Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
0039284903284902840932890840928091#U00aaharder.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files\Statistical Flexibility\ConfigSecurityPolicy.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\DefenderCSP.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\Drivers\WdBoot.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\Drivers\WdDevFlt.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\Drivers\WdFilter.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\Drivers\WdNisDrv.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MpAsDesc.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MpClient.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MpCmdRun.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MpCommu.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MpCopyAccelerator.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MpDefenderCoreService.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MpDefenderCoreService.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MpDetours.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MpDetoursCopyAccelerator.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MpDlpCmd.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MpDlpService.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MpEvMsg.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MpOAV.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MpSenseComm.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MpUpdate.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MpUxAgent.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MsMpEng.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\MsMpLics.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\ProtectionManagement.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\dllhost2.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\en-EN\MpClient.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\en-EN\MpDlpCmd.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\mpextms.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\pt-BR\MpAsDesc.dll.mui
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\pt-BR\MpClient.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\pt-BR\MpDlpCmd2.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\pt-BR\MpEvMsg.dll.mui
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\pt-BR\ProtectionManagement.dll.mui
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Statistical Flexibility\pt-BR\mpuxagent.dll.mui
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\Treatments?Secure.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\Update.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\AMMonitoringProvider.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\ImagingEngine.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\MpDetoursCopyAccelerator.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\MpOAV.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\PhotoAcq.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\PhotoBase.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\PhotoViewer.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\SmartCardSimulator.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\SmartcardCredentialProvider.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\VaultRoaming.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\aeevts.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\aeinv.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\aelupsvc.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\aepdu.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\shellext.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\slpts.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\vcruntime140.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\vcruntime140_1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\vcruntime140_1d.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\vcruntime140d.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\verifier.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\version.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Main.txt
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Catalogs\IGD.CAT
|
data
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Microsoft-Antimalware-AMFilter.man
|
XML 1.0 document, ASCII text, with very long lines (402), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Microsoft-Antimalware-NIS.man
|
XML 1.0 document, ASCII text, with very long lines (310), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Microsoft-Antimalware-Protection.man
|
XML 1.0 document, ASCII text, with very long lines (335), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Microsoft-Antimalware-RTP.man
|
XML 1.0 document, ASCII text, with very long lines (308), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Microsoft-Antimalware-Service.man
|
XML 1.0 document, ASCII text, with very long lines (320), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Microsoft-Windows-Windows Defender.man
|
XML 1.0 document, ASCII text, with very long lines (374), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Powershell\Defender.psd1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Powershell\DefenderPerformance.psd1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpComputerStatus.cdxml
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpPerformanceRecording.psm1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpPerformanceRecording.wprp
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpPerformanceReport.Format.ps1xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpPreference.cdxml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpRollback.cdxml
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpScan.cdxml
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpSignature.cdxml
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpThreat.cdxml
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpThreatCatalog.cdxml
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpThreatDetection.cdxml
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpWDOScan.cdxml
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\ProtectionManagement.mof
