Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_GoogleUpdater.ex_b5e9e639d399fad238f3f2a2f4864a4acc04faf_485bd42f_795adb79-7e3b-4a39-a5b7-9048b6b648dc\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_GoogleUpdater.ex_b5e9e639d399fad238f3f2a2f4864a4acc04faf_485bd42f_e3422d00-4588-4363-ac2c-1948855215e7\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_LKMService.exe_bdbda8d00ab586e1b1371d9646967c78080db8c_54538a4f_501a81ae-381a-4362-8eb5-6f99d9cfdae9\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_LKMService.exe_bdbda8d00ab586e1b1371d9646967c78080db8c_54538a4f_d3f0a05f-2cdf-4b38-947a-11409000491e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER538F.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Oct 3 01:26:24 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER547B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER549B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7272.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Oct 3 01:26:32 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER73AB.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7523.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER951D.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Oct 3 01:26:40 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER95F8.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9628.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB3EF.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Oct 3 01:26:48 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4AC.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4DC.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0f1fdcd72fa2443cb400c03502902fe9.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:33 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_111bb590f9e24471b247ca4b4d7fd194.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:54 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1260347513fa42eb8dbca954b1f9766f.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:26 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_17b0682e31094ae8b61542e0fc483319.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:52 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1bc86309aad64beaaba50da47f1fe248.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:11 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_255ec7c5f6124168899ab52eb1fb3db9.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:56 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_270b1265d8e74892bac3d731d24190c0.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:15 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_284cd24aa4e1493cb8422375a300e535.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:17 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_28a5b517ff724da4be16ea4aaf5a357c.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:40 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2d07a0547ac04ab9af7372ee910ba6b1.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:47 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2d708224935546eb848b785f0206ad51.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:14 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_30649bb19ccb493bae273224706f8bba.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:27 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3334419e53b3488ca85ae4de076f47dc.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:23 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_385556207e4d49bb88bb33a72ac98a68.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:14 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_38b12ffdc3054b75a4cc42355d27321a.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:08 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3a7884e208224a6c873f89801ccde078.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:20 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_41851dcfce50420bb4154e63f25f2a8e.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:59 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_46234ffc04244b23ac4dc3e0979a0b7d.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:58 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_513aa6e3c652483682fd1f51e46a8bd3.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:05 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_55c2eb9fb8194b3183dae4b65fdda1b5.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:10 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_59312c45173e49bd8b855b176d5a495f.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:16 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5f419d2562814795914a60f7e574128b.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:00 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_621b8830c943464c9d47e42d99b46857.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:24 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_687a9749c9a44df689e436ec246c5fcc.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:49 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6bbe8cc63bcf4ed199794d58d51e869f.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:09 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_70b4bf6c89434abb9c4a92d4a3107a31.