Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
RlZ57mJ5Ug.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Common Files\ctfmon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\ctfmon.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\lcSuFJtLNWPBXChyfo.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\lcSuFJtLNWPBXChyfo.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\Reference Assemblies\Microsoft\Framework\dllhost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Reference Assemblies\Microsoft\Framework\dllhost.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\Windows Multimedia Platform\lcSuFJtLNWPBXChyfo.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Adobe\ARM\Acrobat_23.006.20320\lcSuFJtLNWPBXChyfo.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\fontdrvhost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\fontdrvhost.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Recovery\lcSuFJtLNWPBXChyfo.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\lcSuFJtLNWPBXChyfo.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Music\lcSuFJtLNWPBXChyfo.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RlZ57mJ5Ug.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Windows\Microsoft.NET\assembly\lcSuFJtLNWPBXChyfo.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\apppatch\en-US\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\apppatch\en-US\RuntimeBroker.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Windows\security\database\lcSuFJtLNWPBXChyfo.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\26c12092da979c
|
ASCII text, with very long lines (890), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\93b40338b961c8
|
ASCII text, with very long lines (508), with no line terminators
|
dropped
|
||
|
C:\Program Files\Reference Assemblies\Microsoft\Framework\5940a34987c991
|
ASCII text, with very long lines (353), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Multimedia Platform\93b40338b961c8
|
ASCII text, with very long lines (871), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Multimedia Platform\lcSuFJtLNWPBXChyfo.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Adobe\ARM\Acrobat_23.006.20320\93b40338b961c8
|
ASCII text, with very long lines (350), with no line terminators
|
dropped
|
||
|
C:\ProgramData\Adobe\ARM\Acrobat_23.006.20320\lcSuFJtLNWPBXChyfo.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Recovery\5b884080fd4f94
|
ASCII text, with very long lines (663), with no line terminators
|
dropped
|
||
|
C:\Recovery\93b40338b961c8
|
ASCII text, with very long lines (463), with no line terminators
|
dropped
|
||
|
C:\Recovery\lcSuFJtLNWPBXChyfo.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Default\93b40338b961c8
|
ASCII text, with very long lines (713), with no line terminators
|
dropped
|
||
|
C:\Users\Default\lcSuFJtLNWPBXChyfo.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Music\93b40338b961c8
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\Public\Music\lcSuFJtLNWPBXChyfo.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\fontdrvhost.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\lcSuFJtLNWPBXChyfo.exe.log
|
CSV text
|
dropped
|
||
|
C:\Windows\Microsoft.NET\assembly\93b40338b961c8
|
ASCII text, with very long lines (521), with no line terminators
|
dropped
|
||
|
C:\Windows\Microsoft.NET\assembly\lcSuFJtLNWPBXChyfo.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\apppatch\en-US\9e8d7a4ca61bd9
|
ASCII text, with very long lines (322), with no line terminators
|
dropped
|
||
|
C:\Windows\security\database\93b40338b961c8
|
ASCII text, with very long lines (441), with no line terminators
|
dropped
|
||
|
C:\Windows\security\database\lcSuFJtLNWPBXChyfo.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 30 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\RlZ57mJ5Ug.exe
|
"C:\Users\user\Desktop\RlZ57mJ5Ug.exe"
|
|
|
|
C:\Windows\System32\dllhost.exe
|
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 6 /tr "'C:\Recovery\fontdrvhost.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Recovery\fontdrvhost.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 8 /tr "'C:\Recovery\fontdrvhost.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfol" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\microsoft.net\Primary Interop
Assemblies\lcSuFJtLNWPBXChyfo.exe'" /f
|
|
|
|
C:\Recovery\fontdrvhost.exe
|
C:\Recovery\fontdrvhost.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfo" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\lcSuFJtLNWPBXChyfo.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfol" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\microsoft.net\Primary Interop