|
C source, Unicode text, UTF-16, little-endian text, with very long lines (6567), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\ProtectionManagement_Uninstall.mof
|
C source, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\ThirdPartyNotices.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\com.microsoft.defender.be.chrome.json
|
JSON data
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\com.microsoft.defender.be.firefox.json
|
JSON data
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\pack01.zip
|
data
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\part1.zip
|
data
|
dropped
|
||
|
C:\Program Files\Statistical Flexibility\part1.zip.bin
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x59023cbf, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Treatments?Secure.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Update.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\SquirrelTemp\RELEASES
|
Unicode text, UTF-8 (with BOM) text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.log
|
Unicode text, UTF-8 (with BOM) text, with very long lines (382), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\SquirrelTemp\TreatmentsSecure-1.0.0-full.nupkg
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\.squirrel-lock-7AF78CD06F3A0347B97EC49DA9489AB48CA7E52D
|
ISO-8859 text, with CR line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Readme.txt
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\part1.cab
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\slwga.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\TreatmentsSecure\packages\RELEASES
|
Unicode text, UTF-8 (with BOM) text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\TreatmentsSecure\packages\SquirrelTemp\tempa
|
Unicode text, UTF-8 (with BOM) text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\TreatmentsSecure\packages\TreatmentsSecure-1.0.0-full.nupkg
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TreatmentsSecure\CoffeeContact.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Icon number=0, Archive, ctime=Fri Aug 30 09:31:04 2024, mtime=Fri Aug 30 09:31:04 2024, atime=Fri Aug 30 09:31:04
2024, length=195072, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\CoffeeContact.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Icon number=0, Archive, ctime=Fri Aug 30 09:31:04 2024, mtime=Fri Aug 30 09:31:05 2024, atime=Fri Aug 30 09:31:04
2024, length=195072, window=hide
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 100 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
|
"C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe
|
"C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe" --squirrel-firstrun
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C cd "C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0" & start Treatments?Secure.exe
|
|
|
|
C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe
|
Treatments?Secure.exe
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C sc create MainSVCLine binPath= "C:\Program Files\Statistical Flexibility\MpDefenderCoreService.exe"
start= auto & shutdown -r -t 0 -f
|
|
|
|
C:\Windows\System32\shutdown.exe
|
shutdown -r -t 0 -f
|
|
|
|
C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe
|
"C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe"
|
||
|
C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe
|
"C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe" --rerunningWithoutUAC
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\sc.exe
|
sc create MainSVCLine binPath= "C:\Program Files\Statistical Flexibility\MpDefenderCoreService.exe" start= auto
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://defaultcontainer/lib/net48/verifier.dll
|
unknown
|
||
|
https://github.com/myuser/myrepo
|
unknown
|
||
|
http://defaultcontainer/tempfiles/sample.bsdiff
|
unknown
|
||
|
http://defaultcontainer/lib/net48/AMMonitoringProvider.dll
|
unknown
|
||
|
http://defaultcontainer/lib/net48/Treatments?Secure.exe
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://defaultcontainer/lib/net48/MpOAV.dll
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://defaultcontainer/lib/net48/aelupsvc.dllz
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://defaultcontainer/lib/net48/MpDetoursCopyAccelerator.dll
|
unknown
|
||
|
http://defaultcontainer/package/services/metadata/core-properties/1fd1c4030bbc455c86f64fbcf96402fa.p
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://defaultcontainer/lib/net48/ImagingEngine.dll
|
unknown
|
||
|
http://defaultcontainer/TreatmentsSecure.nuspecz
|
unknown
|
||
|
http://defaultcontainer/tempfiles/sample.nuspec
|
unknown
|
||
|
http://defaultcontainer/lib/net48/PhotoBase.dll
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
http://defaultcontainer/lib/net48/SmartcardCredentialProvider.dll
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://defaultcontainer/lib/net48/PhotoAcq.dll
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://defaultcontainer/tempfiles/sample.exe
|
unknown
|
||
|
http://canonicalizer.ucsuri.tcs/68007400740070003a002f002f00httpsftp://map/set
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod.C:
|
unknown
|
||
|
http://defaultcontainer/lib/net48/aeevts.dll
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2
|
unknown
|
||
|
http://defaultcontainer/lib/net48/slpts.dll
|
unknown
|
||
|
http://defaultcontainer/tempfiles/sample.txt
|
unknown
|
||
|
http://defaultcontainer/tempfiles/sample.dll
|
unknown
|
||
|
http://defaultcontainer/tempfiles/sample.rels
|
unknown
|
||
|
http://www.validationtest.contoso.com/test%ld.htmlMpOAV_ForceDeepScan
|
unknown
|
||
|
http://defaultcontainer/lib/net48/aelupsvc.dll
|
unknown
|
||
|
http://defaultcontainer/tempfiles/sample.shasum
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://defaultcontainer/lib/net48/vcruntime140_1.dll
|
unknown
|
||
|
http://defaultcontainer/lib/net48/aeinv.dll
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.openxmlformats.or
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
||
|
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
|
unknown
|
||
|
http://defaultcontainer/lib/net48/Treatments?Secure_ExecutionStub.exe
|
unknown
|
||
|
http://defaultcontainer/lib/net48/version.dll
|
