Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Edrax Smart Maker 9.28.47\Edrax Smart Maker 9.28.47.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\dll[1]
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\setup[1].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\soft[1]
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\Channel2[1].exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\CheckTool[1].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\stories[1].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\univ[1].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\is-5ANFC.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\is-75FQC.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\is-O04L0.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\libeay32.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\libssl-1_1.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\playglock32x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\ssleay32.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\uninstall\is-R79QI.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\uninstall\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\1u2wN0W4Z43Z310SAYDV85NF4w4\Bunifu_UI_v1.5.3.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\1u2wN0W4Z43Z310SAYDV85NF4w4\Y-Cleaner.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\7zS1DF8.tmp\Install.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\7zS2897.tmp\Install.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IZImiIFXXrvtVOHFozZW.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-8OGEE.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-8OGEE.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-8OGEE.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-QKCAE.tmp\hI6pMK6rYY2urO_lpGyU85DA.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\service123.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Documents\iofolko5\G__XJZ9ACVwRjgVn6BXId6E1.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Documents\iofolko5\Ifh3vuF2SF2LvHombSP7ZGRi.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Documents\iofolko5\Jrh6BLxH1aqS3cJle2sY_F2Q.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Documents\iofolko5\hI6pMK6rYY2urO_lpGyU85DA.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Documents\iofolko5\tyq3dazbB0crObgKIDGLxiAO.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tyq3dazbB0crObgK_14e4c4bdfbf874b512fc3170f3f83834d8ec981d_07c48f9b_14f03704-c0a9-40eb-964a-668825b036fb\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tyq3dazbB0crObgK_14e4c4bdfbf874b512fc3170f3f83834d8ec981d_07c48f9b_387c352d-719b-421b-b3c1-1bdb15d42acc\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tyq3dazbB0crObgK_14e4c4bdfbf874b512fc3170f3f83834d8ec981d_07c48f9b_734b19a0-9dc6-4428-8efd-3bfa4eb94daa\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tyq3dazbB0crObgK_14e4c4bdfbf874b512fc3170f3f83834d8ec981d_07c48f9b_90b25c10-298e-40be-9959-3b69a56e67fc\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tyq3dazbB0crObgK_14e4c4bdfbf874b512fc3170f3f83834d8ec981d_07c48f9b_e297006f-820d-4663-b3a1-ecbcf3c49020\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER10B9.tmp.txt
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER10E9.tmp.txt
|
data
|
modified
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3335.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Sep 28 22:53:36 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3818.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3904.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3911.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3970.tmp.txt
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C4D.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Sep 28 22:53:38 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D0A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D59.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D69.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3E54.tmp.txt
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER415E.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Sep 28 22:53:39 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER449B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER450A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER45A8.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4674.tmp.txt
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER497C.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Sep 28 22:53:41 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A97.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4AF5.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B48.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C81.tmp.txt
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER50FE.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Sep 28 22:53:43 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER51DA.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5248.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER525E.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER530B.tmp.txt
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER552F.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER558E.tmp.txt
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5744.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER583F.tmp.txt
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB8FE.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB95C.tmp.txt
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE1F4.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE2DF.tmp.txt
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE94.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFDD.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\ed928it47.dat
|
Non-ISO extended-ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\ed928rc47.dat
|
data
|
dropped
|
||
|
C:\ProgramData\ed928resa.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\ed928resb.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\download[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\key[1].htm
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\fuckingdllENCR[1].dll
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\name[1].htm
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\add[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\download[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Play Glock\Qt5OpenGL.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Play Glock\is-86R9G.tmp
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Play Glock\is-AQT5U.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Play Glock\is-IKU3H.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Play Glock\is-IVTOI.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Play Glock\msvcp71.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Play Glock\msvcr71.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Play Glock\uninstall\unins000.dat
|
InnoSetup Log Play Glock, version 0x30, 4401 bytes, 675052\user, "C:\Users\user\AppData\Local\Play Glock"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7zS1DF8.tmp\__data__\config.txt
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d5vv5z4j.t2x.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fro4flp3.50u.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_my22li2s.0uu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nvosx4kc.irw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-8OGEE.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\Desktop\Cleaner.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon
number=0, Archive, ctime=Sat Sep 28 21:54:19 2024, mtime=Sat Sep 28 21:54:19 2024, atime=Sat Sep 28 21:54:19 2024, length=1502720,
window=hide
|
dropped
|
||
|
C:\Users\user\Documents\iofolko5\PXmC5_sqNQv8jWyecSd7ycvv.exe
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\Documents\iofolko5\VUi4VlAeU5mHTySwb10PMAu9.exe
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Windows\Tasks\bMvfdBTccYfZYKRCwN.job
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
There are 97 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Users\user\Documents\iofolko5\G__XJZ9ACVwRjgVn6BXId6E1.exe
|
C:\Users\user\Documents\iofolko5\G__XJZ9ACVwRjgVn6BXId6E1.exe
|
|
|
|
C:\Users\user\Documents\iofolko5\hI6pMK6rYY2urO_lpGyU85DA.exe
|
C:\Users\user\Documents\iofolko5\hI6pMK6rYY2urO_lpGyU85DA.exe
|
|
|
|
C:\Users\user\Documents\iofolko5\Jrh6BLxH1aqS3cJle2sY_F2Q.exe
|
C:\Users\user\Documents\iofolko5\Jrh6BLxH1aqS3cJle2sY_F2Q.exe
|
|
|
|
C:\Users\user\Documents\iofolko5\tyq3dazbB0crObgKIDGLxiAO.exe
|
C:\Users\user\Documents\iofolko5\tyq3dazbB0crObgKIDGLxiAO.exe
|
|
|
|
C:\Users\user\Documents\iofolko5\Ifh3vuF2SF2LvHombSP7ZGRi.exe
|
C:\Users\user\Documents\iofolko5\Ifh3vuF2SF2LvHombSP7ZGRi.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\7zS1DF8.tmp\Install.exe
|
.\Install.exe
|
|
|
|
C:\Users\user\AppData\Local\Play Glock\playglock32x64.exe
|
