Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SongOfVikings.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.db
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\webdata.db
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\D3DSCache\4f71bded7e2eff50\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\D3DSCache\4f71bded7e2eff50\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\D3DSCache\4f71bded7e2eff50\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
|
Matlab v4 mat-file (little endian) (, numeric, rows 0, columns 16, imaginary
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\passwords.db
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie
0xe, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\webdata.db
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie
0x24, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\SongOfVikings\LICENSE.electron.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\SongOfVikings\LICENSES.chromium.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\SongOfVikings\chrome_100_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\SongOfVikings\chrome_200_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\SongOfVikings\d3dcompiler_47.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\SongOfVikings\ffmpeg.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\SongOfVikings\icudtl.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\SongOfVikings\libEGL.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\SongOfVikings\libGLESv2.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\SongOfVikings\resources.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\SongOfVikings\snapshot_blob.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Autofills.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Passwords.txt
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_00nhm3k0.jd3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_450tslt1.d1s.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_stjnkdip.2aw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xyw4kuvx.1rf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cookies.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\d6298ec28377d406207230300ffe3af0.zip
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\db56a95c-619a-410d-ad51-8448947b0929.tmp.node
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\f1a1d769-375b-46b2-ad93-df5ca2abe3a4.tmp.node
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\LICENSE.electron.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\LICENSES.chromium.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\SongOfVikings.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\chrome_100_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\chrome_200_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\d3dcompiler_47.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\ffmpeg.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\icudtl.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\libEGL.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\libGLESv2.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\af.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\am.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ar.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\bg.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\bn.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ca.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\cs.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\da.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\de.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\el.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\en-GB.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\en-US.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\es-419.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\es.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\et.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\fa.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\fi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\fil.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\fr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\gu.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\he.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\hi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\hr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\hu.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\id.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\it.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ja.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\kn.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ko.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\lt.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\lv.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ml.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\mr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ms.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\nb.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\nl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\pl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\pt-BR.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\pt-PT.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ro.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ru.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\sk.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\sl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\sr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\sv.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\sw.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ta.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\te.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\th.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\tr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\uk.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\ur.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\vi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\zh-CN.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\locales\zh-TW.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\resources.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\resources\app.asar