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:21 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7172ee7a982744218b205a6832554ab3.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:51 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_75bc3afdb6384591b03d648ecbb02287.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:18 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7a283f2dc44047f9b90f76f7687c84db.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:12 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7b11985b0f4a44efbcfa9ebcdda85610.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:29 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7d29b77eb5544048bf84a48c0bc966be.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:43 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7e8ecf4f001c41edb4100bd58d1d004f.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:15 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_80b58aa1ecd34f41b1ed729e00929f51.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:11 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8127c9e300df4816a3f8c0b347934bf0.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:34 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_856eb967065a4a3faa5cc998ae92f005.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:32 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_88f655959b0548ed994a963bf2f1d4d9.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:10 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8b0b963caf834d029f35df17c1c436c7.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:11 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8f3c4b00bddc456e9c6e890ed0339b68.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:53 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_92fa881b504c497db058025dd6cb3bc4.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:50 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9dac438bfec04a60812adddf7761318f.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:02 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9e92297ac52847c3a122730984e5abd1.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:16 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a0df83e3640e4d8d8bc92cc51336f2f5.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:25 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a37d9ccfb0194adf8213dc3f6997f78f.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:23 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a97a4cd7e177496cae1d18f2d60edeb6.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:44 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_aa8be52a868740eab8f8ec82641ac0c1.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:18 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_acbb346df900467ebd8c2c0ce13844f9.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:46 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b87af243048a4cb58e7fbbcc09d4d0bb.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:48 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ba60f2e1542943c49cb63fcb463703a8.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:01 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_baaca187cd3746ad83aad8ceea07a8c5.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:12 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c365a14f7cc645439df5ba22b5f10906.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:07 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c460e1bb0908400c8719e2ff6efc6472.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:55 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c894375b99af48eb88116328de9ffb98.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:31 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d550e8040e9f44f19bffddc3e8e06d5e.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:40 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d5b565aee0b842f89c22c5f172678df9.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:17 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d827f342fe9c4f3d948a33ec240811fd.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:13 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d97d239314814309aa82de22ff2626e0.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:36 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d9ae47459b854ee78156fea739ee2eba.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:37 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e473bf015e6148daa821e9cdba096597.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:04 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e64ab677b62d4831a2902f3e6bff49df.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:35 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ec7e774008154f3596c8e5c3ca65b43a.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:11 2024, mtime=Thu Oct 3 00:26:11 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ed539e9b377a47aebbf43d3ea0cb839e.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:42 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ee6262db977148f9b6ce41041a0fbdf7.