unknown
|
||
|
http://defaultcontainer/TreatmentsSecure.nuspec
|
unknown
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://defaultcontainer/lib/net48/vcruntime140.dll
|
unknown
|
||
|
http://defaultcontainer/tempfiles/sample.cab
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
|
unknown
|
||
|
http://defaultcontainer/tempfiles/sample.diff
|
unknown
|
||
|
http://defaultcontainer/lib/net48/Treatments?Secure.exez
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://api.github.com/#
|
unknown
|
||
|
http://defaultcontainer/lib/net48/vcruntime140_1d.dll
|
unknown
|
||
|
http://defaultcontainer/lib/net48/slpts.dllz
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://tempuri.org/schoolDataSet.xsd
|
unknown
|
||
|
http://defaultcontainer/lib/net48/Readme.txt
|
unknown
|
||
|
http://defaultcontainer/lib/net48/PhotoViewer.dll
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://defaultcontainer/_rels/.rels
|
unknown
|
||
|
http://defaultcontainer/lib/net48/vcruntime140d.dll
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
|
unknown
|
||
|
http://defaultcontainer/lib/net48/slwga.dll
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://defaultcontainer/lib/net48/SmartCardSimulator.dll
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://defaultcontainer/lib/net48/aepdu.dll
|
unknown
|
||
|
http://defaultcontainer/lib/net48/VaultRoaming.dll
|
unknown
|
||
|
http://defaultcontainer/tempfiles/sample.psmdcp
|
unknown
|
||
|
http://defaultcontainer/lib/net48/part1.cab
|
unknown
|
||
|
http://defaultcontainer/lib/net48/shellext.dll
|
unknown
|
There are 75 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TreatmentsSecure
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TreatmentsSecure
|
DisplayVersion
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TreatmentsSecure
|
InstallDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TreatmentsSecure
|
InstallLocation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TreatmentsSecure
|
Publisher
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TreatmentsSecure
|
QuietUninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TreatmentsSecure
|
UninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TreatmentsSecure
|
URLUpdateInfo
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TreatmentsSecure
|
EstimatedSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TreatmentsSecure
|
NoModify
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TreatmentsSecure
|
NoRepair
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TreatmentsSecure
|
Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
|
Left
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
|
Top
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1B3F8000
|
heap
|
page read and write
|
||
|
2AAD000
|
trusted library allocation
|
page read and write
|
||
|
1DFCE063000
|
heap
|
page read and write
|
||
|
24FBBB40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DFCE0C2000
|
heap
|
page read and write
|
||
|
1BBDB000
|
heap
|
page read and write
|
||
|
24FA1E70000
|
heap
|
page read and write
|
||
|
2CBA92F9000
|
heap
|
page read and write
|
||
|
1DFCE0CF000
|
heap
|
page read and write
|
||
|
18A000
|
unkown
|
page write copy
|
||
|
2CB8D250000
|
trusted library allocation
|
page read and write
|
||
|
12648000
|
trusted library allocation
|
page read and write
|
||
|
1DFCE2C2000
|
trusted library allocation
|
page read and write
|
||
|
2CB8CA79000
|
unkown
|
page readonly
|
||
|
24FA1FB6000
|
heap
|
page read and write
|
||
|
1DFCE0F4000
|
heap
|
page read and write
|
||
|
18A000
|
unkown
|
page read and write
|
||
|
18C000
|
unkown
|
page readonly
|
||
|
2CB8D1A0000
|
trusted library allocation
|
page read and write
|
||
|
351F000
|
stack
|
page read and write
|
||
|
24FA4072000
|
trusted library allocation
|
page read and write
|
||
|
77B48FE000
|
unkown
|
page readonly
|
||
|
1DFCE0E2000
|
heap
|
page read and write
|
||
|
1DFCDF50000
|
trusted library allocation
|
page read and write
|
||
|
2776000
|
trusted library allocation
|
page read and write
|
||
|
1C17F6C000
|
stack
|
page read and write
|
||
|
5D8F16C000
|
stack
|
page read and write
|
||
|
B8C000
|
unkown
|
page readonly
|
||
|
7FFD9BAB2000
|
trusted library allocation
|
page read and write
|
||
|
BB72E7E000
|
stack
|
page read and write
|
||
|
7FFD9B82C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B774000
|
trusted library allocation
|
page read and write
|
||
|
2CB8CF40000
|
heap
|
page read and write
|
||
|
2CB8CA95000
|
unkown
|
page readonly
|
||
|
2033CCD0000
|
heap
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DFCE310000
|
trusted library allocation
|
page read and write
|
||
|
2CB8CF60000
|
heap
|
page read and write
|
||
|
17F000
|
unkown
|
page readonly
|
||
|
24FA20E0000
|
trusted library allocation
|
page read and write
|
||
|
24FA3CB5000
|
trusted library allocation
|
page read and write
|
||
|
1DFC8A71000
|
heap
|
page read and write
|
||
|
1BC63000
|
heap
|
page read and write
|
||
|
7FFD9B98A000
|
trusted library allocation
|
page read and write
|
||
|
ACF000
|
trusted library allocation
|
page read and write
|
||
|
1BD93000
|
heap
|
page read and write
|
||
|
1B472000
|
heap
|
page read and write
|
||
|
17F000
|
unkown
|
page readonly
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
2656000
|
trusted library allocation
|
page read and write
|
||
|
1B425000
|
heap
|
page read and write
|
||
|
2CB8CFC0000
|
heap
|
page read and write
|
||
|
1881000
|
heap
|
page read and write
|
||
|
1DFC8A41000
|
heap
|
page read and write
|
||
|
1C41E000
|
stack
|
page read and write
|
||
|
2CBA92F1000
|
heap
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
170E000
|
heap
|
page read and write
|
||
|
24FA3C32000
|
trusted library allocation
|
page read and write
|
||
|
24FA39F0000
|
trusted library allocation
|
page read and write
|
||
|
1DFCDFE1000
|
trusted library allocation
|
page read and write
|
||
|
24FA3B11000
|
trusted library allocation
|
page read and write
|
||
|
28BBABC0000
|
heap
|
page read and write
|
||
|
1DFC8A94000
|
heap
|
page read and write
|
||
|
1DFC8B29000
|
heap
|
page read and write
|
||
|
2CBA74A3000
|
heap
|
page execute and read and write
|
||
|
1DFCE2F1000
|
trusted library allocation
|
