Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Prismifyr_Installer_v2.1 Setup 1.0.0.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\ProgramData\Passwords\Passwords.txt
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Autofills\Autofills.txt
|
ASCII text
|
dropped
|
|
|
|
C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Cookies\Google_Default.txt
|
ASCII text
|
dropped
|
|
|
|
C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Credit Card\Cards.txt
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Passwords\Passwords.txt
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Vortex_Cookies
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 6
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web.db
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\history.db
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 1
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.db
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\webdata.db
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\history.db
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4,
UTF-8, version-valid-for 1
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
modified
|
|
|
|
C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Bookmarks\Bookmarks.txt
|
ASCII text
|
dropped
|
||
|
C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\History\History.txt
|
ASCII text
|
dropped
|
||
|
C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Screenshots\Screenshot.png
|
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\screenCapture_1.3.2.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Vortex_Cookies
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web.db
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie
0x37, schema 4, UTF-8, version-valid-for 8
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\passwords.db
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie
0xe, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\webdata.db
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie
0x37, schema 4, UTF-8, version-valid-for 8
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\LICENSE.electron.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\LICENSES.chromium.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\chrome_100_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\chrome_200_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\d3dcompiler_47.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\ffmpeg.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\icudtl.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\libEGL.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\libGLESv2.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\1b6e99aa-5e17-4930-922d-0fcfed46e003.tmp.node
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png
|
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RES9E2A.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x68c, 10 symbols, created Thu Oct 24 11:52:54 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_30yl2bau.vpk.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_blnyxkri.h5s.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bu4maval.aua.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dzolp3or.xvi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\d9f7e9ec-5589-4098-b546-c97c7020ff02.tmp.node
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\LICENSE.electron.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\LICENSES.chromium.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\Prismifyr_Installer_v2.1.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\chrome_100_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\chrome_200_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\d3dcompiler_47.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\ffmpeg.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\icudtl.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\libEGL.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\libGLESv2.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\af.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\am.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\ar.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\bg.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\bn.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\ca.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\cs.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\da.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\de.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\el.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\en-GB.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\en-US.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\es-419.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\es.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\et.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\fa.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\fi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\fil.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\fr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\gu.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\he.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\hi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\hr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\hu.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\id.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\it.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\ja.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\kn.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\ko.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\lt.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\lv.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\ml.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\mr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\ms.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\nb.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\nl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\pl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\pt-BR.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\pt-PT.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\ro.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\ru.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\sk.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\sl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\sr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\sv.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\sw.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\ta.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\te.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\th.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\tr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\uk.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\ur.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\vi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\zh-CN.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales\zh-TW.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\index.js
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\darwin\index.js
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\linux\index.js
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\utils.js
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\package.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\test.js
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\elevate.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\snapshot_blob.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\v8_context_snapshot.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\vk_swiftshader.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\vk_swiftshader_icd.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\vulkan-1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\SpiderBanner.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\StdUtils.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\app-64.7z
|
7-zip archive data, version 0.4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\nsExec.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\nsis7z.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\screenCapture\CSCEE08CA83D7542AAB04A7698A66ECD4F.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\screenCapture\app.manifest
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1\54633697-022e-4588-852d-c3930e6e256f.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1\Local State (copy)
|
JSON data
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 126 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
|
"C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe"
|
|
|
|
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
|
"C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c "tasklist /fo csv"
|
|
|
|
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
|
"C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1"
--gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA
--field-trial-handle=2244,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand
--variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
|
|
|
|
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
|
"C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --field-trial-handle=2516,i,14912361022600860785,9095772362069922900,262144
--disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version
--mojo-platform-channel-handle=2512 /prefetch:3
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225),
$null, 'CurrentUser')"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6),
$null, 'CurrentUser')"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png"
"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c "start /B cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program
can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error',
16);close()""
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing
from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"
|
|
|
|
C:\Windows\System32\mshta.exe
|
mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from
your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe
|
"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\tasklist.exe
|
tasklist /fo csv
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\tasklist.exe
|
tasklist
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225),
$null, 'CurrentUser')
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6),
$null, 'CurrentUser')
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest"
/out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES9E2A.tmp"
"c:\Users\user\AppData\Local\Temp\screenCapture\CSCEE08CA83D7542AAB04A7698A66ECD4F.TMP"
|
||
|
C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
|
screenCapture_1.3.2.exe "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\tasklist.exe
|
tasklist
|
There are 19 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://github.com/npm/move-file
|
unknown
|
||
|
https://github.com/simplejson/simplejson
|
unknown
|
||
|
https://github.com/c4milo/v8-profiler/blob/master/binding.gyp)
|
unknown
|
||
|
https://support.google.com/chrome/answer/6098869
|
unknown
|
||
|
https://www.bluetooth.com/specifications/gatt/services
|
unknown
|
||
|
https://github.com/WebBluetoothCG/web-bluetooth/blob/main/implementation-status.md
|
unknown
|
||
|
http://crbug.com/122592
|
unknown
|
||
|
https://www.chromestatus.com/feature/5093566007214080
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=fi&category=theme81https://myactivity.google.com/myactivity/?u
|
unknown
|
||
|
https://github.com/TooTallNate/node-time/blob/master/binding.gyp)
|
unknown
|
||
|
https://docs.python.org/2/library/tempfile.html#tempfile.mkstemp
|
unknown
|
||
|
https://github.com/tc39/proposal-weakrefs
|
unknown
|
||
|
https://goo.gl/t5IS6M).