Assemblies\lcSuFJtLNWPBXChyfo.exe'" /rl HIGHEST /f
|
|
|
|
C:\Recovery\fontdrvhost.exe
|
C:\Recovery\fontdrvhost.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfol" /sc MINUTE /mo 6 /tr "'C:\Users\All Users\Adobe\ARM\Acrobat_23.006.20320\lcSuFJtLNWPBXChyfo.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfo" /sc ONLOGON /tr "'C:\Users\All Users\Adobe\ARM\Acrobat_23.006.20320\lcSuFJtLNWPBXChyfo.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfol" /sc MINUTE /mo 14 /tr "'C:\Users\All Users\Adobe\ARM\Acrobat_23.006.20320\lcSuFJtLNWPBXChyfo.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "ctfmonc" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\common files\ctfmon.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "ctfmon" /sc ONLOGON /tr "'C:\Program Files (x86)\common files\ctfmon.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "ctfmonc" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\common files\ctfmon.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfol" /sc MINUTE /mo 13 /tr "'C:\Users\Default User\lcSuFJtLNWPBXChyfo.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfo" /sc ONLOGON /tr "'C:\Users\Default User\lcSuFJtLNWPBXChyfo.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfol" /sc MINUTE /mo 8 /tr "'C:\Users\Default User\lcSuFJtLNWPBXChyfo.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfol" /sc MINUTE /mo 14 /tr "'C:\Recovery\lcSuFJtLNWPBXChyfo.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfo" /sc ONLOGON /tr "'C:\Recovery\lcSuFJtLNWPBXChyfo.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfol" /sc MINUTE /mo 14 /tr "'C:\Recovery\lcSuFJtLNWPBXChyfo.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfol" /sc MINUTE /mo 6 /tr "'C:\Windows\Microsoft.NET\assembly\lcSuFJtLNWPBXChyfo.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfo" /sc ONLOGON /tr "'C:\Windows\Microsoft.NET\assembly\lcSuFJtLNWPBXChyfo.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfol" /sc MINUTE /mo 5 /tr "'C:\Windows\Microsoft.NET\assembly\lcSuFJtLNWPBXChyfo.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 11 /tr "'C:\Program Files\Reference Assemblies\Microsoft\Framework\dllhost.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Program Files\Reference Assemblies\Microsoft\Framework\dllhost.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Program Files (x86)\Common Files\ctfmon.exe
|
"C:\Program Files (x86)\common files\ctfmon.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\Program Files\Reference Assemblies\Microsoft\Framework\dllhost.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Program Files (x86)\Common Files\ctfmon.exe
|
"C:\Program Files (x86)\common files\ctfmon.exe"
|
|
|
|
C:\Windows\Microsoft.NET\assembly\lcSuFJtLNWPBXChyfo.exe
|
C:\Windows\Microsoft.NET\assembly\lcSuFJtLNWPBXChyfo.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfol" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows Multimedia Platform\lcSuFJtLNWPBXChyfo.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfo" /sc ONLOGON /tr "'C:\Program Files\Windows Multimedia Platform\lcSuFJtLNWPBXChyfo.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Program Files\Windows Multimedia Platform\lcSuFJtLNWPBXChyfo.exe
|
"C:\Program Files\Windows Multimedia Platform\lcSuFJtLNWPBXChyfo.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfol" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows Multimedia Platform\lcSuFJtLNWPBXChyfo.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfol" /sc MINUTE /mo 10 /tr "'C:\Recovery\lcSuFJtLNWPBXChyfo.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfo" /sc ONLOGON /tr "'C:\Recovery\lcSuFJtLNWPBXChyfo.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfol" /sc MINUTE /mo 12 /tr "'C:\Recovery\lcSuFJtLNWPBXChyfo.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfol" /sc MINUTE /mo 10 /tr "'C:\Recovery\lcSuFJtLNWPBXChyfo.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "lcSuFJtLNWPBXChyfo" /sc ONLOGON /tr "'C:\Recovery\lcSuFJtLNWPBXChyfo.exe'" /rl HIGHEST /f
|
|
There are 30 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
a1040171.xsph.ru
|
141.8.192.169
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
fontdrvhost
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
ctfmon
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
dllhost
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
dllhost
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RuntimeBroker