"C:\Users\user\AppData\Local\Play Glock\playglock32x64.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Temp\7zS2897.tmp\Install.exe
|
.\Install.exe /dXVdidiCT "385121" /S
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows
Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c
"cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ
/d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\"
/f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows
Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c
"cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
|
|
|
|
C:\Windows\SysWOW64\forfiles.exe
|
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\"
/f /v 2147735503 /t REG_SZ /d 6"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d
6
|
|
|
|
C:\Windows\SysWOW64\reg.exe
|
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
|
|
|
|
C:\Windows\SysWOW64\forfiles.exe
|
forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\"
/f /v 2147814524 /t REG_SZ /d 6"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d
6
|
|
|
|
C:\Windows\SysWOW64\reg.exe
|
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
|
|
|
|
C:\Windows\SysWOW64\forfiles.exe
|
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\"
/f /v 2147780199 /t REG_SZ /d 6"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d
6
|
|
|
|
C:\Windows\SysWOW64\reg.exe
|
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
|
|
|
|
C:\Windows\SysWOW64\forfiles.exe
|
forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\"
/f /v 2147812831 /t REG_SZ /d 6"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d
6
|
|
|
|
C:\Windows\SysWOW64\reg.exe
|
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
|
|
|
|
C:\Windows\SysWOW64\forfiles.exe
|
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell start-process -WindowStyle Hidden gpupdate.exe /force
|
|
|
|
C:\Windows\SysWOW64\forfiles.exe
|
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m waitfor.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender
PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe
Force=True
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe
Force=True
|
|
|
|
C:\Windows\SysWOW64\gpupdate.exe
|
"C:\Windows\system32\gpupdate.exe" /force
|
|
|
|
C:\Windows\SysWOW64\wbem\WMIC.exe
|
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe
Force=True
|
|
|
|
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
|
"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /CREATE /TN "bMvfdBTccYfZYKRCwN" /SC once /ST 18:54:00 /RU "SYSTEM" /TR "\"C:\Users\user\AppData\Local\Temp\7zS2897.tmp\Install.exe\"
Is /mKdidL 385121 /S" /V1 /F
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Users\user\AppData\Local\Temp\is-QKCAE.tmp\hI6pMK6rYY2urO_lpGyU85DA.tmp
|
"C:\Users\user\AppData\Local\Temp\is-QKCAE.tmp\hI6pMK6rYY2urO_lpGyU85DA.tmp" /SL5="$70060,2863082,54272,C:\Users\user\Documents\iofolko5\hI6pMK6rYY2urO_lpGyU85DA.exe"
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 7916 -ip 7916
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 736
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7916 -ip 7916
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 744
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 7916 -ip 7916
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 764
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7916 -ip 7916
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 748
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7916 -ip 7916
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 984
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 7916 -ip 7916
|
There are 41 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
reinforcenh.shop
|
|
||
|
stogeneratmns.shop
|
|
||
|
ejrsoyz.ua8a
|
|
||
|
ghostreedmnu.shop
|
|
||
|
http://ejrsoyz.ua/search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa19e8889b5e4fa9281ae978f771ea771795af8e05c444db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf814c6eb959d3e
|
185.208.158.248
|
|
|
|
01fivevh5pt.top
|
|
||
|
https://iplog.co/1S3fd7
|
188.114.96.3
|
|
|
|
fragnantbui.shop
|
|
||
|
offensivedzvju.shop
|
|
||
|
http://ejrsoyz.ua/search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12eab517aa5c96bd86e8908744815a8bbc896c58e713bc90c94c36b5281fc235a925ed3e54d6bd974a95129070b417e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed929f3dc96f9113
|
185.208.158.248
|
|
|
|
drawzhotdog.shop
|
|
||
|
vozmeatillu.shop
|
|
||
|
analforeverlovyu.top
|
|
||
|
https://www.cloudflare.com/learning/access-management/phishing-attack/
|
unknown
|
||
|
http://45.91.200.135/api/wp-admin.php3
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://gcc.gnu.org/bugs/):
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
http://80.66.75.114/files/download
|
80.66.75.114
|
||
|
http://marafon.in/dergrherg/setup1.exexe
|
unknown
|
||
|
https://cdn.discordapp.com/6
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82d
|
unknown
|
||
|
http://45.91.200.135:80/api/wp-admin.phpU
|
unknown
|
||
|
http://103.130.147.211/Files/Silencer.exe
|
103.130.147.211
|
||
|
https://api64.ipify.org:443/?format=json
|
unknown
|
||
|
http://45.91.200.135/api/wp-admin.phpH
|
unknown
|
||
|
http://45.91.200.135:80/api/wp-admin.phpd
|
unknown
|
||
|
http://80.66.75.114/namel
|
unknown
|
||
|
http://194.58.114.223/d/385121%
|
unknown
|
||
|
https://ipinfo.io:443/widget/demo/8.46.123.33Z
|
unknown
|
||
|
http://103.130.147.211/Files/CheckTool.exe
|
103.130.147.211
|
||
|
http://185.208.158.248/-
|
unknown
|
||
|
http://fivevh5pt.top/
|
unknown
|
||
|
http://194.58.114.223/d/385121
|
194.58.114.223
|
||
|
http://45.91.200.135/api/wp-admin.phprN
|
unknown
|
||
|
http://45.91.200.135/l
|
unknown
|
||
|
https://api.sandbox.midtrans.comcrypto/aes:
|
unknown
|
||
|
http://103.130.147.211/Files/CheckTool.exeC:
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
||
|
http://103.130.147.211/Files/CheckTool.exeK
|
unknown
|
||
|
http://www.innosetup.com/
|
unknown
|
||
|
https://ghostreedmnu.shop/
|
unknown
|
||
|
http://80.66.75.114/add?substr=mixnine&s=three&sub=NOSUBF
|
unknown
|
||
|
http://194.58.114.223/
|
unknown
|
||
|
http://80.66.75.114/dll/key
|
80.66.75.114
|
||
|
https://ghostreedmnu.shop/m
|
unknown
|
||
|
http://80.66.75.114/add?substr=mixnine&s=three&sub=NOSUBI
|
unknown
|
||
|
http://194.58.114.223/d/385121C:
|
unknown
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
http://103.130.147.211/Files/Channel2.exeDBK7bm
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86b0ba17e400ea81a7c27d78406abdd88be4b12eab517aa5c96bd86e8908
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://www.cloudflare.com/5xx-error-landing
|
unknown
|
||
|
http://103.130.147.211/Files/Channel2.exel
|
unknown
|
||
|
https://iplog.co/%M
|
unknown
|
||
|
http://80.66.75.114/soft/downloadKR
|
unknown
|
||
|
https://ipinfo.io/
|
unknown
|
||
|
http://45.91.200.135:80/api/wp-admin.php
|
unknown
|
||
|
http://45.91.200.135:80/api/wp-ping.php
|
unknown
|
||
|
https://g-cleanit.hk
|
unknown
|
||
|
https://ipinfo.io/(
|
unknown
|
||
|
http://103.130.147.211/Files/Silencer.exe/
|
unknown
|
||
|
https://ipinfo.io/https://ipgeolocation.io/::
|
unknown
|
||
|
http://176.113.115.95/thebig/stories.exe
|
176.113.115.95
|
||
|
http://80.66.75.114/add?substr=mixnine&s=three&sub=NOSUB
|
80.66.75.114
|
||
|
http://45.91.200.135/api/wp-ping.php
|
unknown
|
||
|
https://iplog.co/1S3fd7&
|
unknown
|
||
|
http://45.91.200.135/api/wp-ping.phpU
|
unknown
|
||
|
http://repository.certum.pl/cscasha2.cer0
|
unknown
|
||
|
https://api64.ipify.org/
|
unknown
|
||
|
http://103.130.147.211/Files/Silencer.exeC:
|
unknown
|
||
|
https://api64.ipify.org/?format=json
|
173.231.16.77
|
||
|
http://103.130.147.211/Files/Channel2.exeC:
|
unknown
|
||
|
https://cdn.discordapp.com/
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
http://80.66.75.114/name
|
80.66.75.114
|
||
|
https://api.midtrans.comGetUserDefaultLocaleNameinvalid
|
unknown
|
||
|
http://103.130.147.211/Files/tac.exe
|
103.130.147.211
|
||
|
http://80.66.75.114/dl?name=mixninelVz0BoyeRjU78
|
unknown
|
||
|
http://www.openssl.org/support/faq.html
|
unknown
|
||
|
http://45.91.200.135/api/wp-admin.php
|
unknown
|
||
|
https://ipgeolocation.io/
|
unknown
|
||
|
http://103.130.147.211/Files/tac.exeC:
|
unknown
|
||
|
http://80.66.75.114/dl?name=mixnineC:
|
unknown
|
||
|
https://iplog.co/
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://marafon.in/dergrherg/setup1.exeC:
|
unknown
|
||
|
https://ipinfo.io/widget/demo/8.46.123.33
|
34.117.59.81
|
||
|
http://80.66.75.114/dll/download
|
80.66.75.114
|
||
|
http://45.91.200.135/
|
unknown
|
||
|
https://serviceupdate32.com/update
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
||
|
http://45.91.200.135/api/wp-ping.phpA
|
unknown
|
||
|
https://iplog.co/p
|
unknown
|
||
|
http://80.66.75.114/dl?name=mixninee
|
unknown
|
||
|
http://www.openssl.org/f
|
unknown
|
||
|
http://176.113.115.95/thebig/stories.exeC:
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fivevh5pt.top
|
84.38.182.221
|
|
|
|
iplog.co
|
188.114.96.3
|
|
|
|
