Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
h1a1eHrclt.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\RCX5EAD.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\RCX5F5A.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\RuntimeBroker.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows Defender\en-GB\RCX5AD2.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows Defender\en-GB\RCX5B70.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows Defender\en-GB\UQXKdqQetSFpkBwLVgNixbuHXutP.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows Defender\en-GB\UQXKdqQetSFpkBwLVgNixbuHXutP.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows NT\RCX70B8.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows NT\RCX7165.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows NT\UQXKdqQetSFpkBwLVgNixbuHXutP.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\jDownloader\RCX646E.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\jDownloader\RCX649D.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\jDownloader\UQXKdqQetSFpkBwLVgNixbuHXutP.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\jDownloader\config\RCX7AF0.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\jDownloader\config\RCX7BAC.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\jDownloader\config\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\jdownloader\UQXKdqQetSFpkBwLVgNixbuHXutP.exe (copy)
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\jdownloader\config\RuntimeBroker.exe (copy)
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\microsoft.net\RedistList\RuntimeBroker.exe (copy)
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\windows defender\en-GB\UQXKdqQetSFpkBwLVgNixbuHXutP.exe (copy)
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\windows nt\UQXKdqQetSFpkBwLVgNixbuHXutP.exe (copy)
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Microsoft Office 15\RCX5253.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Microsoft Office 15\RCX52FF.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Microsoft Office 15\UQXKdqQetSFpkBwLVgNixbuHXutP.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\RCX8321.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\RCX8370.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\UQXKdqQetSFpkBwLVgNixbuHXutP.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows NT\RCX4EA7.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows NT\RCX4FB2.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows NT\UQXKdqQetSFpkBwLVgNixbuHXutP.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Portable Devices\RCX7435.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Portable Devices\RCX74E2.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Portable Devices\UQXKdqQetSFpkBwLVgNixbuHXutP.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\RCX7792.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\RCX784F.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\explorer.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\RCX56C9.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\RCX5766.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\RCX61FB.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\RCX621B.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\UQXKdqQetSFpkBwLVgNixbuHXutP.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\All Users\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\explorer.exe (copy)
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Desktop\Memory Compression.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Desktop\RCX7FC4.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Desktop\RCX8071.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\h1a1eHrclt.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\RCX4BC7.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\RCX4C16.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\h1a1eHrclt.exe (copy)
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\addins\RCX66E1.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\addins\RCX679D.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\addins\UQXKdqQetSFpkBwLVgNixbuHXutP.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\tracing\RCX6B57.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\tracing\RCX6C14.tmp
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\tracing\UQXKdqQetSFpkBwLVgNixbuHXutP.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft.NET\RedistList\9e8d7a4ca61bd9
|
ASCII text, with very long lines (592), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows Defender\en-GB\b090c5ff0df038
|
ASCII text, with very long lines (639), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows NT\UQXKdqQetSFpkBwLVgNixbuHXutP.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows NT\b090c5ff0df038
|
ASCII text, with very long lines (969), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\jDownloader\UQXKdqQetSFpkBwLVgNixbuHXutP.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\jDownloader\b090c5ff0df038
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\jDownloader\config\9e8d7a4ca61bd9
|
ASCII text, with very long lines (307), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\jDownloader\config\RuntimeBroker.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Microsoft Office 15\UQXKdqQetSFpkBwLVgNixbuHXutP.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Microsoft Office 15\b090c5ff0df038
|