page read and write
|
||
|
24FA3D48000
|
trusted library allocation
|
page read and write
|
||
|
1DFCE023000
|
heap
|
page read and write
|
||
|
1DFC8B02000
|
heap
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
24FA4133000
|
trusted library allocation
|
page read and write
|
||
|
B8C000
|
unkown
|
page readonly
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
2CBA7680000
|
heap
|
page read and write
|
||
|
BB72CFE000
|
unkown
|
page readonly
|
||
|
BB72BFE000
|
unkown
|
page readonly
|
||
|
24FA1FB0000
|
heap
|
page read and write
|
||
|
24FA1FBC000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
28DB000
|
trusted library allocation
|
page read and write
|
||
|
29A0000
|
trusted library allocation
|
page read and write
|
||
|
24FA1F70000
|
heap
|
page read and write
|
||
|
161000
|
unkown
|
page execute read
|
||
|
BB72EFE000
|
unkown
|
page readonly
|
||
|
160000
|
unkown
|
page readonly
|
||
|
2CBA74A0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DFC9302000
|
heap
|
page read and write
|
||
|
AF5000
|
heap
|
page read and write
|
||
|
170A000
|
heap
|
page read and write
|
||
|
2CBA8790000
|
trusted library allocation
|
page read and write
|
||
|
28BBAD25000
|
heap
|
page read and write
|
||
|
1DFC9B90000
|
trusted library section
|
page readonly
|
||
|
2BCB000
|
trusted library allocation
|
page read and write
|
||
|
542000
|
stack
|
page read and write
|
||
|
1DFCE094000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page execute and read and write
|
||
|
29AE000
|
trusted library allocation
|
page read and write
|
||
|
2CB8CFB0000
|
trusted library allocation
|
page read and write
|
||
|
935000
|
heap
|
page read and write
|
||
|
7FFD9B7BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
24FA2062000
|
heap
|
page read and write
|
||
|
1365D680000
|
heap
|
page read and write
|
||
|
2CB8D210000
|
heap
|
page read and write
|
||
|
2033CDA8000
|
heap
|
page read and write
|
||
|
1B7D5000
|
stack
|
page read and write
|
||
|
7FFD9B93D000
|
trusted library allocation
|
page read and write
|
||
|
1365DA80000
|
heap
|
page read and write
|
||
|
24FA3BDB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B969000
|
trusted library allocation
|
page read and write
|
||
|
1365D70A000
|
heap
|
page read and write
|
||
|
BB723FB000
|
stack
|
page read and write
|
||
|
24FA39F3000
|
trusted library allocation
|
page read and write
|
||
|
2CBA87B2000
|
trusted library allocation
|
page read and write
|
||
|
24FA3C9F000
|
trusted library allocation
|
page read and write
|
||
|
1DFC8A67000
|
heap
|
page read and write
|
||
|
1A5E000
|
stack
|
page read and write
|
||
|
BB725FB000
|
stack
|
page read and write
|
||
|
1DFC9180000
|
trusted library allocation
|
page read and write
|
||
|
2CB8CFCC000
|
heap
|
page read and write
|
||
|
24FBD812000
|
heap
|
page read and write
|
||
|
1BC3B000
|
heap
|
page read and write
|
||
|
7FFD9B772000
|
trusted library allocation
|
page read and write
|
||
|
24FBC2C0000
|
heap
|
page execute and read and write
|
||
|
2CB8D26A000
|
heap
|
page read and write
|
||
|
2CB8CC14000
|
unkown
|
page readonly
|
||
|
7FFD9B7DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F000
|
unkown
|
page readonly
|
||
|
18A000
|
unkown
|
page read and write
|
||
|
2CBA76D1000
|
heap
|
page read and write
|
||
|
1B020000
|
heap
|
page execute and read and write
|
||
|
2CB8CFC6000
|
heap
|
page read and write
|
||
|
B15000
|
heap
|
page read and write
|
||
|
7FFD9B876000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DFCF000000
|
heap
|
page read and write
|
||
|
2033CCB0000
|
heap
|
page read and write
|
||
|
2CBA92B4000
|
heap
|
page read and write
|
||
|
1DFC8C10000
|
heap
|
page read and write
|
||
|
24FBD810000
|
heap
|
page read and write
|
||
|
334F000
|
stack
|
page read and write
|
||
|
1C020000
|
heap
|
page read and write
|
||
|
88C000
|
heap
|
page read and write
|
||
|
24FA2100000
|
trusted library allocation
|
page read and write
|
||
|
2033CD20000
|
heap
|
page read and write
|
||
|
295C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B946000
|
trusted library allocation
|
page read and write
|
||
|
28D8000
|
trusted library allocation
|
page read and write
|
||
|
BB737FE000
|
unkown
|
page readonly
|
||
|
2A8A000
|
trusted library allocation
|
page read and write
|
||
|
2CBA7686000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
1DFC8A6F000
|
heap
|
page read and write
|
||
|
1DFC9AA0000
|
trusted library allocation
|
page read and write
|
||
|
24FBC370000
|
heap
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page read and write
|
||
|
2CB8D02D000
|
heap
|
page read and write
|
||
|
1A5E000
|
stack
|
page read and write
|
||
|
1DFCDFE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page execute and read and write
|
||
|
12641000
|
trusted library allocation
|
page read and write
|
||
|
160000
|
unkown
|
page readonly
|
||
|
16F7000
|
stack
|
page read and write
|
||
|
1BC26000
|
heap
|
page read and write
|
||
|
2613A5A0000
|
heap
|
page read and write
|
||
|
FDCEDFE000
|
stack
|
page read and write
|
||
|
1365D670000
|
heap
|
page read and write
|
||
|
24FA3C7E000
|
trusted library allocation
|
page read and write
|
||
|
24FBC363000
|
heap
|
page read and write
|
||
|
2CB9ECA1000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
7FFD9B7EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
24FA2126000
|
heap
|
page read and write
|
||
|
1DFCE2A3000
|
trusted library allocation
|
page read and write
|
||
|
77B40FE000
|
unkown
|
page readonly
|
||
|
1DFCE051000
|
heap
|
page read and write
|
||
|
24FA223A000
|
heap
|
page read and write
|
||
|
FDCE5FF000
|
stack
|
page read and write
|
||
|
2CBA76EE000
|
heap
|
page read and write
|
||
|
1C4E000
|
stack
|
page read and write
|
||
|
7FFD9B826000
|
trusted library allocation
|
page read and write
|
||
|
1DFCE24D000
|
trusted library allocation
|
page read and write
|
||
|
2971000
|
trusted library allocation
|
page read and write
|
||
|
28BBAB60000
|
heap
|
page read and write
|
||
|
363F000
|
stack
|
page read and write
|
||
|
161000
|
unkown
|
page execute read
|
||
|
2CBA7690000
|
heap
|
page read and write
|
||
|
2B1F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7B4000
|
trusted library allocation
|
page read and write
