Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
java_update.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\AutoIt3\Au3Check.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Au3Info.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Java Update Checker (64 bit).exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\3582-490\java_update.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\chrome.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\directx.sys
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\Windows\svchost.com
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\Log.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1dgcwg1i.vnc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_50vx02cd.eem.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_amsqfrnz.fuc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_asrgtdci.hha.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bc0tav1y.mtk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bddcrqrm.du0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d0pu4h1b.fny.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fgql5vgl.ayc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gfdwqriy.rhw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gx24ozpp.xuq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i5qkafn2.jia.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k3kygkb5.llx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qgqptdb2.zhu.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t04zexdm.tjt.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w4ne050n.4kb.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xnpzu4sq.arx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp5023.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8YRMCFYJIVPKXNDBK2UV.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9OOQ23IIUS1X33VJB442.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\F3XZIQ40AJJWSYMEXA52.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XB96MGLYWA6BGN5DOIIZ.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF3ebb05.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF3ebde3.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF3ebfb8.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java Update Checker (64 bit).lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jul 2 03:52:04
2024, mtime=Tue Jul 2 03:52:04 2024, atime=Tue Jul 2 03:52:04 2024, length=44544, window=hide
|
dropped
|
There are 174 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\java_update.exe
|
"C:\Users\user\Desktop\java_update.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\3582-490\java_update.exe
|
"C:\Users\user\AppData\Local\Temp\3582-490\java_update.exe"
|
|
|
|
C:\Windows\svchost.com
|
"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference
-ExclusionPath 'C:\Users\user\AppData\Local\Temp\3582-490\java_update.exe'
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\3582-490\java_update.exe'
|
|
|
|
C:\Windows\svchost.com
|
"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference
-ExclusionProcess 'java_update.exe'
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'java_update.exe'
|
|
|
|
C:\Windows\svchost.com
|
"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference
-ExclusionPath 'C:\ProgramData\Java Update Checker (64 bit).exe'
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\Java
Update Checker (64 bit).exe'
|
|
|
|
C:\Windows\svchost.com
|
"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference
-ExclusionProcess 'Java Update Checker (64 bit).exe'
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Java
Update Checker (64 bit).exe'
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
45.141.26.232
|
|
||
|
http://tempuri.org/IRoamingSettingsService/WriteSettings
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://mozilla.org0/
|
unknown
|
||
|
http://crl.microsoftI
|
unknown
|
||
|
http://crl.microK
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.Service
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://tempuri.org/
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/DisableUserResponse
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/
|
unknown
|
||
|
https://www.autoitscript.com/autoit3/
|
unknown
|
||
|
http://crl.me
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://crl.microsoft/
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/WriteSettingsResponse
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/ReadSettings
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.SoapObjectsItemsSortKeyArrayOfR
|
unknown
|
||
|
https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ffDilithium2Dilith
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/GetConfig
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/GetConfigResponse
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/WriteSettingshttp://tempuri.org/IRoamingSettingsService/R
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/DisableUser
|
unknown
|
||
|
https://aka.ms/pscore6lBfq
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/ReadSettingsResponse
|
unknown
|
||
|
http://127.0.0.1:13556/InsiderSlabBehaviorReportedBuildInsiderSlabBehaviorInsiderSlabBehaviorReporte
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/8
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.SoapObjects
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/EnableUser
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://tempuri.org/IRoamingSettingsService/EnableUserResponse
|
unknown
|
||
|
https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 33 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip-api.com
|
208.95.112.1
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
|
|
45.141.26.232
|
unknown
|
Netherlands
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\java_update_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\java_update_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\java_update_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\java_update_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\java_update_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\java_update_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\java_update_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\java_update_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\java_update_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\java_update_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\java_update_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\java_update_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\java_update_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\java_update_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.ApplicationCompany
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
E62000
|
unkown
|
page readonly
|
|
|
|
3351000
|
trusted library allocation
|
page read and write
|
|
|
|
409000
|
unkown
|
page read and write
|
|
|
|
8D9D000
|
stack
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
77DF000
|
heap
|
page read and write
|
||
|
77CE000
|
heap
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
4D5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C62000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
