Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
x.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\AutoIt3\Au3Check.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Au3Info.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.134\117.0.5938.134_117.0.5938.132_chrome_updater.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\Install\{6BB58CDD-A64E-41C8-8D92-79A516D3D118}\117.0.5938.134_117.0.5938.132_chrome_updater.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Java Update Checker (64 bit).exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\ConfigSecurityPolicy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCopyAccelerator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDefenderCoreService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpDlpCmd.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\X86\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\mpextms.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\3582-490\x.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\chrome.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\directx.sys
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\Windows\svchost.com
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\Log.tmp
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2cbsypgj.c4c.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3gs332ou.mfc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4llzpea3.g3f.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g0vzrbmt.zgv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g4c20dzv.aed.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ivoxms4b.2oc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ixtvzzfz.52k.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ldfn2iji.zvg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o4ygcr2q.p44.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qprp5jsv.tsr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_swpw52rp.zt3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tvq4qe4z.31f.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xbh2255q.cvx.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xfc23mpl.kwl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y05p14tz.0fh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yk2pssit.ifk.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp5023.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7G46U5J9MCOHHB2YX6CQ.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LHEPMEXKDNKGVL8ATG5L.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QB8UZYK2CA73L16SLSIP.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WU8EDVM8BJGECJW85P0I.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF3d1208.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF3d1525.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF3d1738.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java Update Checker (64 bit).lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jul 2 04:56:40
2024, mtime=Tue Jul 2 04:56:40 2024, atime=Tue Jul 2 04:56:40 2024, length=46592, window=hide
|
dropped
|
There are 185 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\x.exe
|
"C:\Users\user\Desktop\x.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\3582-490\x.exe
|
"C:\Users\user~1\AppData\Local\Temp\3582-490\x.exe"
|
|
|
|
C:\Windows\svchost.com
|
"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference
-ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\3582-490\x.exe'
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user~1\AppData\Local\Temp\3582-490\x.exe'
|
|
|
|
C:\Windows\svchost.com
|
"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference
-ExclusionProcess 'x.exe'
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'x.exe'
|
|
|
|
C:\Windows\svchost.com
|
"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference
-ExclusionPath 'C:\ProgramData\Java Update Checker (64 bit).exe'
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\Java
Update Checker (64 bit).exe'
|
|
|
|
C:\Windows\svchost.com
|
"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference
-ExclusionProcess 'Java Update Checker (64 bit).exe'
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Java
Update Checker (64 bit).exe'
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
45.141.26.232
|
|
||
|
http://www.autoitscript.com/autoit3/J
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/
|
unknown
|
||
|
https://www.autoitscript.com/autoit3/
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://crl.m
|
unknown
|
||
|
https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ffDilithium2Dilith
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://ion=v4.5
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
http://127.0.0.1:13556/InsiderSlabBehaviorReportedBuildInsiderSlabBehaviorInsiderSlabBehaviorReporte
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/8
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 16 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip-api.com
|
208.95.112.1
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
|
|
45.141.26.232
|
unknown
|
Netherlands
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\x_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.ApplicationCompany
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
30CE000
|
trusted library allocation
|
page read and write
|
|
|
|
3001000
|
trusted library allocation
|
page read and write
|
|
|
|
DC2000
|
unkown
|
page readonly
|
|
|
|
409000
|
unkown
|
page read and write
|
|
|
|
54AC000
|
stack
|
page read and write
|
||
|
267E000
|
stack
|
page read and write
|
||
|
44B0000
|
trusted library allocation
|
page read and write
|
||
|
666A000
|
trusted library allocation
|
page read and write
|
||
|
4FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FD8000
|
direct allocation
|
page read and write
|
||
|
7CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
13001000
|
trusted library allocation
|
page read and write
|
||
|
1F3E000
|
stack
|
page read and write
|
||
|
765E000
|
stack
|
page read and write
|
||
|
723B000
|
stack
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
85CB000
|
heap
|
page read and write
|
||
|
2060000
|
direct allocation
|
page read and write
|
||
|
7FFAACC36000
|
trusted library allocation
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
7380000
|
trusted library allocation
|
page read and write
|
||
|
8500000
|
trusted library allocation
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
463C000
|
stack
|
page read and write
|
||
|
51FF000
|
trusted library allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
203F000
|
stack
|
page read and write
|
||
|
1BF9E000
|
stack
|
page read and write
|
||
|
193000
|
stack
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
45B8000
|
trusted library allocation
|
page read and write
|
||
|
7810000
|
trusted library allocation
|
page read and write
|
||
|
4E50000
|
trusted library allocation
|
page read and write
|
||
|
2070000
|
direct allocation
|
page read and write
|
||
|
855A000
|
heap
|
page read and write
|
||
|
7EF0000
|
trusted library allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
6DFD000
|
stack