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:57 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f259adaf5ff645509c195bf263dfd55e.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:30 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f398b917ebdf42d684e3df08d449596d.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:39 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f5a844d131a542409d15c7be5595addc.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:27:03 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f619a40d28e44231bbc0b75adc7e6593.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:19 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_fff188210d924c868774a26b37b1f9c9.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct
3 00:26:10 2024, mtime=Thu Oct 3 00:26:45 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
|
dropped
|
There are 79 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
|
"C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe
|
"C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker
|
|
|
|
C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
|
"C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe
|
"C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
|
"C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe
|
"C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 932
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 932
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 932
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 932
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://yalubluseks.eu/t
|
unknown
|
||
|
http://yalubluseks.eud
|
unknown
|
||
|
http://api.ipify.orgD
|
unknown
|
||
|
http://api.ipify.orgd
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
https://yalubluseks.euD
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
https://yalubluseks.eu/get_filT
|
unknown
|
||
|
https://yalubluseks.eu/receiPt
|
unknown
|
||
|
https://yalubluseks.eu/get_update.phpT
|
unknown
|
||
|
http://api.ipify.org/
|
172.67.74.152
|
||
|
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
|
unknown
|
||
|
https://pidgin.im0
|
unknown
|
||
|
https://yalubluseks.eu
|
unknown
|
||
|
https://yalubluseks.eu/get_update.php
|
104.21.54.163
|
||
|
https://yalubluseks.eu/get_updatX
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://yalubluseks.eu/receive.php
|
104.21.54.163
|
||
|
https://yalubluseks.eu/
|
unknown
|
||
|
http://yalubluseks.eu
|
unknown
|
||
|
https://yalubluseks.eu/get_file.php
|
104.21.54.163
|
||
|
http://api.ipify.org
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.ipify.org
|
172.67.74.152
|
||
|
yalubluseks.eu
|
104.21.54.163
|
||
|
57.122.6.0.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.26.12.205
|
unknown
|
United States
|
||
|
104.21.54.163
|
yalubluseks.eu
|
United States
|
||
|
172.67.74.152
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
LKMService_047c5762224547e8b0906f5148be419e
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
LKMService_773ee3bb9e0f4071afc0e6a7986206d0
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\LKMService_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\LKMService_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\LKMService_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\LKMService_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\LKMService_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\LKMService_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\LKMService_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\LKMService_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\LKMService_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\LKMService_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\LKMService_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\LKMService_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\LKMService_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\LKMService_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1035000
|
heap
|
page read and write
|
||
|
8DA000
|
heap
|
page read and write
|
||
|
2470000
|
trusted library allocation
|
page read and write
|
||
|
FD7000
|
trusted library allocation
|
page execute and read and write
|
||
|
33C000
|
stack
|
page read and write
|
||
|
5958000
|
heap
|
page read and write
|
||
|
740000
|
trusted library allocation
|
page read and write
|
||
|
75BF000
|
stack
|
page read and write
|
||
|
9CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A2000
|
heap
|
page read and write
|
||
|
243E000
|
trusted library allocation
|
page read and write
|
||
|
647000
|
trusted library allocation
|
page execute and read and write
|
||
|
70D0000
|
heap
|
page execute and read and write
|
||
|
240E000
|
trusted library allocation
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
FC000
|
stack
|
page read and write
|
||
|
78BE000
|
stack
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
11D2000
|
trusted library allocation
|
page read and write
|
||
|
2C21000
|
trusted library allocation
|
page read and write
|
||
|
637000
|
trusted library allocation
|
page read and write
|
||
|
59A000
|
unkown
|
page readonly
|
||
|
267000
|
unkown