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\resources\elevate.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\snapshot_blob.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\v8_context_snapshot.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\vk_swiftshader.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\vk_swiftshader_icd.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\7z-out\vulkan-1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\SpiderBanner.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\StdUtils.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\app-64.7z
|
7-zip archive data, version 0.4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsjF3C0.tmp\nsis7z.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\SongOfVikings\17188df5-ad26-4f3e-b9c7-9b5079b7749f.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\Roaming\SongOfVikings\Local State (copy)
|
JSON data
|
dropped
|
There are 101 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SongOfVikings.exe
|
"C:\Users\user\Desktop\SongOfVikings.exe"
|
|
|
|
C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe
|
"C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe"
|
|
|
|
C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe
|
"C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings"
--gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA=
--mojo-platform-channel-handle=1924 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand
/prefetch:2
|
|
|
|
C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe
|
"C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings" --mojo-platform-channel-handle=2440
--field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand
/prefetch:8
|
|
|
|
C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe
|
"C:\Users\user\AppData\Local\Programs\SongOfVikings\SongOfVikings.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled
--gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SongOfVikings"
--gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA=
--mojo-platform-channel-handle=1904 --field-trial-handle=1932,i,8930845270246626881,144407894186871125,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand
/prefetch:2
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\tasklist.exe
|
tasklist
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250),
$null, 'CurrentUser')"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\tasklist.exe
|
tasklist
|
||
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,162,223,64,66,67,235,252,176,134,0,234,34,88,190,96,79,120,163,57,223,70,184,59,55,251,103,80,66,213,41,79,203,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,65,3,137,251,132,67,165,117,37,32,77,156,77,25,114,22,240,181,235,103,91,102,117,255,144,36,92,249,151,253,60,75,48,0,0,0,43,225,223,217,151,30,78,184,8,140,233,239,111,191,100,251,188,228,105,81,245,79,114,215,91,96,112,252,70,126,43,40,253,217,123,23,241,100,8,207,153,67,107,184,161,113,210,62,64,0,0,0,16,48,146,16,208,228,76,223,250,118,61,199,169,142,18,65,154,30,229,124,35,149,206,81,42,123,202,212,101,122,75,162,189,113,249,192,143,80,146,46,12,170,101,4,63,156,140,201,97,222,242,144,253,193,232,162,242,114,34,110,102,135,201,250),
$null, 'CurrentUser')
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157),
$null, 'CurrentUser')"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,236,112,27,63,29,45,147,76,154,28,167,163,109,166,140,139,16,0,0,0,10,0,0,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,177,111,46,150,212,157,15,4,228,252,12,0,1,183,251,108,66,54,253,189,23,124,86,207,222,56,201,250,182,152,221,247,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,178,13,225,93,214,215,151,162,72,143,194,133,190,22,214,149,170,149,74,147,55,106,15,180,131,73,196,197,128,118,103,89,48,0,0,0,94,206,242,8,29,35,27,71,101,58,135,55,188,69,108,246,46,232,119,93,65,217,99,7,252,165,33,164,119,40,187,209,190,181,221,12,22,110,211,109,137,129,98,159,150,234,140,244,64,0,0,0,160,185,210,147,25,143,46,73,184,87,79,38,71,228,189,220,249,51,245,132,106,162,213,227,45,47,24,171,45,48,70,50,96,105,2,105,84,9,7,23,200,91,89,93,224,1,154,41,99,254,68,168,144,46,197,126,233,182,158,66,11,216,163,157),
$null, 'CurrentUser')
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.sqlite.org)
|
unknown
|
||
|
https://bugzilla.mozilla.org/show_bug.cgi?id=310299
|
unknown
|
||
|
https://url.spec.whatwg.org/#concept-url-origin
|
unknown
|
||
|
https://tools.ietf.org/html/rfc6455#section-1.3
|
unknown
|
||
|
https://support.google.com/chrome/answer/6098869
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=ms&category=theme81https://myactivity.google.com/myactivity/?u
|
unknown
|
||
|
https://doh.familyshield.opendns.com/dns-query
|
unknown
|
||
|
https://www.bluetooth.com/specifications/gatt/services
|
unknown
|
||
|
http://anglebug.com/4633
|
unknown
|
||
|
https://anglebug.com/7382
|
unknown
|
||
|
https://github.com/WebBluetoothCG/web-bluetooth/blob/main/implementation-status.md
|
unknown
|
||
|
https://github.com/nodejs/node/pull/35941
|
unknown
|
||
|
https://console.spec.whatwg.org/#table
|
unknown
|
||
|
https://chrome.google.com/webstore?hl=fi&category=theme81https://myactivity.google.com/myactivity/?u
|
unknown
|
||
|
https://github.com/nodejs/string_decoder
|
unknown
|
||
|
https://goo.gl/7K7WLuThe
|
unknown
|
||
|
https://crbug.com/1356053
|
unknown
|
||
|
https://dns11.quad9.net/dns-query
|
unknown
|
||
|
https://encoding.spec.whatwg.org/#textencoder
|
unknown
|
||
|
https://goo.gl/7K7WLu
|
unknown
|
||
|
https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
|
unknown
|
||
|
https://github.com/tc39/proposal-weakrefs
|
unknown
|
||
|
https://goo.gl/t5IS6M).