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
87F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4941000
|
trusted library allocation
|
page read and write
|
||
|
484E000
|
stack
|
page read and write
|
||
|
72A0000
|
heap
|
page execute and read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
7A30000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
6AC000
|
heap
|
page read and write
|
||
|
88F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
81B2000
|
trusted library allocation
|
page read and write
|
||
|
5370000
|
trusted library allocation
|
page execute and read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
4510000
|
trusted library allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
7F0D000
|
stack
|
page read and write
|
||
|
6282000
|
trusted library allocation
|
page read and write
|
||
|
846E000
|
stack
|
page read and write
|
||
|
76EB000
|
heap
|
page read and write
|
||
|
565000
|
heap
|
page read and write
|
||
|
57F1000
|
trusted library allocation
|
page read and write
|
||
|
5226000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBA4000
|
trusted library allocation
|
page read and write
|
||
|
8363000
|
trusted library allocation
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
7F040000
|
trusted library allocation
|
page execute and read and write
|
||
|
2073000
|
direct allocation
|
page read and write
|
||
|
4E6A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FE4000
|
direct allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
2DFB000
|
heap
|
page read and write
|
||
|
6B7E000
|
stack
|
page read and write
|
||
|
4505000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EA0000
|
trusted library allocation
|
page read and write
|
||
|
6262000
|
trusted library allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
80FE000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
6527000
|
trusted library allocation
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
5D6000
|
heap
|
page read and write
|
||
|
6D3D000
|
stack
|
page read and write
|
||
|
897E000
|
stack
|
page read and write
|
||
|
1293000
|
heap
|
page read and write
|
||
|
7E2D000
|
trusted library allocation
|
page read and write
|
||
|
337D000
|
heap
|
page read and write
|
||
|
85B9000
|
stack
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
194000
|
stack
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
761E000
|
stack
|
page read and write
|
||
|
7C1B000
|
heap
|
page read and write
|
||
|
778D000
|
heap
|
page read and write
|
||
|
81E000
|
stack
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
8598000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
285E000
|
stack
|
page read and write
|
||
|
704AD000
|
unkown
|
page read and write
|
||
|
986000
|
heap
|
page read and write
|
||
|
7D30000
|
trusted library allocation
|
page read and write
|
||
|
85CD000
|
stack
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
564A000
|
trusted library allocation
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
4B1D000
|
stack
|
page read and write
|
||
|
2068000
|
direct allocation
|
page read and write
|
||
|
85E000
|
stack
|
page read and write
|
||
|
966000
|
heap
|
page read and write
|
||
|
488E000
|
stack
|
page read and write
|
||
|
7A50000
|
trusted library allocation
|
page read and write
|
||
|
6DBD000
|
stack
|
page read and write
|
||
|
48D0000
|
heap
|
page read and write
|
||
|
69E0000
|
trusted library allocation
|
page read and write
|
||
|
52FB000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
8572000
|
heap
|
page read and write
|
||
|
1B9B0000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
2080000
|
heap
|
page read and write
|
||
|
8B1E000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
79A0000
|
trusted library allocation
|
page read and write
|
||
|
7EC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
8E43000
|
trusted library allocation
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
752E000
|
stack
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
7A81000
|
heap
|
page read and write
|
||
|
73C0000
|
trusted library allocation
|
page read and write
|
||
|
8A20000
|
trusted library allocation
|
page read and write
|
||
|
7BF2000
|
heap
|
page read and write
|
||
|
8810000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
789E000
|
stack
|
page read and write
|
||
|
C00000
|
trusted library section
|
page read and write
|
||
|
6FC0000
|
heap
|
page read and write
|
||
|
7E4D000
|
stack
|
page read and write
|
||
|
2100000
|
direct allocation
|
page read and write
|
||
|
7110000
|
heap
|
page read and write
|
||
|
85A8000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
6A2000
|
heap
|
page read and write
|
||
|
7FB8000
|
heap
|
page read and write
|
||
|
5C91000
|
trusted library allocation
|
page read and write
|
||
|
1BB90000
|
heap
|
page execute and read and write
|
||
|
64E9000
|
trusted library allocation
|
page read and write
|
||
|
4EA3000
|
trusted library allocation
|
page read and write
|
||
|
7E30000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC66000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B030000
|
trusted library allocation
|
page read and write
|
||
|
2078000
|
direct allocation
|
page read and write
|
||
|
2EDB000
|
stack
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
8232000
|
trusted library allocation
|
page read and write
|
||
|
4C1E000
|
stack
|
page read and write
|
||
|
4C7A000
|
stack
|
page read and write
|
||
|
2068000
|
direct allocation
|
page read and write
|
||
|
5961000
|
trusted library allocation
|
page read and write
|
||
|
15D0000
|
trusted library allocation
|
page read and write
|
||
|
B69000
|
stack
|
page read and write
|
||
|
799E000
|
stack
|
page read and write
|
||
|
5AF2000
|
trusted library allocation
|
page read and write
|
||
|
6C90000
|
heap
|
page read and write
|
||
|
73F000
|
stack
|
page read and write
|
||
|
756E000
|
stack
|
page read and write
|
||
|
7F6D000
|
trusted library allocation
|
page read and write
|
||
|
493E000
|
stack
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
4FF0000
|
trusted library allocation
|
page read and write
|
||
|
7E60000
|
trusted library allocation
|
page read and write
|
||
|
7FC8000
|
heap
|
page read and write
|
||
|
9ED000
|
stack
|
page read and write
|
||
|
4907000
|
heap
|
page read and write
|
||
|
6A75000
|
heap
|
page execute and read and write
|
||
|
8061000
|
heap
|
page read and write
|
||
|
8C1E000
|
stack
|
page read and write
|
||
|
4E4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
7D8E000
|
stack
|
page read and write
|
||
|
73B0000
|
trusted library allocation
|
page read and write
|
||
|
69DC000
|
stack
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
2D98000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
7FFAACB80000
|
trusted library allocation
|
page read and write
|
||
|
4B5B000
|
stack
|
page read and write
|
||
|
76C0000
|
heap
|
page read and write
|
||
|
8780000
|
trusted library allocation
|
page read and write
|
||
|
547000
|
heap
|
page read and write
|
||
|
44EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
794D000
|
stack
|
page read and write
|
||
|
49CB000
|
stack