ghostreedmnu.shop
|
188.114.96.3
|
|
|
|
ejrsoyz.ua
|
185.208.158.248
|
|
|
|
marafon.in
|
147.45.60.44
|
||
|
ipinfo.io
|
34.117.59.81
|
||
|
cdn.discordapp.com
|
162.159.130.233
|
||
|
api64.ipify.org
|
173.231.16.77
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
84.38.182.221
|
fivevh5pt.top
|
Russian Federation
|
|
|
|
185.208.158.248
|
ejrsoyz.ua
|
Switzerland
|
|
|
|
188.114.96.3
|
iplog.co
|
European Union
|
|
|
|
194.58.114.223
|
unknown
|
Russian Federation
|
||
|
80.66.75.114
|
unknown
|
Russian Federation
|
||
|
34.117.59.81
|
ipinfo.io
|
United States
|
||
|
103.130.147.211
|
unknown
|
Turkey
|
||
|
45.91.200.135
|
unknown
|
Netherlands
|
||
|
162.159.130.233
|
cdn.discordapp.com
|
United States
|
||
|
176.113.115.95
|
unknown
|
Russian Federation
|
||
|
173.231.16.77
|
api64.ipify.org
|
United States
|
||
|
147.45.60.44
|
marafon.in
|
Russian Federation
|
||
|
89.105.201.183
|
unknown
|
Netherlands
|
There are 3 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
Inno Setup: App Path
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
InstallLocation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
Inno Setup: User
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
Inno Setup: Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
UninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
QuietUninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
NoModify
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
NoRepair
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
InstallDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play Glock_is1
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SigmaTuner
|
edrax_smart_maker_i47_4
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\7588
|
Terminator
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\7588
|
Reason
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\7588
|
CreationTime
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\7916
|
Terminator
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\7916
|
Reason
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\7916
|
CreationTime
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\8132
|
Terminator
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\8132
|
Reason
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\8132
|
CreationTime
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\7396
|
Terminator
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\7396
|
Reason
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\7396
|
CreationTime
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
ProgramId
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
FileId
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
LongPathHash
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
Name
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
OriginalFileName
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
Publisher
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
Version
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
BinFileVersion
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
BinaryType
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
ProductName
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
ProductVersion
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
LinkDate
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
BinProductVersion
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
Size
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
Language
|
||
|
\REGISTRY\A\{806b68f2-7b40-b659-eea9-1ff5a0961f80}\Root\InventoryApplicationFile\tyq3dazbb0crobgk|d801ef8c189c89d4
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction
|
2147735503
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction
|
2147814524
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction
|
2147780199
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction
|
2147812831
|
There are 45 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
18DC000
|
direct allocation
|
page read and write
|
|
|
|
2CA1000
|
direct allocation
|
page execute and read and write
|
|
|
|
2BF3000
|
heap
|
page read and write
|
|
|
|
3F8D000
|
heap
|
page read and write
|
|
|
|
1892000
|
direct allocation
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
2DCF000
|
stack
|
page read and write
|
||
|
2CBD000
|
stack
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
4440000
|
remote allocation
|
page read and write
|
||
|
27CD000
|
stack
|
page read and write
|
||
|
21DD000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
183A000
|
direct allocation
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2190000
|
heap
|
page read and write
|
||
|
36C7000
|
heap
|
page read and write
|
||
|
3CC000
|
stack
|
page read and write
|
||
|
21D40000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
36B3000
|
heap
|
page read and write
|
||
|
305C000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
3F97000
|
heap
|
page read and write
|
||
|
638000
|
unkown
|
page readonly
|
||
|
184E000
|
direct allocation
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
3F80000
|
heap
|
page read and write
|
||
|
352E000
|
heap
|
page read and write
|
||
|
427000
|
unkown
|
page readonly
|
||
|
3593000
|
heap
|
page read and write
|
||
|
3377000
|
heap
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
374E000
|
stack
|
page read and write
|
||
|
2028000
|
direct allocation
|
page read and write
|
||
|
3373000
|
heap
|
page read and write
|
||
|
3641000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
205E000
|
heap
|
page read and write
|
||
|
10ED000
|
heap
|
page read and write
|
||
|
9F3000
|
stack
|
page read and write
|
||
|
5CF000
|
stack
|
page read and write
|
||
|
35FC000
|
heap
|
page read and write
|
||
|
9A0000
|
direct allocation
|
page read and write
|
||
|
2AA8000
|
heap
|
page read and write
|
||
|
29DE000
|
stack
|
page read and write
|
||
|
11E5B000
|
direct allocation
|
page readonly
|
||
|
3CC000
|
stack
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
3685000
|
heap
|
page read and write
|
||
|
6EA000
|
heap
|
page read and write
|
||
|
2B7E000
|
stack
|
page read and write
|
||
|
269E000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
56A000
|
heap
|
page read and write
|
||
|
47D717E000
|
stack
|
page read and write
|
||
|
270A000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
15A6000
|
trusted library allocation
|
page read and write
|
||
|
500000
|
unkown
|
page readonly
|
||
|
A30000
|
heap
|
page read and write
|
||
|
3647000
|
heap
|
page read and write
|
||
|
5BBF000
|
direct allocation
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
B5D000
|
stack
|
page read and write
|
||
|
5890000
|
heap
|
page read and write
|
||
|
35F0000
|
heap
|
page read and write
|
||
|
14DFF08B000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
41B000
|
unkown
|
page readonly
|
||
|
464000
|
heap
|
page read and write
|
||
|
9F0000
|
stack
|
page read and write
|
||
|
5BCB000
|
direct allocation
|
page read and write
|
||
|
D5E0000
|
heap
|
page read and write
|
||
|
14DFF03A000
|
heap
|
page read and write
|
||
|
369D000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
305C000
|
heap
|
page read and write
|
||
|
37FE000
|
heap
|
page read and write
|
||
|
14DFF115000
|
trusted library allocation
|
page read and write
|
||
|
17EF000
|
stack
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
362C000
|
heap
|
page read and write
|
||
|
2790000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
1596000
|
heap
|
page read and write
|
||
|
34CD000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
5C54000
|
direct allocation
|
page read and write
|
||
|
10C8000
|
unkown
|
page read and write
|
||
|
369D000
|
heap
|
page read and write
|
||
|
2C23000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
5A9000
|
unkown
|
page execute and write copy
|
||
|
2B4E000
|
stack
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
290D000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2100000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
500000
|
unkown
|
page readonly
|
||
|
20C0000
|
direct allocation
|
page execute and read and write
|
||
|
47D6E7D000
|
stack
|
page read and write
|
||
|
AE2000
|
unkown
|
page readonly
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
A11000
|
unkown
|
page execute read
|
||
|
8B7000
|
heap
|
page read and write
|
||
|
2C42000
|
heap
|
page read and write
|
||
|
42DC000
|
stack
|
page read and write
|
||
|
21E5D000
|
stack
|
page read and write
|
||
|
499000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2940000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
27C0000
|
trusted library allocation
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
360E000
|
stack
|
page read and write
|
||
|
354F000
|
stack
|
page read and write
|
||
|
FE8000
|
unkown
|
page readonly
|
||
|
2140000
|
heap
|
page read and write
|
||
|
2CDC000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
2C23000
|
heap
|
page read and write
|
||
|