ASCII text, with very long lines (732), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\UQXKdqQetSFpkBwLVgNixbuHXutP.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\b090c5ff0df038
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows NT\UQXKdqQetSFpkBwLVgNixbuHXutP.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Windows NT\b090c5ff0df038
|
ASCII text, with very long lines (697), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Portable Devices\UQXKdqQetSFpkBwLVgNixbuHXutP.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Windows Portable Devices\b090c5ff0df038
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\7a0fd90576e088
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\explorer.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Recovery\9e8d7a4ca61bd9
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Recovery\RuntimeBroker.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Recovery\UQXKdqQetSFpkBwLVgNixbuHXutP.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Recovery\b090c5ff0df038
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\Public\Desktop\1a5d5b8dcee3d8
|
ASCII text, with very long lines (823), with no line terminators
|
dropped
|
||
|
C:\Users\Public\Desktop\Memory Compression.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RuntimeBroker.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\UQXKdqQetSFpkBwLVgNixbuHXutP.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\G58brWjr2x.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\fjilrMJ9JG
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\addins\UQXKdqQetSFpkBwLVgNixbuHXutP.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\addins\b090c5ff0df038
|
ASCII text, with very long lines (865), with no line terminators
|
dropped
|
||
|
C:\Windows\tracing\UQXKdqQetSFpkBwLVgNixbuHXutP.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\tracing\b090c5ff0df038
|
ASCII text, with very long lines (309), with no line terminators
|
dropped
|
There are 80 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\h1a1eHrclt.exe
|
"C:\Users\user\Desktop\h1a1eHrclt.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 12 /tr "'C:\Program Files\Windows NT\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutP" /sc ONLOGON /tr "'C:\Program Files\Windows NT\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows NT\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 9 /tr "'C:\Program Files\Microsoft Office 15\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutP" /sc ONLOGON /tr "'C:\Program Files\Microsoft Office 15\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 14 /tr "'C:\Program Files\Microsoft Office 15\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 10 /tr "'C:\Recovery\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutP" /sc ONLOGON /tr "'C:\Recovery\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'" /rl
HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 5 /tr "'C:\Recovery\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\windows defender\en-GB\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutP" /sc ONLOGON /tr "'C:\Program Files (x86)\windows defender\en-GB\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\windows defender\en-GB\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft.net\RedistList\RuntimeBroker.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft.net\RedistList\RuntimeBroker.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\microsoft.net\RedistList\RuntimeBroker.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Recovery\RuntimeBroker.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Recovery\RuntimeBroker.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Recovery\RuntimeBroker.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\jdownloader\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/f
|
|
|
|
C:\Recovery\RuntimeBroker.exe
|
C:\Recovery\RuntimeBroker.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutP" /sc ONLOGON /tr "'C:\Program Files (x86)\jdownloader\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\jdownloader\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Recovery\RuntimeBroker.exe
|
C:\Recovery\RuntimeBroker.exe
|
|
|
|
C:\Program Files (x86)\jDownloader\UQXKdqQetSFpkBwLVgNixbuHXutP.exe
|
"C:\Program Files (x86)\jdownloader\UQXKdqQetSFpkBwLVgNixbuHXutP.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 13 /tr "'C:\Windows\addins\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutP" /sc ONLOGON /tr "'C:\Windows\addins\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Program Files (x86)\jDownloader\UQXKdqQetSFpkBwLVgNixbuHXutP.exe
|
"C:\Program Files (x86)\jdownloader\UQXKdqQetSFpkBwLVgNixbuHXutP.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 11 /tr "'C:\Windows\addins\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 14 /tr "'C:\Windows\tracing\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutP" /sc ONLOGON /tr "'C:\Windows\tracing\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 14 /tr "'C:\Windows\tracing\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 8 /tr "'C:\Recovery\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutP" /sc ONLOGON /tr "'C:\Recovery\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'" /rl
HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 8 /tr "'C:\Recovery\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\windows nt\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutP" /sc ONLOGON /tr "'C:\Program Files (x86)\windows nt\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\windows nt\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutPU" /sc MINUTE /mo 6 /tr "'C:\Program Files\Windows Portable Devices\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "UQXKdqQetSFpkBwLVgNixbuHXutP" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\UQXKdqQetSFpkBwLVgNixbuHXutP.exe'"
/rl HIGHEST /f
|
|
There are 30 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
18.31.95.13.in-addr.arpa
|
unknown
|
||
|
219.53.3.0.in-addr.arpa
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RuntimeBroker
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RuntimeBroker
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
explorer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
explorer
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Memory Compression
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Memory Compression
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RuntimeBroker
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RuntimeBroker
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RuntimeBroker
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
UQXKdqQetSFpkBwLVgNixbuHXutP
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\64941fa9569c179036a9827773aa562137e2eea3
|
c17153b5179e2abe6868dcfec82b4a9074c37cef
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.ApplicationCompany
|
There are 40 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2EA1000
|
trusted library allocation
|
page read and write
|
|
|
|
28A1000
|
trusted library allocation
|
page read and write
|
|
|
|
350C000
|
trusted library allocation
|
page read and write
|
|
|
|
12FBA000
|
trusted library allocation
|
page read and write
|
|
|
|
2DE1000
|
trusted library allocation
|
page read and write
|
|
|
|
34F1000
|
trusted library allocation
|
page read and write
|
|
|
|
2D21000
|
trusted library allocation
|
page read and write
|
|
|
|
2F4C000
|
trusted library allocation
|
page read and write
|
||
|
1415000
|
heap
|
page read and write
|
||
|
10C1000
|
heap
|
page read and write
|
||
|
1045000
|
heap
|
page read and write
|
||
|
1502000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
129A9000
|
trusted library allocation
|
page read and write
|
||
|
1BAFF000
|
stack
|
page read and write
|
||
|
1B802000
|
heap
|
page read and write
|
||
|
1C0E0000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
12F6E000
|
trusted library allocation
|
page read and write
|
||
|
1305D000
|
trusted library allocation
|
page read and write
|
||
|
129AE000
|
trusted library allocation
|
page read and write
|
||
|
1BEB2000
|
heap
|
page read and write
|
||
|
1BDE0000
|
heap
|
page read and write
|
||
|
1C283000
|
heap
|
page read and write
|
||
|
134F1000
|
trusted library allocation
|
page read and write
|
||
|
2B40000
|
trusted library section
|
page read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F1C000
|
trusted library allocation
|
page read and write
|
||
|
1364F000
|
trusted library allocation
|
page read and write
|
||
|
1AD20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
1B760000
|
heap
|
page execute and read and write
|
||
|
EF6000
|
stack
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
1033000
|
heap
|
page read and write
|
||
|
DFF000
|
stack
|
page read and write
|
||
|
1BED3000
|
heap
|
page read and write
|
||
|
7FFD9B936000
|
trusted library allocation
|
page read and write
|
||
|
129FC000
|
trusted library allocation
|
page read and write
|
||
|
12F69000
|
trusted library allocation
|
page read and write
|
||
|
295C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
13616000
|
trusted library allocation
|
page read and write
|
||
|
3466000
|
trusted library allocation
|
page read and write
|
||
|
E65000
|
heap
|
page read and write
|
||
|
135E1000
|
trusted library allocation
|
page read and write
|
||
|
1690000
|
trusted library allocation
|
page read and write
|
||
|
12EB7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B943000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
173D000
|
heap
|
page read and write
|
||
|
1360E000
|
trusted library allocation
|
page read and write
|
||
|
1304C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A8D0000
|
trusted library allocation
|
page read and write
|
||
|
136AF000
|
trusted library allocation
|
page read and write
|
||
|
13647000
|
trusted library allocation
|
page read and write
|
||
|
1320000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
13038000
|
trusted library allocation
|
page read and write
|
||
|
1C20F000
|
heap
|
page read and write
|
||
|
1013000
|
heap
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
13025000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
134F8000
|
trusted library allocation
|
page read and write
|
||
|
12FAB000
|
trusted library allocation
|
page read and write
|
||
|
12FBF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B91B000
|
trusted library allocation
|
page read and write
|
||
|
332D000
|
trusted library allocation
|
page read and write
|
||
|
1C1AD000
|
heap
|
page read and write
|
||
|
1BBA3000
|
stack
|
page read and write
|
||
|
136AB000
|
trusted library allocation
|
page read and write
|
||
|
12ED6000
|
trusted library allocation
|
page read and write
|
||
|
1BE33000
|
heap
|
page read and write
|
||
|
12EBB000
|
trusted library allocation
|
page read and write
|
||
|
1086000
|
heap
|
page read and write
|
||
|
13695000
|