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
5330000
|
trusted library allocation
|
page read and write
|
||
|
C2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
204E000
|
stack
|
page read and write
|
||
|
8071000
|
heap
|
page read and write
|
||
|
6CB000
|
heap
|
page read and write
|
||
|
7FC0000
|
heap
|
page read and write
|
||
|
7FCC8000
|
trusted library allocation
|
page execute and read and write
|
||
|
7063000
|
heap
|
page read and write
|
||
|
71AD000
|
heap
|
page read and write
|
||
|
8028000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
72EE000
|
stack
|
page read and write
|
||
|
8260000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
863F000
|
stack
|
page read and write
|
||
|
7FC0000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
7EE0000
|
trusted library allocation
|
page read and write
|
||
|
45E0000
|
trusted library allocation
|
page read and write
|
||
|
7C80000
|
heap
|
page execute and read and write
|
||
|
6137000
|
trusted library allocation
|
page read and write
|
||
|
6D7B000
|
stack
|
page read and write
|
||
|
1C3DE000
|
stack
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
71B2000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
455E000
|
stack
|
page read and write
|
||
|
B2E000
|
stack
|
page read and write
|
||
|
7220000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
3067000
|
heap
|
page read and write
|
||
|
777A000
|
heap
|
page read and write
|
||
|
7430000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
7420000
|
trusted library allocation
|
page read and write
|
||
|
C24000
|
trusted library allocation
|
page read and write
|
||
|
7FCB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F3E000
|
stack
|
page read and write
|
||
|
7FFAACC40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A00000
|
trusted library allocation
|
page read and write
|
||
|
948000
|
heap
|
page read and write
|
||
|
44CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACD30000
|
trusted library allocation
|
page execute and read and write
|
||
|
30A2000
|
trusted library allocation
|
page read and write
|
||
|
2F18000
|
stack
|
page read and write
|
||
|
7E9D000
|
stack
|
page read and write
|
||
|
2068000
|
direct allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
7FFAACC30000
|
trusted library allocation
|
page read and write
|
||
|
905E000
|
stack
|
page read and write
|
||
|
5AFD000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
3097000
|
trusted library allocation
|
page read and write
|
||
|
771E000
|
stack
|
page read and write
|
||
|
4E70000
|
trusted library allocation
|
page read and write
|
||
|
7A20000
|
trusted library allocation
|
page read and write
|
||
|
79B0000
|
trusted library allocation
|
page read and write
|
||
|
860E000
|
stack
|
page read and write
|
||
|
1F10000
|
direct allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
7D1E000
|
stack
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
75C1000
|
heap
|
page read and write
|
||
|
5616000
|
trusted library allocation
|
page read and write
|
||
|
26FE000
|
stack
|
page read and write
|
||
|
131D000
|
heap
|
page read and write
|
||
|
4F1E000
|
stack
|
page read and write
|
||
|
6664000
|
trusted library allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
44C4000
|
trusted library allocation
|
page read and write
|
||
|
4E43000
|
trusted library allocation
|
page execute and read and write
|
||
|
807C000
|
heap
|
page read and write
|
||
|
734D000
|
stack
|
page read and write
|
||
|
6A70000
|
heap
|
page execute and read and write
|
||
|
2088000
|
direct allocation
|
page read and write
|
||
|
80E2000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
2068000
|
direct allocation
|
page read and write
|
||
|
8C92000
|
trusted library allocation
|
page read and write
|
||
|
7820000
|
trusted library allocation
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
1273000
|
heap
|
page read and write
|
||
|
1FD8000
|
direct allocation
|
page read and write
|
||
|
7FFAACD50000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
5E38000
|
trusted library allocation
|
page read and write
|
||
|
5642000
|
trusted library allocation
|
page read and write
|
||
|
B87000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
418000
|
unkown
|
page readonly
|
||
|
6FD0000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
5319000
|
trusted library allocation
|
page read and write
|
||
|
2750000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
759D000
|
stack
|
page read and write
|
||
|
74C0000
|
trusted library allocation
|
page read and write
|
||
|
8530000
|
trusted library allocation
|
page execute and read and write
|
||
|
46CE000
|
stack
|
page read and write
|
||
|
8B9E000
|
stack
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
86FE000
|
stack
|
page read and write
|
||
|
8910000
|
trusted library allocation
|
page read and write
|
||
|
7F7A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6948000
|
trusted library allocation
|
page read and write
|
||
|
8AC1000
|
heap
|
page read and write
|
||
|
1CAE0000
|
heap
|
page read and write
|
||
|
44FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
719A000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
7980000
|
trusted library allocation
|
page execute and read and write
|
||
|
12BD000
|
heap
|
page read and write
|
||
|
863D000
|
stack
|
page read and write
|
||
|
7FFAACD20000
|
trusted library allocation
|
page read and write
|
||
|
7E50000
|
trusted library allocation
|
page read and write
|
||
|
890B000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
60D1000
|
trusted library allocation
|
page read and write
|
||
|
938000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
725E000
|
stack
|
page read and write
|
||
|
ADF000
|
stack
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
8555000
|
heap
|
page read and write
|
||
|
7FBC000
|
heap
|
page read and write
|
||
|
4A96000
|
trusted library allocation
|
page read and write
|
||
|
2100000
|
heap
|
page read and write
|
||
|
2064000
|
direct allocation
|
page read and write
|
||
|
5E27000
|
trusted library allocation
|
page read and write
|
||
|
7F40000
|
trusted library allocation
|
page read and write
|
||
|
44F0000
|
trusted library allocation
|
page read and write
|
||
|
2068000
|
direct allocation
|
page read and write
|
||
|
309F000
|
trusted library allocation
|
page read and write
|
||
|
7F50000
|
heap
|
page read and write
|
||
|
788E000
|
stack
|
page read and write
|
||
|
557000
|
stack
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
7040000
|
heap
|
page read and write
|
||
|
662000
|
heap
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
699C000
|
stack
|
page read and write
|
||
|
8BDC000
|
stack
|
page read and write
|
||
|
743B000
|
stack
|
page read and write
|
||
|
65F000
|
stack
|
page read and write
|
||
|
7C02000
|
heap
|
page read and write
|
||
|
7430000
|
trusted library allocation
|
page read and write
|
||
|
7B80000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
769E000
|
stack
|
page read and write
|
||
|
AAE000
|
stack
|
page read and write
|
||
|
58A2000
|
trusted library allocation
|
page read and write
