Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
FSCaptureSetup107.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
||
|
C:\Program Files (x86)\FastStone Capture\Credits.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Draw.db
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\FSCIcon.db
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\FSCPlugin01.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\FSCPlugin02.dll
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\FSCPlugin03.dll
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\FSCPlugin04.dll
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\FSCPlugin05.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\FSCPlugin06.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\FSCPlugin07.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\FSCapture.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\FSCaptureHelp.chm
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\FSCrossHair.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\FSFocus.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\FSLogo.png
|
PNG image data, 210 x 55, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\FSRecorder.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC02.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC03.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC05.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC06.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC07.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC08.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC10.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC11.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC12.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC13.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC15.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC16.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC17.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC19.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC20.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC21.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSC22.fslang
|
data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Languages\FSCaptureHelp_11.chm
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\LicenseAgreement.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\Website.url
|
MS Windows 95 Internet shortcut text (URL=<http://www.faststone.org>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\libsharpyuv.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\libwebp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\FastStone Capture\uninst.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture\FastStone Capture Help.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Fri May 17 21:58:50 2024, mtime=Mon Oct 7 08:00:34 2024, atime=Fri May 17 21:58:50 2024, length=176729, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture\FastStone Capture.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Tue Aug 20 23:18:26 2024, mtime=Mon Oct 7 08:00:32 2024, atime=Tue Aug 20 23:18:26 2024, length=7563656, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture\Uninstall FastStone Capture.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Tue Aug 20 23:36:40 2024, mtime=Mon Oct 7 08:00:34 2024, atime=Tue Aug 20 23:36:40 2024, length=86264, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture\Visit www.FastStone.org.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Mon Oct 7 08:00:35 2024, mtime=Mon Oct 7 08:00:35 2024, atime=Mon Oct 7 08:00:35 2024, length=50, window=hide
|
dropped
|
||
|
C:\Users\Public\Desktop\FastStone Capture.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Tue Aug 20 23:18:26 2024, mtime=Mon Oct 7 08:00:35 2024, atime=Tue Aug 20 23:18:26 2024, length=7563656, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsf6353.tmp\InstallOptions.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsf6353.tmp\ShellExecAsUser.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsf6353.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsf6353.tmp\ioSpecial.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsf6353.tmp\modern-wizard.bmp
|
PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsk6323.tmp
|
data
|
dropped
|
There are 41 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\FSCaptureSetup107.exe
|
"C:\Users\user\Desktop\FSCaptureSetup107.exe"
|
||
|
C:\Program Files (x86)\FastStone Capture\FSCapture.exe
|
"C:\Program Files (x86)\FastStone Capture\FSCapture.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.datastead.com/WMScriptWriterU
|
unknown
|
||
|
http://www.faststone.org
|
unknown
|
||
|
http://www.datastead.com/_download/WMFDist11.zip
|
unknown
|
||
|
http://www.faststone.org/FSCTutorial.htmU
|
unknown
|
||
|
http://www.faststone.org/FSCTutorial.htm
|
unknown
|
||
|
https://www.faststone.org/order.htmU
|
unknown
|
||
|
http://www.axis.com/techsup/software/amc/index.htm
|
unknown
|
||
|
http://www.matroska.org/
|
unknown
|
||
|
http://sourceforge.net/projects/gplmpgdec/
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://www.faststone.org/order.htm
|
unknown
|
||
|
http://www.faststone.org/
|
unknown
|
||
|
http://www.datastead.com/WMScriptWriter
|
unknown
|
||
|
http://avisynth.org
|
unknown
|
||
|
http://www.faststone.org/U
|
unknown
|
There are 5 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FastStone.fsc
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FastStone.fsc\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FastStone.fsc\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FastStone.fsc\shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.fsc\OpenWithProgids
|
FastStone.fsc
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FastStone-Capture
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FastStone-Capture\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FastStone-Capture\shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\FastStone Capture\Capabilities
|
ApplicationDescription
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\FastStone Capture\Capabilities\FileAssociations
|
.fsc
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications
|
FastStone-Capture
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FSCapture.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastStone Capture
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastStone Capture
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastStone Capture
|
DisplayIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastStone Capture
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastStone Capture
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastStone Capture
|
Publisher
|
||
|
HKEY_CURRENT_USER\SOFTWARE\8322898
|
7168
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
51CF000
|
stack
|
page read and write
|
||
|
BF6000
|
unkown
|
page write copy
|
||
|
5766000
|
direct allocation
|
page read and write
|
||
|
5A8000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
435000
|
unkown
|
page read and write
|
||
|
37AE000
|
stack
|
page read and write
|
||
|
48E000
|
stack
|
page read and write
|
||
|
537000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
48D0000
|
trusted library allocation
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
2F8B000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
537000
|
heap
|
page read and write
|
||
|
C1C000
|
unkown
|
page write copy
|
||
|
2EEC000
|
direct allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
38D2000
|
direct allocation
|
page read and write
|
||
|
38D4000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
2230000
|
heap
|
page read and write
|
||
|
55A000
|
heap
|
page read and write
|
||
|
81BE000
|
stack
|
page read and write
|
||
|
56B000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
124E000
|
heap
|
page read and write
|
||
|
5762000
|
direct allocation
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
56FF000
|
direct allocation
|
page read and write
|
||
|
38DF000
|
direct allocation
|
page read and write
|
||
|
42B000
|
unkown
|
page read and write
|
||
|
361E000
|
stack
|
page read and write
|
||
|
2E85000
|
heap
|
page read and write
|
||
|
555000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
6C02000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
56F7000
|
direct allocation
|
page read and write
|
||
|
2EE5000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
56D7000
|
direct allocation
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
558000
|
heap
|
page read and write
|
||
|
2FCC000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
422000
|
unkown
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
351D000
|
stack
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
3170000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
38B0000
|
direct allocation
|
page read and write
|
||
|
574C000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
2F6A000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
2F42000
|
direct allocation
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
2EB9000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
38D0000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
7AF000
|
stack
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
2EFA000
|
direct allocation
|
page read and write
|
||
|
56E7000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
3934000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
10076000
|
unkown
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
394A000
|
direct allocation
|
page read and write
|
||
|
3020000
|
trusted library allocation
|
page read and write
|
||
|
C19000
|
unkown
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
57AD000
|
direct allocation
|
page read and write
|
||
|
77E7000
|
unkown
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
6BF2000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
2EB5000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
trusted library allocation
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
C0E000
|
unkown
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
10079000
|
unkown
|
page readonly
|
||
|
570F000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
BFD000
|
unkown
|
page read and write
|
||
|
12C3000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
57A3000
|
direct allocation
|
page read and write
|
||
|
BF6000
|
unkown
|
page read and write
|
||
|
3870000
|
direct allocation
|
page read and write
|
||
|
57D9000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
3875000
|
direct allocation
|
page read and write
|
||
|
6B95000
|
direct allocation
|
page read and write
|
||
|
3872000
|
direct allocation
|
page read and write
|
||
|
6B8B000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
2F49000
|
direct allocation
|
page read and write
|
||
|
56C0000
|
direct allocation
|
page read and write
|
||
|
25BE000
|
stack
|
page read and write
|
||
|
59A000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
3083000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
2FDA000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
2EB0000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
C0A000
|
unkown
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
5736000
|
direct allocation
|
page read and write
|
||
|
57F0000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
4FF000
|
heap
|
page read and write
|
||
|
56ED000
|
direct allocation
|
page read and write
|
||
|
398E000
|
direct allocation
|
page read and write
|
||
|
210F000
|
stack
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
2F84000
|
direct allocation
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
2F59000
|
direct allocation
|
page read and write
|
||
|
77E9000
|
unkown
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
57C8000
|
direct allocation
|
page read and write
|
||
|
6BAA000
|
direct allocation
|
page read and write
|
||
|
2F33000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
710000
|
unkown
|
page readonly
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
5724000
|
direct allocation
|
page read and write
|
||
|
397A000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
124A000
|
heap
|
page read and write
|
||
|
C08000
|
unkown
|
page read and write
|
||
|
128D000
|
heap
|
page read and write
|
||
|
711000
|
unkown
|
page execute read