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RuntimeBroker
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lcSuFJtLNWPBXChyfo
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\6c564545c95421af0da0809392153cdcfb7e719f
|
fe74271efb35cc47eac8f9f7b1daf1c1bdb33289
|
There are 28 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3181000
|
trusted library allocation
|
page read and write
|
|
|
|
360D000
|
trusted library allocation
|
page read and write
|
|
|
|
22E9000
|
trusted library allocation
|
page read and write
|
|
|
|
287A000
|
trusted library allocation
|
page read and write
|
|
|
|
31D9000
|
trusted library allocation
|
page read and write
|
|
|
|
2981000
|
trusted library allocation
|
page read and write
|
|
|
|
3191000
|
trusted library allocation
|
page read and write
|
|
|
|
25D1000
|
trusted library allocation
|
page read and write
|
|
|
|
2618000
|
trusted library allocation
|
page read and write
|
|
|
|
2541000
|
trusted library allocation
|
page read and write
|
|
|
|
22A1000
|
trusted library allocation
|
page read and write
|
|
|
|
2831000
|
trusted library allocation
|
page read and write
|
|
|
|
7FF848E24000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
1A2D0000
|
trusted library allocation
|
page read and write
|
||
|
326B000
|
trusted library allocation
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
A7A000
|
heap
|
page read and write
|
||
|
1C664000
|
heap
|
page read and write
|
||
|
4F6000
|
stack
|
page read and write
|
||
|
1C348000
|
heap
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
2970000
|
heap
|
page execute and read and write
|
||
|
10C5000
|
heap
|
page read and write
|
||
|
122A8000
|
trusted library allocation
|
page read and write
|
||
|
125D3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE1000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
A5F000
|
stack
|
page read and write
|
||
|
7FF848EA6000
|
trusted library allocation
|
page read and write
|
||
|
1AFDE000
|
stack
|
page read and write
|
||
|
1B450000
|
heap
|
page execute and read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page execute and read and write
|
||
|
12BD000
|
heap
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
1C16F000
|
heap
|
page read and write
|
||
|
1C36D000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
CAE000
|
heap
|
page read and write
|
||
|
CFF000
|
heap
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C2DE000
|
heap
|
page read and write
|
||
|
325E000
|
trusted library allocation
|
page read and write
|
||
|
2602000
|
trusted library allocation
|
page read and write
|
||
|
AD5000
|
heap
|
page read and write
|
||
|
D90000
|
unkown
|
page readonly
|
||
|
1ACD0000
|
heap
|
page read and write
|
||
|
7FF848EB6000
|
trusted library allocation
|
page read and write
|
||
|
12833000
|
trusted library allocation
|
page read and write
|
||
|
D50000
|
heap
|
page execute and read and write
|
||
|
1C033000
|
stack
|
page read and write
|
||
|
7FF848F41000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FBC000
|
trusted library allocation
|
page read and write
|
||
|
1A9BC000
|
stack
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C3DA000
|
heap
|
page read and write
|
||
|
C49000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CE1E000
|
stack
|
page read and write
|
||
|
12543000
|
trusted library allocation
|
page read and write
|
||
|
13EB000
|
heap
|
page read and write
|
||
|
7FF848FA3000
|
trusted library allocation
|
page read and write
|
||
|
1CF1B000
|
stack
|
page read and write
|
||
|
1C40B000
|
heap
|
page read and write
|
||
|
1B1C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F31000
|
trusted library allocation
|
page execute and read and write
|
||
|
CE1000
|
heap
|
page read and write
|
||
|
1BB60000
|
heap
|
page read and write
|
||
|
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
122AD000
|
trusted library allocation
|
page read and write
|
||
|
1280000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E3C000
|
trusted library allocation
|
page read and write
|
||
|
1C27A000
|
heap
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
358B000
|
trusted library allocation
|
page read and write
|
||
|
1C3FA000
|
heap
|
page read and write
|
||
|
7FF848FAB000
|
trusted library allocation
|
page read and write
|
||
|
1B8EE000
|
stack
|
page read and write
|
||
|
7FF848EB6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
269B000
|
trusted library allocation
|
page read and write
|
||
|
155E000
|
stack
|
page read and write
|
||
|
2A2A000
|
trusted library allocation
|