|
unknown
|
||
|
https://github.com/jprichardson/node-jsonfile#readfilesyncfilename-options).
|
unknown
|
||
|
https://github.com/nodejs/node/issues/44985
|
unknown
|
||
|
https://registry.npmjs.org/bindings/1.0.0
|
unknown
|
||
|
https://url.spec.whatwg.org/#concept-urlencoded-serializer
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=sk&category=theme81https://myactivity.google.com/myactivity/?u
|
unknown
|
||
|
https://url.spec.whatwg.org/#dom-urlsearchparams-urlsearchparams
|
unknown
|
||
|
https://github.com/rbranson/node-ffi/blob/master/deps/libffi/libffi.gyp)
|
unknown
|
||
|
https://semver.org/
|
unknown
|
||
|
https://github.com/google/pprof/tree/master/proto
|
unknown
|
||
|
https://openjsf.org/
|
unknown
|
||
|
https://github.com/jrmuizel/qcms/tree/v4
|
unknown
|
||
|
https://chromium.googlesource.com/chromium/src/
|
unknown
|
||
|
https://github.com/luismreis/node-openvg-canvas/blob/master/binding.gyp)
|
unknown
|
||
|
https://github.com/nickdesaulniers/node-nanomsg/blob/master/binding.gyp)
|
unknown
|
||
|
https://w3c.github.io/manifest/#installability-signals
|
unknown
|
||
|
http://exslt.org/common
|
unknown
|
||
|
https://github.com/npm/cacache
|
unknown
|
||
|
https://github.com/tensorflow/models
|
unknown
|
||
|
https://github.com/KhronosGroup/SPIRV-Headers.git
|
unknown
|
||
|
https://github.com/w3c/ServiceWorker/issues/1356.Property
|
unknown
|
||
|
https://github.com/lloyd/node-memwatch/blob/master/binding.gyp)
|
unknown
|
||
|
https://code.google.com/p/gyp/issues/detail?id=411
|
unknown
|
||
|
http://istanbul-js.org/
|
unknown
|
||
|
https://github.com/tensorflow/tflite-support
|
unknown
|
||
|
https://github.com/WICG/scheduling-apis
|
unknown
|
||
|
https://pypi.org/project/pyparsing
|
unknown
|
||
|
https://sqlite.org/
|
unknown
|
||
|
https://code.google.com/p/chromium/issues/detail?id=25916
|
unknown
|
||
|
https://webidl.spec.whatwg.org/#abstract-opdef-converttoint
|
unknown
|
||
|
http://crbug.com/333738.
|
unknown
|
||
|
http://www.sqlite.org/
|
unknown
|
||
|
https://developer.chrome.com/docs/extensions/mv3/service_workers/events/Script
|
unknown
|
||
|
https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
|
unknown
|
||
|
https://sizzlejs.com/
|
unknown
|
||
|
https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
|
unknown
|
||
|
http://www.portaudio.com
|
unknown
|
||
|
https://beacons.gcp.gvt2.com/domainreliability/upload
|
unknown
|
||
|
https://w3c.github.io/aria/#aria-hidden.
|
unknown
|
||
|
https://developer.chrome.com/docs/extensions/mv3/cross-origin-isolation/.
|
unknown
|
||
|
https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
|
unknown
|
||
|
https://github.com/google/shell-encryption
|
unknown
|
||
|
https://heycam.github.io/webidl/#es-iterable-entries
|
unknown
|
||
|
https://github.com/developmentseed/node-sqlite3/blob/master/deps/sqlite3.gyp)
|
unknown
|
||
|
https://github.com/wasdk/wasmparser
|
unknown
|
||
|
https://heycam.github.io/webidl/#es-interfaces
|
unknown
|
||
|
https://github.com/nodejs/node-gyp/labels/ERR%21%20node-gyp%20-v%20%3C%3D%20v5.1.0)
|
unknown
|
||
|
https://goo.gl/4NeimXOrigin
|
unknown
|
||
|
https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunk
|
unknown
|
||
|
https://tc39.github.io/ecma262/#sec-object.prototype.tostring
|
unknown
|
||
|
https://github.com/dpranke/typ.git
|
unknown
|
||
|
https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
|
unknown
|
||
|
https://github.com/npm/ssri
|
unknown
|
||
|
https://streams.spec.whatwg.org/#example-manual-write-with-backpressure
|
unknown
|
||
|
https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
|
unknown
|
||
|
https://www.khronos.org/registry/
|
unknown
|
||
|
https://github.com/rvagg/node-leveldown/blob/master/binding.gyp)
|
unknown
|
||
|
https://heycam.github.io/webidl/#dfn-iterator-prototype-object
|
unknown
|
||
|
http://tootallnate.net)
|
unknown
|
||
|
https://github.com/requests/toolbelt
|
unknown
|
||
|
https://android.com/pay
|
unknown
|
||
|
https://nodejs.org/static/images/favicons/favicon.icofaviconUrldevtoolsFrontendUrldevtoolsFrontendUr
|
unknown
|
||
|
http://web.archive.org/
|
unknown
|
||
|
https://nodejs.org/en/docs/inspectorFor
|
unknown
|
||
|
https://xhr.spec.whatwg.org/.
|
unknown
|
||
|
http://crbug.com/142362.