593000
|
remote allocation
|
page execute and read and write
|
||
|
352D000
|
heap
|
page read and write
|
||
|
2692000
|
heap
|
page read and write
|
||
|
2C23000
|
heap
|
page read and write
|
||
|
3121000
|
heap
|
page read and write
|
||
|
34CE000
|
stack
|
page read and write
|
||
|
AE0000
|
unkown
|
page readonly
|
||
|
395A000
|
heap
|
page read and write
|
||
|
23A0000
|
direct allocation
|
page read and write
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
EB2000
|
unkown
|
page read and write
|
||
|
77A000
|
heap
|
page read and write
|
||
|
36AE000
|
heap
|
page read and write
|
||
|
1588000
|
heap
|
page read and write
|
||
|
2FCB000
|
heap
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
F82000
|
unkown
|
page write copy
|
||
|
18AA000
|
direct allocation
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
182C000
|
direct allocation
|
page read and write
|
||
|
4E1E000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2D3E000
|
heap
|
page read and write
|
||
|
2D68000
|
heap
|
page read and write
|
||
|
21B7F000
|
stack
|
page read and write
|
||
|
106E000
|
heap
|
page read and write
|
||
|
DF85000
|
heap
|
page read and write
|
||
|
26D4000
|
heap
|
page read and write
|
||
|
4440000
|
remote allocation
|
page read and write
|
||
|
11C1000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
14DFF100000
|
trusted library allocation
|
page read and write
|
||
|
25DD000
|
stack
|
page read and write
|
||
|
2150000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
369D000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
260000
|
remote allocation
|
page execute and read and write
|
||
|
14DFF502000
|
heap
|
page read and write
|
||
|
14DFF08B000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
14DFF07A000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
632000
|
unkown
|
page write copy
|
||
|
359E000
|
stack
|
page read and write
|
||
|
35D8000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2150000
|
heap
|
page read and write
|
||
|
3520000
|
heap
|
page read and write
|
||
|
3670000
|
heap
|
page read and write
|
||
|
3379000
|
heap
|
page read and write
|
||
|
2490000
|
direct allocation
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
2A3F000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
294D000
|
stack
|
page read and write
|
||
|
181A000
|
direct allocation
|
page read and write
|
||
|
74B000
|
heap
|
page read and write
|
||
|
1CC000
|
stack
|
page read and write
|
||
|
40D000
|
stack
|
page read and write
|
||
|
2171000
|
direct allocation
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
1552000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5911000
|
heap
|
page read and write
|
||
|
A90000
|
remote allocation
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
D870000
|
heap
|
page read and write
|
||
|
3140000
|
direct allocation
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
D5EC000
|
heap
|
page read and write
|
||
|
43BC000
|
stack
|
page read and write
|
||
|
B9C000
|
unkown
|
page read and write
|
||
|
384F000
|
stack
|
page read and write
|
||
|
4350000
|
heap
|
page read and write
|
||
|
1862000
|
direct allocation
|
page read and write
|
||
|
323C000
|
stack
|
page read and write
|
||
|
11B5000
|
heap
|
page read and write
|
||
|
3683000
|
heap
|
page read and write
|
||
|
2C23000
|
heap
|
page read and write
|
||
|
4049000
|
heap
|
page read and write
|
||
|
2EA0000
|
trusted library allocation
|
page read and write
|
||
|
2D31000
|
heap
|
page read and write
|
||
|
4D9E000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
3AD1000
|
heap
|
page read and write
|
||
|
205C000
|
direct allocation
|
page read and write
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
2D3E000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
305C000
|
heap
|
page read and write
|
||
|
104E000
|
stack
|
page read and write
|
||
|
1567000
|
heap
|
page read and write
|
||
|
3958000
|
heap
|
page read and write
|
||
|
1A74000
|
direct allocation
|
page read and write
|
||
|
422000
|
unkown
|
page write copy
|
||
|
1574000
|
heap
|
page read and write
|
||
|
18FC000
|
direct allocation
|
page read and write
|
||
|
57D000
|
heap
|
page read and write
|
||
|
43C000
|
unkown
|
page write copy
|
||
|
2C42000
|
heap
|
page read and write
|
||
|
8AD000
|
stack
|
page read and write
|
||
|
14DFF000000
|
unkown
|
page read and write
|
||
|
62E000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3521000
|
heap
|
page read and write
|
||
|
5BA000
|
remote allocation
|
page execute and read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
68F000
|
stack
|
page read and write
|
||
|
51BD000
|
stack
|
page read and write
|
||
|
15CE000
|
heap
|
page read and write
|
||
|
37C7000
|
heap
|
page read and write
|
||
|
2BF6000
|
heap
|
page read and write
|
||
|
5810000
|
trusted library allocation
|
page read and write
|
||
|
180C000
|
direct allocation
|
page read and write
|
||
|
154C000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
314D000
|
stack
|
page read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
30CD000
|
heap
|
page read and write
|
||
|
4021000
|
trusted library allocation
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
162E000
|
stack
|
page read and write
|
||
|
2C23000
|
heap
|
page read and write
|
||
|
492E000
|
stack
|
page read and write
|
||
|
5810000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
18BE000
|
direct allocation
|
page read and write
|
||
|
5C1000
|
heap
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
B1C000
|
stack
|
page read and write
|
||
|
283E000
|
stack
|
page read and write
|
||
|
3140000
|
direct allocation
|
page read and write
|
||
|
58D000
|
heap
|
page read and write
|
||
|
92E000
|
stack
|
page read and write
|
||
|
47D747B000
|
stack
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
347E000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
5A3000
|
unkown
|
page read and write
|
||
|
305000
|
heap
|
page read and write
|
||
|
1591000
|
heap
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
3670000
|
heap
|
page read and write
|
||
|
36A1000
|
heap
|
page read and write
|
||
|
10165000
|
direct allocation
|
page read and write
|
||
|
221D000
|
stack
|
page read and write
|
||
|
D5E7000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
331D000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
417F000
|
stack
|
page read and write
|
||
|
18BC000
|
direct allocation
|
page read and write
|
||
|
2AEF000
|
stack
|
page read and write
|
||
|
305C000
|
heap
|
page read and write
|
||
|
1A76000
|
direct allocation
|
page read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
322F000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
3B3E000
|
stack
|
page read and write
|
||
|
369D000
|
heap
|
page read and write
|
||
|
7D3000
|
heap
|
page read and write
|
||
|
CAA000
|
unkown
|
page readonly
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
740000
|
direct allocation
|
page execute and read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
109E000
|
stack
|
page read and write
|
||
|
2C42000
|
heap
|
page read and write
|
||
|
10C1000
|
unkown
|
page read and write
|
||
|
799000
|
heap
|
page read and write
|
||
|
5AF000
|
unkown
|
page execute and write copy
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
361A000
|
heap
|
page read and write
|
||
|
10C6000
|
unkown
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2EF7000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
18CA000
|
direct allocation
|
page read and write
|
||
|
793000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
14DFF500000
|
heap
|
page read and write
|
||
|
3521000
|
heap
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
43C000
|
stack
|
page read and write
|
||
|
4CB000
|
stack
|
page read and write
|
||
|
106F000
|
heap
|
page read and write
|
||
|
2D8C000
|
stack
|
page read and write
|
||
|
5890000
|
heap
|
page read and write
|
||
|
218FE000
|
stack
|
page read and write
|
||
|
3665000
|
heap
|
page read and write
|
||
|
317E000
|
stack
|
page read and write
|
||
|
4EDF000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
1EE3000
|
heap
|
page read and write
|
||
|
62E000
|
stack
|
page read and write
|
||
|
101F000
|
heap
|
page read and write
|
||
|
1246000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
367F000
|
heap
|
page read and write
|
||
|
36A3000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
F84000
|
unkown
|
page write copy
|
||
|
5F4000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
3525000
|
heap
|
page read and write
|
||
|
11E56000
|
direct allocation
|
page read and write
|
||
|
DA7F000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
18F6000
|
direct allocation
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
3529000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
29F8000
|
heap
|
page read and write
|
||
|
36A2000
|
heap
|
page read and write
|
||
|
2D9D000
|
stack
|
page read and write
|
||
|
324D000
|
stack
|
page read and write
|
||
|
21CFF000
|