88DE000
|
heap
|
page read and write
|
||
|
7FFD9B7CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
327E000
|
stack
|
page read and write
|
||
|
5A9E000
|
trusted library allocation
|
page read and write
|
||
|
6443000
|
trusted library allocation
|
page read and write
|
||
|
77AE000
|
stack
|
page read and write
|
||
|
1F40000
|
direct allocation
|
page read and write
|
||
|
415000
|
unkown
|
page read and write
|
||
|
8830000
|
heap
|
page read and write
|
||
|
786E000
|
stack
|
page read and write
|
||
|
1F48000
|
direct allocation
|
page read and write
|
||
|
51E0000
|
trusted library allocation
|
page read and write
|
||
|
1F50000
|
direct allocation
|
page read and write
|
||
|
62F7000
|
trusted library allocation
|
page read and write
|
||
|
497E000
|
stack
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
784D000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
735B000
|
stack
|
page read and write
|
||
|
772E000
|
stack
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
7D00000
|
trusted library allocation
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
881E000
|
stack
|
page read and write
|
||
|
7CC0000
|
trusted library allocation
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
8C5D000
|
stack
|
page read and write
|
||
|
8770000
|
trusted library allocation
|
page read and write
|
||
|
8714000
|
heap
|
page read and write
|
||
|
1F20000
|
direct allocation
|
page read and write
|
||
|
7BCE000
|
stack
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
1F58000
|
direct allocation
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
5178000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
5BB1000
|
trusted library allocation
|
page read and write
|
||
|
8B0E000
|
stack
|
page read and write
|
||
|
4A7E000
|
stack
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
31DF000
|
stack
|
page read and write
|
||
|
5290000
|
trusted library allocation
|
page read and write
|
||
|
7A35000
|
heap
|
page read and write
|
||
|
3327000
|
heap
|
page read and write
|
||
|
5B90000
|
trusted library allocation
|
page read and write
|
||
|
7B80000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
7972000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
8B29000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D62000
|
trusted library allocation
|
page read and write
|
||
|
7793000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
6299000
|
trusted library allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
52FD000
|
stack
|
page read and write
|
||
|
8C2E000
|
stack
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
1F18000
|
direct allocation
|
page read and write
|
||
|
7944000
|
heap
|
page read and write
|
||
|
5D16000
|
trusted library allocation
|
page read and write
|
||
|
86C0000
|
trusted library allocation
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
1F00000
|
direct allocation
|
page read and write
|
||
|
8820000
|
trusted library allocation
|
page read and write
|
||
|
1BC03000
|
heap
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
8B4F000
|
stack
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
7B40000
|
trusted library allocation
|
page read and write
|
||
|
8AA0000
|
trusted library allocation
|
page read and write
|
||
|
5260000
|
heap
|
page read and write
|
||
|
86AB000
|
trusted library allocation
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
8EBE000
|
stack
|
page read and write
|
||
|
1F48000
|
direct allocation
|
page read and write
|
||
|
87F7000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
77A7000
|
heap
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
4D60000
|
trusted library allocation
|
page read and write
|
||
|
1BB50000
|
heap
|
page read and write
|
||
|
2180000
|
direct allocation
|
page read and write
|
||
|
78A8000
|
heap
|
page read and write
|
||
|
7B4E000
|
stack
|
page read and write
|
||
|
62B1000
|
trusted library allocation
|
page read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
2DD5000
|
heap
|
page read and write
|
||
|
7A5C000
|
heap
|
page read and write
|
||
|
32C8000
|
heap
|
page read and write
|
||
|
7CE0000
|
trusted library allocation
|
page read and write
|
||
|
775E000
|
heap
|
page read and write
|
||
|
32BE000
|
stack
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
8760000
|
heap
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
533B000
|
stack
|
page read and write
|
||
|
7B50000
|
trusted library allocation
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
53DF000
|
stack
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
77BD000
|
heap
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
893C000
|
heap
|
page read and write
|
||
|
749E000
|
stack
|
page read and write
|
||
|
4C30000
|
trusted library allocation
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
875F000
|
heap
|
page read and write
|
||
|
65E000
|
stack
|
page read and write
|
||
|
415000
|
unkown
|
page write copy
|
||
|
8CCE000
|
stack
|
page read and write
|
||
|
1C955000
|
stack
|
page read and write
|
||
|
1C1F5000
|
heap
|
page read and write
|
||
|
1F48000
|
direct allocation
|
page read and write
|
||
|
751D000
|
stack
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
278F000
|
stack
|
page read and write
|
||
|
326E000
|
stack
|
page read and write
|
||
|
8750000
|
trusted library allocation
|
page execute and read and write
|
||
|
5311000
|
trusted library allocation
|
page read and write
|
||
|
1F48000
|
direct allocation
|
page read and write
|
||
|
6617000
|
trusted library allocation
|
page read and write
|
||
|
522C000
|
stack
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
8E0E000
|
stack
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
89F9000
|
heap
|
page read and write
|
||
|
871C000
|
heap
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
8930000
|
heap
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
8EF9000
|
stack
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
6433000
|
trusted library allocation
|
page read and write
|
||
|
50B5000
|
trusted library allocation
|
page execute and read and write
|
||
|
749D000
|
stack
|
page read and write
|
||
|
1F48000
|
direct allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
194000
|
stack
|
page read and write
|
||
|
4D60000
|
trusted library allocation
|
page read and write
|
||
|
5C11000
|
trusted library allocation
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
256F000
|
stack
|
page read and write
|
||
|
8728000
|
heap
|
page read and write
|
||
|
2CED000
|
stack
|
page read and write
|
||
|
6444000
|
trusted library allocation
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
5D5F000
|
trusted library allocation
|
page read and write
|
||
|
591D000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
4D70000
|
trusted library allocation
|
page read and write
|
||
|
7CB0000
|
trusted library allocation
|
page read and write
|
||
|
1C1F8000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
4DD0000
|
heap
|
page readonly
|
||
|
7AEE000
|
stack
|
page read and write
|
||
|
7B2E000
|
stack
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
88B0000
|
trusted library allocation
|
page read and write
|
||
|
7A9D000
|
stack
|
page read and write
|
||
|
3520000
|
heap