trusted library allocation
|
page read and write
|
||
|
10F9000
|
heap
|
page read and write
|
||
|
ACA000
|
heap
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
129D6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B903000
|
trusted library allocation
|
page read and write
|
||
|
12DE8000
|
trusted library allocation
|
page read and write
|
||
|
1CC02000
|
heap
|
page read and write
|
||
|
1BAAE000
|
stack
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page read and write
|
||
|
1B520000
|
trusted library allocation
|
page read and write
|
||
|
E86000
|
heap
|
page read and write
|
||
|
173B000
|
heap
|
page read and write
|
||
|
7FFD9B7DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8B1000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B92C000
|
trusted library allocation
|
page read and write
|
||
|
128B1000
|
trusted library allocation
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
136DA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B923000
|
trusted library allocation
|
page read and write
|
||
|
136BB000
|
trusted library allocation
|
page read and write
|
||
|
12F9E000
|
trusted library allocation
|
page read and write
|
||
|
970000
|
trusted library allocation
|
page read and write
|
||
|
13FF000
|
stack
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
12EB1000
|
trusted library allocation
|
page read and write
|
||
|
129C7000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
heap
|
page execute and read and write
|
||
|
1C455000
|
heap
|
page read and write
|
||
|
12DED000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B720000
|
trusted library section
|
page read and write
|
||
|
12F9C000
|
trusted library allocation
|
page read and write
|
||
|
1250000
|
trusted library allocation
|
page read and write
|
||
|
105D000
|
heap
|
page read and write
|
||
|
1AED0000
|
trusted library allocation
|
page read and write
|
||
|
18CF000
|
stack
|
page read and write
|
||
|
2950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12A5A000
|
trusted library allocation
|
page read and write
|
||
|
13059000
|
trusted library allocation
|
page read and write
|
||
|
12FF1000
|
trusted library allocation
|
page read and write
|
||
|
3327000
|
trusted library allocation
|
page read and write
|
||
|
2BA0000
|
trusted library section
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
1B680000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
12FD3000
|
trusted library allocation
|
page read and write
|
||
|
12F60000
|
trusted library allocation
|
page read and write
|
||
|
5F6000
|
stack
|
page read and write
|
||
|
14F6000
|
stack
|
page read and write
|
||
|
13625000
|
trusted library allocation
|
page read and write
|
||
|
124E000
|
stack
|
page read and write
|
||
|
1361F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
EAD000
|
heap
|
page read and write
|
||
|
1C270000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
1CF7C000
|
stack
|
page read and write
|
||
|
16D9000
|
heap
|
page read and write
|
||
|
2953000
|
trusted library allocation
|
page read and write
|
||
|
2B90000
|
trusted library section
|
page read and write
|
||
|
12F95000
|
trusted library allocation
|
page read and write
|
||
|
135E4000
|
trusted library allocation
|
page read and write
|
||
|
12DF1000
|
trusted library allocation
|
page read and write
|
||
|
1C108000
|
heap
|
page read and write
|
||
|
13689000
|
trusted library allocation
|
page read and write
|
||
|
1C420000
|
heap
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
1C133000
|
heap
|
page read and write
|
||
|
1402000
|
heap
|
page read and write
|
||
|
12F6B000
|
trusted library allocation
|
page read and write
|
||
|
1C1A1000
|
heap
|
page read and write
|
||
|
1A70000
|
heap
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
1C734000
|
stack
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
13638000
|
trusted library allocation
|
page read and write
|
||
|
102E000
|
heap
|
page read and write
|
||
|
BC0000
|
trusted library allocation
|
page read and write
|
||
|
1BFDA000
|
stack
|
page read and write
|
||
|
1CD2E000
|
stack
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
350A000
|
trusted library allocation
|
page read and write
|
||
|
1C3CF000
|
stack
|
page read and write
|
||
|
1B8DE000
|
stack
|
page read and write
|
||
|
1B740000
|
trusted library section
|
page read and write
|
||
|
1AF02000
|
heap
|
page execute and read and write
|
||
|
13041000
|
trusted library allocation
|
page read and write
|
||
|
12ED9000
|
trusted library allocation
|
page read and write
|
||
|
1C447000
|
heap
|
page read and write
|
||
|
1B36C000
|
stack
|
page read and write
|
||
|
2D1E000
|
stack
|
page read and write
|
||
|
7FFD9B92E000
|
trusted library allocation
|
page read and write
|
||
|
1CA3F000
|
stack
|
page read and write
|
||
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
|
12FED000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F55000
|
trusted library allocation
|
page read and write
|
||
|
12F7C000
|
trusted library allocation
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
A50000
|
unkown
|
page readonly
|
||
|
12EA1000
|
trusted library allocation
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
16FE000
|
heap
|
page read and write
|
||
|
16FA000
|
heap
|
page read and write
|
||
|
135E7000
|
trusted library allocation
|
page read and write
|
||
|
129D0000
|
trusted library allocation
|
page read and write
|
||
|
12B5000
|
heap
|
page read and write