stack
|
page read and write
|
||
|
283D000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
34CA000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
11B3000
|
heap
|
page read and write
|
||
|
1DFF000
|
direct allocation
|
page read and write
|
||
|
19E000
|
stack
|
page read and write
|
||
|
26B1000
|
heap
|
page read and write
|
||
|
F83000
|
unkown
|
page read and write
|
||
|
1942000
|
direct allocation
|
page read and write
|
||
|
FDE000
|
unkown
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
1832000
|
direct allocation
|
page read and write
|
||
|
501000
|
unkown
|
page execute read
|
||
|
500000
|
heap
|
page read and write
|
||
|
3FED000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
23A1000
|
heap
|
page read and write
|
||
|
422000
|
unkown
|
page write copy
|
||
|
113C000
|
heap
|
page read and write
|
||
|
10018000
|
direct allocation
|
page read and write
|
||
|
339F000
|
stack
|
page read and write
|
||
|
FE8000
|
unkown
|
page readonly
|
||
|
F7D000
|
unkown
|
page write copy
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
3689000
|
heap
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
1806000
|
direct allocation
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
14DFF07A000
|
heap
|
page read and write
|
||
|
5C1000
|
heap
|
page read and write
|
||
|
427000
|
unkown
|
page readonly
|
||
|
1043000
|
heap
|
page read and write
|
||
|
100D000
|
stack
|
page read and write
|
||
|
4ADF000
|
stack
|
page read and write
|
||
|
14DFF413000
|
heap
|
page read and write
|
||
|
1838000
|
direct allocation
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
14DFEF80000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
1804000
|
direct allocation
|
page read and write
|
||
|
E72000
|
unkown
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
13E2000
|
unkown
|
page readonly
|
||
|
490000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
14DFEFB0000
|
trusted library allocation
|
page read and write
|
||
|
1041000
|
heap
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
144F000
|
stack
|
page read and write
|
||
|
237E000
|
stack
|
page read and write
|
||
|
36A2000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
1800000
|
direct allocation
|
page read and write
|
||
|
1552000
|
heap
|
page read and write
|
||
|
2C23000
|
heap
|
page read and write
|
||
|
B85000
|
heap
|
page read and write
|
||
|
3623000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
368A000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
2B61000
|
heap
|
page read and write
|
||
|
3FDA000
|
heap
|
page read and write
|
||
|
6AB000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2A04000
|
heap
|
page read and write
|
||
|
55A000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
96F000
|
stack
|
page read and write
|
||
|
14DFF08B000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
2C0F000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
370F000
|
stack
|
page read and write
|
||
|
828000
|
heap
|
page read and write
|
||
|
307E000
|
stack
|
page read and write
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
501000
|
unkown
|
page execute read
|
||
|
7D6000
|
heap
|
page read and write
|
||
|
15B3000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
4E5F000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
201C000
|
direct allocation
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
14DFF03D000
|
heap
|
page read and write
|
||
|
305C000
|
heap
|
page read and write
|
||
|
5CAE000
|
direct allocation
|
page read and write
|
||
|
DB5000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
3FB5000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
4C10000
|
heap
|
page read and write
|
||
|
337A000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
1820000
|
direct allocation
|
page read and write
|
||
|
36BC000
|
heap
|
page read and write
|
||
|
18F000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
295A000
|
stack
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
3FA2000
|
heap
|
page read and write
|
||
|
329D000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2B73000
|
heap
|
page read and write
|
||
|
5A20000
|
direct allocation
|
page read and write
|
||
|
14DFF02B000
|
heap
|
page read and write
|
||
|
2C7F000
|
stack
|
page read and write
|
||
|
4AD000
|
heap
|
page execute and read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
36A4000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
21A7D000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
14DFF400000
|
heap
|
page read and write
|
||
|
35D000
|
stack
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
A90000
|
remote allocation
|
page read and write
|
||
|
575000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
2C8D000
|
stack
|
page read and write
|
||
|
49A000
|
heap
|
page read and write
|
||
|
427000
|
unkown
|
page readonly
|
||
|
3340000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
31DE000
|
stack
|
page read and write
|
||
|
34CB000
|
heap
|
page read and write
|
||
|
3609000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
3FC9000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
13E2000
|
unkown
|
page readonly
|
||
|
2A2A000
|
heap
|
page read and write
|
||
|
A11000
|
unkown
|
page execute read
|
||
|
154F000
|
stack
|
page read and write
|
||
|
372D000
|
heap
|
page read and write
|
||
|
2E8F000
|
stack
|
page read and write
|
||
|
28CE000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
376A000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
14DFF402000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
1ED0000
|
heap
|
page read and write
|
||
|
303F000
|
stack
|
page read and write
|
||
|
472000
|
unkown
|
page readonly
|
||
|
1872000
|
direct allocation
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2C42000
|
heap
|
page read and write
|
||
|
364F000
|
heap
|
page read and write
|
||
|
10F8000
|
stack
|
page read and write
|
||
|
3587000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
41BF000
|
stack
|
page read and write
|
||
|
3600000
|
heap
|
page read and write
|
||
|
14DFF513000
|
heap
|
page read and write
|
||
|
322F000
|
stack
|
page read and write
|
||
|
305D000
|
heap
|
page read and write
|
||
|
105D000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
1866000
|
direct allocation
|
page read and write
|
||
|
2C41000
|
heap
|
page read and write
|
||
|
303E000
|
stack
|
page read and write
|
||
|
21D0000
|
heap
|
page read and write
|
||
|
198000
|
stack
|
page read and write
|
||
|
2C23000
|
heap
|
page read and write
|
||
|
305D000
|
heap
|
page read and write
|
||
|
3AFD000
|
stack
|
page read and write
|
||
|
47D7379000
|
stack
|
page read and write
|
||
|
2D5F000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
35E0000
|
heap
|
page read and write
|
||
|
18EA000
|
direct allocation
|
page read and write
|
||
|
2A9F000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2164000
|
direct allocation
|
page read and write
|
||
|
181E000
|
direct allocation
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
183F000
|
direct allocation
|
page read and write
|
||
|
184C000
|
direct allocation
|
page read and write
|
||
|
82B000
|
heap
|
page read and write
|
||
|
18A4000
|
direct allocation
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
D5C000
|
stack
|
page read and write
|
||
|
59F000
|
unkown
|
page execute and write copy
|
||
|
14DFF08A000
|
heap
|
page read and write
|
||
|
1812000
|
direct allocation
|
page read and write
|
||
|
2DCB000
|
stack
|
page read and write
|
||
|
302B000
|
heap
|
page read and write
|
||
|
2703000
|
heap
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
21BFE000
|
stack
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
20BF000
|
stack
|
page read and write
|
||
|
1574000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
27FE000
|
unkown
|
page read and write
|
||
|
A7D000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2FCB000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
C10000
|
heap
|
page read and write
|
||
|
189A000
|
direct allocation
|
page read and write
|
||
|
15A4000
|
trusted library allocation
|
page read and write
|
||
|
278E000
|
stack
|
page read and write
|
||
|
2F8E000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
D3D1000
|
heap
|
page read and write
|
||
|
3601000
|
heap
|
page read and write
|
||
|
77E000
|
heap
|
page read and write
|
||
|
1816000
|
direct allocation
|
page read and write
|
||
|
E4C000
|
stack
|
page read and write
|
||
|
11B4000
|
heap
|
page read and write
|
||
|
51A000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
1834000
|
direct allocation
|
page read and write
|
||
|
2042000
|
direct allocation
|
page read and write
|
||
|
8AC000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
BA4000
|
unkown
|
page readonly
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
3524000
|
heap
|
page read and write
|
||
|
1894000
|
direct allocation
|
page read and write
|
||
|
1569000
|
heap
|
page read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