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
6479000
|
trusted library allocation
|
page read and write
|
||
|
709000
|
heap
|
page read and write
|
||
|
331B000
|
heap
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
8C9B000
|
stack
|
page read and write
|
||
|
8710000
|
trusted library allocation
|
page read and write
|
||
|
4B5000
|
heap
|
page read and write
|
||
|
8BD0000
|
trusted library allocation
|
page read and write
|
||
|
7BD0000
|
trusted library allocation
|
page read and write
|
||
|
87D0000
|
trusted library allocation
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
6CB000
|
heap
|
page read and write
|
||
|
7A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
3371000
|
heap
|
page read and write
|
||
|
4AE7000
|
heap
|
page read and write
|
||
|
5460000
|
heap
|
page execute and read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
54CB000
|
trusted library allocation
|
page read and write
|
||
|
4D74000
|
trusted library allocation
|
page read and write
|
||
|
1B380000
|
trusted library allocation
|
page read and write
|
||
|
897D000
|
heap
|
page read and write
|
||
|
7B70000
|
trusted library allocation
|
page read and write
|
||
|
13DE000
|
heap
|
page read and write
|
||
|
7877000
|
heap
|
page read and write
|
||
|
342D000
|
heap
|
page read and write
|
||
|
52E000
|
stack
|
page read and write
|
||
|
89C7000
|
heap
|
page read and write
|
||
|
151E000
|
stack
|
page read and write
|
||
|
77BF000
|
heap
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
770E000
|
stack
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
5E50000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
76DE000
|
stack
|
page read and write
|
||
|
2A0F000
|
stack
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
7BEE000
|
stack
|
page read and write
|
||
|
7B60000
|
trusted library allocation
|
page read and write
|
||
|
1329000
|
heap
|
page read and write
|
||
|
7920000
|
trusted library allocation
|
page read and write
|
||
|
870D000
|
trusted library allocation
|
page read and write
|
||
|
3340000
|
heap
|
page execute and read and write
|
||
|
792B000
|
trusted library allocation
|
page read and write
|
||
|
7B20000
|
trusted library allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
776E000
|
stack
|
page read and write
|
||
|
7B0E000
|
stack
|
page read and write
|
||
|
8AC0000
|
trusted library allocation
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
1C65E000
|
stack
|
page read and write
|
||
|
7A59000
|
heap
|
page read and write
|
||
|
3028000
|
heap
|
page read and write
|
||
|
889C000
|
heap
|
page read and write
|
||
|
4BD7000
|
heap
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
49BF000
|
stack
|
page read and write
|
||
|
5195000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
541E000
|
stack
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
6AD000
|
heap
|
page read and write
|
||
|
8752000
|
heap
|
page read and write
|
||
|
2A4E000
|
stack
|
page read and write
|
||
|
1BD0A000
|
stack
|
page read and write
|
||
|
7941000
|
heap
|
page read and write
|
||
|
7B50000
|
trusted library allocation
|
page read and write
|
||
|
1605000
|
heap
|
page read and write
|
||
|
8E4F000
|
stack
|
page read and write
|
||
|
1F54000
|
direct allocation
|
page read and write
|
||
|
1F4F000
|
direct allocation
|
page read and write
|
||
|
8894000
|
heap
|
page read and write
|
||
|
7C85000
|
trusted library allocation
|
page read and write
|
||
|
8BE3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C1B1000
|
heap
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
5210000
|
trusted library allocation
|
page execute and read and write
|
||
|
8940000
|
trusted library allocation
|
page read and write
|
||
|
7CB0000
|
trusted library allocation
|
page read and write
|
||
|
133BB000
|
trusted library allocation
|
page read and write
|
||
|
2D78000
|
stack
|
page read and write
|
||
|
87EF000
|
heap
|
page read and write
|
||
|
79B6000
|
heap
|
page read and write
|
||
|
1F18000
|
direct allocation
|
page read and write
|
||
|
88D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
6603000
|
trusted library allocation
|
page read and write
|
||
|
88F5000
|
heap
|
page read and write
|
||
|
4DCE000
|
stack
|
page read and write
|
||
|
59F7000
|
trusted library allocation
|
page read and write
|
||
|
34DE000
|
stack
|
page read and write
|
||
|
87D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
897F000
|
heap
|
page read and write
|
||
|
33AB000
|
stack
|
page read and write
|
||
|
7CB0000
|
trusted library allocation
|
page read and write
|
||
|
4C33000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
1F18000
|
direct allocation
|
page read and write
|
||
|
545C000
|
stack
|
page read and write
|
||
|
77EE000
|
stack
|
page read and write
|
||
|
7CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
351D000
|
stack
|
page read and write
|
||
|
32B7000
|
heap
|
page read and write
|
||
|
88A0000
|
heap
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
8938000
|
heap
|
page read and write
|
||
|
8C43000
|
trusted library allocation
|
page read and write
|
||
|
5AA0000
|
trusted library allocation
|
page read and write
|
||
|
6318000
|
trusted library allocation
|
page read and write
|
||
|
64A6000
|
trusted library allocation
|
page read and write
|
||
|
4D40000
|
trusted library allocation
|
page read and write
|
||
|
891C000
|
heap
|
page read and write
|
||
|
8893000
|
heap
|
page read and write
|
||
|
7C90000
|
trusted library allocation
|
page read and write
|
||
|
8850000
|
heap
|
page read and write
|
||
|
7FFD9B79B000
|
trusted library allocation
|
page execute and read and write
|
||
|
78EC000
|
heap
|
page read and write
|
||
|
7572000
|
heap
|
page read and write
|
||
|
88C0000
|
trusted library allocation
|
page read and write
|
||
|
78F5000
|
heap
|
page read and write
|
||
|
1F53000
|
direct allocation
|
page read and write
|
||
|
514E000
|
stack
|
page read and write
|
||
|
86A0000
|
trusted library allocation
|
page read and write
|
||
|
12D5000
|
heap
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
3783000
|
trusted library allocation
|
page read and write
|
||
|
1F18000
|
direct allocation
|
page read and write
|
||
|
4BD0000
|
heap
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
50A0000
|
trusted library allocation
|
page read and write
|
||
|
7C0E000
|
stack
|
page read and write
|
||
|
7700000
|
heap
|
page execute and read and write
|
||
|
72EC000
|
stack
|
page read and write
|
||
|
C2F000
|
stack
|
page read and write
|
||
|
78C7000
|
heap
|
page read and write
|
||
|
5CE1000
|
trusted library allocation
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
8962000
|
heap
|
page read and write
|
||
|
4C90000
|
heap
|
page readonly
|
||
|
21AF000
|
stack
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
512E000
|
stack
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
8A32000
|
trusted library allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
88FD000
|
heap
|
page read and write
|
||
|
5090000
|
trusted library allocation
|
page read and write
|
||
|
88A0000
|
trusted library allocation
|
page read and write
|
||
|
7AB0000
|
heap
|
page execute and read and write
|
||
|
13EC000
|
heap
|
page read and write
|