|
unknown
|
||
|
https://www.chromestatus.com/feature/6662647093133312
|
unknown
|
||
|
https://github.com/rvagg/node-leveldown/blob/master/deps/snappy/snappy.gyp)
|
unknown
|
||
|
https://github.com/nodejs/gyp-next/releases)
|
unknown
|
||
|
https://crbug.com/1144908
|
unknown
|
||
|
https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-handling.
|
unknown
|
||
|
https://pypi.python.org/pypi/pyfakefs
|
unknown
|
||
|
https://goo.gl/EuHzyv
|
unknown
|
||
|
http://public.kitware.com/Bug/view.php?id=8392
|
unknown
|
||
|
https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
|
unknown
|
||
|
https://beacons4.gvt2.com/domainreliability/upload
|
unknown
|
||
|
http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
|
unknown
|
||
|
https://github.com/sass/node-sass/blob/master/binding.gyp)
|
unknown
|
||
|
https://nodejs.org/api/fs.html#fs_fs_writefile_file_data_options_callback).
|
unknown
|
||
|
http://code.google.com/p/gyp/
|
unknown
|
||
|
https://w3c.github.io/aria/#aria-hidden.Blocked
|
unknown
|
||
|
https://docs.python.org/2/library/subprocess.html:
|
unknown
|
||
|
https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
|
unknown
|
||
|
https://goo.gl/HxfxSQOrigin
|
unknown
|
||
|
https://nodejs.org/api/fs.html#fs_fs_writefilesync_file_data_options)
|
unknown
|
||
|
http://crl.godaddy.com/gds1-20
|
unknown
|
||
|
https://sqlite.org/forum/forumpost/726219164b
|
unknown
|
||
|
http://developer.android.com/tools/extras/support-library.html
|
unknown
|
There are 90 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\7b4c3a21-e2df-5efd-beb5-591edeb53a62
|
InstallLocation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\7b4c3a21-e2df-5efd-beb5-591edeb53a62
|
KeepShortcuts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\7b4c3a21-e2df-5efd-beb5-591edeb53a62
|
ShortcutName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7b4c3a21-e2df-5efd-beb5-591edeb53a62
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7b4c3a21-e2df-5efd-beb5-591edeb53a62
|
UninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7b4c3a21-e2df-5efd-beb5-591edeb53a62
|
QuietUninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7b4c3a21-e2df-5efd-beb5-591edeb53a62
|
DisplayVersion
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7b4c3a21-e2df-5efd-beb5-591edeb53a62
|
DisplayIcon
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7b4c3a21-e2df-5efd-beb5-591edeb53a62
|
Publisher
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7b4c3a21-e2df-5efd-beb5-591edeb53a62
|
NoModify
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7b4c3a21-e2df-5efd-beb5-591edeb53a62
|
NoRepair
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7b4c3a21-e2df-5efd-beb5-591edeb53a62
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
There are 3 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
595B000
|
heap
|
page read and write
|
||
|
2E81000
|
heap
|
page read and write
|
||
|
70AE000
|
direct allocation
|
page read and write
|
||
|
595C000
|
heap
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
24B04460000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
6B3947E000
|
stack
|
page read and write
|
||
|
4EDA000
|
heap
|
page read and write
|
||
|
1DF57DB4000
|
heap
|
page read and write
|
||
|
23520470000
|
trusted library allocation
|
page read and write
|
||
|
5962000
|
heap
|
page read and write
|
||
|
3017000
|
heap
|
page read and write
|
||
|
594C000
|
heap
|
page read and write
|
||
|
678000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
7FF64F2F1000
|
unkown
|
page execute read
|
||
|
65E0000
|
heap
|
page read and write
|
||
|
2CC0000
|
direct allocation
|
page read and write
|
||
|
596A000
|
heap
|
page read and write
|
||
|
7FF652EF1000
|
unkown
|
page execute read
|
||
|
594C000
|
heap
|
page read and write
|
||
|
5930000
|
heap
|
page read and write
|
||
|
57A1000
|
heap
|
page read and write
|
||
|
4ECC000
|
heap
|
page read and write
|
||
|
7FF651AF1000
|
unkown
|
page execute read
|
||
|
592C000
|
heap
|
page read and write
|
||
|
2E35000
|
heap
|
page read and write
|
||
|
5940000
|
heap
|
page read and write
|
||
|
5928000
|
heap
|
page read and write
|
||
|
2351EC00000
|
heap
|
page read and write
|
||
|
56A0000
|
heap
|
page read and write
|
||
|
594C000
|
heap
|
page read and write
|
||
|
23520450000
|
trusted library allocation
|
page read and write
|
||
|
7FF6524F1000
|
unkown
|
page execute read
|
||
|
594F000
|
heap
|
page read and write
|
||
|
24B044A4000
|
heap
|
page read and write
|
||
|
6560000
|
heap
|
page read and write
|
||
|
2E27000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
58A9000
|
heap
|
page read and write
|
||
|
2414000
|
heap
|
page read and write
|
||
|
57A1000
|
heap
|
page read and write
|
||
|
5946000
|
heap
|
page read and write
|
||
|
17A577CB000
|
heap
|
page read and write
|
||
|
17A5779B000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
5933000
|
heap
|