|
||
|
161000
|
unkown
|
page execute read
|
||
|
1B39E000
|
stack
|
page read and write
|
||
|
BB722FE000
|
unkown
|
page readonly
|
||
|
B10000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
FDCFDFF000
|
stack
|
page read and write
|
||
|
17F000
|
unkown
|
page readonly
|
||
|
2CB8D2B5000
|
heap
|
page read and write
|
||
|
1DFCE044000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
77B41FE000
|
stack
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BABE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
191E000
|
stack
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
1DFCE2FF000
|
trusted library allocation
|
page read and write
|
||
|
188F000
|
heap
|
page read and write
|
||
|
24FBF070000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79B000
|
trusted library allocation
|
page execute and read and write
|
||
|
947000
|
heap
|
page read and write
|
||
|
25BF000
|
stack
|
page read and write
|
||
|
24FA3D39000
|
trusted library allocation
|
page read and write
|
||
|
2CB8D02B000
|
heap
|
page read and write
|
||
|
18C000
|
unkown
|
page readonly
|
||
|
FDD11FE000
|
stack
|
page read and write
|
||
|
272E000
|
trusted library allocation
|
page read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CB8CFE2000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BBA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1896000
|
heap
|
page read and write
|
||
|
247349E0000
|
heap
|
page read and write
|
||
|
28BBA98C000
|
heap
|
page read and write
|
||
|
1DFC8AA5000
|
heap
|
page read and write
|
||
|
24FA3C3D000
|
trusted library allocation
|
page read and write
|
||
|
1BCDF000
|
heap
|
page read and write
|
||
|
373F000
|
stack
|
page read and write
|
||
|
2976000
|
trusted library allocation
|
page read and write
|
||
|
2CBA9290000
|
heap
|
page read and write
|
||
|
830000
|
trusted library allocation
|
page read and write
|
||
|
2613A642000
|
heap
|
page read and write
|
||
|
BB7377E000
|
stack
|
page read and write
|
||
|
2BBC000
|
trusted library allocation
|
page read and write
|
||
|
1DFC9F21000
|
trusted library allocation
|
page read and write
|
||
|
1365D723000
|
heap
|
page read and write
|
||
|
24FA3D10000
|
trusted library allocation
|
page read and write
|
||
|
2B89000
|
trusted library allocation
|
page read and write
|
||
|
2CBA9320000
|
heap
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page read and write
|
||
|
1896000
|
heap
|
page read and write
|
||
|
24FBC394000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A70000
|
heap
|
page execute and read and write
|
||
|
27F3000
|
trusted library allocation
|
page read and write
|
||
|
24FA4175000
|
trusted library allocation
|
page read and write
|
||
|
2768000
|
trusted library allocation
|
page read and write
|
||
|
161000
|
unkown
|
page execute read
|
||
|
24FA1F50000
|
heap
|
page read and write
|
||
|
1DFC8A6C000
|
heap
|
page read and write
|
||
|
1DFCE307000
|
trusted library allocation
|
page read and write
|
||
|
24FA3D5E000
|
trusted library allocation
|
page read and write
|
||
|
1DFCE20E000
|
trusted library allocation
|
page read and write
|
||
|
1BCE000
|
stack
|
page read and write
|
||
|
2B24000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
2CBA7400000
|
heap
|
page read and write
|
||
|
1DFC8AAF000
|
heap
|
page read and write
|
||
|
BB72A7E000
|
stack
|
page read and write
|
||
|
2CB8D0BD000
|
heap
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
1C150000
|
heap
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
16FA000
|
stack
|
page read and write
|
||
|
C1E000
|
stack
|
page read and write
|
||
|
BB721F9000
|
stack
|
page read and write
|
||
|
1BCFF000
|
heap
|
page read and write
|
||
|
BB72B7E000
|
stack
|
page read and write
|
||
|
1DFCE26F000
|
trusted library allocation
|
page read and write
|
||
|
1DFC8A2B000
|
heap
|
page read and write
|
||
|
24FBC2F0000
|
heap
|
page read and write
|
||
|
230000
|
unkown
|
page readonly
|
||
|
FDCF5FD000
|
stack
|
page read and write
|
||
|
1DFCE2A0000
|
trusted library allocation
|
page read and write
|
||
|
BB72F7E000
|
stack
|
page read and write
|
||
|
2CBA8D30000
|
heap
|
page read and write
|
||
|
18D0000
|
heap
|
page read and write
|
||
|
7FFD9BA92000
|
trusted library allocation
|
page read and write
|
||
|
8DF000
|
heap
|
page read and write
|
||
|
24FBC700000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
1BCFB000
|
heap
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DFC9BD0000
|
trusted library section
|
page readonly
|
||
|
1B6D5000
|
stack
|
page read and write
|
||
|
1DFCE056000
|
heap
|
page read and write
|
||
|
2CB8D260000
|
heap
|
page read and write
|
||
|
2CB8CF20000
|
heap
|
page read and write
|
||
|
1DFCE2FC000
|
trusted library allocation
|
page read and write
|
||
|
1DFCE28E000
|
trusted library allocation
|
page read and write
|
||
|
1BC28000
|
heap
|
page read and write
|
||
|
1B150000
|
heap
|
page read and write
|
||
|
2CB8EDB4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
2AD7000
|
trusted library allocation
|
page read and write
|
||
|
2033CD25000
|
heap
|
page read and write
|
||
|
1DFCE2F4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
28BBAB40000
|
heap
|
page read and write
|
||
|
24FBC330000
|
trusted library allocation
|
page read and write
|
||
|
160000
|
unkown
|
page readonly
|
||
|
24FA3A40000
|
heap
|
page read and write
|
||
|
1DFC8B13000
|
heap
|
page read and write
|
||
|
24FA4012000
|
trusted library allocation
|
page read and write
|
||
|
1BC14000
|
heap
|
page read and write
|
||
|
1A670000
|
trusted library allocation
|
page read and write
|
||
|
1365D6A0000
|
heap
|
page read and write
|
||
|
DD9327D000
|
stack
|
page read and write
|
||
|
876000
|
heap
|
page read and write
|
||
|
1DFCE030000
|
heap
|
page read and write
|
||
|
ED4D7FE000
|
stack
|
page read and write
|
||
|
7FFD9B95C000
|
trusted library allocation
|
page read and write
|
||
|
2CB8D002000
|
heap
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CB9ECB0000
|
trusted library allocation
|
page read and write
|
||
|
24FBC380000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
ED4D3FF000
|
stack
|
page read and write
|
||
|
7FFD9B991000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
2CB8EDEC000
|
trusted library allocation