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
5A6000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
57B000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
542000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
585000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
3170000
|
trusted library allocation
|
page read and write
|
||
|
57A0000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
427000
|
unkown
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
3950000
|
direct allocation
|
page read and write
|
||
|
2EDE000
|
direct allocation
|
page read and write
|
||
|
38A8000
|
direct allocation
|
page read and write
|
||
|
6B8D000
|
direct allocation
|
page read and write
|
||
|
57B2000
|
direct allocation
|
page read and write
|
||
|
83C0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
57D3000
|
direct allocation
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
10067000
|
unkown
|
page readonly
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
56C7000
|
direct allocation
|
page read and write
|
||
|
4FD000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
579E000
|
direct allocation
|
page read and write
|
||
|
38D8000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
76C000
|
unkown
|
page execute read
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
7840000
|
heap
|
page read and write
|
||
|
12CC000
|
heap
|
page read and write
|
||
|
425000
|
unkown
|
page read and write
|
||
|
53B000
|
heap
|
page read and write
|
||
|
220F000
|
stack
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
2234000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
77D0000
|
unkown
|
page readonly
|
||
|
77D1000
|
unkown
|
page execute read
|
||
|
56CC000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
43B000
|
unkown
|
page read and write
|
||
|
2F99000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
542000
|
heap
|
page read and write
|
||
|
5783000
|
direct allocation
|
page read and write
|
||
|
4E8000
|
heap
|
page read and write
|
||
|
9E20000
|
heap
|
page read and write
|
||
|
12C9000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
5753000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
59D000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
36AE000
|
stack
|
page read and write
|
||
|
5786000
|
direct allocation
|
page read and write
|
||
|
555000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
2F7A000
|
direct allocation
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
2EBF000
|
direct allocation
|
page read and write
|
||
|
448E000
|
stack
|
page read and write
|
||
|
38DA000
|
direct allocation
|
page read and write
|
||
|
56F2000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
EE2000
|
stack
|
page read and write
|
||
|
5714000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
C23000
|
unkown
|
page readonly
|
||
|
57F000
|
heap
|
page read and write
|
||
|
80BF000
|
stack
|
page read and write
|
||
|
43D000
|
unkown
|
page readonly
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
2FC4000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
77EB000
|
unkown
|
page readonly
|
||
|
3030000
|
direct allocation
|
page execute and read and write
|
||
|
5781000
|
direct allocation
|
page read and write
|
||
|
5745000
|
direct allocation
|
page read and write
|
||
|
397C000
|
direct allocation
|
page read and write
|
||
|
77E1000
|
unkown
|
page readonly
|
||
|
C12000
|
unkown
|
page read and write
|
||
|
44CE000
|
stack
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
26E2000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
2FBD000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
2F0F000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
2F60000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
6BE7000
|
direct allocation
|
page read and write
|
||
|
2FAF000
|
direct allocation
|
page read and write
|
||
|
5707000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
FEB000
|
stack
|
page read and write
|
||
|
6B83000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
12B9000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
38A3000
|
direct allocation
|
page read and write
|
||
|
2F92000
|
direct allocation
|
page read and write
|
||
|
78C0000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
12BF000
|
heap
|
page read and write
|
||
|
359E000
|
stack
|
page read and write
|
||
|
26BF000
|
stack
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
2E8B000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
59A000
|
heap
|
page read and write
|
||
|
2FA0000
|
direct allocation
|
page read and write
|
||
|
2F16000
|
direct allocation
|
page read and write
|
||
|
43D000
|
unkown
|
page readonly
|
||
|
53B000
|
heap
|
page read and write
|
||
|
57D5000
|
direct allocation
|
page read and write
|
||
|
12C9000
|
heap
|
page read and write
|
||
|
2F24000
|
direct allocation
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
1285000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
1375000
|
heap
|
page read and write
|
||
|
77E8000
|
unkown
|
page write copy
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
59A000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
2F3B000
|
direct allocation
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
397F000
|
direct allocation
|
page read and write
|
||
|
3170000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
57AA000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
538000
|
heap
|
page read and write
|
||
|
57B000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
C1C000
|
unkown
|
page read and write
|
||
|
83E000
|
stack
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
578E000
|
direct allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
3630000
|
heap
|
page read and write
|
||
|
12C7000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
2FE8000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
C7C000
|
unkown
|
page readonly
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
576E000
|
direct allocation
|
page read and write
|
||
|
59C000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
12CC000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
There are 391 hidden memdumps, click here to show them.