page read and write
|
||
|
59EF000
|
heap
|
page read and write
|
||
|
7FF64FCF1000
|
unkown
|
page execute read
|
||
|
2E2C000
|
heap
|
page read and write
|
||
|
C0ED67F000
|
stack
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
17A57700000
|
heap
|
page read and write
|
||
|
594F000
|
heap
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
6160000
|
direct allocation
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
460000
|
unkown
|
page read and write
|
||
|
7FF6542F1000
|
unkown
|
page execute read
|
||
|
2E13000
|
heap
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
17A5770A000
|
heap
|
page read and write
|
||
|
5E20000
|
direct allocation
|
page read and write
|
||
|
1DF57D9B000
|
heap
|
page read and write
|
||
|
1DF57D9B000
|
heap
|
page read and write
|
||
|
5221000
|
heap
|
page read and write
|
||
|
5828000
|
heap
|
page read and write
|
||
|
5761000
|
heap
|
page read and write
|
||
|
2E31000
|
heap
|
page read and write
|
||
|
6B392FE000
|
stack
|
page read and write
|
||
|
1DF57DB7000
|
heap
|
page read and write
|
||
|
5935000
|
heap
|
page read and write
|
||
|
6520000
|
heap
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
4ED8000
|
heap
|
page read and write
|
||
|
483000
|
unkown
|
page read and write
|
||
|
1DF57DAE000
|
heap
|
page read and write
|
||
|
17A577A6000
|
heap
|
page read and write
|
||
|
24B04740000
|
heap
|
page read and write
|
||
|
59E9000
|
heap
|
page read and write
|
||
|
2E1C000
|
heap
|
page read and write
|
||
|
605000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
65A1000
|
heap
|
page read and write
|
||
|
23520430000
|
trusted library allocation
|
page read and write
|
||
|
5221000
|
heap
|
page read and write
|
||
|
251D000
|
stack
|
page read and write
|
||
|
5944000
|
heap
|
page read and write
|
||
|
4EBB000
|
heap
|
page read and write
|
||
|
1DF57D9B000
|
heap
|
page read and write
|
||
|
742000
|
heap
|
page read and write
|
||
|
1DF57D7B000
|
heap
|
page read and write
|
||
|
8FED9BE000
|
stack
|
page read and write
|
||
|
4EBB000
|
heap
|
page read and write
|
||
|
C0ED87E000
|
stack
|
page read and write
|
||
|
4DA0000
|
direct allocation
|
page read and write
|
||
|
5948000
|
heap
|
page read and write
|
||
|
17A577C6000
|
heap
|
page read and write
|
||
|
17A577BD000
|
heap
|
page read and write
|
||
|
595C000
|
heap
|
page read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
56A0000
|
heap
|
page read and write
|
||
|
6B394FF000
|
stack
|
page read and write
|
||
|
17A57795000
|
heap
|
page read and write
|
||
|
6B20000
|
direct allocation
|
page read and write
|
||
|
7FF64FCF1000
|
unkown
|
page execute read
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
73A000
|
heap
|
page read and write
|
||
|
7FF6510F1000
|
unkown
|
page execute read
|
||
|
8FED77D000
|
stack
|
page read and write
|
||
|
17A577C6000
|
heap
|
page read and write
|
||
|
4EB3000
|
heap
|
page read and write
|
||
|
6360000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
8FED67E000
|
stack
|
page read and write
|
||
|
5660000
|
heap
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
595E000
|
heap
|
page read and write
|
||
|
6C3000
|
heap
|
page read and write
|
||
|
5947000
|
heap
|
page read and write
|
||
|
594A000
|
heap
|
page read and write
|
||
|
1DF57D30000
|
heap
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
4ECC000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
75C32FF000
|
unkown
|
page read and write
|
||
|
17A57705000
|
heap
|
page read and write
|
||
|
313D000
|
stack
|
page read and write
|
||
|
595D000
|
heap
|
page read and write
|
||
|
6B3937F000
|
stack
|
page read and write
|
||
|
4E25000
|
heap
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
1DF57DBA000
|
heap
|
page read and write
|
||
|
5C20000
|
direct allocation
|
page read and write
|
||
|
6321000
|
heap
|
page read and write
|
||
|
6521000
|
heap
|
page read and write
|
||
|
58E8000
|
heap
|
page read and write
|
||
|
594F000
|
heap
|
page read and write
|
||
|
5942000
|
heap
|
page read and write
|
||
|
2351EBE0000
|
heap
|
page read and write
|
||
|
595E000
|
heap
|
page read and write
|
||
|
17A577C2000
|
heap
|
page read and write
|
||
|
5933000
|
heap
|
page read and write
|
||
|
2FFF000
|
stack
|
page read and write
|
||
|
7FF64F2F1000
|
unkown
|
page execute read
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
2D01000
|
heap
|
page read and write
|
||
|
6320000
|
heap
|
page read and write
|
||
|
4FF000
|
unkown
|
page read and write
|
||
|
2351EA10000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
595C000
|
heap
|
page read and write
|
||
|
2540000
|
heap
|
page read and write
|
||
|
1DF57DBD000
|
heap
|
page read and write
|
||
|
4EBC000
|
heap
|
page read and write
|
||
|
4EC5000
|
heap
|
page read and write
|
||
|
1DF57D93000
|
heap
|
page read and write
|
||
|
17A57770000
|
heap
|
page read and write
|
||
|
1DF57DAE000
|
heap
|