page read and write
|
||
|
2698000
|
trusted library allocation
|
page read and write
|
||
|
147D000
|
heap
|
page read and write
|
||
|
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1319D000
|
trusted library allocation
|
page read and write
|
||
|
1AEDF000
|
stack
|
page read and write
|
||
|
356B000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
617000
|
heap
|
page read and write
|
||
|
7FF848FBC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F51000
|
trusted library allocation
|
page execute and read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
1C426000
|
heap
|
page read and write
|
||
|
9A6000
|
stack
|
page read and write
|
||
|
7FF848E22000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848ECC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
F85000
|
heap
|
page read and write
|
||
|
23C0000
|
heap
|
page execute and read and write
|
||
|
1B2EE000
|
stack
|
page read and write
|
||
|
12831000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E37000
|
trusted library allocation
|
page read and write
|
||
|
1B34F000
|
stack
|
page read and write
|
||
|
1AFE0000
|
heap
|
page execute and read and write
|
||
|
560000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
914000
|
heap
|
page read and write
|
||
|
D1F000
|
stack
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
1B46E000
|
stack
|
page read and write
|
||
|
1C676000
|
heap
|
page read and write
|
||
|
D85000
|
heap
|
page read and write
|
||
|
1C627000
|
heap
|
page read and write
|
||
|
7FF848E04000
|
trusted library allocation
|
page read and write
|
||
|
229E000
|
stack
|
page read and write
|
||
|
5CB000
|
heap
|
page read and write
|
||
|
12D3000
|
heap
|
page read and write
|
||
|
22A0000
|
heap
|
page execute and read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
31EE000
|
trusted library allocation
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
1B5E4000
|
stack
|
page read and write
|
||
|
1BE1E000
|
stack
|
page read and write
|
||
|
6C6000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EBC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C3D4000
|
heap
|
page read and write
|
||
|
1C198000
|
heap
|
page read and write
|
||
|
E70000
|
trusted library allocation
|
page read and write
|
||
|
1A860000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FCB000
|
trusted library allocation
|
page read and write
|
||
|
352F000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
18F5000
|
heap
|
page read and write
|
||
|
1C01E000
|
stack
|
page read and write
|
||
|
86C000
|
heap
|
page read and write
|
||
|
181E000
|
stack
|
page read and write
|
||
|
1B1D3000
|
stack
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
7FF848FE3000
|
trusted library allocation
|
page read and write
|
||
|
18F0000
|
heap
|
page read and write
|
||
|
1C294000
|
heap
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
7FF848FAA000
|
trusted library allocation
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
34F1000
|
trusted library allocation
|
page read and write
|
||
|
1AB6D000
|
stack
|
page read and write
|
||
|
282E000
|
stack
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E02000
|
trusted library allocation
|
page read and write
|
||
|
1B65E000
|
stack
|
page read and write
|
||
|
1C412000
|
heap
|
page read and write
|
||
|
1BF35000
|
stack
|
page read and write
|
||
|
1B0EE000
|
stack
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
67A000
|
heap
|
page read and write
|
||
|
2270000
|
trusted library allocation
|
page read and write
|
||
|
262B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E03000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F06000
|
trusted library allocation
|
page execute and read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page read and write
|
||
|
BEF000
|
stack
|
page read and write
|
||
|
1B854000
|
stack
|
page read and write
|
||
|
1C21E000
|
stack
|
page read and write
|
||
|
890000
|
trusted library allocation
|
page read and write
|
||
|
6BE000
|
heap
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
1C225000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
A5C000
|
heap
|
page read and write
|
||
|
312E000
|
stack
|
page read and write
|
||
|
1340000
|
trusted library allocation
|
page read and write
|
||
|
12838000
|
trusted library allocation
|
page read and write
|
||
|
12F6000
|
stack
|
page read and write
|
||
|
FB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
|
870000
|
trusted library allocation
|
page read and write
|
||
|
26A7000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C637000