|
||
|
135CD000
|
trusted library allocation
|
page read and write
|
||
|
1C1EF000
|
heap
|
page read and write
|
||
|
135F8000
|
trusted library allocation
|
page read and write
|
||
|
12FE9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12EEA000
|
trusted library allocation
|
page read and write
|
||
|
2956000
|
trusted library allocation
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
1BEAE000
|
stack
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B987000
|
trusted library allocation
|
page read and write
|
||
|
2AFE000
|
stack
|
page read and write
|
||
|
1BCDB000
|
stack
|
page read and write
|
||
|
F02000
|
heap
|
page read and write
|
||
|
1B78F000
|
stack
|
page read and write
|
||
|
1BEB4000
|
heap
|
page read and write
|
||
|
1C232000
|
heap
|
page read and write
|
||
|
12EF1000
|
trusted library allocation
|
page read and write
|
||
|
B02000
|
heap
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C14D000
|
heap
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
2E63000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B798000
|
trusted library allocation
|
page read and write
|
||
|
1970000
|
heap
|
page read and write
|
||
|
13135000
|
trusted library allocation
|
page read and write
|
||
|
12EDC000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page execute and read and write
|
||
|
13030000
|
trusted library allocation
|
page read and write
|
||
|
1950000
|
heap
|
page execute and read and write
|
||
|
1361B000
|
trusted library allocation
|
page read and write
|
||
|
13066000
|
trusted library allocation
|
page read and write
|
||
|
1B7F000
|
stack
|
page read and write
|
||
|
8A0000
|
unkown
|
page readonly
|
||
|
1B9DF000
|
stack
|
page read and write
|
||
|
12FD9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12FCE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
1C112000
|
heap
|
page read and write
|
||
|
1303C000
|
trusted library allocation
|
page read and write
|
||
|
1044000
|
heap
|
page read and write
|
||
|
AC3000
|
heap
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1369D000
|
trusted library allocation
|
page read and write
|
||
|
135EA000
|
trusted library allocation
|
page read and write
|
||
|
1364B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
2E97000
|
trusted library allocation
|
page read and write
|
||
|
13598000
|
trusted library allocation
|
page read and write
|
||
|
12EF000
|
stack
|
page read and write
|
||
|
EED000
|
heap
|
page read and write
|
||
|
1306A000
|
trusted library allocation
|
page read and write
|
||
|
128A1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F63000
|
trusted library allocation
|
page read and write
|
||
|
1A75000
|
heap
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
13674000
|
trusted library allocation
|
page read and write
|
||
|
A0B000
|
heap
|
page read and write
|
||
|
1AD50000
|
trusted library allocation
|
page read and write
|
||
|
A22000
|
heap
|
page read and write
|
||
|
12F2C000
|
trusted library allocation
|
page read and write
|
||
|
129EA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B90C000
|
trusted library allocation
|
page read and write
|
||
|
1C43E000
|
stack
|
page read and write
|
||
|
1BDDD000
|
stack
|
page read and write
|
||
|
12EAD000
|
trusted library allocation
|
page read and write
|
||
|
A54000
|
unkown
|
page readonly
|
||
|
12A68000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B92C000
|
trusted library allocation
|
page read and write
|
||
|
A32000
|
heap
|
page read and write
|
||
|
12A47000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
12EDE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
134FD000
|
trusted library allocation
|
page read and write
|
||
|
12A2F000
|
trusted library allocation
|
page read and write
|
||
|
1BE6A000
|
heap
|
page read and write
|
||
|
13630000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
12A00000
|
trusted library allocation
|
page read and write
|
||
|
1345000
|
heap
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
12E89000
|
trusted library allocation
|
page read and write
|
||
|
1367D000
|
trusted library allocation
|
page read and write
|
||
|
10EE000
|
heap
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
12F6C000
|
trusted library allocation
|
page read and write
|
||
|
8A2000
|
unkown
|
page readonly
|
||
|
129C1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
7FFD9B936000
|
trusted library allocation
|
page read and write
|
||
|
1AE02000
|
heap
|
page read and write
|
||
|
1A10000
|
heap
|
page read and write
|
||
|
A76000
|
heap
|
page read and write
|
||
|
EF4000
|
heap
|
page read and write
|
||
|
1B7D0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F77000
|
trusted library allocation
|
page read and write
|
||
|
134F3000
|
trusted library allocation
|
page read and write
|
||
|
114E000
|
stack
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
12EA8000
|
trusted library allocation
|
page read and write
|
||
|
135CA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F2000
|
trusted library allocation
|
page read and write
|
||
|
AAD000
|
heap
|
page read and write
|
||
|
F16000
|
heap
|
page read and write
|
||
|
129DE000
|
trusted library allocation
|
page read and write
|
||
|
1BA8E000
|
stack
|
page read and write
|
||
|
7FFD9B923000
|
trusted library allocation
|
page read and write
|
||
|
1BECB000
|
heap
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
12A3E000
|
trusted library allocation
|