page read and write
|
||
|
C0ED39B000
|
stack
|
page read and write
|
||
|
23520503000
|
trusted library allocation
|
page read and write
|
||
|
7FF64DEF1000
|
unkown
|
page execute read
|
||
|
75C33FF000
|
stack
|
page read and write
|
||
|
7FF64DEF1000
|
unkown
|
page execute read
|
||
|
2E12000
|
heap
|
page read and write
|
||
|
5942000
|
heap
|
page read and write
|
||
|
607000
|
heap
|
page read and write
|
||
|
A7F000
|
stack
|
page read and write
|
||
|
5761000
|
heap
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
17A577BC000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
5942000
|
heap
|
page read and write
|
||
|
4E73000
|
heap
|
page read and write
|
||
|
1DF57D87000
|
heap
|
page read and write
|
||
|
4E73000
|
heap
|
page read and write
|
||
|
23520460000
|
heap
|
page readonly
|
||
|
59A9000
|
heap
|
page read and write
|
||
|
54F000
|
unkown
|
page read and write
|
||
|
1DF57DAE000
|
heap
|
page read and write
|
||
|
5761000
|
heap
|
page read and write
|
||
|
4EAC000
|
heap
|
page read and write
|
||
|
23520500000
|
trusted library allocation
|
page read and write
|
||
|
7FF6506F1000
|
unkown
|
page execute read
|
||
|
5721000
|
heap
|
page read and write
|
||
|
1DF57D86000
|
heap
|
page read and write
|
||
|
2351EA70000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
4E6B000
|
heap
|
page read and write
|
||
|
5821000
|
heap
|
page read and write
|
||
|
5761000
|
heap
|
page read and write
|
||
|
57A0000
|
heap
|
page read and write
|
||
|
5A20000
|
direct allocation
|
page read and write
|
||
|
59EF000
|
heap
|
page read and write
|
||
|
5621000
|
heap
|
page read and write
|
||
|
7FF654CF1000
|
unkown
|
page execute read
|
||
|
24B04580000
|
heap
|
page read and write
|
||
|
5828000
|
heap
|
page read and write
|
||
|
6EF000
|
heap
|
page read and write
|
||
|
4E2B000
|
heap
|
page read and write
|
||
|
5228000
|
heap
|
page read and write
|
||
|
6420000
|
heap
|
page read and write
|
||
|
7FF64E8F1000
|
unkown
|
page execute read
|
||
|
4EC8000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
594F000
|
heap
|
page read and write
|
||
|
1DF57D76000
|
heap
|
page read and write
|
||
|
56E0000
|
heap
|
page read and write
|
||
|
1DF580E5000
|
heap
|
page read and write
|
||
|
1DF57DB2000
|
heap
|
page read and write
|
||
|
17A577BF000
|
heap
|
page read and write
|
||
|
7FF6538F1000
|
unkown
|
page execute read
|
||
|
2410000
|
heap
|
page read and write
|
||
|
8FED363000
|
stack
|
page read and write
|
||
|
8FED979000
|
stack
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
8FEDA36000
|
stack
|
page read and write
|
||
|
1DF57DAF000
|
heap
|
page read and write
|
||
|
8FEE78E000
|
stack
|
page read and write
|
||
|
5948000
|
heap
|
page read and write
|
||
|
594F000
|
heap
|
page read and write
|
||
|
5220000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1DF57D9B000
|
heap
|
page read and write
|
||
|
594F000
|
heap
|
page read and write
|
||
|
595C000
|
heap
|
page read and write
|
||
|
4EB4000
|
heap
|
page read and write
|
||
|
8FED8FE000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
58A8000
|
heap
|
page read and write
|
||
|
4E2C000
|
heap
|
page read and write
|
||
|
24B0448A000
|
heap
|
page read and write
|
||
|
7FF64DEF1000
|
unkown
|
page execute read
|
||
|
5660000
|
heap
|
page read and write
|
||
|
7FF6542F1000
|
unkown
|
page execute read
|
||
|
6F23000
|
direct allocation
|
page read and write
|
||
|
6FD2000
|
direct allocation
|
page read and write
|
||
|
59F000
|
unkown
|
page readonly
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
7FF64D4F0000
|
unkown
|
page readonly
|
||
|
1DF580E0000
|
heap
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
7FF6542F1000
|
unkown
|
page execute read
|
||
|
1DF57DA7000
|
heap
|
page read and write
|
||
|
593C000
|
heap
|
page read and write
|
||
|
2E0B000
|
heap
|
page read and write
|
||
|
594F000
|
heap
|
page read and write
|
||
|
24B04380000
|
heap
|
page read and write
|
||
|
2E0F000
|
heap
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
5121000
|
heap
|
page read and write
|
||
|
5229000
|
heap
|
page read and write
|
||
|
4EB3000
|
heap
|
page read and write
|
||
|
594F000
|
heap
|
page read and write
|
||
|
5828000
|
heap
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
24B04480000
|
heap
|
page read and write
|
||
|
7FF654CF1000
|
unkown
|
page execute read
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
4E6B000
|
heap
|
page read and write
|
||
|
63E0000
|
heap
|
page read and write
|
||
|
6E1000
|
heap
|
page read and write
|
||
|
594B000
|
heap
|
page read and write
|
||
|
1DF57DBD000
|
heap
|
page read and write
|
||
|
5227000
|
heap
|
page read and write
|
||
|
4EBB000
|
heap
|
page read and write
|
||
|
8FEDBBE000
|
stack
|
page read and write
|
||
|
63E0000
|
heap
|
page read and write
|
||
|
7FF6506F1000
|
unkown
|
page execute read
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