|
||
|
73BC000
|
stack
|
page read and write
|
||
|
194000
|
stack
|
page read and write
|
||
|
795000
|
heap
|
page read and write
|
||
|
7460000
|
trusted library allocation
|
page read and write
|
||
|
7181000
|
heap
|
page read and write
|
||
|
1FD8000
|
direct allocation
|
page read and write
|
||
|
7FB0000
|
heap
|
page read and write
|
||
|
5310000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
7A10000
|
trusted library allocation
|
page read and write
|
||
|
7480000
|
trusted library allocation
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
30E1000
|
trusted library allocation
|
page read and write
|
||
|
7990000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
6279000
|
trusted library allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
700E000
|
heap
|
page read and write
|
||
|
8104000
|
heap
|
page read and write
|
||
|
67E000
|
heap
|
page read and write
|
||
|
8970000
|
trusted library allocation
|
page read and write
|
||
|
70E1000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
7E0E000
|
stack
|
page read and write
|
||
|
74EE000
|
stack
|
page read and write
|
||
|
8B8D000
|
heap
|
page read and write
|
||
|
4DE7000
|
trusted library allocation
|
page read and write
|
||
|
6B7000
|
heap
|
page read and write
|
||
|
5A25000
|
trusted library allocation
|
page read and write
|
||
|
4ED0000
|
heap
|
page read and write
|
||
|
5304000
|
trusted library allocation
|
page read and write
|
||
|
4D17000
|
heap
|
page read and write
|
||
|
1CAE5000
|
heap
|
page read and write
|
||
|
737E000
|
stack
|
page read and write
|
||
|
80DE000
|
heap
|
page read and write
|
||
|
2150000
|
heap
|
page read and write
|
||
|
858E000
|
stack
|
page read and write
|
||
|
5E3F000
|
trusted library allocation
|
page read and write
|
||
|
1FE8000
|
direct allocation
|
page read and write
|
||
|
80D5000
|
heap
|
page read and write
|
||
|
7550000
|
heap
|
page execute and read and write
|
||
|
7EDE000
|
stack
|
page read and write
|
||
|
505D000
|
trusted library allocation
|
page read and write
|
||
|
856A000
|
heap
|
page read and write
|
||
|
1BFA6000
|
heap
|
page read and write
|
||
|
704AF000
|
unkown
|
page readonly
|
||
|
583C000
|
trusted library allocation
|
page read and write
|
||
|
467C000
|
stack
|
page read and write
|
||
|
4500000
|
trusted library allocation
|
page read and write
|
||
|
7840000
|
heap
|
page execute and read and write
|
||
|
8032000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
74A0000
|
trusted library allocation
|
page read and write
|
||
|
96D000
|
heap
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
732F000
|
stack
|
page read and write
|
||
|
4BDF000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7400000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
710B000
|
stack
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
84EE000
|
stack
|
page read and write
|
||
|
4E75000
|
trusted library allocation
|
page execute and read and write
|
||
|
81C0000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
5300000
|
trusted library allocation
|
page read and write
|
||
|
718C000
|
heap
|
page read and write
|
||
|
8B82000
|
heap
|
page read and write
|
||
|
8350000
|
trusted library allocation
|
page read and write
|
||
|
1C7D5000
|
stack
|
page read and write
|
||
|
6AFB000
|
stack
|
page read and write
|
||
|
8030000
|
heap
|
page read and write
|
||
|
7D2A000
|
trusted library allocation
|
page read and write
|
||
|
6C6000
|
heap
|
page read and write
|
||
|
4DE8000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F7B8000
|
trusted library allocation
|
page execute and read and write
|
||
|
78DE000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
6C00000
|
heap
|
page read and write
|
||
|
53B4000
|
trusted library allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
7F90000
|
trusted library allocation
|
page read and write
|
||
|
2088000
|
direct allocation
|
page read and write
|
||
|
6673000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
76B0000
|
heap
|
page read and write
|
||
|
698000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
53CE000
|
stack
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
6B5000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
7A40000
|
trusted library allocation
|
page read and write
|
||
|
6A5000
|
heap
|
page read and write
|
||
|
A0A000
|
heap
|
page read and write
|
||
|
2088000
|
direct allocation
|
page read and write
|
||
|
1111000
|
stack
|
page read and write
|
||
|
498D000
|
stack
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
30B8000
|
trusted library allocation
|
page read and write
|
||
|
1600000
|
heap
|
page execute and read and write
|
||
|
7F6B000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
71F0000
|
heap
|
page execute and read and write
|
||
|
909D000
|
stack
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
714E000
|
stack
|
page read and write
|
||
|
A5F000
|
stack
|
page read and write
|
||
|
692000
|
heap
|
page read and write
|
||
|
6ABD000
|
stack
|
page read and write
|
||
|
780E000
|
stack
|
page read and write
|
||
|
7470000
|
trusted library allocation
|
page read and write
|
||
|
7490000
|
trusted library allocation
|
page read and write
|
||
|
856E000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
509D000
|
stack
|
page read and write
|
||
|
803C000
|
heap
|
page read and write
|
||
|
4E60000
|
trusted library allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
3358000
|
heap
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
5639000
|
trusted library allocation
|
page read and write
|
||
|
7F87000
|
trusted library allocation
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
73FD000
|
stack
|
page read and write
|
||
|
4770000
|
heap
|
page execute and read and write
|
||
|
7FD18000
|
trusted library allocation
|
page execute and read and write
|
||
|
44D9000
|
trusted library allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
5CB9000
|
trusted library allocation
|
page read and write
|
||
|
220F000
|
stack
|
page read and write
|
||
|
6BE000
|
heap
|
page read and write
|
||
|
AF0000
|
trusted library section
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
8AC5000
|
heap
|
page read and write
|
||
|
8059000
|
heap
|
page read and write
|
||
|
5418000
|
trusted library allocation
|
page read and write
|
||
|
513D000
|
trusted library allocation
|
page read and write
|
||
|
7410000
|
trusted library allocation
|
page read and write
|
||
|
145E000
|
stack
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
2088000
|
direct allocation
|
page read and write
|
||
|
2050000
|
direct allocation
|
page read and write
|
||
|
3373000
|
heap
|
page read and write
|
||
|
7EB0000
|
trusted library allocation
|
page read and write
|
||
|
5BFB000
|
trusted library allocation
|
page read and write
|
||
|
45B7000
|
heap
|
page read and write
|
||
|
75DB000
|
stack
|
page read and write
|
||
|
7FFAACB84000
|
trusted library allocation
|
page read and write
|
||
|
1FD0000
|
direct allocation
|
page read and write
|
||
|
8C5E000
|
stack
|
page read and write
|
||
|
8AB1000
|
heap
|
page read and write
|
||
|
7F00000
|
trusted library allocation
|