|
page execute read
|
||
|
2E03000
|
trusted library allocation
|
page read and write
|
||
|
B30000
|
heap
|
page execute and read and write
|
||
|
9F2000
|
trusted library allocation
|
page read and write
|
||
|
2DD3000
|
trusted library allocation
|
page read and write
|
||
|
EF7000
|
trusted library allocation
|
page execute and read and write
|
||
|
794000
|
heap
|
page read and write
|
||
|
766E000
|
stack
|
page read and write
|
||
|
2370000
|
heap
|
page execute and read and write
|
||
|
80E000
|
stack
|
page read and write
|
||
|
585D000
|
stack
|
page read and write
|
||
|
FF730000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
2BD0000
|
trusted library allocation
|
page read and write
|
||
|
58B1000
|
heap
|
page read and write
|
||
|
5FAC000
|
stack
|
page read and write
|
||
|
245D000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
6D0F000
|
stack
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
12D0000
|
trusted library allocation
|
page read and write
|
||
|
5925000
|
heap
|
page read and write
|
||
|
58AC000
|
heap
|
page read and write
|
||
|
2AFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
A2D000
|
heap
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
7FFC000
|
stack
|
page read and write
|
||
|
2DE1000
|
trusted library allocation
|
page read and write
|
||
|
25D1000
|
trusted library allocation
|
page read and write
|
||
|
6C3F000
|
stack
|
page read and write
|
||
|
721E000
|
stack
|
page read and write
|
||
|
593E000
|
stack
|
page read and write
|
||
|
73AC000
|
stack
|
page read and write
|
||
|
9CE000
|
heap
|
page read and write
|
||
|
113A000
|
heap
|
page read and write
|
||
|
DA0000
|
trusted library allocation
|
page read and write
|
||
|
FCE000
|
stack
|
page read and write
|
||
|
5E2F000
|
stack
|
page read and write
|
||
|
11CF000
|
stack
|
page read and write
|
||
|
74D000
|
trusted library allocation
|
page execute and read and write
|
||
|
58FE000
|
stack
|
page read and write
|
||
|
5956000
|
heap
|
page read and write
|
||
|
133F000
|
stack
|
page read and write
|
||
|
4DBC000
|
stack
|
page read and write
|
||
|
2C90000
|
trusted library allocation
|
page read and write
|
||
|
2991000
|
trusted library allocation
|
page read and write
|
||
|
8DC000
|
heap
|
page read and write
|
||
|
28EC000
|
stack
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AE0000
|
trusted library allocation
|
page read and write
|
||
|
251E000
|
trusted library allocation
|
page read and write
|
||
|
782E000
|
stack
|
page read and write
|
||
|
2442000
|
trusted library allocation
|
page read and write
|
||
|
752E000
|
stack
|
page read and write
|
||
|
78C0000
|
heap
|
page read and write
|
||
|
75EE000
|
stack
|
page read and write
|
||
|
B2E000
|
stack
|
page read and write
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
FFD10000
|
trusted library allocation
|
page execute and read and write
|
||
|
92F000
|
stack
|
page read and write
|
||
|
6F8000
|
stack
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
5893000
|
heap
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
1147000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
1324000
|
trusted library allocation
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
76E000
|
heap
|
page read and write
|
||
|
2960000
|
trusted library allocation
|
page read and write
|
||
|
2BAC000
|
stack
|
page read and write
|
||
|
610000
|
trusted library allocation
|
page read and write
|
||
|
D93000
|
trusted library allocation
|
page execute and read and write
|
||
|
30DF000
|
trusted library allocation
|
page read and write
|
||
|
99D000
|
trusted library allocation
|
page execute and read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
8100000
|
heap
|
page read and write
|
||
|
652000
|
trusted library allocation
|
page read and write
|
||
|
9C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
60AB000
|
stack
|
page read and write
|
||
|
2C1E000
|
stack
|
page read and write
|
||
|
575000
|
heap
|
page read and write
|
||
|
636E000
|
stack
|
page read and write
|
||
|
1042000
|
heap
|
page read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
E2E000
|
stack
|
page read and write
|
||
|
3991000
|
trusted library allocation
|
page read and write
|
||
|
7CFF000
|
stack
|
page read and write
|
||
|
9B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
64A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5890000
|
heap
|
page read and write
|
||
|
B40000
|
trusted library allocation
|
page read and write
|
||
|
2DDF000
|
stack
|
page read and write
|
||
|
1210000
|
trusted library allocation
|
page read and write
|
||
|
2B07000
|
trusted library allocation
|
page execute and read and write
|
||
|
86C000
|
stack
|
page read and write
|
||
|
DAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1007000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
6B3E000
|
stack
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
9C8000
|
heap
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
A07000
|
heap
|
page read and write
|
||
|
23A0000
|
heap
|
page execute and read and write
|
||
|
80FC000
|
stack
|
page read and write
|
||
|
2BC0000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
58BD000
|
stack
|