594F000
|
heap
|
page read and write
|
||
|
29CC000
|
stack
|
page read and write
|
||
|
1DF57DAE000
|
heap
|
page read and write
|
||
|
65A0000
|
heap
|
page read and write
|
||
|
2548000
|
heap
|
page read and write
|
||
|
2E2C000
|
heap
|
page read and write
|
||
|
17A577C6000
|
heap
|
page read and write
|
||
|
8FED87E000
|
stack
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
5297000
|
heap
|
page read and write
|
||
|
55C0000
|
direct allocation
|
page read and write
|
||
|
5946000
|
heap
|
page read and write
|
||
|
7FF64FCF1000
|
unkown
|
page execute read
|
||
|
1DF57D75000
|
heap
|
page read and write
|
||
|
5823000
|
heap
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
1DF57DBE000
|
heap
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
1DF57D00000
|
heap
|
page read and write
|
||
|
7FF64D4F0000
|
unkown
|
page readonly
|
||
|
5929000
|
heap
|
page read and write
|
||
|
4EBB000
|
heap
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
1DF57DA7000
|
heap
|
page read and write
|
||
|
595C000
|
heap
|
page read and write
|
||
|
57A0000
|
heap
|
page read and write
|
||
|
464000
|
unkown
|
page read and write
|
||
|
17A577C6000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
2A55000
|
heap
|
page read and write
|
||
|
57A2000
|
heap
|
page read and write
|
||
|
4FB000
|
unkown
|
page read and write
|
||
|
56A1000
|
heap
|
page read and write
|
||
|
17A577CB000
|
heap
|
page read and write
|
||
|
63A1000
|
heap
|
page read and write
|
||
|
7FF64D4F1000
|
unkown
|
page execute read
|
||
|
6321000
|
heap
|
page read and write
|
||
|
553000
|
unkown
|
page read and write
|
||
|
2351EA5C000
|
heap
|
page read and write
|
||
|
17A577CB000
|
heap
|
page read and write
|
||
|
5946000
|
heap
|
page read and write
|
||
|
595E000
|
heap
|
page read and write
|
||
|
59EF000
|
heap
|
page read and write
|
||
|
6FB000
|
heap
|
page read and write
|
||
|
5761000
|
heap
|
page read and write
|
||
|
4420000
|
trusted library allocation
|
page read and write
|
||
|
5720000
|
heap
|
page read and write
|
||
|
6186000
|
direct allocation
|
page read and write
|
||
|
2A5B000
|
heap
|
page read and write
|
||
|
5828000
|
heap
|
page read and write
|
||
|
416000
|
unkown
|
page read and write
|
||
|
1DF57D75000
|
heap
|
page read and write
|
||
|
59AA000
|
heap
|
page read and write
|
||
|
5968000
|
heap
|
page read and write
|
||
|
17A57796000
|
heap
|
page read and write
|
||
|
58E9000
|
heap
|
page read and write
|
||
|
2351EA00000
|
heap
|
page read and write
|
||
|
57E0000
|
heap
|
page read and write
|
||
|
7FF654CF1000
|
unkown
|
page execute read
|
||
|
4EDD000
|
heap
|
page read and write
|
||
|
59AA000
|
heap
|
page read and write
|
||
|
17A577BC000
|
heap
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
7FF64E8F1000
|
unkown
|
page execute read
|
||
|
19A000
|
stack
|
page read and write
|
||
|
56A1000
|
heap
|
page read and write
|
||
|
6D1000
|
heap
|
page read and write
|
||
|
63E1000
|
heap
|
page read and write
|
||
|
5946000
|
heap
|
page read and write
|
||
|
6B20000
|
direct allocation
|
page read and write
|
||
|
17A577A8000
|
heap
|
page read and write
|
||
|
70F000
|
heap
|
page read and write
|
||
|
5929000
|
heap
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
594F000
|
heap
|
page read and write
|
||
|
57A0000
|
heap
|
page read and write
|
||
|
5540000
|
direct allocation
|
page read and write
|
||
|
57A0000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
7420000
|
direct allocation
|
page read and write
|
||
|
59EF000
|
heap
|
page read and write
|
||
|
5946000
|
heap
|
page read and write
|
||
|
2E06000
|
heap
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
7FF6538F1000
|
unkown
|
page execute read
|
||
|
BBF000
|
stack
|
page read and write
|
||
|
4EBB000
|
heap
|
page read and write
|
||
|
1DF57D94000
|
heap
|
page read and write
|
||
|
2351EA97000
|
heap
|
page read and write
|
||
|
23BC000
|
stack
|
page read and write
|
||
|
594C000
|
heap
|
page read and write
|
||
|
17A577A6000
|
heap
|
page read and write
|
||
|
235204C6000
|
heap
|
page read and write
|
||
|
5946000
|
heap
|
page read and write
|
||
|
59F000
|
unkown
|
page readonly
|
||
|
24B045A0000
|
heap
|
page read and write
|
||
|
5828000
|
heap
|
page read and write
|
||
|
6B3927B000
|
stack
|
page read and write
|
||
|
5828000
|
heap
|
page read and write
|
||
|
5FFA000
|
direct allocation
|
page read and write
|
||
|
594C000
|
heap
|
page read and write
|
||
|
17A57779000
|
heap
|
page read and write
|
||
|
84F000
|
heap
|
page read and write
|
||
|
1DF57D58000
|
heap
|
page read and write
|
||
|
64A0000
|
heap
|
page read and write
|
||
|
17A577C3000
|
heap
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
6B20000
|
direct allocation
|
page read and write
|
||
|
17A57795000
|
heap
|
page read and write
|
||
|
2E1C000
|
heap
|
page read and write
|
||
|
4ED8000
|
heap