||
|
4D33000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F48000
|
direct allocation
|
page read and write
|
||
|
5190000
|
trusted library allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
8AB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F5B000
|
direct allocation
|
page read and write
|
||
|
731D000
|
stack
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
792D000
|
trusted library allocation
|
page read and write
|
||
|
28CF000
|
stack
|
page read and write
|
||
|
7A4F000
|
heap
|
page read and write
|
||
|
7CE0000
|
trusted library allocation
|
page read and write
|
||
|
64C6000
|
trusted library allocation
|
page read and write
|
||
|
8A70000
|
trusted library allocation
|
page read and write
|
||
|
755E000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
7B4E000
|
stack
|
page read and write
|
||
|
745A000
|
stack
|
page read and write
|
||
|
4D09000
|
stack
|
page read and write
|
||
|
87AE000
|
heap
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
8E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
871D000
|
stack
|
page read and write
|
||
|
8AC0000
|
trusted library allocation
|
page read and write
|
||
|
7F8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
757E000
|
stack
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
89A7000
|
heap
|
page read and write
|
||
|
5842000
|
trusted library allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
76EE000
|
stack
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
33EE000
|
stack
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F48000
|
direct allocation
|
page read and write
|
||
|
1BBDE000
|
stack
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page read and write
|
||
|
7A8A000
|
trusted library allocation
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
742B000
|
stack
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
4CA0000
|
heap
|
page read and write
|
||
|
8A92000
|
trusted library allocation
|
page read and write
|
||
|
3277000
|
heap
|
page read and write
|
||
|
1BC00000
|
heap
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
203E000
|
stack
|
page read and write
|
||
|
877C000
|
heap
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
526E000
|
stack
|
page read and write
|
||
|
8C40000
|
trusted library allocation
|
page read and write
|
||
|
52CE000
|
stack
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
2170000
|
heap
|
page read and write
|
||
|
57F8000
|
trusted library allocation
|
page read and write
|
||
|
75FD000
|
stack
|
page read and write
|
||
|
237F000
|
stack
|
page read and write
|
||
|
8BE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B856000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C50000
|
trusted library allocation
|
page read and write
|
||
|
8CA3000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
5917000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
8912000
|
trusted library allocation
|
page read and write
|
||
|
7562000
|
heap
|
page read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
87F2000
|
heap
|
page read and write
|
||
|
559B000
|
trusted library allocation
|
page read and write
|
||
|
6471000
|
trusted library allocation
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
7A89000
|
heap
|
page read and write
|
||
|
3155000
|
heap
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
876B000
|
trusted library allocation
|
page read and write
|
||
|
8D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C2000
|
heap
|
page read and write
|
||
|
7A1F000
|
stack
|
page read and write
|
||
|
346B000
|
heap
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
8917000
|
heap
|
page read and write
|
||
|
2070000
|
heap
|
page read and write
|
||
|
898B000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
309F000
|
heap
|
page read and write
|
||
|
1F23000
|
direct allocation
|
page read and write
|
||
|
B27000
|
stack
|
page read and write
|
||
|
193000
|
stack
|
page read and write
|
||
|
8A15000
|
heap
|
page read and write
|
||
|
194000
|
stack
|
page read and write
|
||
|
7955000
|
heap
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
50B0000
|
trusted library allocation
|
page read and write
|
||
|
6614000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page execute and read and write
|
||
|
78BE000
|
heap
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
7610000
|
heap
|
page read and write
|
||
|
1F48000
|
direct allocation
|
page read and write
|
||
|
2DBF000
|
stack
|
page read and write
|
||
|
790F000
|
heap
|
page read and write
|
||
|
73E0000
|
heap
|
page execute and read and write
|
||
|
1F18000
|
direct allocation
|
page read and write
|
||
|
751E000
|
stack
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
87C0000
|
trusted library allocation
|
page read and write
|
||
|
7B6E000
|
stack
|
page read and write
|
||
|
5099000
|
trusted library allocation
|
page read and write
|
||
|
7B60000
|
trusted library allocation
|
page read and write
|
||
|
7CF0000
|
trusted library allocation
|
page read and write
|
||
|
7A7E000
|
stack
|
page read and write
|
||
|
4AD0000
|
heap
|
page read and write
|
||
|
135F000
|
heap
|
page read and write
|
||
|
7C30000
|
trusted library allocation
|
page read and write
|
||
|
86AD000
|
trusted library allocation
|
page read and write
|
||
|
752A000
|
stack
|
page read and write
|
||
|
5220000
|
heap
|
page read and write
|
||
|
5278000
|
trusted library allocation
|
page read and write
|
||
|
1F2B000
|
direct allocation
|
page read and write
|
||
|
1BF1F000
|
stack
|
page read and write
|
||
|
5373000
|
trusted library allocation
|
page read and write
|
||
|
8718000
|
heap
|
page read and write
|
||
|
8855000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
867E000
|
stack
|
page read and write
|
||
|
74B5000
|
heap
|
page execute and read and write
|
||
|
4DE0000
|
heap
|
page read and write
|
||
|
5C8F000
|
trusted library allocation
|
page read and write
|
||
|
1F18000
|
direct allocation
|
page read and write
|
||
|
74DF000
|
stack
|
page read and write
|
||
|
73CD000
|
stack
|
page read and write
|
||
|
4ADE000
|
stack
|
page read and write
|
||
|
79C8000
|
heap
|
page read and write
|
||
|
C35000
|
heap
|
page read and write
|
||
|
8A12000
|
heap
|
page read and write
|
||
|
6311000
|
trusted library allocation
|
page read and write
|
||
|
778E000
|
stack
|
page read and write
|
||
|
4C60000
|
trusted library allocation
|
page read and write
|
||
|
6FF000
|
stack
|
page read and write
|
||
|
74EE000
|
stack
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
87A2000
|
heap
|
page read and write
|
||
|
E60000
|
unkown
|
page readonly
|
||
|
1F18000
|
direct allocation
|
page read and write
|
||
|
8924000
|
heap
|
page read and write
|
||
|
7A90000
|
trusted library allocation
|
page read and write
|
||
|
5932000
|
trusted library allocation
|
page read and write
|
||
|
87BE000
|
stack
|
page read and write
|
||
|
883C000
|
heap
|
page read and write
|
||
|
7BAE000
|
stack
|
page read and write
|
||
|
739E000
|
stack
|
page read and write
|
||
|
794D000
|
heap
|
page read and write
|
||
|
312F000
|
stack
|
page read and write
|
||
|
797E000
|
stack
|
page read and write
|
||
|
73DE000
|
stack
|
page read and write
|
||
|
51B0000
|
trusted library allocation