page read and write
|
||
|
83D0000
|
trusted library allocation
|
page read and write
|
||
|
76D2000
|
heap
|
page read and write
|
||
|
BBD000
|
stack
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
53B2000
|
trusted library allocation
|
page read and write
|
||
|
8240000
|
trusted library allocation
|
page read and write
|
||
|
44F0000
|
trusted library allocation
|
page read and write
|
||
|
1FE0000
|
direct allocation
|
page read and write
|
||
|
532A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
8064000
|
heap
|
page read and write
|
||
|
8983000
|
trusted library allocation
|
page read and write
|
||
|
87E0000
|
trusted library allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
1FE3000
|
direct allocation
|
page read and write
|
||
|
45D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
34D7000
|
heap
|
page read and write
|
||
|
505F000
|
trusted library allocation
|
page read and write
|
||
|
992000
|
heap
|
page read and write
|
||
|
8760000
|
trusted library allocation
|
page read and write
|
||
|
6BBD000
|
stack
|
page read and write
|
||
|
4C91000
|
trusted library allocation
|
page read and write
|
||
|
890D000
|
trusted library allocation
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
130E000
|
heap
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
7ED0000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
8CB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7052000
|
heap
|
page read and write
|
||
|
458E000
|
stack
|
page read and write
|
||
|
7450000
|
trusted library allocation
|
page read and write
|
||
|
8628000
|
heap
|
page read and write
|
||
|
30F2000
|
trusted library allocation
|
page read and write
|
||
|
1BAFE000
|
stack
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
7FFAACB90000
|
trusted library allocation
|
page read and write
|
||
|
8ECE000
|
stack
|
page read and write
|
||
|
5C99000
|
trusted library allocation
|
page read and write
|
||
|
546C000
|
stack
|
page read and write
|
||
|
54B0000
|
heap
|
page read and write
|
||
|
4502000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
8430000
|
trusted library allocation
|
page execute and read and write
|
||
|
306C000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB83000
|
trusted library allocation
|
page execute and read and write
|
||
|
808A000
|
heap
|
page read and write
|
||
|
730E000
|
stack
|
page read and write
|
||
|
30A6000
|
trusted library allocation
|
page read and write
|
||
|
8270000
|
trusted library allocation
|
page read and write
|
||
|
7001000
|
heap
|
page read and write
|
||
|
50D1000
|
trusted library allocation
|
page read and write
|
||
|
860000
|
trusted library section
|
page read and write
|
||
|
705E000
|
heap
|
page read and write
|
||
|
1C4DE000
|
stack
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
78CE000
|
stack
|
page read and write
|
||
|
7FFB1E0E0000
|
unkown
|
page readonly
|
||
|
7015000
|
heap
|
page read and write
|
||
|
7F80000
|
trusted library allocation
|
page read and write
|
||
|
1BD9F000
|
stack
|
page read and write
|
||
|
8AB9000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
84CB000
|
stack
|
page read and write
|
||
|
3093000
|
trusted library allocation
|
page read and write
|
||
|
7CB0000
|
trusted library allocation
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
805D000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
3348000
|
heap
|
page read and write
|
||
|
5E41000
|
trusted library allocation
|
page read and write
|
||
|
6653000
|
trusted library allocation
|
page read and write
|
||
|
7BC0000
|
heap
|
page read and write
|
||
|
8520000
|
heap
|
page read and write
|
||
|
6CF000
|
heap
|
page read and write
|
||
|
2E4A000
|
heap
|
page read and write
|
||
|
4D5E000
|
stack
|
page read and write
|
||
|
C39000
|
trusted library allocation
|
page read and write
|
||
|
15F0000
|
trusted library allocation
|
page read and write
|
||
|
1C8DA000
|
stack
|
page read and write
|
||
|
540F000
|
stack
|
page read and write
|
||
|
75AF000
|
stack
|
page read and write
|
||
|
7360000
|
trusted library allocation
|
page execute and read and write
|
||
|
194000
|
stack
|
page read and write
|
||
|
8CA0000
|
trusted library allocation
|
page read and write
|
||
|
7FE0000
|
trusted library allocation
|
page read and write
|
||
|
77C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
807A000
|
heap
|
page read and write
|
||
|
52E000
|
stack
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
1B58D000
|
stack
|
page read and write
|
||
|
6F7E000
|
stack
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
7FFB1E102000
|
unkown
|
page readonly
|
||
|
2FD6000
|
heap
|
page read and write
|
||
|
8A94000
|
heap
|
page read and write
|
||
|
1C2DE000
|
stack
|
page read and write
|
||
|
8772000
|
trusted library allocation
|
page read and write
|
||
|
79E0000
|
trusted library allocation
|
page read and write
|
||
|
4C30000
|
heap
|
page execute and read and write
|
||
|
1BFA0000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
2DBD000
|
heap
|
page read and write
|
||
|
2064000
|
direct allocation
|
page read and write
|
||
|
7EA0000
|
trusted library allocation
|
page read and write
|
||
|
7BFA000
|
heap
|
page read and write
|
||
|
8CC9000
|
trusted library allocation
|
page read and write
|
||
|
8FDD000
|
stack
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
73D0000
|
trusted library allocation
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
5969000
|
trusted library allocation
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
7FFB1E100000
|
unkown
|
page read and write
|
||
|
7DCF000
|
stack
|
page read and write
|
||
|
83E0000
|
trusted library allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
62A000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
4C35000
|
heap
|
page execute and read and write
|
||
|
9AB000
|
stack
|
page read and write
|
||
|
5672000
|
trusted library allocation
|
page read and write
|
||
|
4E90000
|
trusted library allocation
|
page read and write
|
||
|
5BE6000
|
trusted library allocation
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
203E000
|
stack
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
560F000
|
trusted library allocation
|
page read and write
|
||
|
70490000
|
unkown
|
page readonly
|
||
|
8A30000
|
trusted library allocation
|
page read and write
|
||
|
8250000
|
trusted library allocation
|
page execute and read and write
|
||
|
7194000
|
heap
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
79B2000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
1291000
|
heap
|
page read and write
|
||
|
45F7000
|
heap
|
page read and write
|
||
|
1FD8000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
5EA3000
|
trusted library allocation
|
page read and write
|
||
|
8093000
|
heap
|
page read and write
|
||
|
44AE000
|
stack
|
page read and write
|
||
|
49A3000
|
trusted library allocation
|
page read and write
|
||
|
308F000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
1300E000
|
trusted library allocation
|
page read and write
|
||
|
7190000
|
heap
|
page read and write
|
||
|
80F2000
|
heap
|
page read and write
|
||
|
707000
|
heap
|
page read and write
|
||
|