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
5942000
|
heap
|
page read and write
|
||
|
1DF57DBD000
|
heap
|
page read and write
|
||
|
58A8000
|
heap
|
page read and write
|
||
|
4EB4000
|
heap
|
page read and write
|
||
|
7FF64D4F0000
|
unkown
|
page readonly
|
||
|
4DA0000
|
trusted library allocation
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
17A577BC000
|
heap
|
page read and write
|
||
|
75C2F6C000
|
stack
|
page read and write
|
||
|
63A0000
|
heap
|
page read and write
|
||
|
4E25000
|
heap
|
page read and write
|
||
|
1DF57D50000
|
heap
|
page read and write
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
595D000
|
heap
|
page read and write
|
||
|
4ED5000
|
heap
|
page read and write
|
||
|
6461000
|
heap
|
page read and write
|
||
|
235203F0000
|
heap
|
page read and write
|
||
|
2351EA50000
|
heap
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
4EBA000
|
heap
|
page read and write
|
||
|
7FF6506F1000
|
unkown
|
page execute read
|
||
|
17A577BC000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
74F5000
|
direct allocation
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
8FEDB3B000
|
stack
|
page read and write
|
||
|
4E21000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
6360000
|
heap
|
page read and write
|
||
|
1DF57DA7000
|
heap
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
57A0000
|
heap
|
page read and write
|
||
|
594F000
|
heap
|
page read and write
|
||
|
6421000
|
heap
|
page read and write
|
||
|
28CC000
|
stack
|
page read and write
|
||
|
849000
|
heap
|
page read and write
|
||
|
594F000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
5946000
|
heap
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
1DF57D10000
|
heap
|
page read and write
|
||
|
5223000
|
heap
|
page read and write
|
||
|
6FCA000
|
direct allocation
|
page read and write
|
||
|
7FF6538F1000
|
unkown
|
page execute read
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
1DF57D94000
|
heap
|
page read and write
|
||
|
2CC0000
|
direct allocation
|
page read and write
|
||
|
595C000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
303C000
|
stack
|
page read and write
|
||
|
2E1F000
|
heap
|
page read and write
|
||
|
594F000
|
heap
|
page read and write
|
||
|
594C000
|
heap
|
page read and write
|
||
|
594F000
|
heap
|
page read and write
|
||
|
40E000
|
unkown
|
page read and write
|
||
|
8FED6FE000
|
stack
|
page read and write
|
||
|
73E000
|
heap
|
page read and write
|
||
|
23520572000
|
heap
|
page read and write
|
||
|
65A1000
|
heap
|
page read and write
|
||
|
7FF64F2F1000
|
unkown
|
page execute read
|
||
|
4E2C000
|
heap
|
page read and write
|
||
|
6EF000
|
heap
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
53E3000
|
direct allocation
|
page read and write
|
||
|
1DF57DB5000
|
heap
|
page read and write
|
||
|
4E36000
|
heap
|
page read and write
|
||
|
4E3000
|
unkown
|
page read and write
|
||
|
5829000
|
heap
|
page read and write
|
||
|
448000
|
unkown
|
page read and write
|
||
|
17A57600000
|
heap
|
page read and write
|
||
|
2E2C000
|
heap
|
page read and write
|
||
|
4E3E000
|
heap
|
page read and write
|
||
|
4EAB000
|
heap
|
page read and write
|
||
|
594E000
|
heap
|
page read and write
|
||
|
50E0000
|
direct allocation
|
page read and write
|
||
|
7FF6524F1000
|
unkown
|
page execute read
|
||
|
1DF57DAE000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
4E2A000
|
heap
|
page read and write
|
||
|
2D01000
|
heap
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
468000
|
unkown
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
5226000
|
heap
|
page read and write
|
||
|
7FF64D4F1000
|
unkown
|
page execute read
|
||
|
412000
|
unkown
|
page read and write
|
||
|
6A6000
|
heap
|
page read and write
|
||
|
5821000
|
heap
|
page read and write
|
||
|
2F0E000
|
heap
|
page read and write
|
||
|
594F000
|
heap
|
page read and write
|
||
|
2E1C000
|
heap
|
page read and write
|
||
|
7014000
|
direct allocation
|
page read and write
|
||
|
1DF57DA7000
|
heap
|
page read and write
|
||
|
C0ED7FE000
|
stack
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
4EB4000
|
heap
|
page read and write
|
||
|
7FF651AF1000
|
unkown
|
page execute read
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
C0ED77E000
|
stack
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
56E0000
|
heap
|
page read and write
|
||
|
4E22000
|
heap
|
page read and write
|
||
|
7FF651AF1000
|
unkown
|
page execute read
|
||
|
74B2000
|
direct allocation
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
7504000
|
direct allocation
|
page read and write
|
||
|
594F000
|
heap
|
page read and write
|
||
|
23520560000
|
heap
|
page execute and read and write
|
||
|
5946000
|
heap
|
page read and write
|
||
|
64A1000
|
heap
|
page read and write
|
||
|
17A577A6000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7FF6524F1000
|
unkown
|
page execute read
|
||
|