|
page read and write
|
||
|
661B000
|
trusted library allocation
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
7F748000
|
trusted library allocation
|
page execute and read and write
|
||
|
8770000
|
heap
|
page read and write
|
||
|
7C80000
|
trusted library allocation
|
page read and write
|
||
|
465000
|
heap
|
page read and write
|
||
|
5270000
|
trusted library allocation
|
page read and write
|
||
|
7C90000
|
trusted library allocation
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
5466000
|
trusted library allocation
|
page read and write
|
||
|
77F0000
|
heap
|
page read and write
|
||
|
7990000
|
trusted library allocation
|
page read and write
|
||
|
2270000
|
direct allocation
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
305D000
|
heap
|
page read and write
|
||
|
4AE0000
|
heap
|
page read and write
|
||
|
598000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
7A80000
|
trusted library allocation
|
page read and write
|
||
|
6457000
|
trusted library allocation
|
page read and write
|
||
|
349D000
|
stack
|
page read and write
|
||
|
7D8000
|
heap
|
page read and write
|
||
|
50B2000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
7A87000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
87EA000
|
trusted library allocation
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
5275000
|
heap
|
page execute and read and write
|
||
|
8AB0000
|
trusted library allocation
|
page read and write
|
||
|
7710000
|
trusted library allocation
|
page read and write
|
||
|
8920000
|
heap
|
page read and write
|
||
|
5C74000
|
trusted library allocation
|
page read and write
|
||
|
3450000
|
heap
|
page read and write
|
||
|
88D2000
|
heap
|
page read and write
|
||
|
8930000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C10000
|
trusted library allocation
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
1F48000
|
direct allocation
|
page read and write
|
||
|
528E000
|
stack
|
page read and write
|
||
|
7F730000
|
trusted library allocation
|
page execute and read and write
|
||
|
7CA0000
|
trusted library allocation
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
7980000
|
trusted library allocation
|
page read and write
|
||
|
8830000
|
trusted library allocation
|
page read and write
|
||
|
15A3000
|
trusted library allocation
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
741E000
|
stack
|
page read and write
|
||
|
7C2D000
|
stack
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
7D10000
|
trusted library allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
7B00000
|
trusted library allocation
|
page read and write
|
||
|
89FC000
|
heap
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
64BE000
|
trusted library allocation
|
page read and write
|
||
|
7A3D000
|
heap
|
page read and write
|
||
|
7B00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
1D18E000
|
stack
|
page read and write
|
||
|
7D50000
|
trusted library allocation
|
page read and write
|
||
|
5312000
|
trusted library allocation
|
page read and write
|
||
|
5200000
|
heap
|
page readonly
|
||
|
1352000
|
heap
|
page read and write
|
||
|
6491000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
587B000
|
trusted library allocation
|
page read and write
|
||
|
8AD0000
|
trusted library allocation
|
page read and write
|
||
|
8580000
|
trusted library allocation
|
page read and write
|
||
|
8F3E000
|
stack
|
page read and write
|
||
|
7810000
|
heap
|
page read and write
|
||
|
8B30000
|
trusted library allocation
|
page read and write
|
||
|
7C50000
|
trusted library allocation
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
2D3B000
|
stack
|
page read and write
|
||
|
59B3000
|
trusted library allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
5192000
|
trusted library allocation
|
page read and write
|
||
|
5A32000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
5220000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B82C000
|
trusted library allocation
|
page execute and read and write
|
||
|
8C90000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
418000
|
unkown
|
page readonly
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
8570000
|
trusted library allocation
|
page execute and read and write
|
||
|
15A0000
|
trusted library allocation
|
page read and write
|
||
|
56E000
|
heap
|
page read and write
|
||
|
8801000
|
heap
|
page read and write
|
||
|
7A39000
|
heap
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
7A91000
|
heap
|
page read and write
|
||
|
4D9A000
|
trusted library allocation
|
page execute and read and write
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
7978000
|
heap
|
page read and write
|
||
|
194000
|
stack
|
page read and write
|
||
|
7D00000
|
trusted library allocation
|
page read and write
|
||
|
8760000
|
trusted library allocation
|
page read and write
|
||
|
5291000
|
trusted library allocation
|
page read and write
|
||
|
79B0000
|
heap
|
page read and write
|
||
|
5406000
|
trusted library allocation
|
page read and write
|
||
|
32BF000
|
stack
|
page read and write
|
||
|
3327000
|
heap
|
page read and write
|
||
|
8FFE000
|
stack
|
page read and write
|
||
|
87E4000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
345A000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
877D000
|
stack
|
page read and write
|
||
|
6455000
|
trusted library allocation
|
page read and write
|
||
|
7D20000
|
trusted library allocation
|
page read and write
|
||
|
88FF000
|
heap
|
page read and write
|
||
|
7B30000
|
trusted library allocation
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CB55000
|
stack
|
page read and write
|
||
|
4C80000
|
trusted library allocation
|
page read and write
|
||
|
782E000
|
stack
|
page read and write
|
||
|
2B4F000
|
stack
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
5198000
|
trusted library allocation
|
page read and write
|
||
|
8D2E000
|
stack
|
page read and write
|
||
|
741D000
|
stack
|
page read and write
|
||
|
1F18000
|
direct allocation
|
page read and write
|
||
|
77DB000
|
heap
|
page read and write
|
||
|
792B000
|
heap
|
page read and write
|
||
|
7B57000
|
trusted library allocation
|
page read and write
|
||
|
64B7000
|
trusted library allocation
|
page read and write
|
||
|
7C8D000
|
stack
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
7720000
|
heap
|
page read and write
|
||
|
87E0000
|
trusted library allocation
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
1F40000
|
direct allocation
|
page read and write
|
||
|
637A000
|
trusted library allocation
|
page read and write
|
||
|
1F48000
|
direct allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
8CEE000
|
stack
|
page read and write
|
||
|
8834000
|
heap
|
page read and write
|
||
|
62D9000
|
trusted library allocation
|
page read and write
|
||
|
4C20000
|
trusted library allocation
|
page read and write
|
||
|
78D1000
|
heap
|
page read and write
|
||
|
8DFE000
|
stack
|
page read and write
|
||
|
4BC0000
|
trusted library allocation
|
page read and write
|
||
|
31F5000
|
heap
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
8F7C000
|
stack
|
page read and write
|
||
|
458000
|
heap
|
page read and write
|
||
|
13361000
|
trusted library allocation
|
page read and write