|
unknown
|
||
|
http://crbug.com/110263
|
unknown
|
||
|
https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
|
unknown
|
||
|
https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
|
unknown
|
||
|
https://url.spec.whatwg.org/#concept-urlencoded-serializer
|
unknown
|
||
|
http://anglebug.com/6929
|
unknown
|
||
|
https://semver.org/
|
unknown
|
||
|
https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
|
unknown
|
||
|
https://openjsf.org/
|
unknown
|
||
|
https://nodejs.org/api/fs.html
|
unknown
|
||
|
https://chromium.googlesource.com/chromium/src/
|
unknown
|
||
|
https://github.com/nodejs/node/pull/21313
|
unknown
|
||
|
https://nextdns.io/privacy
|
unknown
|
||
|
https://anglebug.com/7246
|
unknown
|
||
|
https://anglebug.com/7369
|
unknown
|
||
|
https://anglebug.com/7489
|
unknown
|
||
|
https://crbug.com/593024
|
unknown
|
||
|
https://w3c.github.io/manifest/#installability-signals
|
unknown
|
||
|
https://www.gnu.org/software/automake/
|
unknown
|
||
|
http://www.midnight-commander.org/browser/lib/tty/key.c
|
unknown
|
||
|
https://nodejs.org/
|
unknown
|
||
|
https://tools.ietf.org/html/rfc7540#section-8.1.2.5
|
unknown
|
||
|
http://exslt.org/common
|
unknown
|
||
|
https://github.com/tensorflow/models
|
unknown
|
||
|
http://www.squid-cache.org/Doc/config/half_closed_clients/
|
unknown
|
||
|
https://developers.google.com/speed/public-dns/privacyGoogle
|
unknown
|
||
|
https://github.com/KhronosGroup/SPIRV-Headers.git
|
unknown
|
||
|
https://doh.opendns.com/dns-query
|
unknown
|
||
|
https://tc39.es/ecma262/#sec-timeclip
|
unknown
|
||
|
https://issuetracker.google.com/161903006
|
unknown
|
||
|
http://127.0.0.1
|
unknown
|
||
|
https://crbug.com/1300575
|
unknown
|
||
|
https://github.com/nodejs/node/pull/33661
|
unknown
|
||
|
http://www.nongnu.org/freebangfont/downloads.html#mukti
|
unknown
|
||
|
https://crbug.com/710443
|
unknown
|
||
|
http://narwhaljs.org)
|
unknown
|
||
|
http://istanbul-js.org/
|
unknown
|
||
|
https://github.com/tensorflow/tflite-support
|
unknown
|
||
|
https://github.com/WICG/scheduling-apis
|
unknown
|
||
|
https://sqlite.org/
|
unknown
|
||
|
https://crbug.com/1060012
|
unknown
|
||
|
https://www.gnu.org/software/coreutils/
|
unknown
|
||
|
http://localhosthttp://127.0.0.1object-src
|
unknown
|
||
|
https://code.google.com/p/chromium/issues/detail?id=25916
|
unknown
|
||
|
http://anglebug.com/3997
|
unknown
|
||
|
http://anglebug.com/4722
|
unknown
|
||
|
http://crbug.com/642605
|
unknown
|
||
|
http://moztw.org/docs/big5/
|
unknown
|
||
|
https://fetch.spec.whatwg.org/#fetch-timing-info
|
unknown
|
||
|
http://anglebug.com/1452
|
unknown
|
||
|
http://www.ogcio.gov.hk/tc/business/tech_promotion/ccli/terms/doc/hkscs-2008-big5-iso.txt
|
unknown
|
||
|
https://webassembly.github.io/spec/web-api
|
unknown
|
||
|
https://github.com/nodejs/node/pull/12607
|
unknown
|
||
|
https://www.ecma-international.org/ecma-262/#sec-line-terminators
|
unknown
|
||
|
http://www.sqlite.org/
|
unknown
|
||
|
https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
|
unknown
|
||
|
https://crbug.com/650547callClearTwiceUsing
|
unknown
|
||
|
https://github.com/npm/node-tar/issues/183
|
unknown
|
||
|
http://anglebug.com/3502
|
unknown
|
||
|
http://anglebug.com/3623
|
unknown
|
||
|
https://github.com/facebook/react-native/pull/1632
|
unknown
|
||
|
https://gitlab.freedesktop.org/xdg/xdgmime
|
unknown
|
||
|
http://anglebug.com/3625
|
unknown
|
||
|
http://anglebug.com/3624
|
unknown
|
||
|
http://www.unicode.org/copyright.html
|
unknown
|
||
|
https://beacons.gcp.gvt2.com/domainreliability/upload
|