5721000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
2E0C000
|
heap
|
page read and write
|
||
|
5946000
|
heap
|
page read and write
|
||
|
6F20000
|
direct allocation
|
page read and write
|
||
|
594C000
|
heap
|
page read and write
|
||
|
57A0000
|
heap
|
page read and write
|
||
|
595C000
|
heap
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
5946000
|
heap
|
page read and write
|
||
|
2E3E000
|
heap
|
page read and write
|
||
|
5828000
|
heap
|
page read and write
|
||
|
2351EA9C000
|
heap
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
59EF000
|
heap
|
page read and write
|
||
|
735000
|
heap
|
page read and write
|
||
|
2E15000
|
heap
|
page read and write
|
||
|
4EDD000
|
heap
|
page read and write
|
||
|
4EBB000
|
heap
|
page read and write
|
||
|
5621000
|
heap
|
page read and write
|
||
|
57A0000
|
heap
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
595F000
|
heap
|
page read and write
|
||
|
5722000
|
heap
|
page read and write
|
||
|
63E2000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
4EBB000
|
heap
|
page read and write
|
||
|
8FED3EE000
|
stack
|
page read and write
|
||
|
5969000
|
heap
|
page read and write
|
||
|
7FF652EF1000
|
unkown
|
page execute read
|
||
|
5946000
|
heap
|
page read and write
|
||
|
8FEDDBB000
|
stack
|
page read and write
|
||
|
4E3A000
|
heap
|
page read and write
|
||
|
6421000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
17A5779B000
|
heap
|
page read and write
|
||
|
4E27000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2351EC20000
|
heap
|
page read and write
|
||
|
4EC2000
|
heap
|
page read and write
|
||
|
69F000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
5E20000
|
direct allocation
|
page read and write
|
||
|
17A577CC000
|
heap
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
235204C0000
|
heap
|
page read and write
|
||
|
5120000
|
heap
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
7FF6510F1000
|
unkown
|
page execute read
|
||
|
595C000
|
heap
|
page read and write
|
||
|
5821000
|
heap
|
page read and write
|
||
|
8FEDC3E000
|
stack
|
page read and write
|
||
|
7FF6510F1000
|
unkown
|
page execute read
|
||
|
6FB000
|
heap
|
page read and write
|
||
|
59E9000
|
heap
|
page read and write
|
||
|
1DF57D92000
|
heap
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
6EF000
|
heap
|
page read and write
|
||
|
5828000
|
heap
|
page read and write
|
||
|
8FEDABE000
|
stack
|
page read and write
|
||
|
5060000
|
direct allocation
|
page read and write
|
||
|
5828000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
6462000
|
heap
|
page read and write
|
||
|
594C000
|
heap
|
page read and write
|
||
|
64E0000
|
heap
|
page read and write
|
||
|
6FC8000
|
direct allocation
|
page read and write
|
||
|
17A57710000
|
heap
|
page read and write
|
||
|
17A576E0000
|
heap
|
page read and write
|
||
|
5946000
|
heap
|
page read and write
|
||
|
5760000
|
heap
|
page read and write
|
||
|
4E25000
|
heap
|
page read and write
|
||
|
7516000
|
direct allocation
|
page read and write
|
||
|
2E31000
|
heap
|
page read and write
|
||
|
8FED7FE000
|
stack
|
page read and write
|
||
|
541F000
|
stack
|
page read and write
|
||
|
5620000
|
heap
|
page read and write
|
||
|
24B044A6000
|
heap
|
page read and write
|
||
|
5220000
|
heap
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
5946000
|
heap
|
page read and write
|
||
|
533B000
|
heap
|
page read and write
|
||
|
5FF4000
|
direct allocation
|
page read and write
|
||
|
2D81000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
2E81000
|
heap
|
page read and write
|
||
|
7FF64E8F1000
|
unkown
|
page execute read
|
||
|
594D000
|
heap
|
page read and write
|
||
|
5828000
|
heap
|
page read and write
|
||
|
5226000
|
heap
|
page read and write
|
||
|
2E01000
|
heap
|
page read and write
|
||
|
59E9000
|
heap
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
4E37000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
6B393FE000
|
stack
|
page read and write
|
||
|
4EC6000
|
heap
|
page read and write
|
||
|
8FEDD3E000
|
stack
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
17A577A9000
|
heap
|
page read and write
|
||
|
41E000
|
unkown
|
page read and write
|
||
|
C0ED6FF000
|
stack
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
4E74000
|
heap
|
page read and write
|
||
|
592A000
|
heap
|
page read and write
|
||
|
2351EC25000
|
heap
|
page read and write
|
||
|
4EB9000
|
heap
|
page read and write
|
||
|
17A577C5000
|
heap
|
page read and write
|
||
|
7FF652EF1000
|
unkown
|
page execute read
|
||
|
594D000
|
heap
|
page read and write
|
||
|
58A9000
|
heap
|
page read and write
|
||
|
595B000
|
heap
|
page read and write
|
||
|
2E12000
|
heap
|
page read and write
|
||
|
594F000
|
heap
|
page read and write
|
||
|
2E0B000
|
heap
|
page read and write
|
||
|
7FF64D4F1000
|
unkown
|
page execute read
|
There are 618 hidden memdumps, click here to show them.