|
||
|
5A3A000
|
trusted library allocation
|
page read and write
|
||
|
4B59000
|
stack
|
page read and write
|
||
|
6422000
|
trusted library allocation
|
page read and write
|
||
|
64D8000
|
trusted library allocation
|
page read and write
|
||
|
7540000
|
heap
|
page read and write
|
||
|
86B0000
|
trusted library allocation
|
page read and write
|
||
|
7D60000
|
trusted library allocation
|
page read and write
|
||
|
73E5000
|
heap
|
page execute and read and write
|
||
|
8AC3000
|
trusted library allocation
|
page read and write
|
||
|
77EF000
|
stack
|
page read and write
|
||
|
576F000
|
trusted library allocation
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
896B000
|
heap
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
8859000
|
heap
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
4B1D000
|
stack
|
page read and write
|
||
|
1CA5A000
|
stack
|
page read and write
|
||
|
69A000
|
heap
|
page read and write
|
||
|
E60000
|
unkown
|
page readonly
|
||
|
690000
|
heap
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
1391000
|
heap
|
page read and write
|
||
|
1F48000
|
direct allocation
|
page read and write
|
||
|
8861000
|
heap
|
page read and write
|
||
|
6499000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
7F8C8000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
796F000
|
heap
|
page read and write
|
||
|
635000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
87F0000
|
trusted library allocation
|
page read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
8E3C000
|
stack
|
page read and write
|
||
|
889C000
|
heap
|
page read and write
|
||
|
4BCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
32FE000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
49FD000
|
stack
|
page read and write
|
||
|
62B1000
|
trusted library allocation
|
page read and write
|
||
|
1CE8E000
|
stack
|
page read and write
|
||
|
1F30000
|
direct allocation
|
page read and write
|
||
|
1F50000
|
direct allocation
|
page read and write
|
||
|
7FD08000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
786E000
|
stack
|
page read and write
|
||
|
170E000
|
stack
|
page read and write
|
||
|
8724000
|
heap
|
page read and write
|
||
|
1F10000
|
direct allocation
|
page read and write
|
||
|
8915000
|
heap
|
page read and write
|
||
|
7C40000
|
trusted library allocation
|
page read and write
|
||
|
7C70000
|
trusted library allocation
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
7C60000
|
trusted library allocation
|
page read and write
|
||
|
5DF0000
|
trusted library allocation
|
page read and write
|
||
|
1F18000
|
direct allocation
|
page read and write
|
||
|
59EB000
|
trusted library allocation
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
87E0000
|
trusted library allocation
|
page read and write
|
||
|
5300000
|
heap
|
page read and write
|
||
|
88A8000
|
heap
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
6291000
|
trusted library allocation
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
7758000
|
heap
|
page read and write
|
||
|
8963000
|
heap
|
page read and write
|
||
|
8D1D000
|
stack
|
page read and write
|
||
|
782E000
|
stack
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
75F000
|
stack
|
page read and write
|
||
|
4F9E000
|
stack
|
page read and write
|
||
|
203E000
|
stack
|
page read and write
|
||
|
4C40000
|
trusted library allocation
|
page read and write
|
||
|
87C0000
|
heap
|
page read and write
|
||
|
8920000
|
trusted library allocation
|
page read and write
|
||
|
7C70000
|
trusted library allocation
|
page read and write
|
||
|
88AC000
|
heap
|
page read and write
|
||
|
59EF000
|
trusted library allocation
|
page read and write
|
||
|
5355000
|
heap
|
page execute and read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
787C000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
8C30000
|
trusted library allocation
|
page read and write
|
||
|
746E000
|
stack
|
page read and write
|
||
|
78AF000
|
stack
|
page read and write
|
||
|
8934000
|
heap
|
page read and write
|
||
|
190000
|
stack
|
page read and write
|
||
|
7FCF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7CD0000
|
trusted library allocation
|
page read and write
|
||
|
52E000
|
stack
|
page read and write
|
||
|
870B000
|
trusted library allocation
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
77B9000
|
heap
|
page read and write
|
||
|
4C3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5270000
|
heap
|
page execute and read and write
|
||
|
8B20000
|
trusted library allocation
|
page read and write
|
||
|
51CC000
|
stack
|
page read and write
|
||
|
5DED000
|
trusted library allocation
|
page read and write
|
||
|
AEB000
|
stack
|
page read and write
|
||
|
7748000
|
heap
|
page read and write
|
||
|
6F7000
|
heap
|
page read and write
|
||
|
7F510000
|
trusted library allocation
|
page execute and read and write
|
||
|
8700000
|
trusted library allocation
|
page read and write
|
||
|
890B000
|
heap
|
page read and write
|
||
|
7B10000
|
trusted library allocation
|
page read and write
|
||
|
7D40000
|
trusted library allocation
|
page read and write
|
||
|
5887000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
5100000
|
heap
|
page execute and read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
79E1000
|
heap
|
page read and write
|
||
|
1361000
|
heap
|
page read and write
|
||
|
86B0000
|
trusted library allocation
|
page read and write
|
||
|
13351000
|
trusted library allocation
|
page read and write
|
||
|
1D08B000
|
stack
|
page read and write
|
||
|
7C20000
|
trusted library allocation
|
page read and write
|
||
|
876D000
|
trusted library allocation
|
page read and write
|
||
|
79DE000
|
stack
|
page read and write
|
||
|
3038000
|
stack
|
page read and write
|
||
|
1F1F000
|
direct allocation
|
page read and write
|
||
|
9CF000
|
stack
|
page read and write
|
||
|
8DDE000
|
stack
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
1349000
|
heap
|
page read and write
|
||
|
88A4000
|
heap
|
page read and write
|
||
|
55C6000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
7810000
|
heap
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
7B5A000
|
trusted library allocation
|
page read and write
|
||
|
6623000
|
trusted library allocation
|
page read and write
|
||
|
78C1000
|
heap
|
page read and write
|
||
|
13358000
|
trusted library allocation
|
page read and write
|
||
|
1335E000
|
trusted library allocation
|
page read and write
|
||
|
78AC000
|
heap
|
page read and write
|
||
|
5D18000
|
trusted library allocation
|
page read and write
|
||
|
6436000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
8EBE000
|
stack
|
page read and write
|
||
|
4F5E000
|
stack
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page read and write
|
||
|
520C000
|
stack
|
page read and write
|
||
|
8918000
|
heap
|
page read and write
|
||
|
8720000
|
heap
|
page read and write
|
||
|
4C34000
|
trusted library allocation
|
page read and write
|
||
|
78B0000
|
heap
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page read and write
|
||
|
4FF0000
|
heap
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
789E000
|
heap
|
page read and write
|
||
|
2C8F000
|
stack
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C49000