|
page read and write
|
||
|
2613A622000
|
heap
|
page read and write
|
||
|
1C182FF000
|
unkown
|
page read and write
|
||
|
1365D8D0000
|
heap
|
page read and write
|
||
|
7FFD9B912000
|
trusted library allocation
|
page read and write
|
||
|
BB728FE000
|
unkown
|
page readonly
|
||
|
2613A602000
|
heap
|
page read and write
|
||
|
1BBCB000
|
stack
|
page read and write
|
||
|
1ABCB000
|
stack
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
24FA3C5E000
|
trusted library allocation
|
page read and write
|
||
|
2A63000
|
trusted library allocation
|
page read and write
|
||
|
7FF4C1250000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DFCE256000
|
trusted library allocation
|
page read and write
|
||
|
136B000
|
stack
|
page read and write
|
||
|
2CB8D2B0000
|
heap
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
1DFCDF40000
|
trusted library allocation
|
page read and write
|
||
|
24FA3C1C000
|
trusted library allocation
|
page read and write
|
||
|
24FA41A5000
|
trusted library allocation
|
page read and write
|
||
|
2998000
|
trusted library allocation
|
page read and write
|
||
|
2641000
|
trusted library allocation
|
page read and write
|
||
|
2A3D000
|
trusted library allocation
|
page read and write
|
||
|
1B35B000
|
stack
|
page read and write
|
||
|
FDD01FE000
|
stack
|
page read and write
|
||
|
2902000
|
trusted library allocation
|
page read and write
|
||
|
2A16000
|
trusted library allocation
|
page read and write
|
||
|
2CB8CFEA000
|
heap
|
page read and write
|
||
|
24FBC2C3000
|
heap
|
page execute and read and write
|
||
|
88F000
|
heap
|
page read and write
|
||
|
2757000
|
trusted library allocation
|
page read and write
|
||
|
2CBAADF0000
|
trusted library allocation
|
page read and write
|
||
|
2929000
|
trusted library allocation
|
page read and write
|
||
|
1DFC9F40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
24FA3C74000
|
trusted library allocation
|
page read and write
|
||
|
BB72C7E000
|
stack
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
1A1E000
|
stack
|
page read and write
|
||
|
1DFCE0F0000
|
heap
|
page read and write
|
||
|
ED4CBFD000
|
stack
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D8F1EF000
|
stack
|
page read and write
|
||
|
2CBA76E8000
|
heap
|
page read and write
|
||
|
24FA2245000
|
heap
|
page read and write
|
||
|
BB71EFE000
|
unkown
|
page readonly
|
||
|
1DFCE200000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CB8D000000
|
heap
|
page read and write
|
||
|
1B594000
|
stack
|
page read and write
|
||
|
2913000
|
trusted library allocation
|
page read and write
|
||
|
1DFCE0EB000
|
heap
|
page read and write
|
||
|
1DFCE2E5000
|
trusted library allocation
|
page read and write
|
||
|
1DFCDFE0000
|
trusted library allocation
|
page read and write
|
||
|
24FA201F000
|
heap
|
page read and write
|
||
|
E4528FF000
|
stack
|
page read and write
|
||
|
1DFCE200000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page execute and read and write
|
||
|
290A000
|
trusted library allocation
|
page read and write
|
||
|
2CB8D330000
|
heap
|
page read and write
|
||
|
1DFC8A13000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
7FFD9B7A4000
|
trusted library allocation
|
page read and write
|
||
|
1DFC8CF0000
|
heap
|
page read and write
|
||
|
1DFCE370000
|
remote allocation
|
page read and write
|
||
|
7FFD9B922000
|
trusted library allocation
|
page read and write
|
||
|
93A000
|
heap
|
page read and write
|
||
|
7FFD9B7AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
24FA3A74000
|
trusted library section
|
page readonly
|
||
|
1DFC9202000
|
heap
|
page read and write
|
||
|
29C4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B958000
|
trusted library allocation
|
page read and write
|
||
|
1B12E000
|
stack
|
page read and write
|
||
|
1DFCE2E8000
|
trusted library allocation
|
page read and write
|
||
|
BB72D7E000
|
stack
|
page read and write
|
||
|
1DFC9BB0000
|
trusted library section
|
page readonly
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
BB730FB000
|
stack
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
BB72DFE000
|
unkown
|
page readonly
|
||
|
24FBC520000
|
heap
|
page read and write
|
||
|
1DFCE0FC000
|
heap
|
page read and write
|
||
|
BB724FE000
|
unkown
|
page readonly
|
||
|
1365D700000
|
heap
|
page read and write
|
||
|
1DFCE300000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DFCE2B0000
|
trusted library allocation
|
page read and write
|
||
|
2B8B000
|
trusted library allocation
|
page read and write
|
||
|
24FA4154000
|
trusted library allocation
|
page read and write
|
||
|
2CB8CF10000
|
heap
|
page read and write
|
||
|
1C183FF000
|
stack
|
page read and write
|
||
|
1DFCE214000
|
trusted library allocation
|
page read and write
|
||
|
1DFC9B80000
|
trusted library section
|
page readonly
|
||
|
7FFD9B856000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
8B9000
|
heap
|
page read and write
|
||
|
BB729FE000
|
unkown
|
page readonly
|
||
|
1BBFA000
|
heap
|
page read and write
|
||
|
12661000
|
trusted library allocation
|
page read and write
|
||
|
28BBAB80000
|
heap
|
page read and write
|
||
|
1DFCE272000
|
trusted library allocation
|
page read and write
|
||
|
24FA4105000
|
trusted library allocation
|
page read and write
|
||
|
16FC000
|
stack
|
page read and write
|
||
|
E4526FB000
|
stack
|
page read and write
|
||
|
1DFCE10A000
|
heap
|
page read and write
|
||
|
28BBA98C000
|
heap
|
page read and write
|
||
|
2BCD000
|
trusted library allocation
|
page read and write
|
||
|
2CBA92A6000
|
heap
|
page read and write
|
||
|
1DFCDFB0000
|
trusted library allocation
|
page read and write
|
||
|
FDD05FD000
|
stack
|
page read and write
|
||
|
24FA2230000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
24734970000
|
heap
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
77B3C7C000
|
stack
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24FB3B11000
|
trusted library allocation
|
page read and write
|
||
|
1C0E000
|
stack
|
page read and write
|
||
|
1B408000
|
heap
|
page read and write
|
||
|
7FFD9BAA7000
|
trusted library allocation
|
page read and write
|
||
|
18C000
|
unkown
|
page readonly
|
||
|
7FFD9B850000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9C9000