4B9E000
|
stack
|
page read and write
|
||
|
7440000
|
trusted library allocation
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4540000
|
heap
|
page execute and read and write
|
||
|
4F5F000
|
stack
|
page read and write
|
||
|
415000
|
unkown
|
page read and write
|
||
|
7230000
|
trusted library allocation
|
page read and write
|
||
|
3099000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
4A40000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
6FA0000
|
heap
|
page execute and read and write
|
||
|
64E1000
|
trusted library allocation
|
page read and write
|
||
|
2C9F000
|
stack
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
7733000
|
heap
|
page read and write
|
||
|
530D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E20000
|
trusted library allocation
|
page read and write
|
||
|
3091000
|
trusted library allocation
|
page read and write
|
||
|
8ABD000
|
heap
|
page read and write
|
||
|
5BEE000
|
trusted library allocation
|
page read and write
|
||
|
8012000
|
heap
|
page read and write
|
||
|
6B3E000
|
stack
|
page read and write
|
||
|
8E30000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
1FD8000
|
direct allocation
|
page read and write
|
||
|
7EE0000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7555000
|
heap
|
page execute and read and write
|
||
|
2FEF000
|
stack
|
page read and write
|
||
|
5332000
|
trusted library allocation
|
page read and write
|
||
|
1F00000
|
direct allocation
|
page read and write
|
||
|
2074000
|
direct allocation
|
page read and write
|
||
|
850D000
|
trusted library allocation
|
page read and write
|
||
|
218F000
|
stack
|
page read and write
|
||
|
62E000
|
heap
|
page read and write
|
||
|
79D0000
|
trusted library allocation
|
page read and write
|
||
|
2088000
|
direct allocation
|
page read and write
|
||
|
30A9000
|
trusted library allocation
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
44F2000
|
trusted library allocation
|
page read and write
|
||
|
2180000
|
heap
|
page read and write
|
||
|
6F6E000
|
stack
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
51B000
|
stack
|
page read and write
|
||
|
790E000
|
stack
|
page read and write
|
||
|
8AD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20F0000
|
heap
|
page read and write
|
||
|
704AD000
|
unkown
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
7787000
|
heap
|
page read and write
|
||
|
8A0F000
|
stack
|
page read and write
|
||
|
9ED000
|
heap
|
page read and write
|
||
|
2440000
|
heap
|
page read and write
|
||
|
1FEB000
|
direct allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
7F70000
|
trusted library allocation
|
page execute and read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
5AB2000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB92000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
8B59000
|
stack
|
page read and write
|
||
|
728E000
|
stack
|
page read and write
|
||
|
BFB000
|
stack
|
page read and write
|
||
|
8020000
|
heap
|
page read and write
|
||
|
8566000
|
heap
|
page read and write
|
||
|
13011000
|
trusted library allocation
|
page read and write
|
||
|
55D000
|
stack
|
page read and write
|
||
|
863C000
|
heap
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page execute and read and write
|
||
|
7420000
|
trusted library allocation
|
page read and write
|
||
|
85FE000
|
stack
|
page read and write
|
||
|
2E57000
|
heap
|
page read and write
|
||
|
7C22000
|
heap
|
page read and write
|
||
|
2D88000
|
heap
|
page read and write
|
||
|
8A90000
|
heap
|
page read and write
|
||
|
7D20000
|
trusted library allocation
|
page read and write
|
||
|
704AD000
|
unkown
|
page read and write
|
||
|
6BA000
|
heap
|
page read and write
|
||
|
8440000
|
trusted library allocation
|
page read and write
|
||
|
736E000
|
stack
|
page read and write
|
||
|
295F000
|
stack
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
5806000
|
trusted library allocation
|
page read and write
|
||
|
72CF000
|
stack
|
page read and write
|
||
|
6E0B000
|
stack
|
page read and write
|
||
|
855E000
|
heap
|
page read and write
|
||
|
5CFB000
|
trusted library allocation
|
page read and write
|
||
|
704AD000
|
unkown
|
page read and write
|
||
|
8055000
|
heap
|
page read and write
|
||
|
53D3000
|
trusted library allocation
|
page read and write
|
||
|
2068000
|
direct allocation
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
7E80000
|
trusted library allocation
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
7D27000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
6E8D000
|
stack
|
page read and write
|
||
|
79DC000
|
stack
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
8562000
|
heap
|
page read and write
|
||
|
867E000
|
stack
|
page read and write
|
||
|
86BD000
|
stack
|
page read and write
|
||
|
928000
|
heap
|
page read and write
|
||
|
776C000
|
heap
|
page read and write
|
||
|
4520000
|
trusted library allocation
|
page read and write
|
||
|
89BE000
|
stack
|
page read and write
|
||
|
2088000
|
direct allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
7760000
|
heap
|
page read and write
|
||
|
81D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
7067000
|
heap
|
page read and write
|
||
|
8E8E000
|
stack
|
page read and write
|
||
|
1660000
|
heap
|
page read and write
|
||
|
8CCF000
|
trusted library allocation
|
page read and write
|
||
|
7F058000
|
trusted library allocation
|
page execute and read and write
|
||
|
191000
|
stack
|
page read and write
|
||
|
7F60000
|
trusted library allocation
|
page read and write
|
||
|
7792000
|
heap
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
6FBE000
|
stack
|
page read and write
|
||
|
6BFA000
|
stack
|
page read and write
|
||
|
8053000
|
heap
|
page read and write
|
||
|
6E4E000
|
stack
|
page read and write
|
||
|
8626000
|
heap
|
page read and write
|
||
|
7E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
873F000
|
stack
|
page read and write
|
||
|
79C0000
|
trusted library allocation
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page read and write
|
||
|
DC0000
|
unkown
|
page readonly
|
||
|
8AF8000
|
heap
|
page read and write
|
||
|
71A6000
|
heap
|
page read and write
|
||
|
864F000
|
stack
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
84AD000
|
stack
|
page read and write
|
||
|
1613000
|
trusted library allocation
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
57F5000
|
trusted library allocation
|
page read and write
|
||
|
7240000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
7E2B000
|
trusted library allocation
|
page read and write
|
||
|
470F000
|
stack
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
7FB4000
|
heap
|
page read and write
|
||
|
7FD0000
|
trusted library allocation
|
page read and write
|
||
|
5AEA000
|
trusted library allocation
|
page read and write
|
||
|
71F5000
|
heap
|
page execute and read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
5A50000
|
trusted library allocation
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
850B000
|
trusted library allocation
|
page read and write
|
||
|
60F9000
|
trusted library allocation
|
page read and write
|
||
|
73E0000
|