|
trusted library allocation
|
page read and write
|
||
|
8C8E000
|
stack
|
page read and write
|
||
|
7920000
|
trusted library allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
7966000
|
heap
|
page read and write
|
||
|
333D000
|
stack
|
page read and write
|
||
|
62B9000
|
trusted library allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page execute and read and write
|
||
|
30DC000
|
heap
|
page read and write
|
||
|
4D3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
755B000
|
stack
|
page read and write
|
||
|
3068000
|
heap
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
1C1D6000
|
heap
|
page read and write
|
||
|
7938000
|
heap
|
page read and write
|
||
|
7CD0000
|
trusted library allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
1F18000
|
direct allocation
|
page read and write
|
||
|
753E000
|
stack
|
page read and write
|
||
|
5210000
|
trusted library allocation
|
page execute and read and write
|
||
|
8869000
|
heap
|
page read and write
|
||
|
52B1000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
1F18000
|
direct allocation
|
page read and write
|
||
|
8DBB000
|
stack
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
8630000
|
heap
|
page read and write
|
||
|
30AF000
|
stack
|
page read and write
|
||
|
5A08000
|
trusted library allocation
|
page read and write
|
||
|
1F14000
|
direct allocation
|
page read and write
|
||
|
8890000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
7C80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
5A51000
|
trusted library allocation
|
page read and write
|
||
|
8E1B000
|
stack
|
page read and write
|
||
|
303F000
|
stack
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
77A5000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
7980000
|
trusted library allocation
|
page read and write
|
||
|
585C000
|
trusted library allocation
|
page read and write
|
||
|
4D34000
|
trusted library allocation
|
page read and write
|
||
|
219F000
|
stack
|
page read and write
|
||
|
77F3000
|
heap
|
page read and write
|
||
|
7B80000
|
heap
|
page execute and read and write
|
||
|
51F0000
|
heap
|
page execute and read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
892C000
|
heap
|
page read and write
|
||
|
51EC000
|
stack
|
page read and write
|
||
|
50AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
86F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
761E000
|
stack
|
page read and write
|
||
|
50E0000
|
heap
|
page readonly
|
||
|
1F18000
|
direct allocation
|
page read and write
|
||
|
1C1F3000
|
heap
|
page read and write
|
||
|
7951000
|
heap
|
page read and write
|
||
|
8923000
|
heap
|
page read and write
|
||
|
1F27000
|
direct allocation
|
page read and write
|
||
|
7F5000
|
heap
|
page read and write
|
||
|
88F2000
|
heap
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
798A000
|
trusted library allocation
|
page read and write
|
||
|
4D49000
|
trusted library allocation
|
page read and write
|
||
|
33F8000
|
heap
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
1BD10000
|
heap
|
page execute and read and write
|
||
|
2CE9000
|
stack
|
page read and write
|
||
|
1C45E000
|
stack
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
516E000
|
stack
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
523C000
|
stack
|
page read and write
|
||
|
8A50000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BC4000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
7881000
|
heap
|
page read and write
|
||
|
1F48000
|
direct allocation
|
page read and write
|
||
|
7C50000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
3526000
|
heap
|
page read and write
|
||
|
1F48000
|
direct allocation
|
page read and write
|
||
|
886D000
|
heap
|
page read and write
|
||
|
1F48000
|
direct allocation
|
page read and write
|
||
|
5D1A000
|
trusted library allocation
|
page read and write
|
||
|
739D000
|
stack
|
page read and write
|
||
|
30DA000
|
heap
|
page read and write
|
||
|
71F000
|
stack
|
page read and write
|
||
|
7C44000
|
trusted library allocation
|
page read and write
|
||
|
7A04000
|
heap
|
page read and write
|
||
|
87AE000
|
stack
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
5350000
|
heap
|
page execute and read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
74AF000
|
stack
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
34E7000
|
heap
|
page read and write
|
||
|
554B000
|
trusted library allocation
|
page read and write
|
||
|
8842000
|
trusted library allocation
|
page read and write
|
||
|
8850000
|
heap
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
1F20000
|
direct allocation
|
page read and write
|
||
|
784A000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
2DEB000
|
stack
|
page read and write
|
||
|
8C10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
4BA0000
|
trusted library section
|
page read and write
|
||
|
2090000
|
heap
|
page read and write
|
||
|
7C30000
|
trusted library allocation
|
page read and write
|
||
|
75BE000
|
stack
|
page read and write
|
||
|
78CB000
|
heap
|
page read and write
|
||
|
1C120000
|
heap
|
page read and write
|
||
|
6339000
|
trusted library allocation
|
page read and write
|
||
|
8D5E000
|
stack
|
page read and write
|
||
|
4CCE000
|
stack
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
8F1E000
|
stack
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
246F000
|
stack
|
page read and write
|
||
|
875F000
|
stack
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
7C4E000
|
stack
|
page read and write
|
||
|
FA1000
|
stack
|
page read and write
|
||
|
8DDD000
|
stack
|
page read and write
|
||
|
4D89000
|
trusted library allocation
|
page read and write
|
||
|
135D000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
3457000
|
heap
|
page read and write
|
||
|
51FE000
|
stack
|
page read and write
|
||
|
7A28000
|
heap
|
page read and write
|
||
|
4D30000
|
trusted library allocation
|
page read and write
|
||
|
7BCD000
|
stack
|
page read and write
|
||
|
8E7E000
|
stack
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
7C60000
|
trusted library allocation
|
page read and write
|
||
|
78D0000
|
heap
|
page read and write
|
||
|
774E000
|
stack
|
page read and write
|
||
|
7987000
|
trusted library allocation
|
page read and write
|
||
|
3367000
|
heap
|
page read and write
|
||
|
7845000
|
heap
|
page read and write
|
||
|
7CC0000
|
trusted library allocation
|
page read and write
|
||
|
5BB3000
|
trusted library allocation
|
page read and write
|
||
|
77CE000
|
stack
|
page read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
86A0000
|
trusted library allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
8C6E000
|
stack
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
4D65000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7831000
|
heap
|
page read and write
|
||
|
85ED000
|
stack
|
page read and write
|
||
|
59E9000
|
trusted library allocation
|
page read and write
|
||
|
732C000
|
stack
|
page read and write
|
||
|
872C000
|
heap
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
8CDE000
|
stack
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
52A0000
|
heap
|
page execute and read and write
|
||
|
1C01E000
|
stack
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