page read and write
|
||
|
6E6F000
|
stack
|
page read and write
|
||
|
2C30000
|
trusted library allocation
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
245B000
|
trusted library allocation
|
page read and write
|
||
|
8D3000
|
heap
|
page read and write
|
||
|
242A000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7221000
|
trusted library allocation
|
page read and write
|
||
|
634000
|
trusted library allocation
|
page read and write
|
||
|
A59000
|
heap
|
page read and write
|
||
|
486E000
|
stack
|
page read and write
|
||
|
1193000
|
heap
|
page read and write
|
||
|
43C000
|
stack
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
2341000
|
trusted library allocation
|
page read and write
|
||
|
24C9000
|
trusted library allocation
|
page read and write
|
||
|
1081000
|
heap
|
page read and write
|
||
|
BF7000
|
heap
|
page read and write
|
||
|
9F7000
|
unkown
|
page execute read
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
D9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4890000
|
heap
|
page read and write
|
||
|
72C000
|
stack
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
4A50000
|
trusted library allocation
|
page read and write
|
||
|
95E000
|
stack
|
page read and write
|
||
|
77AF000
|
stack
|
page read and write
|
||
|
243A000
|
trusted library allocation
|
page read and write
|
||
|
3E05000
|
trusted library allocation
|
page read and write
|
||
|
8A3000
|
heap
|
page read and write
|
||
|
262D000
|
trusted library allocation
|
page read and write
|
||
|
74EE000
|
stack
|
page read and write
|
||
|
57BD000
|
stack
|
page read and write
|
||
|
734000
|
trusted library allocation
|
page read and write
|
||
|
AB2000
|
heap
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
107F000
|
heap
|
page read and write
|
||
|
100A000
|
heap
|
page read and write
|
||
|
23B1000
|
trusted library allocation
|
page read and write
|
||
|
593F000
|
heap
|
page read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
10EE000
|
stack
|
page read and write
|
||
|
2422000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
35F5000
|
trusted library allocation
|
page read and write
|
||
|
3DC5000
|
trusted library allocation
|
page read and write
|
||
|
2930000
|
trusted library allocation
|
page read and write
|
||
|
79F000
|
heap
|
page read and write
|
||
|
4DE0000
|
heap
|
page read and write
|
||
|
5E6C000
|
stack
|
page read and write
|
||
|
762E000
|
stack
|
page read and write
|
||
|
25CE000
|
stack
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
5A8C000
|
stack
|
page read and write
|
||
|
11DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CBC000
|
stack
|
page read and write
|
||
|
EBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
741E000
|
stack
|
page read and write
|
||
|
464D000
|
stack
|
page read and write
|
||
|
A12000
|
trusted library allocation
|
page read and write
|
||
|
70BE000
|
stack
|
page read and write
|
||
|
592000
|
unkown
|
page execute read
|
||
|
11D0000
|
trusted library allocation
|
page read and write
|
||
|
64AE000
|
stack
|
page read and write
|
||
|
732E000
|
stack
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
5BE000
|
stack
|
page read and write
|
||
|
E93000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D0000
|
unkown
|
page readonly
|
||
|
FDB000
|
trusted library allocation
|
page execute and read and write
|
||
|
994000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page read and write
|
||
|
860000
|
trusted library allocation
|
page read and write
|
||
|
5933000
|
heap
|
page read and write
|
||
|
ED4000
|
trusted library allocation
|
page read and write
|
||
|
2432000
|
trusted library allocation
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page execute and read and write
|
||
|
2526000
|
trusted library allocation
|
page read and write
|
||
|
28F0000
|
heap
|
page execute and read and write
|
||
|
968000
|
stack
|
page read and write
|
||
|
118D000
|
heap
|
page read and write
|
||
|
6E9F000
|
stack
|
page read and write
|
||
|
52EE000
|
stack
|
page read and write
|
||
|
3FE000
|
stack
|
page read and write
|
||
|
385000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
10AE000
|
stack
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
E0D000
|
stack
|
page read and write
|
||
|
EE4000
|
trusted library allocation
|
page read and write
|
||
|
592C000
|
heap
|
page read and write
|
||
|
4BF8000
|
stack
|
page read and write
|
||
|
ED2000
|
trusted library allocation
|
page read and write
|
||
|
82A000
|
heap
|
page read and write
|
||
|
D94000
|
trusted library allocation
|
page read and write
|
||
|
792C000
|
stack
|
page read and write
|
||
|
6D4E000
|
stack
|
page read and write
|
||
|
49C0000
|
heap
|
page read and write
|
||
|
1118000
|
heap
|
page read and write
|
||
|
620000
|
trusted library allocation
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
680000
|
trusted library allocation
|
page execute and read and write
|
||
|
EDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
A20000
|
trusted library allocation
|
page read and write
|
||
|
12F0000
|
heap
|
page execute and read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
962000
|
trusted library allocation
|
