
|
page read and write
|
||
|
7FF7C0180000
|
unkown
|
page readonly
|
||
|
1BF30000
|
trusted library section
|
page read and write
|
||
|
12EC3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B88C000
|
trusted library allocation
|
page read and write
|
||
|
B11000
|
heap
|
page read and write
|
||
|
31BD000
|
trusted library allocation
|
page read and write
|
||
|
8C1000
|
heap
|
page read and write
|
||
|
1C7A1000
|
heap
|
page read and write
|
||
|
7FFD9B70B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2ADE000
|
trusted library allocation
|
page read and write
|
||
|
3AB5DFE000
|
stack
|
page read and write
|
||
|
1B86A000
|
stack
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
2B21000
|
trusted library allocation
|
page read and write
|
||
|
AA2000
|
heap
|
page read and write
|
||
|
1470D000
|
trusted library allocation
|
page read and write
|
||
|
327C000
|
trusted library allocation
|
page read and write
|
||
|
31CF000
|
trusted library allocation
|
page read and write
|
||
|
B31000
|
heap
|
page read and write
|
||
|
1B5C78D6000
|
heap
|
page read and write
|
||
|
7FFD9B6A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6B7000
|
trusted library allocation
|
page read and write
|
||
|
2690000
|
heap
|
page execute and read and write
|
||
|
3345000
|
heap
|
page read and write
|
||
|
1B5C7981000
|
heap
|
page read and write
|
||
|
319B000
|
trusted library allocation
|
page read and write
|
||
|
1BF90000
|
trusted library section
|
page read and write
|
||
|
2F16000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
8EB000
|
heap
|
page read and write
|
||
|
1B5CB7B0000
|
heap
|
page read and write
|
||
|
1C83A000
|
heap
|
page read and write
|
||
|
2D54000
|
trusted library allocation
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
B97000
|
heap
|
page read and write
|
||
|
582D000
|
stack
|
page read and write
|
||
|
4A2F000
|
stack
|
page read and write
|
||
|
35FF000
|
stack
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
2D58000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B6BC000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C01BB000
|
unkown
|
page readonly
|
||
|
1B5C7B75000
|
heap
|
page read and write
|
||
|
1C729000
|
heap
|
page read and write
|
||
|
2BA4000
|
trusted library allocation
|
page read and write
|
||
|
2E65000
|
trusted library allocation
|
page read and write
|
||
|
3378000
|
heap
|
page read and write
|
||
|
916000
|
heap
|
page read and write
|
||
|
2E6F000
|
trusted library allocation
|
page read and write
|
||
|
2C26000
|
trusted library allocation
|
page read and write
|
||
|
65EF000
|
heap
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
337A000
|
heap
|
page read and write
|
||
|
1BC70000
|
trusted library section
|
page read and write
|
||
|
8EE000
|
heap
|
page read and write
|
||
|
1163000
|
heap
|
page read and write
|
||
|
1B5C790A000
|
heap
|
page read and write
|
||
|
2C30000
|
trusted library allocation
|
page read and write
|
||
|
304F000
|
trusted library allocation
|
page read and write
|
||
|
337A000
|
heap
|
page read and write
|
||
|
1B8D0000
|
heap
|
page read and write
|
||
|
31C7000
|
trusted library allocation
|
page read and write
|
||
|
D9B000
|
stack
|
page read and write
|
||
|
1B5CAFB0000
|
trusted library allocation
|
page read and write
|
||
|
B58000
|
heap
|
page read and write
|
||
|
2A48000
|
heap
|
page read and write
|
||
|
1B110000
|
heap
|
page read and write
|
||
|
333D000
|
heap
|
page read and write
|
||
|
7FF7C01BB000
|
unkown
|
page readonly
|
||
|
1B5C78B8000
|
heap
|
page read and write
|
||
|
7FFD9B6FC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C01EC000
|
unkown
|
page readonly
|
||
|
90E000
|
unkown
|
page write copy
|
||
|
1B5C9810000
|
heap
|
page read and write
|
||
|
1B88A000
|
stack
|
page read and write
|
||
|
1BFFF000
|
stack
|
page read and write
|
||
|
1B740000
|
heap
|
page read and write
|
||
|
333C000
|
heap
|
page read and write
|
||
|
8D0000
|
unkown
|
page readonly
|
||
|
1C78D000
|
heap
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
3336000
|
heap
|
page read and write
|
||
|
1AC2C000
|
stack
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
2620000
|
heap
|
page execute and read and write
|
||
|
28E0000
|
trusted library section
|
page read and write
|
||
|
7FFD9B958000
|
trusted library allocation
|
page read and write
|
||
|
5DDC000
|
stack
|
page read and write
|
||
|
57C000
|
stack
|
page read and write
|
||
|
7FFD9B6FC000
|
trusted library allocation
|
page read and write
|
||
|
4924000
|
heap
|
page read and write
|
||
|
48DE000
|
stack
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page execute and read and write
|
||
|
65E6000
|
heap
|
page read and write
|
||
|
903000
|
unkown
|
page readonly
|
||
|
E50000
|
trusted library allocation
|
page read and write
|
||
|
3049000
|
trusted library allocation
|
page read and write