1BE1E000
|
stack
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
268E000
|
stack
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
7560000
|
heap
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
5D14000
|
trusted library allocation
|
page read and write
|
||
|
2610000
|
heap
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page read and write
|
||
|
4C5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
7CF0000
|
trusted library allocation
|
page read and write
|
||
|
59DD000
|
trusted library allocation
|
page read and write
|
||
|
52F1000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
4D50000
|
trusted library allocation
|
page read and write
|
||
|
516E000
|
stack
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
8A40000
|
trusted library allocation
|
page read and write
|
||
|
6FC000
|
heap
|
page read and write
|
||
|
862E000
|
stack
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page read and write
|
||
|
8A60000
|
trusted library allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
765E000
|
stack
|
page read and write
|
||
|
6464000
|
trusted library allocation
|
page read and write
|
||
|
7F528000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
7D42000
|
trusted library allocation
|
page read and write
|
||
|
8945000
|
heap
|
page read and write
|
||
|
4D20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B826000
|
trusted library allocation
|
page read and write
|
||
|
87E1000
|
heap
|
page read and write
|
||
|
74FA000
|
stack
|
page read and write
|
||
|
582F000
|
trusted library allocation
|
page read and write
|
||
|
885D000
|
heap
|
page read and write
|
||
|
7C40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C00000
|
trusted library allocation
|
page read and write
|
||
|
47E000
|
stack
|
page read and write
|
||
|
7D30000
|
trusted library allocation
|
page read and write
|
||
|
7C90000
|
trusted library allocation
|
page read and write
|
||
|
7BF0000
|
trusted library allocation
|
page read and write
|
||
|
C0B000
|
stack
|
page read and write
|
||
|
769E000
|
stack
|
page read and write
|
||
|
79A0000
|
heap
|
page execute and read and write
|
||
|
8D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
50D0000
|
trusted library allocation
|
page read and write
|
||
|
7CA0000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
415000
|
unkown
|
page read and write
|
||
|
4C65000
|
trusted library allocation
|
page execute and read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
7D10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B774000
|
trusted library allocation
|
page read and write
|
||
|
7AB0000
|
trusted library allocation
|
page read and write
|
||
|
8830000
|
trusted library allocation
|
page read and write
|
||
|
87E7000
|
trusted library allocation
|
page read and write
|
||
|
7FF43BD00000
|
trusted library allocation
|
page execute and read and write
|
||
|
8EDE000
|
stack
|
page read and write
|
||
|
1C75D000
|
stack
|
page read and write
|
||
|
290E000
|
stack
|
page read and write
|
||
|
51CC000
|
stack
|
page read and write
|
||
|
87DD000
|
stack
|
page read and write
|
||
|
8690000
|
trusted library allocation
|
page execute and read and write
|
||
|
75DB000
|
stack
|
page read and write
|
||
|
4D90000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
583A000
|
trusted library allocation
|
page read and write
|
||
|
133E000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
759E000
|
stack
|
page read and write
|
||
|
1F18000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
4D73000
|
trusted library allocation
|
page execute and read and write
|
||
|
645B000
|
trusted library allocation
|
page read and write
|
||
|
7D70000
|
trusted library allocation
|
page read and write
|
||
|
309D000
|
heap
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
1B7CC000
|
stack
|
page read and write
|
||
|
3000000
|
trusted library section
|
page read and write
|
||
|
779D000
|
heap
|
page read and write
|
||
|
8840000
|
trusted library allocation
|
page read and write
|
||
|
7B8E000
|
stack
|
page read and write
|
||
|
138A000
|
heap
|
page read and write
|
||
|
322E000
|
stack
|
page read and write
|
||
|
1BBF0000
|
heap
|
page read and write
|
||
|
8E1E000
|
stack
|
page read and write
|
||
|
8E5E000
|
stack
|
page read and write
|
||
|
89EA000
|
heap
|
page read and write
|
||
|
5471000
|
trusted library allocation
|
page read and write
|
||
|
643A000
|
trusted library allocation
|
page read and write
|
||
|
1F4C000
|
direct allocation
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
8710000
|
heap
|
page read and write
|
||
|
8950000
|
trusted library allocation
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
53E6000
|
trusted library allocation
|
page read and write
|
||
|
7600000
|
heap
|
page read and write
|
||
|
8D7D000
|
stack
|
page read and write
|
||
|
8933000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
573D000
|
trusted library allocation
|
page read and write
|
||
|
5178000
|
trusted library allocation
|
page read and write
|
||
|
56A000
|
heap
|
page read and write
|
||
|
5A53000
|
trusted library allocation
|
page read and write
|
||
|
7A5E000
|
stack
|
page read and write
|
||
|
5942000
|
trusted library allocation
|
page read and write
|
||
|
4ABE000
|
stack
|
page read and write
|
||
|
50F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
78E5000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
1C17E000
|
heap
|
page read and write
|
||
|
74B0000
|
heap
|
page execute and read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
8FBE000
|
stack
|
page read and write
|
||
|
77C8000
|
heap
|
page read and write
|
||
|
1F18000
|
direct allocation
|
page read and write
|
||
|
1C55E000
|
stack
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
5CF2000
|
trusted library allocation
|
page read and write
|
||
|
4A39000
|
stack
|
page read and write
|
||
|
8CA0000
|
trusted library allocation
|
page read and write
|
||
|
8B2F000
|
trusted library allocation
|
page read and write
|
||
|
7930000
|
trusted library allocation
|
page execute and read and write
|
||
|
745E000
|
stack
|
page read and write
|
||
|
889E000
|
stack
|
page read and write
|
||
|
20A0000
|
heap
|
page read and write
|
||
|
5280000
|
heap
|
page read and write
|
||
|
518F000
|
stack
|
page read and write
|
||
|
8A02000
|
heap
|
page read and write
|
||
|
77E5000
|
heap
|
page read and write
|
||
|
8E9D000
|
stack
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
1F38000
|
direct allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
554D000
|
trusted library allocation
|
page read and write
|
||
|
892B000
|
heap
|
page read and write
|
||
|
1D190000
|
heap
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
1F1C000
|
direct allocation
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
77AB000
|
stack
|
page read and write
|
||
|
7BE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B90000
|
heap
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
62D1000
|
trusted library allocation
|
page read and write
|
||
|
1F68000
|
direct allocation
|
page read and write
|
||
|
73DB000
|
stack
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
There are 1143 hidden memdumps, click here to show them.