page read and write
|
||
|
630000
|
trusted library allocation
|
page read and write
|
||
|
6FBE000
|
stack
|
page read and write
|
||
|
2390000
|
trusted library allocation
|
page read and write
|
||
|
FA5000
|
heap
|
page read and write
|
||
|
61EF000
|
stack
|
page read and write
|
||
|
622C000
|
stack
|
page read and write
|
||
|
24C0000
|
heap
|
page execute and read and write
|
||
|
772F000
|
stack
|
page read and write
|
||
|
EF0000
|
trusted library allocation
|
page read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
E80000
|
trusted library allocation
|
page read and write
|
||
|
76AE000
|
stack
|
page read and write
|
||
|
3DA1000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
trusted library allocation
|
page read and write
|
||
|
C7C000
|
stack
|
page read and write
|
||
|
AAE000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
552C000
|
stack
|
page read and write
|
||
|
D78000
|
stack
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
234C000
|
stack
|
page read and write
|
||
|
624000
|
trusted library allocation
|
page read and write
|
||
|
7BFE000
|
stack
|
page read and write
|
||
|
4AAE000
|
stack
|
page read and write
|
||
|
58A0000
|
heap
|
page read and write
|
||
|
1F8000
|
stack
|
page read and write
|
||
|
692000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
4EFC000
|
stack
|
page read and write
|
||
|
E7E000
|
stack
|
page read and write
|
||
|
707F000
|
stack
|
page read and write
|
||
|
76BE000
|
stack
|
page read and write
|
||
|
6B20000
|
heap
|
page execute and read and write
|
||
|
A41000
|
heap
|
page read and write
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
ED3000
|
trusted library allocation
|
page execute and read and write
|
||
|
C3F000
|
stack
|
page read and write
|
||
|
EBE000
|
stack
|
page read and write
|
||
|
A2F000
|
stack
|
page read and write
|
||
|
6F9F000
|
stack
|
page read and write
|
||
|
89A000
|
heap
|
page read and write
|
||
|
261D000
|
trusted library allocation
|
page read and write
|
||
|
2A28000
|
trusted library allocation
|
page read and write
|
||
|
11FE000
|
stack
|
page read and write
|
||
|
69D1000
|
trusted library allocation
|
page read and write
|
||
|
623000
|
trusted library allocation
|
page execute and read and write
|
||
|
157000
|
unkown
|
page execute read
|
||
|
2647000
|
trusted library allocation
|
page read and write
|
||
|
ACC000
|
stack
|
page read and write
|
||
|
2400000
|
trusted library allocation
|
page read and write
|
||
|
2DA1000
|
trusted library allocation
|
page read and write
|
||
|
4E01000
|
trusted library allocation
|
page read and write
|
||
|
2AF7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2462000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
130F000
|
stack
|
page read and write
|
||
|
49D0000
|
heap
|
page read and write
|
||
|
4DFC000
|
stack
|
page read and write
|
||
|
5580000
|
heap
|
page read and write
|
||
|
246A000
|
trusted library allocation
|
page read and write
|
||
|
33D5000
|
trusted library allocation
|
page read and write
|
||
|
62D000
|
trusted library allocation
|
page execute and read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
756E000
|
stack
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
35D1000
|
trusted library allocation
|
page read and write
|
||
|
DA7000
|
trusted library allocation
|
page read and write
|
||
|
1145000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
2350000
|
trusted library allocation
|
page read and write
|
||
|
5210000
|
heap
|
page read and write
|
||
|
1212000
|
trusted library allocation
|
page read and write
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
2D90000
|
heap
|
page execute and read and write
|
||
|
4AFB000
|
stack
|
page read and write
|
||
|
28E7000
|
trusted library allocation
|
page read and write
|
||
|
2B20000
|
trusted library allocation
|
page read and write
|
||
|
F4E000
|
stack
|
page read and write
|
||
|
12BE000
|
stack
|
page read and write
|
||
|
2B00000
|
trusted library allocation
|
page read and write
|
||
|
1184000
|
heap
|
page read and write
|
||
|
A02000
|
heap
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
60EE000
|
stack
|
page read and write
|
||
|
537000
|
stack
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
965000
|
trusted library allocation
|
page execute and read and write
|
||
|
103F000
|
heap
|
page read and write
|
||
|
240A000
|
trusted library allocation
|
page read and write
|
||
|
4AD0000
|
heap
|
page read and write
|
||
|
F08000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page execute and read and write
|
||
|
FF0000
|
trusted library allocation
|
page read and write
|
||
|
ED7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C3E000
|
stack
|
page read and write
|
||
|
2426000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
5D2E000
|
stack
|
page read and write
|
||
|
76A000
|
heap
|
page read and write
|
||
|
7A29000
|
stack
|
page read and write
|
||
|
9E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E90000
|
trusted library allocation
|
page read and write
|
||
|
230E000
|
stack
|
page read and write
|
||
|
E9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
9A0000
|
trusted library allocation