|
||
|
1AA20000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
7FFD9B6FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
303F000
|
trusted library allocation
|
page read and write
|
||
|
2C6D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7C8000
|
trusted library allocation
|
page execute and read and write
|
||
|
185A7000
|
trusted library allocation
|
page read and write
|
||
|
3386000
|
heap
|
page read and write
|
||
|
1B71E000
|
stack
|
page read and write
|
||
|
2CB1000
|
trusted library allocation
|
page read and write
|
||
|
50DE000
|
stack
|
page read and write
|
||
|
2B01000
|
heap
|
page read and write
|
||
|
7FFD9B6A2000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0180000
|
unkown
|
page readonly
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
373F000
|
stack
|
page read and write
|
||
|
2AE0000
|
trusted library allocation
|
page read and write
|
||
|
8BD000
|
heap
|
page read and write
|
||
|
F5E000
|
stack
|
page read and write
|
||
|
333C000
|
heap
|
page read and write
|
||
|
1B5C796F000
|
heap
|
page read and write
|
||
|
333A000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
1BE09000
|
stack
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
80C000
|
heap
|
page read and write
|
||
|
126AD000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
1BA11000
|
heap
|
page read and write
|
||
|
7FFD9B8DF000
|
trusted library allocation
|
page read and write
|
||
|
1BA1C000
|
heap
|
page read and write
|
||
|
DF6000
|
stack
|
page read and write
|
||
|
586000
|
stack
|
page read and write
|
||
|
303B000
|
trusted library allocation
|
page read and write
|
||
|
1C785000
|
heap
|
page read and write
|
||
|
1C7F4000
|
heap
|
page read and write
|
||
|
2C2A000
|
trusted library allocation
|
page read and write
|
||
|
B68000
|
heap
|
page read and write
|
||
|
489F000
|
stack
|
page read and write
|
||
|
933000
|
unkown
|
page readonly
|
||
|
1B48E000
|
stack
|
page read and write
|
||
|
2BE4000
|
trusted library allocation
|
page read and write
|
||
|
11B1000
|
heap
|
page read and write
|
||
|
1B5C78E6000
|
heap
|
page read and write
|
||
|
1B88F000
|
stack
|
page read and write
|
||
|
D34000
|
heap
|
page read and write
|
||
|
4E7D000
|
stack
|
page read and write
|
||
|
CB0000
|
trusted library allocation
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
BBB000
|
heap
|
page read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
AFA000
|
stack
|
page read and write
|
||
|
C7F000
|
stack
|
page read and write
|
||
|
7FFD9BB86000
|
trusted library allocation
|
page read and write
|
||
|
3386000
|
heap
|
page read and write
|
||
|
2C71000
|
trusted library allocation
|
page read and write
|
||
|
3197000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B927000
|
trusted library allocation
|
page read and write
|
||
|
68FC000
|
stack
|
page read and write
|
||
|
1BC6A000
|
stack
|
page read and write
|
||
|
121E000
|
heap
|
page read and write
|
||
|
D03000
|
heap
|
page read and write
|
||
|
ECE000
|
stack
|
page read and write
|
||
|
1B5C78DC000
|
heap
|
page read and write
|
||
|
33BE000
|
stack
|
page read and write
|
||
|
31DB000
|
trusted library allocation
|
page read and write
|
||
|
1B984000
|
stack
|
page read and write
|
||
|
2AFA000
|
heap
|
page read and write
|
||
|
332E000
|
heap
|
page read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
ADF000
|
heap
|
page read and write
|
||
|
1B5C7810000
|
heap
|
page read and write
|
||
|
1C803000
|
heap
|
page read and write
|
||
|
65EA000
|
heap
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
1B690000
|
heap
|
page read and write
|
||
|
B68000
|
heap
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B97E000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
1B5C78D2000
|
heap
|
page read and write
|
||
|
1BC33000
|
stack
|
page read and write
|
||
|
1B5C9844000
|
heap
|
page read and write
|
||
|
24F0000
|
heap
|
page read and write
|
||
|
2A6C000
|
heap
|
page read and write
|
||
|
2F0E000
|
trusted library allocation
|
page read and write
|
||
|
11E6000
|
heap
|
page read and write
|
||
|
13D0D000
|
trusted library allocation
|
page read and write
|
||
|
830000
|
heap
|
page readonly
|
||
|
6F6000
|
stack
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
1C951000
|
heap
|
page read and write
|
||
|
2A79000
|
heap
|
page read and write
|
||
|
1B702000
|
heap
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
274C000
|
trusted library allocation
|
page read and write
|
||
|
1B5C78A0000
|
heap
|
page read and write
|
||
|
335D000
|
heap
|
page read and write
|
||
|
ADA000
|
heap
|
page read and write
|
||
|
7FFD9B73C000
|
trusted library allocation
|
page execute and read and write
|
||
|
31BB000
|
trusted library allocation
|
page read and write
|
||
|
31D9000
|
trusted library allocation
|
page read and write
|
There are 1047 hidden memdumps, click here to show them.