|
heap
|
page read and write
|
||
|
29C0000
|
trusted library allocation
|
page read and write
|
||
|
ED4CFFE000
|
stack
|
page read and write
|
||
|
1DFCE218000
|
trusted library allocation
|
page read and write
|
||
|
FDCF1FD000
|
stack
|
page read and write
|
||
|
1DFCE264000
|
trusted library allocation
|
page read and write
|
||
|
1C70000
|
heap
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
24FA201C000
|
heap
|
page read and write
|
||
|
24FBC530000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
1DFC9215000
|
heap
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
2CB8D290000
|
heap
|
page read and write
|
||
|
1DFCE210000
|
trusted library allocation
|
page read and write
|
||
|
2CB8D1C3000
|
heap
|
page read and write
|
||
|
77B3FFD000
|
stack
|
page read and write
|
||
|
1B153000
|
heap
|
page read and write
|
||
|
1DFC8AFF000
|
heap
|
page read and write
|
||
|
1DFCDFC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A3000
|
trusted library allocation
|
page read and write
|
||
|
B8C000
|
unkown
|
page readonly
|
||
|
7FFD9B944000
|
trusted library allocation
|
page read and write
|
||
|
28BBA960000
|
heap
|
page read and write
|
||
|
B8C000
|
unkown
|
page readonly
|
||
|
1BC09000
|
heap
|
page read and write
|
||
|
1DFCE091000
|
heap
|
page read and write
|
||
|
2CBA92A1000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
77B42FE000
|
unkown
|
page readonly
|
||
|
2AD3000
|
trusted library allocation
|
page read and write
|
||
|
24FA2110000
|
heap
|
page read and write
|
||
|
1DFCE370000
|
remote allocation
|
page read and write
|
||
|
7FFD9BAC8000
|
trusted library allocation
|
page read and write
|
||
|
2CBA92BD000
|
heap
|
page read and write
|
||
|
93D000
|
heap
|
page read and write
|
||
|
24FBC2D0000
|
heap
|
page read and write
|
||
|
247349E8000
|
heap
|
page read and write
|
||
|
1DFCE2A0000
|
trusted library allocation
|
page read and write
|
||
|
2613A644000
|
heap
|
page read and write
|
||
|
7FFD9B952000
|
trusted library allocation
|
page read and write
|
||
|
1DFC9840000
|
trusted library allocation
|
page read and write
|
||
|
1365D739000
|
heap
|
page read and write
|
||
|
24FBC490000
|
heap
|
page execute and read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page read and write
|
||
|
1700000
|
heap
|
page read and write
|
||
|
2613A600000
|
heap
|
page read and write
|
||
|
24FA3C12000
|
trusted library allocation
|
page read and write
|
||
|
2950000
|
trusted library allocation
|
page read and write
|
||
|
28BBABB4000
|
heap
|
page read and write
|
||
|
24FA20AA000
|
heap
|
page read and write
|
||
|
2730000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
24FA1F90000
|
heap
|
page read and write
|
||
|
BB71A7B000
|
stack
|
page read and write
|
||
|
2630000
|
heap
|
page read and write
|
||
|
1BC70000
|
heap
|
page read and write
|
||
|
2CBA8B90000
|
heap
|
page read and write
|
||
|
ED4DBFD000
|
stack
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
AC0000
|
trusted library allocation
|
page read and write
|
||
|
1BCF8000
|
heap
|
page read and write
|
||
|
2613A62B000
|
heap
|
page read and write
|
||
|
2CB8CFED000
|
heap
|
page read and write
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CB8C992000
|
unkown
|
page readonly
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
2613AE02000
|
trusted library allocation
|
page read and write
|
||
|
2033CBD0000
|
heap
|
page read and write
|
||
|
2CB8ECA1000
|
trusted library allocation
|
page read and write
|
||
|
1DFC9BA0000
|
trusted library section
|
page readonly
|
||
|
2AB1000
|
trusted library allocation
|
page read and write
|
||
|
1860000
|
heap
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
1BCD9000
|
heap
|
page read and write
|
||
|
24FBC360000
|
heap
|
page read and write
|
||
|
1894000
|
heap
|
page read and write
|
||
|
1DFC9BC0000
|
trusted library section
|
page readonly
|
||
|
1B415000
|
heap
|
page read and write
|
||
|
24FA4088000
|
trusted library allocation
|
page read and write
|
||
|
2CB8D1C0000
|
heap
|
page read and write
|
||
|
BB720FE000
|
unkown
|
page readonly
|
||
|
232000
|
unkown
|
page readonly
|
||
|
5D8F47E000
|
stack
|
page read and write
|
||
|
24FA3B00000
|
heap
|
page execute and read and write
|
||
|
294B000
|
trusted library allocation
|
page read and write
|
||
|
1DFCDFD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
1DFC9190000
|
trusted library section
|
page read and write
|
||
|
1DFCE2A0000
|
trusted library allocation
|
page read and write
|
||
|
1DFCE2BA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DFC8ABD000
|
heap
|
page read and write
|
||
|
24FA1FD9000
|
heap
|
page read and write
|
||
|
7FFD9B84C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DFCE208000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
1B5DE000
|
stack
|
page read and write
|
||
|
1FB00000
|
heap
|
page read and write
|
||
|
2613A570000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page execute and read and write
|
||
|
1896000
|
heap
|
page read and write
|
||
|
1DFC9300000
|
heap
|
page read and write
|
||
|
1DFC8A5C000
|
heap
|
page read and write
|
||
|
2CB8C990000
|
unkown
|
page readonly
|
||
|
ED4B7F4000
|
stack
|
page read and write
|
||
|
2CB8D270000
|
heap
|
page read and write
|
||
|
24FA41A7000
|
trusted library allocation
|
page read and write
|
||
|
FDD0DFB000
|
stack
|
page read and write
|
||
|
402000
|
unkown
|
page readonly
|
||
|
BB726FE000
|
unkown
|
page readonly
|
||
|
24FA3BF1000
|
trusted library allocation
|
page read and write
|
||
|
136B000
|
stack
|
page read and write
|
||
|
24734950000
|
heap
|
page read and write
|
||
|
FDCE9FE000
|
stack
|
page read and write
|
||
|
24FBC706000
|
heap
|
page read and write
|
||
|
BB71DF7000
|
stack
|
page read and write
|
||
|
1DFCE200000
|
trusted library allocation
|
page read and write
|
||
|
1DFC8A00000
|
heap
|
page read and write
|
||
|
1BBD0000
|
heap
|
page read and write
|
||
|
1365DA85000
|
heap
|
page read and write
|
||
|
DD9337E000
|
stack
|
page read and write
|
||
|
FDCF9FF000
|
stack
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
B8C000
|
unkown
|
page readonly
|
||
|
1DFCE0E7000
|
heap
|
page read and write
|
||
|
24FA415F000
|
trusted library allocation
|
page read and write
|
||