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
73D000
|
trusted library allocation
|
page execute and read and write
|
||
|
D0E000
|
stack
|
page read and write
|
||
|
5179000
|
stack
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
733000
|
trusted library allocation
|
page execute and read and write
|
||
|
2920000
|
trusted library allocation
|
page read and write
|
||
|
97C000
|
stack
|
page read and write
|
||
|
9B5000
|
heap
|
page read and write
|
||
|
4EDE000
|
stack
|
page read and write
|
||
|
4880000
|
trusted library allocation
|
page execute and read and write
|
||
|
51C0000
|
heap
|
page read and write
|
||
|
F48000
|
trusted library allocation
|
page read and write
|
||
|
27000
|
unkown
|
page execute read
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
4390000
|
trusted library allocation
|
page read and write
|
||
|
730000
|
trusted library allocation
|
page read and write
|
||
|
68A1000
|
trusted library allocation
|
page read and write
|
||
|
878000
|
heap
|
page read and write
|
||
|
6D8E000
|
stack
|
page read and write
|
||
|
577E000
|
stack
|
page read and write
|
||
|
2AE4000
|
trusted library allocation
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
F36000
|
heap
|
page read and write
|
||
|
738E000
|
stack
|
page read and write
|
||
|
77BF000
|
stack
|
page read and write
|
||
|
ECA000
|
trusted library allocation
|
page execute and read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
28E5000
|
trusted library allocation
|
page read and write
|
||
|
FF340000
|
trusted library allocation
|
page execute and read and write
|
||
|
437E000
|
stack
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
2452000
|
trusted library allocation
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
4A8D000
|
stack
|
page read and write
|
||
|
8A6000
|
heap
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
2436000
|
trusted library allocation
|
page read and write
|
||
|
EA4000
|
trusted library allocation
|
page read and write
|
||
|
3C21000
|
trusted library allocation
|
page read and write
|
||
|
EA0000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
D90000
|
trusted library allocation
|
page read and write
|
||
|
2CD0000
|
heap
|
page execute and read and write
|
||
|
33B1000
|
trusted library allocation
|
page read and write
|
||
|
4E9E000
|
stack
|
page read and write
|
||
|
9C2000
|
trusted library allocation
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
646E000
|
stack
|
page read and write
|
||
|
44EE000
|
stack
|
page read and write
|
||
|
11D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
65AF000
|
stack
|
page read and write
|
||
|
5460000
|
trusted library allocation
|
page read and write
|
||
|
8D1000
|
heap
|
page read and write
|
||
|
4D5D000
|
stack
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
7101000
|
trusted library allocation
|
page read and write
|
||
|
FF430000
|
trusted library allocation
|
page execute and read and write
|
||
|
FF830000
|
trusted library allocation
|
page execute and read and write
|
||
|
BC7000
|
stack
|
page read and write
|
||
|
9A7000
|
unkown
|
page execute read
|
||
|
521E000
|
stack
|
page read and write
|
||
|
720000
|
trusted library allocation
|
page read and write
|
||
|
752000
|
trusted library allocation
|
page read and write
|
||
|
1320000
|
trusted library allocation
|
page read and write
|
||
|
2AF0000
|
trusted library allocation
|
page read and write
|
||
|
FD2000
|
trusted library allocation
|
page read and write
|
||
|
28AE000
|
stack
|
page read and write
|
||
|
EFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
3DE1000
|
trusted library allocation
|
page read and write
|
||
|
756000
|
trusted library allocation
|
page execute and read and write
|
||
|
65B000
|
trusted library allocation
|
page execute and read and write
|
||
|
73DE000
|
stack
|
page read and write
|
||
|
5BCE000
|
stack
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
4DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
590000
|
unkown
|
page readonly
|
||
|
745E000
|
stack
|
page read and write
|
||
|
50F0000
|
heap
|
page read and write
|
||
|
7BBE000
|
stack
|
page read and write
|
||
|
1095000
|
heap
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
1320000
|
heap
|
page execute and read and write
|
||
|
2F83000
|
trusted library allocation
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
765000
|
heap
|
page read and write
|
||
|
5CCE000
|
stack
|
page read and write
|
||
|
127E000
|
stack
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page execute and read and write
|
||
|
731E000
|
stack
|
page read and write
|
||
|
EC0000
|
trusted library allocation
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D90000
|
heap
|
page execute and read and write
|
||
|
2B02000
|
trusted library allocation
|
page read and write
|
||
|
535D000
|
stack
|
page read and write
|
||
|
507B000
|
stack
|
page read and write
|
||
|
50DE000
|
stack
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
ED0000
|
trusted library allocation
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
3414000
|
trusted library allocation
|
page read and write
|
||
|
2B4E000
|
stack
|
page read and write
|
||
|
5954000
|
heap
|
page read and write
|
||
|