page read and write
|
||
|
129BC000
|
trusted library allocation
|
page read and write
|
||
|
1700000
|
heap
|
page read and write
|
||
|
7FFD9B92E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B77C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page read and write
|
||
|
1BDAE000
|
stack
|
page read and write
|
||
|
13535000
|
trusted library allocation
|
page read and write
|
||
|
1B46F000
|
stack
|
page read and write
|
||
|
12F04000
|
trusted library allocation
|
page read and write
|
||
|
136B7000
|
trusted library allocation
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
AE5000
|
heap
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B931000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
1BFCE000
|
stack
|
page read and write
|
||
|
2B60000
|
trusted library section
|
page read and write
|
||
|
12EAB000
|
trusted library allocation
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
2B30000
|
trusted library section
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
E8C000
|
heap
|
page read and write
|
||
|
356F000
|
trusted library allocation
|
page read and write
|
||
|
A3C000
|
heap
|
page read and write
|
||
|
12E1E000
|
trusted library allocation
|
page read and write
|
||
|
12EC1000
|
trusted library allocation
|
page read and write
|
||
|
1C20C000
|
heap
|
page read and write
|
||
|
129DA000
|
trusted library allocation
|
page read and write
|
||
|
1B9AF000
|
stack
|
page read and write
|
||
|
12FFA000
|
trusted library allocation
|
page read and write
|
||
|
13048000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page read and write
|
||
|
2963000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B92E000
|
trusted library allocation
|
page read and write
|
||
|
1C1C3000
|
stack
|
page read and write
|
||
|
1C0CF000
|
stack
|
page read and write
|
||
|
A41000
|
heap
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C2A5000
|
heap
|
page read and write
|
||
|
1AE10000
|
trusted library allocation
|
page read and write
|
||
|
12EFB000
|
trusted library allocation
|
page read and write
|
||
|
1C188000
|
heap
|
page read and write
|
||
|
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
104F000
|
heap
|
page read and write
|
||
|
129E7000
|
trusted library allocation
|
page read and write
|
||
|
1B6EE000
|
stack
|
page read and write
|
||
|
12A53000
|
trusted library allocation
|
page read and write
|
||
|
1102000
|
heap
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
1308B000
|
trusted library allocation
|
page read and write
|
||
|
128AD000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B902000
|
heap
|
page execute and read and write
|
||
|
135FC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79C000
|
trusted library allocation
|
page read and write
|
||
|
1BAD3000
|
stack
|
page read and write
|
||
|
12F80000
|
trusted library allocation
|
page read and write
|
||
|
12A64000
|
trusted library allocation
|
page read and write
|
||
|
A13000
|
heap
|
page read and write
|
||
|
7FF4F4610000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C194000
|
heap
|
page read and write
|
||
|
104B000
|
heap
|
page read and write
|
||
|
135CF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B943000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
1B710000
|
trusted library section
|
page read and write
|
||
|
7FFD9B79C000
|
trusted library allocation
|
page read and write
|
||
|
103F000
|
heap
|
page read and write
|
||
|
12F00000
|
trusted library allocation
|
page read and write
|
||
|
1B730000
|
trusted library section
|
page read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
135BA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8B1000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B8AF000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page execute and read and write
|
||
|
12A57000
|
trusted library allocation
|
page read and write
|
||
|
12A3A000
|
trusted library allocation
|
page read and write
|
||
|
12DE3000
|
trusted library allocation
|
page read and write
|
||
|
1049000
|
heap
|
page read and write
|
||
|
129F8000
|
trusted library allocation
|
page read and write
|
||
|
1BE29000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
12A4B000
|
trusted library allocation
|
page read and write
|
||
|
1B7D3000
|
heap
|
page execute and read and write
|
||
|
1B660000
|
heap
|
page execute and read and write
|
||
|
1362B000
|
trusted library allocation
|
page read and write
|
||
|
A95000
|
heap
|
page read and write
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9A2000
|
trusted library allocation
|
page read and write
|
||
|
136C8000
|
trusted library allocation
|
page read and write
|
||
|
1363E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
13690000
|
trusted library allocation
|
page read and write
|
||
|
1C0DA000
|
stack
|
page read and write
|
||
|
289F000
|
stack
|
page read and write
|
||
|
12A32000
|
trusted library allocation
|
page read and write
|
||
|
1C833000
|
stack
|
page read and write
|
||
|
135B7000
|
trusted library allocation
|
page read and write
|
||
|
1C1D7000
|
heap
|
page read and write
|
||
|
7FFD9B936000
|
trusted library allocation
|
page read and write
|
||
|
1C0F8000
|
heap
|
page read and write
|
||
|
12FFE000
|
trusted library allocation
|
page read and write
|
||
|
1B700000
|
trusted library section
|
page read and write
|
||
|
7FFD9B931000
|
trusted library allocation
|
page read and write
|
||
|
1BE25000
|
heap
|
page read and write
|
||
|
12A36000