|
heap
|
page read and write
|
||
|
EC0000
|
heap
|
page execute and read and write
|
||
|
1B55E000
|
stack
|
page read and write
|
||
|
C7E000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
8B5000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
7FF848EDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B2DE000
|
stack
|
page read and write
|
||
|
358D000
|
trusted library allocation
|
page read and write
|
||
|
125D8000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C2D1000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
2695000
|
trusted library allocation
|
page read and write
|
||
|
125DD000
|
trusted library allocation
|
page read and write
|
||
|
1C269000
|
heap
|
page read and write
|
||
|
A7F000
|
heap
|
page read and write
|
||
|
1A82D000
|
stack
|
page read and write
|
||
|
7FF848E5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AFEE000
|
stack
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
1C18D000
|
heap
|
page read and write
|
||
|
2692000
|
trusted library allocation
|
page read and write
|
||
|
1318D000
|
trusted library allocation
|
page read and write
|
||
|
ABF000
|
heap
|
page read and write
|
||
|
225E000
|
stack
|
page read and write
|
||
|
1B060000
|
heap
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
1600000
|
heap
|
page execute and read and write
|
||
|
7FF848EAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F2F000
|
trusted library allocation
|
page execute and read and write
|
||
|
15A0000
|
heap
|
page execute and read and write
|
||
|
7FF848FE3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
1B75E000
|
stack
|
page read and write
|
||
|
1B400000
|
heap
|
page read and write
|
||
|
340D000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
1C589000
|
heap
|
page read and write
|
||
|
1BB5E000
|
stack
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
7FF848E24000
|
trusted library allocation
|
page read and write
|
||
|
E50000
|
trusted library allocation
|
page read and write
|
||
|
E62000
|
unkown
|
page readonly
|
||
|
63F000
|
heap
|
page read and write
|
||
|
168F000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2375000
|
trusted library allocation
|
page read and write
|
||
|
1B71E000
|
stack
|
page read and write
|
||
|
1C311000
|
heap
|
page read and write
|
||
|
7FF848FEB000
|
trusted library allocation
|
page read and write
|
||
|
13E6000
|
heap
|
page read and write
|
||
|
138E000
|
heap
|
page read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C30D000
|
heap
|
page read and write
|
||
|
1B66E000
|
stack
|
page read and write
|
||
|
1C1C7000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
7FF848E34000
|
trusted library allocation
|
page read and write
|
||
|
1C2ED000
|
heap
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E0C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E17000
|
trusted library allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
7FF848FB6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F4F000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FC3000
|
trusted library allocation
|
page read and write
|
||
|
1B56F000
|
stack
|
page read and write
|
||
|
1481000
|
heap
|
page read and write
|
||
|
1C39D000
|
heap
|
page read and write
|
||
|
88B000
|
heap
|
page read and write
|
||
|
7FF848FBB000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E12000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
7FF848E2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
A30000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
1C32E000
|
heap
|
page read and write
|
||
|
1C1AF000
|
heap
|
page read and write
|
||
|
1C38B000
|
heap
|
page read and write
|
||
|
7FF848E34000
|
trusted library allocation
|
page read and write
|
||
|
1B95B000
|
stack
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
F8F000
|
stack
|
page read and write
|
||
|
13FE000
|
heap
|
page read and write
|
||
|
12981000
|
trusted library allocation
|
page read and write
|
||
|
1C1EE000
|
heap
|
page read and write
|
||
|
5ED000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
12548000
|
trusted library allocation
|
page read and write
|
||
|
2378000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
654000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
22FE000
|
trusted library allocation
|
page read and write
|
||
|
1304000
|
heap
|
page read and write
|
||
|
7FF848EE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
3267000
|
trusted library allocation
|
page read and write
|
||
|
32D2000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
1C585000
|
heap