trusted library allocation
|
page read and write
|
||
|
459E000
|
stack
|
page read and write
|
||
|
4FDC000
|
stack
|
page read and write
|
||
|
34D0000
|
heap
|
page read and write
|
||
|
83E3000
|
trusted library allocation
|
page read and write
|
||
|
7148000
|
heap
|
page read and write
|
||
|
5E47000
|
trusted library allocation
|
page read and write
|
||
|
7BF7000
|
heap
|
page read and write
|
||
|
7970000
|
trusted library allocation
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
808E000
|
heap
|
page read and write
|
||
|
7CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C90000
|
trusted library allocation
|
page read and write
|
||
|
810D000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
44D0000
|
trusted library allocation
|
page read and write
|
||
|
8AF3000
|
heap
|
page read and write
|
||
|
4E59000
|
trusted library allocation
|
page read and write
|
||
|
127B000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
850E000
|
stack
|
page read and write
|
||
|
1D1DB000
|
stack
|
page read and write
|
||
|
45F0000
|
heap
|
page read and write
|
||
|
4E72000
|
trusted library allocation
|
page read and write
|
||
|
8050000
|
heap
|
page read and write
|
||
|
7227000
|
trusted library allocation
|
page read and write
|
||
|
5306000
|
trusted library allocation
|
page read and write
|
||
|
74B0000
|
trusted library allocation
|
page read and write
|
||
|
4EB8000
|
trusted library allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
1610000
|
trusted library allocation
|
page read and write
|
||
|
494F000
|
stack
|
page read and write
|
||
|
7F8A000
|
trusted library allocation
|
page read and write
|
||
|
1D3DE000
|
stack
|
page read and write
|
||
|
2CC6000
|
heap
|
page read and write
|
||
|
678000
|
heap
|
page read and write
|
||
|
8A9E000
|
heap
|
page read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
7370000
|
trusted library allocation
|
page read and write
|
||
|
73A0000
|
trusted library allocation
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
8B75000
|
heap
|
page read and write
|
||
|
71A3000
|
heap
|
page read and write
|
||
|
58BF000
|
trusted library allocation
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
7817000
|
trusted library allocation
|
page read and write
|
||
|
1FD8000
|
direct allocation
|
page read and write
|
||
|
1C5DD000
|
stack
|
page read and write
|
||
|
6FDE000
|
heap
|
page read and write
|
||
|
8800000
|
trusted library allocation
|
page read and write
|
||
|
8A40000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
84F0000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
8A0E000
|
stack
|
page read and write
|
||
|
67A000
|
heap
|
page read and write
|
||
|
8360000
|
trusted library allocation
|
page read and write
|
||
|
5BD5000
|
trusted library allocation
|
page read and write
|
||
|
5323000
|
trusted library allocation
|
page read and write
|
||
|
5380000
|
heap
|
page execute and read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
721E000
|
stack
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
5522000
|
trusted library allocation
|
page read and write
|
||
|
6F80000
|
trusted library allocation
|
page read and write
|
||
|
7400000
|
trusted library allocation
|
page read and write
|
||
|
26BE000
|
stack
|
page read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
1B9B3000
|
heap
|
page read and write
|
||
|
60F1000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
7F60000
|
trusted library allocation
|
page read and write
|
||
|
71C3000
|
heap
|
page read and write
|
||
|
15AE000
|
stack
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
73AD000
|
stack
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
34BE000
|
stack
|
page read and write
|
||
|
30C2000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
791E000
|
stack
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
2070000
|
direct allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
4E5B000
|
stack
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
7390000
|
trusted library allocation
|
page read and write
|
||
|
65E000
|
stack
|
page read and write
|
||
|
7950000
|
trusted library allocation
|
page read and write
|
||
|
775E000
|
stack
|
page read and write
|
||
|
6F2E000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
7FFB1E105000
|
unkown
|
page readonly
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
C23000
|
trusted library allocation
|
page execute and read and write
|
||
|
1235000
|
heap
|
page read and write
|
||
|
5963000
|
trusted library allocation
|
page read and write
|
||
|
125C000
|
heap
|
page read and write
|
||
|
57ED000
|
trusted library allocation
|
page read and write
|
||
|
73E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
7FFAACC3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
7021000
|
heap
|
page read and write
|
||
|
81F0000
|
trusted library allocation
|
page read and write
|
||
|
6EAE000
|
stack
|
page read and write
|
||
|
4530000
|
heap
|
page readonly
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
1BABA000
|
stack
|
page read and write
|
||
|
DC0000
|
unkown
|
page readonly
|
||
|
5320000
|
trusted library allocation
|
page read and write
|
||
|
9E7000
|
stack
|
page read and write
|
||
|
781A000
|
trusted library allocation
|
page read and write
|
||
|
60D9000
|
trusted library allocation
|
page read and write
|
||
|
12C3000
|
heap
|
page read and write
|
||
|
4900000
|
heap
|
page read and write
|
||
|
7F10000
|
trusted library allocation
|
page read and write
|
||
|
5335000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
4CFE000
|
stack
|
page read and write
|
||
|
7FD00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
5AD2000
|
trusted library allocation
|
page read and write
|
||
|
90DE000
|
stack
|
page read and write
|
||
|
7FC4000
|
heap
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
729E000
|
stack
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
5350000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3070000
|
trusted library allocation
|
page read and write
|
||
|
8FE000
|
stack
|
page read and write
|
||
|
44F5000
|
trusted library allocation
|
page execute and read and write
|
||
|
415000
|
unkown
|
page write copy
|
||
|
8ACD000
|
heap
|
page read and write
|
||
|
7E90000
|
trusted library allocation
|
page read and write
|
||
|
57E4000
|
trusted library allocation
|
page read and write
|
||
|
4CBF000
|
stack
|
page read and write
|
||
|
2E40000
|
trusted library section
|
page read and write
|
||
|
4E44000
|
trusted library allocation
|
page read and write
|
||
|
8CC0000
|
trusted library allocation
|
page read and write
|
||
|
1FD4000
|
direct allocation
|
page read and write
|
||
|
7C3D000
|
heap
|
page read and write
|
||
|
8F90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BC9E000
|
stack
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
7C11000
|
heap
|
page read and write
|
||
|
911E000
|
stack
|
page read and write
|
||
|
85AE000
|
heap
|
page read and write
|
||
|
7410000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
73D0000
|
trusted library allocation
|
page read and write
|
||
|
83DD000
|
stack
|
page read and write
|
||
|
76F8000
|
heap
|