|
trusted library allocation
|
page read and write
|
||
|
12F7F000
|
trusted library allocation
|
page read and write
|
||
|
E02000
|
heap
|
page read and write
|
||
|
12F98000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
12F79000
|
trusted library allocation
|
page read and write
|
||
|
12F3D000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
1BE9A000
|
heap
|
page read and write
|
||
|
1CC2E000
|
stack
|
page read and write
|
||
|
1C53F000
|
stack
|
page read and write
|
||
|
1C0ED000
|
heap
|
page read and write
|
||
|
1095000
|
heap
|
page read and write
|
||
|
12FE000
|
stack
|
page read and write
|
||
|
12F86000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F1F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BBFE000
|
stack
|
page read and write
|
||
|
7FFD9B8AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B798000
|
trusted library allocation
|
page read and write
|
||
|
105B000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
135C8000
|
trusted library allocation
|
page read and write
|
||
|
A43000
|
heap
|
page read and write
|
||
|
1368D000
|
trusted library allocation
|
page read and write
|
||
|
12EE4000
|
trusted library allocation
|
page read and write
|
||
|
13055000
|
trusted library allocation
|
page read and write
|
||
|
136A6000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page execute and read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
1C16B000
|
heap
|
page read and write
|
||
|
1028000
|
heap
|
page read and write
|
||
|
1BECF000
|
stack
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
1C143000
|
heap
|
page read and write
|
||
|
12F4A000
|
trusted library allocation
|
page read and write
|
||
|
129F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8AF000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page read and write
|
||
|
12F26000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B943000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B961000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA1B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B798000
|
trusted library allocation
|
page read and write
|
||
|
AFD000
|
heap
|
page read and write
|
||
|
13679000
|
trusted library allocation
|
page read and write
|
||
|
129B2000
|
trusted library allocation
|
page read and write
|
||
|
1C2CE000
|
stack
|
page read and write
|
||
|
12FA5000
|
trusted library allocation
|
page read and write
|
||
|
12F8A000
|
trusted library allocation
|
page read and write
|
||
|
13021000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
1975000
|
heap
|
page read and write
|
||
|
1AD1D000
|
stack
|
page read and write
|
||
|
7FFD9B961000
|
trusted library allocation
|
page read and write
|
||
|
1BE5E000
|
heap
|
page read and write
|
||
|
7FFD9B92C000
|
trusted library allocation
|
page read and write
|
||
|
16D6000
|
heap
|
page read and write
|
||
|
12A5E000
|
trusted library allocation
|
page read and write
|
||
|
1BCF3000
|
stack
|
page read and write
|
||
|
1C177000
|
heap
|
page read and write
|
||
|
12FE1000
|
trusted library allocation
|
page read and write
|
||
|
AC5000
|
heap
|
page read and write
|
||
|
1366F000
|
trusted library allocation
|
page read and write
|
||
|
1BE78000
|
heap
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
16D0000
|
heap
|
page read and write
|
||
|
12FBA000
|
trusted library allocation
|
page read and write
|
||
|
1326F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B92C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B931000
|
trusted library allocation
|
page read and write
|
||
|
1302C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B90A000
|
trusted library allocation
|
page read and write
|
||
|
12EED000
|
trusted library allocation
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
1C93E000
|
stack
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
1BF3E000
|
stack
|
page read and write
|
||
|
12F7B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B92A000
|
trusted library allocation
|
page read and write
|
||
|
2CA0000
|
heap
|
page execute and read and write
|
||
|
12F18000
|
trusted library allocation
|
page read and write
|
||
|
1B750000
|
trusted library section
|
page read and write
|
||
|
1C4CE000
|
stack
|
page read and write
|
||
|
12FB6000
|
trusted library allocation
|
page read and write
|
||
|
1078000
|
heap
|
page read and write
|
||
|
12EA3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page execute and read and write
|
||
|
B96000
|
stack
|
page read and write
|
||
|
7FFD9B9DD000
|
trusted library allocation
|
page read and write
|
||
|
1359B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B6F0000
|
trusted library section
|
page read and write
|
||
|
12D21000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
13034000
|
trusted library allocation
|
page read and write
|
||
|
1660000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA1E000
|
trusted library allocation
|
page read and write
|
||
|
1C23D000
|
heap
|
page read and write
|
||
|
1D203000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F4F000
|
trusted library allocation
|
page read and write
|
||
|
16A0000
|
heap
|
page execute and read and write
|
||
|
AE3000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
28F1000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
1BCAE000
|
stack
|
page read and write
|
||
|
7FFD9B92B000
|
trusted library allocation
|
page read and write
|
||
|
12F92000
|
trusted library allocation
|