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C689000
|
heap
|
page read and write
|
||
|
61C000
|
heap
|
page read and write
|
||
|
1B3E0000
|
heap
|
page read and write
|
||
|
2636000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB1000
|
trusted library allocation
|
page read and write
|
||
|
24C0000
|
heap
|
page read and write
|
||
|
1C5B6000
|
heap
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FAC000
|
trusted library allocation
|
page read and write
|
||
|
13181000
|
trusted library allocation
|
page read and write
|
||
|
63A000
|
heap
|
page read and write
|
||
|
1C113000
|
stack
|
page read and write
|
||
|
1C3D2000
|
heap
|
page read and write
|
||
|
1B6E3000
|
stack
|
page read and write
|
||
|
7FF848FB3000
|
trusted library allocation
|
page read and write
|
||
|
1C2C3000
|
heap
|
page read and write
|
||
|
7FF848E3C000
|
trusted library allocation
|
page read and write
|
||
|
6F6000
|
stack
|
page read and write
|
||
|
1B4EF000
|
stack
|
page read and write
|
||
|
7FF848E26000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1C000
|
trusted library allocation
|
page read and write
|
||
|
1ABE0000
|
heap
|
page execute and read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1298D000
|
trusted library allocation
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
616000
|
heap
|
page read and write
|
||
|
A70000
|
trusted library allocation
|
page read and write
|
||
|
1BC3E000
|
stack
|
page read and write
|
||
|
1C205000
|
heap
|
page read and write
|
||
|
1466000
|
heap
|
page read and write
|
||
|
2608000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B16E000
|
stack
|
page read and write
|
||
|
7FF848FAE000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
643000
|
heap
|
page read and write
|
||
|
7FF848E1C000
|
trusted library allocation
|
page read and write
|
||
|
5D8000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
1C1DA000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
296F000
|
stack
|
page read and write
|
||
|
1B3E8000
|
heap
|
page read and write
|
||
|
1C42F000
|
heap
|
page read and write
|
||
|
1C27F000
|
heap
|
page read and write
|
||
|
259D000
|
trusted library allocation
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
1C13E000
|
stack
|
page read and write
|
||
|
12988000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
D90000
|
unkown
|
page readonly
|
||
|
300F000
|
stack
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
1B7EF000
|
stack
|
page read and write
|
||
|
756000
|
stack
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
AC0000
|
trusted library allocation
|
page read and write
|
||
|
5DD000
|
heap
|
page read and write
|
||
|
7FF848FF1000
|
trusted library allocation
|
page read and write
|
||
|
FA6000
|
stack
|
page read and write
|
||
|
1BB5E000
|
stack
|
page read and write
|
||
|
1C614000
|
heap
|
page read and write
|
||
|
1AF0D000
|
stack
|
page read and write
|
||
|
7FF848E24000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FCC000
|
trusted library allocation
|
page read and write
|
||
|
1C3EA000
|
heap
|
page read and write
|
||
|
1AEE0000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
1B26E000
|
stack
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
1BD3F000
|
stack
|
page read and write
|
||
|
80F000
|
stack
|
page read and write
|
||
|
31D5000
|
trusted library allocation
|
page read and write
|
||
|
1254D000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F06000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F3F000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BB30000
|
heap
|
page read and write
|
||
|
7FF848FBE000
|
trusted library allocation
|
page read and write
|
||
|
1C1C4000
|
heap
|
page read and write
|
||
|
1BE3F000
|
stack
|
page read and write
|
||
|
1B360000
|
heap
|
page read and write
|
||
|
7FF848E24000
|
trusted library allocation
|
page read and write
|
||
|
2530000
|
heap
|
page execute and read and write
|
||
|
236F000
|
trusted library allocation
|
page read and write
|
||
|
2904000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
A56000
|
heap
|
page read and write
|
||
|
1D5000
|
heap
|
page read and write
|
||
|
1C60D000
|
heap
|
page read and write
|
||
|
7FF848FCA000
|
trusted library allocation
|
page read and write
|
||
|
1ADFE000
|
stack
|
page read and write
|
||
|
1B3EE000
|
stack
|
page read and write
|
||
|
260B000
|
trusted library allocation
|
page read and write
|
||
|
9BE000
|
stack
|
page read and write
|
||
|
3263000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
31F6000
|
trusted library allocation