71DE000
|
stack
|
page read and write
|
||
|
74AE000
|
stack
|
page read and write
|
||
|
8A7000
|
unkown
|
page execute read
|
||
|
73A0000
|
heap
|
page execute and read and write
|
||
|
D80000
|
trusted library allocation
|
page read and write
|
||
|
44DE000
|
stack
|
page read and write
|
||
|
632C000
|
stack
|
page read and write
|
||
|
4C7E000
|
stack
|
page read and write
|
||
|
1212000
|
trusted library allocation
|
page read and write
|
||
|
545C000
|
stack
|
page read and write
|
||
|
74B0000
|
heap
|
page execute and read and write
|
||
|
EDB000
|
trusted library allocation
|
page execute and read and write
|
||
|
E35000
|
heap
|
page read and write
|
||
|
54AE000
|
stack
|
page read and write
|
||
|
44AF000
|
stack
|
page read and write
|
||
|
690000
|
trusted library allocation
|
page read and write
|
||
|
9DE000
|
stack
|
page read and write
|
||
|
2D97000
|
trusted library allocation
|
page read and write
|
||
|
F79000
|
heap
|
page read and write
|
||
|
531D000
|
stack
|
page read and write
|
||
|
55FE000
|
stack
|
page read and write
|
||
|
1177000
|
heap
|
page read and write
|
||
|
8220000
|
heap
|
page read and write
|
||
|
967000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E3000
|
trusted library allocation
|
page read and write
|
||
|
CF8000
|
stack
|
page read and write
|
||
|
A10000
|
trusted library allocation
|
page read and write
|
||
|
460C000
|
stack
|
page read and write
|
||
|
EB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D4E000
|
stack
|
page read and write
|
||
|
F2A000
|
heap
|
page read and write
|
||
|
A00000
|
trusted library allocation
|
page execute and read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
2C2C000
|
stack
|
page read and write
|
||
|
470E000
|
stack
|
page read and write
|
||
|
6AE1000
|
trusted library allocation
|
page read and write
|
||
|
2516000
|
trusted library allocation
|
page read and write
|
||
|
6B0E000
|
stack
|
page read and write
|
||
|
96B000
|
trusted library allocation
|
page execute and read and write
|
||
|
709E000
|
stack
|
page read and write
|
||
|
6C6E000
|
stack
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
575E000
|
stack
|
page read and write
|
||
|
6D8000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
F65000
|
heap
|
page read and write
|
||
|
54EE000
|
stack
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
4C5C000
|
stack
|
page read and write
|
||
|
EE7000
|
trusted library allocation
|
page read and write
|
||
|
1323000
|
trusted library allocation
|
page execute and read and write
|
||
|
2412000
|
trusted library allocation
|
page read and write
|
||
|
5F6B000
|
stack
|
page read and write
|
||
|
2C2E000
|
stack
|
page read and write
|
||
|
100E000
|
heap
|
page read and write
|
||
|
245E000
|
stack
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
567E000
|
stack
|
page read and write
|
||
|
6F7E000
|
stack
|
page read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
242E000
|
trusted library allocation
|
page read and write
|
||
|
563E000
|
stack
|
page read and write
|
||
|
993000
|
trusted library allocation
|
page execute and read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D5D000
|
trusted library allocation
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
3341000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
trusted library allocation
|
page read and write
|
||
|
E94000
|
trusted library allocation
|
page read and write
|
||
|
74EE000
|
stack
|
page read and write
|
||
|
F75000
|
heap
|
page read and write
|
||
|
FFBC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9A4000
|
trusted library allocation
|
page read and write
|
||
|
8EC000
|
heap
|
page read and write
|
||
|
6C2E000
|
stack
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
49B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BC2000
|
trusted library allocation
|
page read and write
|
||
|
241E000
|
stack
|
page read and write
|
||
|
FF520000
|
trusted library allocation
|
page execute and read and write
|
||
|
738000
|
heap
|
page read and write
|
||
|
2399000
|
trusted library allocation
|
page read and write
|
||
|
556D000
|
stack
|
page read and write
|
||
|
6ACF000
|
stack
|
page read and write
|
||
|
9A7000
|
trusted library allocation
|
page read and write
|
||
|
2A24000
|
trusted library allocation
|
page read and write
|
||
|
6D6E000
|
stack
|
page read and write
|
||
|
3365000
|
trusted library allocation
|
page read and write
|
||
|
5B8F000
|
stack
|
page read and write
|
||
|
75A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5880000
|
heap
|
page read and write
|
||
|
74AC000
|
stack
|
page read and write
|
||
|
7271000
|
trusted library allocation
|
page read and write
|
||
|
657000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C45000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
132D000
|
trusted library allocation
|
page execute and read and write
|
||
|
F33000
|
heap
|
page read and write
|
||
|
5261000
|
trusted library allocation
|
page read and write
|
||
|
1027000
|
heap
|
page read and write
|
||
|
7ABE000
|
stack
|
page read and write
|
||
|
1210000
|
trusted library allocation
|
page read and write
|
There are 556 hidden memdumps, click here to show them.