page read and write
|
||
|
13079000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79C000
|
trusted library allocation
|
page read and write
|
||
|
12F0D000
|
trusted library allocation
|
page read and write
|
||
|
1711000
|
heap
|
page read and write
|
||
|
12F73000
|
trusted library allocation
|
page read and write
|
||
|
12ED3000
|
trusted library allocation
|
page read and write
|
||
|
128A8000
|
trusted library allocation
|
page read and write
|
||
|
1C1C9000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
12A2A000
|
trusted library allocation
|
page read and write
|
||
|
EAA000
|
heap
|
page read and write
|
||
|
12F5C000
|
trusted library allocation
|
page read and write
|
||
|
12F94000
|
trusted library allocation
|
page read and write
|
||
|
10D1000
|
heap
|
page read and write
|
||
|
7FFD9B7A4000
|
trusted library allocation
|
page read and write
|
||
|
1C63E000
|
stack
|
page read and write
|
||
|
1027000
|
heap
|
page read and write
|
||
|
12E9B000
|
trusted library allocation
|
page read and write
|
||
|
10AE000
|
heap
|
page read and write
|
||
|
12FAF000
|
trusted library allocation
|
page read and write
|
||
|
341F000
|
stack
|
page read and write
|
||
|
1363B000
|
trusted library allocation
|
page read and write
|
||
|
1051000
|
heap
|
page read and write
|
||
|
1BE3E000
|
stack
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
1B2AD000
|
stack
|
page read and write
|
||
|
12D2D000
|
trusted library allocation
|
page read and write
|
||
|
F36000
|
stack
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B31D000
|
stack
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
13501000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B961000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
12F0B000
|
trusted library allocation
|
page read and write
|
||
|
13600000
|
trusted library allocation
|
page read and write
|
||
|
1C222000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
A2D000
|
heap
|
page read and write
|
||
|
7FFD9B7DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B10000
|
heap
|
page execute and read and write
|
||
|
10F7000
|
heap
|
page read and write
|
||
|
7FFD9B7A4000
|
trusted library allocation
|
page read and write
|
||
|
12FA7000
|
trusted library allocation
|
page read and write
|
||
|
1B8AE000
|
stack
|
page read and write
|
||
|
12A77000
|
trusted library allocation
|
page read and write
|
||
|
12EBE000
|
trusted library allocation
|
page read and write
|
||
|
129A6000
|
trusted library allocation
|
page read and write
|
||
|
135ED000
|
trusted library allocation
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
135F5000
|
trusted library allocation
|
page read and write
|
||
|
13685000
|
trusted library allocation
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
1BBD5000
|
stack
|
page read and write
|
||
|
135D7000
|
trusted library allocation
|
page read and write
|
||
|
12A22000
|
trusted library allocation
|
page read and write
|
||
|
A46000
|
heap
|
page read and write
|
||
|
12F9B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
1640000
|
trusted library allocation
|
page read and write
|
||
|
128A3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
10F4000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
13609000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8AF000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B70000
|
trusted library section
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
|
31BA000
|
trusted library allocation
|
page read and write
|
||
|
13681000
|
trusted library allocation
|
page read and write
|
||
|
300000
|
unkown
|
page readonly
|
||
|
1C252000
|
heap
|
page read and write
|
||
|
7FFD9B79C000
|
trusted library allocation
|
page read and write
|
||
|
12F39000
|
trusted library allocation
|
page read and write
|
||
|
1C11C000
|
heap
|
page read and write
|
||
|
7FFD9B943000
|
trusted library allocation
|
page read and write
|
||
|
1D0FE000
|
stack
|
page read and write
|
||
|
12DE1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A4000
|
trusted library allocation
|
page read and write
|
||
|
12FDD000
|
trusted library allocation
|
page read and write
|
||
|
1C920000
|
heap
|
page execute and read and write
|
||
|
12EA8000
|
trusted library allocation
|
page read and write
|
||
|
170F000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page execute and read and write
|
||
|
1B0A5000
|
heap
|
page read and write
|
||
|
13699000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
EEB000
|
heap
|
page read and write
|
||
|
EC2000
|
heap
|
page read and write
|
||
|
1C28C000
|
heap
|
page read and write
|
||
|
7FFD9B8B1000
|
trusted library allocation
|
page execute and read and write
|
||
|
12D28000
|
trusted library allocation
|
page read and write
|
||
|
12FC5000
|
trusted library allocation
|
page read and write
|
||
|
13627000
|
trusted library allocation
|
page read and write
|
||
|
12F2F000
|
trusted library allocation
|
page read and write
|
||
|
12FA9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
12F98000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
1299E000
|
trusted library allocation
|
page read and write
|
||
|
2C00000
|
trusted library section
|
page read and write
|
||
|
1BDE2000
|
heap
|
page read and write
|
||
|
CFF000
|
stack
|
page read and write
|
||
|
12F14000
|
trusted library allocation
|
page read and write
|
||
|
2DDE000
|
stack
|
page read and write
|
There are 644 hidden memdumps, click here to show them.