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
1C250000
|
heap
|
page read and write
|
||
|
D92000
|
unkown
|
page readonly
|
||
|
7FF848E27000
|
trusted library allocation
|
page read and write
|
||
|
2605000
|
trusted library allocation
|
page read and write
|
||
|
1ADBD000
|
stack
|
page read and write
|
||
|
25CF000
|
stack
|
page read and write
|
||
|
2A5A000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD3000
|
trusted library allocation
|
page read and write
|
||
|
1BC10000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
7FF848DF4000
|
trusted library allocation
|
page read and write
|
||
|
1C34D000
|
heap
|
page read and write
|
||
|
12FE000
|
heap
|
page read and write
|
||
|
336B000
|
trusted library allocation
|
page read and write
|
||
|
122A3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
13193000
|
trusted library allocation
|
page read and write
|
||
|
1C692000
|
heap
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
330C000
|
trusted library allocation
|
page read and write
|
||
|
1BA53000
|
stack
|
page read and write
|
||
|
1720000
|
heap
|
page execute and read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
825000
|
heap
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
259B000
|
trusted library allocation
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
1BD1E000
|
stack
|
page read and write
|
||
|
7FF848EE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FAC000
|
trusted library allocation
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
1C2B9000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
7FF848E07000
|
trusted library allocation
|
page read and write
|
||
|
1735000
|
heap
|
page read and write
|
||
|
13188000
|
trusted library allocation
|
page read and write
|
||
|
7FF849008000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E44000
|
trusted library allocation
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF2000
|
trusted library allocation
|
page read and write
|
||
|
1CA7E000
|
stack
|
page read and write
|
||
|
1C37C000
|
heap
|
page read and write
|
||
|
1C1A0000
|
heap
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
AE5000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
2A45000
|
trusted library allocation
|
page read and write
|
||
|
4F6000
|
stack
|
page read and write
|
||
|
12D1000
|
heap
|
page read and write
|
||
|
13191000
|
trusted library allocation
|
page read and write
|
||
|
328A000
|
trusted library allocation
|
page read and write
|
||
|
87F000
|
stack
|
page read and write
|
||
|
7FF848E1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
236C000
|
trusted library allocation
|
page read and write
|
||
|
ABA000
|
heap
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C220000
|
heap
|
page read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
1C23C000
|
heap
|
page read and write
|
||
|
1B0D4000
|
stack
|
page read and write
|
||
|
C68000
|
heap
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
1B2EE000
|
stack
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
A92000
|
heap
|
page read and write
|
||
|
7FF848FCE000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E44000
|
trusted library allocation
|
page read and write
|
||
|
1C208000
|
heap
|
page read and write
|
||
|
1B3DE000
|
stack
|
page read and write
|
||
|
1A9B0000
|
trusted library allocation
|
page read and write
|
||
|
2878000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E18000
|
trusted library allocation
|
page read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
1283D000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC1000
|
trusted library allocation
|
page read and write
|
||
|
1B1B0000
|
trusted library allocation
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
1BB90000
|
heap
|
page execute and read and write
|
||
|
15B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page read and write
|
||
|
904000
|
heap
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
1C140000
|
heap
|
page read and write
|
||
|
171F000
|
stack
|
page read and write
|
||
|
7FF848F9C000
|
trusted library allocation
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
1B70C000
|
stack
|
page read and write
|
||
|
510000
|
trusted library allocation
|
page read and write
|
||
|
1B363000
|
stack
|
page read and write
|
||
|
1C6AE000
|
heap
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
2372000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E03000
|
trusted library allocation
|
page execute and read and write
|
||
|
64F000
|
heap
|
page read and write
|
||
|
13191000
|