2C23000
|
heap
|
page read and write
|
||
|
14DFF502000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
38C000
|
stack
|
page read and write
|
||
|
35EA000
|
heap
|
page read and write
|
||
|
3377000
|
heap
|
page read and write
|
||
|
41B000
|
unkown
|
page readonly
|
||
|
3023000
|
trusted library allocation
|
page read and write
|
||
|
3601000
|
heap
|
page read and write
|
||
|
8FE000
|
stack
|
page read and write
|
||
|
25F0000
|
heap
|
page read and write
|
||
|
2E3F000
|
stack
|
page read and write
|
||
|
3372000
|
heap
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
3659000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
158D000
|
heap
|
page read and write
|
||
|
3021000
|
trusted library allocation
|
page execute and read and write
|
||
|
36A3000
|
heap
|
page read and write
|
||
|
5890000
|
heap
|
page read and write
|
||
|
198E000
|
direct allocation
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
40BE000
|
stack
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
290F000
|
stack
|
page read and write
|
||
|
1888000
|
direct allocation
|
page read and write
|
||
|
113E000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
36BF000
|
heap
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
6D8000
|
heap
|
page read and write
|
||
|
22B000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
3663000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
10D3000
|
unkown
|
page read and write
|
||
|
2F9C000
|
stack
|
page read and write
|
||
|
319F000
|
stack
|
page read and write
|
||
|
2DCD000
|
stack
|
page read and write
|
||
|
2C8D000
|
stack
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
5890000
|
heap
|
page read and write
|
||
|
420000
|
unkown
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
499000
|
unkown
|
page write copy
|
||
|
14DFF513000
|
heap
|
page read and write
|
||
|
43C000
|
unkown
|
page read and write
|
||
|
1376000
|
heap
|
page read and write
|
||
|
37FC000
|
heap
|
page read and write
|
||
|
111D000
|
heap
|
page read and write
|
||
|
2BD000
|
remote allocation
|
page readonly
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
317E000
|
stack
|
page read and write
|
||
|
315E000
|
stack
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
18F8000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
BA2000
|
unkown
|
page execute and read and write
|
||
|
2017000
|
direct allocation
|
page read and write
|
||
|
26FB000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
5CA2000
|
direct allocation
|
page read and write
|
||
|
2D1D000
|
heap
|
page read and write
|
||
|
37FE000
|
heap
|
page read and write
|
||
|
1037000
|
unkown
|
page read and write
|
||
|
35CF000
|
stack
|
page read and write
|
||
|
2BB1000
|
heap
|
page read and write
|
||
|
5910000
|
heap
|
page read and write
|
||
|
2C23000
|
heap
|
page read and write
|
||
|
298D000
|
stack
|
page read and write
|
||
|
4CBE000
|
stack
|
page read and write
|
||
|
11E5E000
|
direct allocation
|
page read and write
|
||
|
2BBB000
|
heap
|
page read and write
|
||
|
FE7000
|
unkown
|
page write copy
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
47EE000
|
stack
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
FE7000
|
unkown
|
page write copy
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
21C5000
|
heap
|
page read and write
|
||
|
188C000
|
direct allocation
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
1640000
|
heap
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
2160000
|
heap
|
page read and write
|
||
|
18B4000
|
direct allocation
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2EBB000
|
heap
|
page read and write
|
||
|
351E000
|
stack
|
page read and write
|
||
|
18A2000
|
direct allocation
|
page read and write
|
||
|
3650000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
36C1000
|
heap
|
page read and write
|
||
|
3698000
|
heap
|
page read and write
|
||
|
F8A000
|
heap
|
page read and write
|
||
|
3950000
|
heap
|
page read and write
|
||
|
2950000
|
stack
|
page read and write
|
||
|
14DFF03C000
|
heap
|
page read and write
|
||
|
47D727E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2F9A000
|
heap
|
page read and write
|
||
|
366B000
|
heap
|
page read and write
|
||
|
5AD000
|
unkown
|
page execute and write copy
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
9DA000
|
stack
|
page read and write
|
||
|
888000
|
heap
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
16EF000
|
stack
|
page read and write
|
||
|
305C000
|
heap
|
page read and write
|
||
|
49B0000
|
heap
|
page read and write
|
||
|
21A3F000
|
stack
|
page read and write
|
||
|
268E000
|
stack
|
page read and write
|
||
|
14DFF102000
|
trusted library allocation
|
page read and write
|
||
|
305C000
|
heap
|
page read and write
|
||
|
1EB000
|
stack
|
page read and write
|
||
|
1882000
|
direct allocation
|
page read and write
|
||
|
2193E000
|
stack
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
36B4000
|
heap
|
page read and write
|
||
|
118E000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2BF6000
|
heap
|
page read and write
|
||
|
21C2000
|
direct allocation
|
page read and write
|
||
|
4AB000
|
stack
|
page read and write
|
||
|
995000
|
heap
|
page read and write
|
||
|
2CDB000
|
heap
|
page read and write
|
||
|
3681000
|
heap
|
page read and write
|
||
|
21F5F000
|
stack
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
1136000
|
heap
|
page read and write
|
||
|
1580000
|
trusted library allocation
|
page read and write
|
||
|
A10000
|
unkown
|
page readonly
|
||
|
2BF6000
|
heap
|
page read and write
|
||
|
101C000
|
heap
|
page read and write
|
||
|
36A3000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
36B9000
|
heap
|
page read and write
|
||
|
9D6000
|
stack
|
page read and write
|
||
|
185E000
|
direct allocation
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
331B000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
31CE000
|
stack
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
47D6FFA000
|
stack
|
page read and write
|
||
|
2160000
|
direct allocation
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
191000
|
stack
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
2AB000
|
remote allocation
|
page readonly
|
||
|
3601000
|
heap
|
page read and write
|
||
|
5BC9000
|
direct allocation
|
page read and write
|
||
|
2C41000
|
heap
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
2190000
|
direct allocation
|
page read and write
|
||
|
D71000
|
unkown
|
page read and write
|
||
|
51E000
|
heap
|
page read and write
|
||
|
9F7000
|
stack
|
page read and write
|
||
|
37F4000
|
heap
|
page read and write
|
||
|
365A000
|
heap
|
page read and write
|
||
|
343F000
|
stack
|
page read and write
|
||
|
422000
|
unkown
|
page write copy
|
||
|
13F4000
|
unkown
|
page readonly
|
||
|
3FD6000
|
heap
|
page read and write
|
||
|
35F2000
|
heap
|
page read and write
|
||
|
5B1000
|
unkown
|
page execute and write copy
|
||
|
411000
|
unkown
|
page readonly
|
||
|
1594000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
14DFF500000
|
heap
|
page read and write
|
||
|
293E000
|
stack
|
page read and write
|
||
|
5A3000
|
unkown
|
page write copy
|
||
|
1630000
|
trusted library allocation
|
page execute and read and write
|
||
|
358B000
|
heap
|
page read and write
|
||
|
64E000
|
stack
|
page read and write
|
||
|
2040000
|
direct allocation
|
page read and write
|
||
|
4F80000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
81F000
|
stack
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
49B000
|
unkown
|
page read and write
|
||
|
B9F000
|
unkown
|
page readonly
|
||
|
32BE000
|
stack
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
14DFF08B000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2DDD000
|
stack
|
page read and write
|
||
|
2028000
|
direct allocation
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
8B8000
|
heap
|
page read and write
|
||
|
362F000
|
heap
|
page read and write
|
||
|
2C42000
|
heap
|
page read and write
|
||
|
352B000
|
heap
|
page read and write
|
||
|
2EEE000
|
stack
|
page read and write
|
||
|
2A88000
|
heap
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
3660000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
2010000
|
direct allocation
|
page read and write
|
||
|
49A000
|
unkown
|
page write copy
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2C42000
|
heap
|
page read and write
|
||
|
616000
|
heap
|
page read and write
|
||
|
443D000
|
stack
|
page read and write
|
||
|
CAA000
|
unkown
|
page readonly
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
7D3000
|
heap
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
1B00000
|
direct allocation
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
5BCD000
|
direct allocation
|
page read and write
|
||
|
5BC1000
|
direct allocation
|
page read and write
|
||
|
58E000
|
heap
|
page read and write
|
||
|
1077000
|
unkown
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
2090000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