page read and write
|
||
|
8065000
|
heap
|
page read and write
|
||
|
54C1000
|
trusted library allocation
|
page read and write
|
||
|
53D5000
|
trusted library allocation
|
page read and write
|
||
|
59A6000
|
trusted library allocation
|
page read and write
|
||
|
4F9C000
|
stack
|
page read and write
|
||
|
5209000
|
trusted library allocation
|
page read and write
|
||
|
2058000
|
direct allocation
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
70491000
|
unkown
|
page execute read
|
||
|
1250000
|
heap
|
page read and write
|
||
|
7E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
5303000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FCC000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
38B000
|
stack
|
page read and write
|
||
|
7FFAACD40000
|
trusted library allocation
|
page execute and read and write
|
||
|
806D000
|
heap
|
page read and write
|
||
|
695000
|
heap
|
page read and write
|
||
|
5360000
|
heap
|
page readonly
|
||
|
7E70000
|
trusted library allocation
|
page read and write
|
||
|
8069000
|
heap
|
page read and write
|
||
|
7735000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
44E0000
|
trusted library allocation
|
page read and write
|
||
|
704A6000
|
unkown
|
page readonly
|
||
|
4590000
|
heap
|
page read and write
|
||
|
4DDE000
|
stack
|
page read and write
|
||
|
775A000
|
heap
|
page read and write
|
||
|
5BD9000
|
trusted library allocation
|
page read and write
|
||
|
1C9D5000
|
stack
|
page read and write
|
||
|
795E000
|
stack
|
page read and write
|
||
|
4EA0000
|
heap
|
page readonly
|
||
|
45A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
207B000
|
direct allocation
|
page read and write
|
||
|
64C1000
|
trusted library allocation
|
page read and write
|
||
|
75F000
|
stack
|
page read and write
|
||
|
7FFAACBDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
8AC9000
|
heap
|
page read and write
|
||
|
857E000
|
stack
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
79F0000
|
trusted library allocation
|
page read and write
|
||
|
8390000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E1D000
|
stack
|
page read and write
|
||
|
6EEE000
|
stack
|
page read and write
|
||
|
4D44000
|
trusted library allocation
|
page read and write
|
||
|
50C0000
|
heap
|
page execute and read and write
|
||
|
7FFB1E0E1000
|
unkown
|
page execute read
|
||
|
5C91000
|
trusted library allocation
|
page read and write
|
||
|
45A0000
|
heap
|
page readonly
|
||
|
8CD0000
|
trusted library allocation
|
page read and write
|
||
|
71E5000
|
heap
|
page read and write
|
||
|
5BDD000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBA0000
|
trusted library allocation
|
page read and write
|
||
|
8900000
|
trusted library allocation
|
page read and write
|
||
|
7F4F000
|
stack
|
page read and write
|
||
|
8AB5000
|
heap
|
page read and write
|
||
|
81E0000
|
trusted library allocation
|
page read and write
|
||
|
48CE000
|
stack
|
page read and write
|
||
|
7FF2000
|
heap
|
page read and write
|
||
|
8078000
|
heap
|
page read and write
|
||
|
1CFE0000
|
heap
|
page read and write
|
||
|
1665000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
6FFE000
|
stack
|
page read and write
|
||
|
71CD000
|
stack
|
page read and write
|
||
|
7FFAACBAB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2088000
|
direct allocation
|
page read and write
|
||
|
2A5F000
|
stack
|
page read and write
|
||
|
131B000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
6273000
|
trusted library allocation
|
page read and write
|
||
|
5BE2000
|
trusted library allocation
|
page read and write
|
||
|
33B2000
|
heap
|
page read and write
|
||
|
6D7000
|
heap
|
page read and write
|
||
|
718E000
|
stack
|
page read and write
|
||
|
89C0000
|
heap
|
page read and write
|
||
|
722A000
|
trusted library allocation
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
44C0000
|
trusted library allocation
|
page read and write
|
||
|
842E000
|
stack
|
page read and write
|
||
|
347F000
|
stack
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
5BEA000
|
trusted library allocation
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
7F2E000
|
stack
|
page read and write
|
||
|
6A9000
|
heap
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
7F50000
|
trusted library allocation
|
page read and write
|
||
|
8E40000
|
trusted library allocation
|
page read and write
|
||
|
9019000
|
stack
|
page read and write
|
||
|
5941000
|
trusted library allocation
|
page read and write
|
||
|
8790000
|
trusted library allocation
|
page read and write
|
||
|
AEE000
|
stack
|
page read and write
|
||
|
A9E000
|
stack
|
page read and write
|
||
|
803A000
|
heap
|
page read and write
|
||
|
13008000
|
trusted library allocation
|
page read and write
|
||
|
44C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
6C2000
|
heap
|
page read and write
|
||
|
1C04E000
|
heap
|
page read and write
|
||
|
1BE9E000
|
stack
|
page read and write
|
||
|
2D2E000
|
stack
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
875E000
|
stack
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
73B0000
|
trusted library allocation
|
page read and write
|
||
|
52A0000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
7ECB000
|
trusted library allocation
|
page read and write
|
||
|
1FE0000
|
direct allocation
|
page read and write
|
||
|
3103000
|
trusted library allocation
|
page read and write
|
||
|
89CE000
|
stack
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
853B000
|
heap
|
page read and write
|
||
|
7FF454730000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CAD0000
|
heap
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
307D000
|
trusted library allocation
|
page read and write
|
||
|
3C9000
|
stack
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
4CEB000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
45B0000
|
heap
|
page read and write
|
||
|
4D9E000
|
stack
|
page read and write
|
||
|
854C000
|
stack
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
1C001000
|
heap
|
page read and write
|
||
|
8B47000
|
heap
|
page read and write
|
||
|
4790000
|
heap
|
page read and write
|
||
|
7FFB1E0F6000
|
unkown
|
page readonly
|
||
|
76DA000
|
stack
|
page read and write
|
||
|
1FDC000
|
direct allocation
|
page read and write
|
||
|
2088000
|
direct allocation
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
5390000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
5C2E000
|
trusted library allocation
|
page read and write
|
||
|
7049000
|
heap
|
page read and write
|
||
|
7BEB000
|
heap
|
page read and write
|
||
|
8980000
|
trusted library allocation
|
page read and write
|
||
|
206C000
|
direct allocation
|
page read and write
|
||
|
2FAE000
|
stack
|
page read and write
|
||
|
2E7B000
|
heap
|
page read and write
|
||
|
2F1D000
|
stack
|
page read and write
|
||
|
512B000
|
trusted library allocation
|
page read and write
|
||
|
5AE3000
|
trusted library allocation
|
page read and write
|
||
|
A6F000
|
stack
|
page read and write
|
||
|
1D2DE000
|
stack
|
page read and write
|
||
|
1FF8000
|
direct allocation
|
page read and write
|
There are 1157 hidden memdumps, click here to show them.