trusted library allocation
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
1AFAE000
|
stack
|
page read and write
|
||
|
288C000
|
trusted library allocation
|
page read and write
|
||
|
3265000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
1730000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E33000
|
trusted library allocation
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
1C5D6000
|
heap
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BF14000
|
stack
|
page read and write
|
||
|
1C1A2000
|
heap
|
page read and write
|
||
|
7FF848FE7000
|
trusted library allocation
|
page read and write
|
||
|
1C3D0000
|
heap
|
page read and write
|
||
|
1428000
|
heap
|
page read and write
|
||
|
AFA000
|
heap
|
page read and write
|
||
|
1C2C8000
|
heap
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
1C580000
|
heap
|
page read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page read and write
|
||
|
1C166000
|
heap
|
page read and write
|
||
|
1A570000
|
trusted library allocation
|
page read and write
|
||
|
12541000
|
trusted library allocation
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page read and write
|
||
|
67C000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
1ADDF000
|
stack
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A8F000
|
heap
|
page read and write
|
||
|
3261000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E38000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD6000
|
trusted library allocation
|
page read and write
|
||
|
E85000
|
heap
|
page read and write
|
||
|
35C4000
|
trusted library allocation
|
page read and write
|
||
|
1B4EF000
|
stack
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FC3000
|
trusted library allocation
|
page read and write
|
||
|
1C5EE000
|
heap
|
page read and write
|
||
|
1C363000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
13C8000
|
heap
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
C46000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
1C648000
|
heap
|
page read and write
|
||
|
7FF848E2C000
|
trusted library allocation
|
page read and write
|
||
|
1B1E3000
|
stack
|
page read and write
|
||
|
7FF848FCC000
|
trusted library allocation
|
page read and write
|
||
|
1B3EE000
|
stack
|
page read and write
|
||
|
325B000
|
trusted library allocation
|
page read and write
|
||
|
125D1000
|
trusted library allocation
|
page read and write
|
||
|
8CB000
|
heap
|
page read and write
|
||
|
2190000
|
heap
|
page execute and read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
1C240000
|
heap
|
page read and write
|
||
|
1A600000
|
trusted library allocation
|
page read and write
|
||
|
31EB000
|
trusted library allocation
|
page read and write
|
||
|
E8F000
|
stack
|
page read and write
|
||
|
7FF848E2C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3454000
|
trusted library allocation
|
page read and write
|
||
|
530000
|
trusted library allocation
|
page read and write
|
||
|
1C436000
|
heap
|
page read and write
|
||
|
595000
|
heap
|
page read and write
|
||
|
1880000
|
heap
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
1CD1D000
|
stack
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
1C5FE000
|
heap
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
122A1000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E28000
|
trusted library allocation
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E33000
|
trusted library allocation
|
page read and write
|
||
|
1B1E0000
|
heap
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
12983000
|
trusted library allocation
|
page read and write
|
||
|
94D000
|
heap
|
page read and write
|
||
|
15FE000
|
stack
|
page read and write
|
||
|
13198000
|
trusted library allocation
|
page read and write
|
||
|
7FF407420000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E03000
|
trusted library allocation
|
page read and write
|
||
|
A90000
|
trusted library allocation
|
page read and write
|
||
|
3491000
|
trusted library allocation
|
page read and write
|
||
|
619000
|
heap
|
page read and write
|
||
|
5B8000
|
heap
|
page read and write
|
||
|
1C59B000
|
heap
|
page read and write
|
||
|
8A3000
|
heap
|
page read and write
|
||
|
3267000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
13FC000
|
heap
|
page read and write
|
||
|
1C189000
|
heap
|
page read and write
|
||
|
7FF848E4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1885000
|
heap
|
page read and write
|
||
|
33BA000
|
trusted library allocation
|
page read and write
|
There are 626 hidden memdumps, click here to show them.