5BD1000
|
direct allocation
|
page read and write
|
||
|
5BDD000
|
direct allocation
|
page read and write
|
||
|
14DFF03C000
|
heap
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
3681000
|
heap
|
page read and write
|
||
|
158E000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2D25000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
355E000
|
stack
|
page read and write
|
||
|
9B0000
|
direct allocation
|
page read and write
|
||
|
19EE000
|
stack
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
100B000
|
unkown
|
page readonly
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
7D7000
|
heap
|
page read and write
|
||
|
422000
|
unkown
|
page write copy
|
||
|
300000
|
heap
|
page read and write
|
||
|
2171000
|
direct allocation
|
page read and write
|
||
|
268E000
|
stack
|
page read and write
|
||
|
18C6000
|
direct allocation
|
page read and write
|
||
|
2E8B000
|
stack
|
page read and write
|
||
|
357F000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
1864000
|
direct allocation
|
page read and write
|
||
|
47D757B000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
21B80000
|
direct allocation
|
page read and write
|
||
|
427000
|
unkown
|
page readonly
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
18D2000
|
direct allocation
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
10011000
|
direct allocation
|
page readonly
|
||
|
1A90000
|
direct allocation
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
2C23000
|
heap
|
page read and write
|
||
|
47B000
|
unkown
|
page execute and write copy
|
||
|
36A7000
|
heap
|
page read and write
|
||
|
1814000
|
direct allocation
|
page read and write
|
||
|
15E0000
|
trusted library allocation
|
page read and write
|
||
|
20AD000
|
heap
|
page read and write
|
||
|
2E0F000
|
stack
|
page read and write
|
||
|
685000
|
unkown
|
page readonly
|
||
|
45BC000
|
stack
|
page read and write
|
||
|
315F000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
420000
|
unkown
|
page write copy
|
||
|
2C42000
|
heap
|
page read and write
|
||
|
4330000
|
heap
|
page read and write
|
||
|
5A5000
|
unkown
|
page write copy
|
||
|
D6B9000
|
heap
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
14DFF124000
|
heap
|
page read and write
|
||
|
B3B000
|
stack
|
page read and write
|
||
|
305E000
|
stack
|
page read and write
|
||
|
2190000
|
direct allocation
|
page read and write
|
||
|
5B3000
|
unkown
|
page execute and write copy
|
||
|
327F000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
352C000
|
heap
|
page read and write
|
||
|
18C0000
|
direct allocation
|
page read and write
|
||
|
5A1000
|
unkown
|
page execute and write copy
|
||
|
10DD000
|
stack
|
page read and write
|
||
|
2178000
|
direct allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
18C2000
|
direct allocation
|
page read and write
|
||
|
2D13000
|
heap
|
page read and write
|
||
|
38FD000
|
stack
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2FCB000
|
heap
|
page read and write
|
||
|
352F000
|
heap
|
page read and write
|
||
|
26FB000
|
stack
|
page read and write
|
||
|
14DFF08B000
|
heap
|
page read and write
|
||
|
2A4D000
|
stack
|
page read and write
|
||
|
3699000
|
heap
|
page read and write
|
||
|
35D2000
|
heap
|
page read and write
|
||
|
2C23000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2C0F000
|
heap
|
page read and write
|
||
|
2B0F000
|
unkown
|
page read and write
|
||
|
18B0000
|
direct allocation
|
page read and write
|
||
|
7C2000
|
heap
|
page read and write
|
||
|
1137000
|
unkown
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2D44000
|
heap
|
page read and write
|
||
|
8EF000
|
stack
|
page read and write
|
||
|
2E50000
|
trusted library allocation
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
3670000
|
heap
|
page read and write
|
||
|
15CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2304000
|
heap
|
page read and write
|
||
|
34C9000
|
heap
|
page read and write
|
||
|
334E000
|
stack
|
page read and write
|
||
|
34C6000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2228000
|
direct allocation
|
page read and write
|
||
|
D8CA000
|
heap
|
page read and write
|
||
|
2520000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
4DDF000
|
stack
|
page read and write
|
||
|
2C23000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
41B000
|
unkown
|
page readonly
|
||
|
26B1000
|
heap
|
page read and write
|
||
|
1001A000
|
direct allocation
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
1908000
|
direct allocation
|
page read and write
|
||
|
189C000
|
direct allocation
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
55E000
|
stack
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
3AD0000
|
heap
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
1593000
|
trusted library allocation
|
page execute and read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2678000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
2C42000
|
heap
|
page read and write
|
||
|
181F000
|
stack
|
page read and write
|
||
|
26B2000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
1818000
|
direct allocation
|
page read and write
|
||
|
1886000
|
direct allocation
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
1860000
|
direct allocation
|
page read and write
|
||
|
180A000
|
direct allocation
|
page read and write
|
||
|
15A0000
|
trusted library allocation
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
15EF000
|
stack
|
page read and write
|
||
|
291B000
|
stack
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
2910000
|
heap
|
page read and write
|
||
|
341E000
|
stack
|
page read and write
|
||
|
11AC000
|
heap
|
page read and write
|
||
|
423000
|
unkown
|
page read and write
|
||
|
188E000
|
direct allocation
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2F9A000
|
heap
|
page read and write
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
3681000
|
heap
|
page read and write
|
||
|
369D000
|
heap
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
1378000
|
unkown
|
page read and write
|
||
|
3348000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
3AF8000
|
heap
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
35DF000
|
stack
|
page read and write
|
||
|
5BD000
|
unkown
|
page execute and write copy
|
||
|
315F000
|
stack
|
page read and write
|
||
|
305D000
|
heap
|
page read and write
|
||
|
48EF000
|
stack
|
page read and write
|
||
|
2540000
|
heap
|
page read and write
|
||
|
10AE000
|
stack
|
page read and write
|
||
|
2D1E000
|
stack
|
page read and write
|
||
|
4CFF000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
1890000
|
direct allocation
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
7C5000
|
heap
|
page read and write
|
||
|
F9D000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
BA2000
|
unkown
|
page execute and write copy
|
||
|
3F7F000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
5F5000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
1896000
|
direct allocation
|
page read and write
|
||
|
431D000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2D25000
|
heap
|
page read and write
|
||
|
3D3F000
|
stack
|
page read and write
|
||
|
261000
|
remote allocation
|
page execute read
|
||
|
409000
|
unkown
|
page execute and read and write
|
||
|
437F000
|
stack
|
page read and write
|
||
|
10DA000
|
heap
|
page read and write
|
||
|
617000
|
heap
|
page read and write
|
||
|
2510000
|
heap
|
page read and write
|
||
|
304B000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
14DFF079000
|
heap
|
page read and write
|
||
|
2C9C000
|
stack
|
page read and write
|
||
|
41B000
|
unkown
|
page readonly
|
||
|
1810000
|
direct allocation
|
page read and write
|
||
|
4E9E000
|
stack
|
page read and write
|
||
|
2F5C000
|
stack
|
page read and write
|
||
|
35FC000
|
heap
|
page read and write
|
||
|
1102000
|
heap
|
page read and write
|
||
|
265D000
|
stack
|
page read and write
|
||
|
2190000
|
heap
|
page read and write
|
||
|
152E000
|
heap
|
page read and write
|
||
|
2C42000
|
heap
|
page read and write
|
||
|
3121000
|
heap
|
page read and write
|
||
|
49D000
|
unkown
|
page write copy
|
||
|
2054000
|
heap
|
page read and write
|
||
|
287F000
|
stack
|
page read and write
|
||
|
3FE6000
|
heap
|
page read and write
|
||
|
2C42000
|
heap
|
page read and write
|
||
|
2D8B000
|
stack
|
page read and write
|
||
|
5BE7000
|
direct allocation
|
page read and write
|
||
|
10D9000
|
unkown
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
3F8B000
|
heap
|
page read and write
|
||
|
E95000
|
heap
|
page read and write
|
||
|
2AE000
|
remote allocation
|
page execute and read and write
|
||
|
348F000
|
stack
|
page read and write
|
||
|
5A4000
|
unkown
|
page write copy
|
||
|
3522000
|
heap
|
page read and write
|
||
|
2956000
|
stack
|
page read and write
|
||
|
1A8E000
|
direct allocation
|
page read and write
|
||
|
4440000
|
remote allocation
|
page read and write
|
||
|
3D7E000
|
stack
|
page read and write
|
||
|
21B82000
|