|
188F000
|
heap
|
page read and write
|
||
|
1DFC931A000
|
heap
|
page read and write
|
||
|
1DFCE0FF000
|
heap
|
page read and write
|
||
|
7FFD9B988000
|
trusted library allocation
|
page read and write
|
||
|
24FA413E000
|
trusted library allocation
|
page read and write
|
||
|
1B25E000
|
stack
|
page read and write
|
||
|
24FA2240000
|
heap
|
page read and write
|
||
|
2CBA9296000
|
heap
|
page read and write
|
||
|
BB731FE000
|
unkown
|
page readonly
|
||
|
26BF000
|
trusted library allocation
|
page read and write
|
||
|
1B5F000
|
stack
|
page read and write
|
||
|
1DFC9200000
|
heap
|
page read and write
|
||
|
180E000
|
stack
|
page read and write
|
||
|
2CB8EC70000
|
heap
|
page execute and read and write
|
||
|
7FFD9B7AB000
|
trusted library allocation
|
page read and write
|
||
|
1DFCE31A000
|
trusted library allocation
|
page read and write
|
||
|
2033CDC4000
|
heap
|
page read and write
|
||
|
24FA4035000
|
trusted library allocation
|
page read and write
|
||
|
1C00E000
|
stack
|
page read and write
|
||
|
1DFC9501000
|
trusted library allocation
|
page read and write
|
||
|
28BBA97C000
|
heap
|
page read and write
|
||
|
2CB8EC90000
|
heap
|
page execute and read and write
|
||
|
BB7297E000
|
stack
|
page read and write
|
||
|
1820000
|
heap
|
page read and write
|
||
|
24FA2115000
|
heap
|
page read and write
|
||
|
24FBD83B000
|
heap
|
page read and write
|
||
|
2613A5D0000
|
trusted library allocation
|
page read and write
|
||
|
2CBA9294000
|
heap
|
page read and write
|
||
|
230000
|
unkown
|
page readonly
|
||
|
1B3A0000
|
heap
|
page read and write
|
||
|
1DFC8A9F000
|
heap
|
page read and write
|
||
|
1DFC9313000
|
heap
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page read and write
|
||
|
2706000
|
trusted library allocation
|
page read and write
|
||
|
1DFCE102000
|
heap
|
page read and write
|
||
|
1DFCE291000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
24FA411D000
|
trusted library allocation
|
page read and write
|
||
|
1265C000
|
trusted library allocation
|
page read and write
|
||
|
1893000
|
heap
|
page read and write
|
||
|
24FA201A000
|
heap
|
page read and write
|
||
|
ED4DFFE000
|
stack
|
page read and write
|
||
|
2CB8D240000
|
trusted library section
|
page readonly
|
||
|
24FA3BFB000
|
trusted library allocation
|
page read and write
|
||
|
5D8F4FF000
|
stack
|
page read and write
|
||
|
24734CA5000
|
heap
|
page read and write
|
||
|
7FFD9B962000
|
trusted library allocation
|
page read and write
|
||
|
1DFCE215000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
2B63000
|
trusted library allocation
|
page read and write
|
||
|
28BBA970000
|
heap
|
page read and write
|
||
|
1DFC931A000
|
heap
|
page read and write
|
||
|
24FA3A70000
|
trusted library section
|
page readonly
|
||
|
1BD6E000
|
heap
|
page read and write
|
||
|
2613A613000
|
heap
|
page read and write
|
||
|
ED4C7FD000
|
stack
|
page read and write
|
||
|
1BC4A000
|
heap
|
page read and write
|
||
|
BB72FFE000
|
unkown
|
page readonly
|
||
|
1BD9F000
|
heap
|
page read and write
|
||
|
1868000
|
heap
|
page read and write
|
||
|
1365D737000
|
heap
|
page read and write
|
||
|
18C000
|
unkown
|
page readonly
|
||
|
2CBA76A0000
|
heap
|
page read and write
|
||
|
BB72AFE000
|
unkown
|
page readonly
|
||
|
18A000
|
unkown
|
page write copy
|
||
|
B8C000
|
unkown
|
page readonly
|
||
|
E4527FF000
|
unkown
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
29EB000
|
trusted library allocation
|
page read and write
|
||
|
FDCE1F4000
|
stack
|
page read and write
|
||
|
77B47FE000
|
stack
|
page read and write
|
||
|
1DFC8A8D000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
18C000
|
unkown
|
page readonly
|
||
|
1BF0000
|
heap
|
page read and write
|
||
|
24FA3C53000
|
trusted library allocation
|
page read and write
|
||
|
DD9347E000
|
stack
|
page read and write
|
||
|
160000
|
unkown
|
page readonly
|
||
|
299C000
|
trusted library allocation
|
page read and write
|
||
|
1DFCE26C000
|
trusted library allocation
|
page read and write
|
||
|
1B41F000
|
heap
|
page read and write
|
||
|
2CB8EDAD000
|
trusted library allocation
|
page read and write
|
||
|
2CB8D335000
|
heap
|
page read and write
|
||
|
2033CDA0000
|
heap
|
page read and write
|
||
|
1B8DA000
|
stack
|
page read and write
|
||
|
1DFCDFD0000
|
trusted library allocation
|
page read and write
|
||
|
BB727FB000
|
stack
|
page read and write
|
||
|
1DFC89F0000
|
heap
|
page read and write
|
||
|
2659000
|
trusted library allocation
|
page read and write
|
||
|
2613A590000
|
heap
|
page read and write
|
||
|
1B412000
|
heap
|
page read and write
|
||
|
18C000
|
unkown
|
page readonly
|
||
|
1FC35000
|
heap
|
page read and write
|
||
|
1BBFF000
|
heap
|
page read and write
|
||
|
1887000
|
heap
|
page read and write
|
||
|
24734940000
|
heap
|
page read and write
|
||
|
24FA3C95000
|
trusted library allocation
|
page read and write
|
||
|
ED4C3FE000
|
stack
|
page read and write
|
||
|
2766000
|
trusted library allocation
|
page read and write
|
||
|
24FA1FF1000
|
heap
|
page read and write
|
||
|
2755000
|
trusted library allocation
|
page read and write
|
||
|
1C140000
|
heap
|
page read and write
|
||
|
29A4000
|
trusted library allocation
|
page read and write
|
||
|
1DFCE0E0000
|
heap
|
page read and write
|
||
|
BB71FFE000
|
stack
|
page read and write
|
||
|
1DFCE370000
|
remote allocation
|
page read and write
|
||
|
24FA3FEF000
|
trusted library allocation
|
page read and write
|
||
|
2CBA76B0000
|
heap
|
page read and write
|
||
|
2613A702000
|
heap
|
page read and write
|
||
|
7FFD9B939000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
1DFCE000000
|
heap
|
page read and write
|
||
|
1BD9B000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
28FE000
|
trusted library allocation
|
page read and write
|
||
|
28BBAD20000
|
heap
|
page read and write
|
||
|
24734CA0000
|
heap
|
page read and write
|
||
|
A20000
|
trusted library allocation
|
page read and write
|
||
|
1DFCE320000
|
trusted library allocation
|
page read and write
|
||
|
24FA1FEF000
|
heap
|
page read and write
|
||
|
2958000
|
trusted library allocation
|
page read and write
|
||
|
FDD09FE000
|
stack
|
page read and write
|
There are 698 hidden memdumps, click here to show them.