direct allocation
|
page read and write
|
||
|
1A6E000
|
direct allocation
|
page read and write
|
||
|
188A000
|
direct allocation
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
36D7000
|
heap
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
18D4000
|
direct allocation
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
A10000
|
unkown
|
page readonly
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
4025000
|
trusted library allocation
|
page read and write
|
||
|
18A0000
|
direct allocation
|
page read and write
|
||
|
1D10000
|
direct allocation
|
page read and write
|
||
|
2FEF000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
186E000
|
direct allocation
|
page read and write
|
||
|
882000
|
heap
|
page read and write
|
||
|
1567000
|
heap
|
page read and write
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
268B000
|
heap
|
page read and write
|
||
|
335B000
|
heap
|
page read and write
|
||
|
317F000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
3642000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
36A6000
|
heap
|
page read and write
|
||
|
B9F000
|
unkown
|
page readonly
|
||
|
2C23000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
352E000
|
heap
|
page read and write
|
||
|
106D000
|
heap
|
page read and write
|
||
|
2F9A000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
18BA000
|
direct allocation
|
page read and write
|
||
|
BA4000
|
unkown
|
page readonly
|
||
|
36A1000
|
heap
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
472000
|
unkown
|
page readonly
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
2CEF000
|
stack
|
page read and write
|
||
|
2C42000
|
heap
|
page read and write
|
||
|
2D1D000
|
heap
|
page read and write
|
||
|
13F1000
|
unkown
|
page write copy
|
||
|
37DC000
|
heap
|
page read and write
|
||
|
691000
|
unkown
|
page readonly
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page execute and read and write
|
||
|
FC1000
|
unkown
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
2697000
|
heap
|
page read and write
|
||
|
564000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
1846000
|
direct allocation
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
2180000
|
heap
|
page read and write
|
||
|
2C42000
|
heap
|
page read and write
|
||
|
13F1000
|
unkown
|
page read and write
|
||
|
2C17000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
4382000
|
heap
|
page read and write
|
||
|
7F1000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
423000
|
unkown
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
1848000
|
direct allocation
|
page read and write
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
23A0000
|
direct allocation
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
14DFF03A000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
180E000
|
direct allocation
|
page read and write
|
||
|
918000
|
direct allocation
|
page read and write
|
||
|
340E000
|
stack
|
page read and write
|
||
|
5AB000
|
unkown
|
page execute and write copy
|
||
|
2BEE000
|
stack
|
page read and write
|
||
|
2B75000
|
heap
|
page read and write
|
||
|
269E000
|
heap
|
page read and write
|
||
|
FCD000
|
heap
|
page read and write
|
||
|
3FF2000
|
heap
|
page read and write
|
||
|
18D6000
|
direct allocation
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
181C000
|
direct allocation
|
page read and write
|
||
|
355F000
|
stack
|
page read and write
|
||
|
3681000
|
heap
|
page read and write
|
||
|
14DFF07B000
|
heap
|
page read and write
|
||
|
15C0000
|
trusted library allocation
|
page read and write
|
||
|
44D000
|
stack
|
page read and write
|
||
|
910000
|
direct allocation
|
page read and write
|
||
|
2EA0000
|
trusted library allocation
|
page read and write
|
||
|
21D4000
|
heap
|
page read and write
|
||
|
1876000
|
direct allocation
|
page read and write
|
||
|
3FAB000
|
heap
|
page read and write
|
||
|
D71000
|
unkown
|
page write copy
|
||
|
14DFF07A000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
36A7000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5BD3000
|
direct allocation
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
1A88000
|
direct allocation
|
page read and write
|
||
|
49E000
|
heap
|
page read and write
|
||
|
2D32000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
21B0000
|
direct allocation
|
page read and write
|
||
|
100B000
|
unkown
|
page readonly
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
3624000
|
heap
|
page read and write
|
||
|
33BF000
|
stack
|
page read and write
|
||
|
366F000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
18CE000
|
direct allocation
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
A90000
|
remote allocation
|
page read and write
|
||
|
11E5D000
|
direct allocation
|
page execute and read and write
|
||
|
1A80000
|
direct allocation
|
page read and write
|
||
|
2C7C000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
F7D000
|
unkown
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
106D000
|
heap
|
page read and write
|
||
|
2CDA000
|
direct allocation
|
page execute and read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
420000
|
unkown
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
3370000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
3680000
|
heap
|
page read and write
|
||
|
23EE000
|
stack
|
page read and write
|
||
|
14DFEFA0000
|
heap
|
page read and write
|
||
|
FC5000
|
heap
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
8C5000
|
heap
|
page read and write
|
||
|
28CE000
|
stack
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
5A10000
|
direct allocation
|
page read and write
|
||
|
2CF8000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
1660000
|
heap
|
page read and write
|
||
|
433E000
|
stack
|
page read and write
|
||
|
327C000
|
stack
|
page read and write
|
||
|
2C42000
|
heap
|
page read and write
|
||
|
2018000
|
direct allocation
|
page read and write
|
||
|
442000
|
unkown
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
4D9000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
FAD000
|
unkown
|
page read and write
|
||
|
26D4000
|
heap
|
page read and write
|
||
|
1A82000
|
direct allocation
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
4A2E000
|
stack
|
page read and write
|
||
|
58D000
|
heap
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
12B0000
|
direct allocation
|
page read and write
|
||
|
367B000
|
heap
|
page read and write
|
||
|
1808000
|
direct allocation
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
29DE000
|
stack
|
page read and write
|
||
|
305C000
|
heap
|
page read and write
|
||
|
10BA000
|
unkown
|
page read and write
|
||
|
152A000
|
heap
|
page read and write
|
||
|
36A9000
|
heap
|
page read and write
|
||
|
14DFF013000
|
unkown
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2BDE000
|
heap
|
page read and write
|
||
|
380C000
|
heap
|
page read and write
|
||
|
2E4D000
|
stack
|
page read and write
|
||
|
FE2000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
10B7000
|
unkown
|
page read and write
|
||
|
5C7000
|
unkown
|
page execute and write copy
|
||
|
710000
|
heap
|
page read and write
|
||
|
273A000
|
stack
|
page read and write
|
||
|
2C42000
|
heap
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
58C000
|
stack
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
1107000
|
heap
|
page read and write
|
||
|
5890000
|
heap
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
423E000
|
stack
|
page read and write
|
||
|
21C0000
|
heap
|
page read and write
|
||
|
1880000
|
direct allocation
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
34CB000
|
heap
|
page read and write
|
||
|
D61F000
|
heap
|
page read and write
|
||
|
EF9000
|
stack
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
35BA000
|
heap
|
page read and write
|
||
|
1003000
|
heap
|
page read and write
|
||
|
118A000
|
heap
|
page read and write
|
||
|
361E000
|
heap
|
page read and write
|
||
|
10BE000
|
unkown
|
page read and write
|
||
|
21C9000
|
heap
|
page read and write
|
||
|
2A0E000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
106D000
|
heap
|
page read and write
|
||
|
1ED1000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
5BCF000
|
direct allocation
|
page read and write
|
||
|
34C4000
|
heap
|
page read and write
|
||
|
26FB000
|
heap
|
page read and write
|
||
|
634000
|
unkown
|
page write copy
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
18B2000
|
direct allocation
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
18A6000
|
direct allocation
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
560000
|
heap
|
page read and write
|
||
|
35B7000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
420000
|
unkown
|
page write copy
|
||
|
13F4000
|
unkown
|
page readonly
|
||
|
588000
|
heap
|
page read and write
|
||
|
333E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
185E000
|
unkown
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
There are 1339 hidden memdumps, click here to show them.