unknown
|
||
|
http://anglebug.com/2894
|
unknown
|
||
|
http://www.gnu.org/gethelp/
|
unknown
|
||
|
http://anglebug.com/3862
|
unknown
|
||
|
https://dns.google/dns-query
|
unknown
|
||
|
https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html
|
unknown
|
||
|
https://github.com/RyanZim/universalify.git
|
unknown
|
||
|
http://anglebug.com/4836
|
unknown
|
||
|
https://issuetracker.google.com/issues/166475273
|
unknown
|
||
|
https://heycam.github.io/webidl/#es-iterable-entries
|
unknown
|
||
|
https://github.com/wasdk/wasmparser
|
unknown
|
||
|
https://heycam.github.io/webidl/#es-interfaces
|
unknown
|
||
|
https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
chrome.cloudflare-dns.com
|
172.64.41.3
|
||
|
api.ipify.org
|
172.67.74.152
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
40.66.40.211
|
unknown
|
United States
|
||
|
172.64.41.3
|
chrome.cloudflare-dns.com
|
United States
|
||
|
172.67.74.152
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\cdf7078b-99f0-53cc-bffc-b945975ddd33
|
InstallLocation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\cdf7078b-99f0-53cc-bffc-b945975ddd33
|
KeepShortcuts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\cdf7078b-99f0-53cc-bffc-b945975ddd33
|
ShortcutName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cdf7078b-99f0-53cc-bffc-b945975ddd33
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cdf7078b-99f0-53cc-bffc-b945975ddd33
|
UninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cdf7078b-99f0-53cc-bffc-b945975ddd33
|
QuietUninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cdf7078b-99f0-53cc-bffc-b945975ddd33
|
DisplayVersion
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cdf7078b-99f0-53cc-bffc-b945975ddd33
|
DisplayIcon
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cdf7078b-99f0-53cc-bffc-b945975ddd33
|
Publisher
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cdf7078b-99f0-53cc-bffc-b945975ddd33
|
NoModify
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cdf7078b-99f0-53cc-bffc-b945975ddd33
|
NoRepair
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cdf7078b-99f0-53cc-bffc-b945975ddd33
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
There are 3 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFD9B1FF000
|
trusted library allocation
|
page read and write
|
||
|
270310B0000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
2D71000
|
heap
|
page read and write
|
||
|
15AC8C40000
|
heap
|
page read and write
|
||
|
6522000
|
heap
|
page read and write
|
||
|
5492000
|
heap
|
page read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
2704B050000
|
heap
|
page read and write
|
||
|
7FFD9B215000
|
trusted library allocation
|
page read and write
|
||
|
8B0C57F000
|
stack
|
page read and write
|
||
|
7B3000
|
heap
|
page read and write
|
||
|
6611000
|
heap
|
page read and write
|
||
|
15AC8CAC000
|
heap
|
page read and write
|
||
|
26CE0696000
|
heap
|
page read and write
|
||
|
5491000
|
heap
|
page read and write
|
||
|
23799A48000
|
heap
|
page read and write
|
||
|
237FF71A000
|
heap
|
page read and write
|
||
|
7FFD9B07A000
|
trusted library allocation
|
page read and write
|
||
|
10E7AFC000
|
stack
|
page read and write
|
||
|
637E000
|
direct allocation
|
page read and write
|
||
|
651A000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
9082FB9000
|
stack
|
page read and write
|
||
|
7FFD9B0C0000
|
trusted library allocation
|
page read and write
|
||
|
23799A30000
|
heap
|
page read and write
|
||
|
4D92000
|
heap
|
page read and write
|
||
|
54D0000
|
heap
|
page read and write
|
||
|
7B3000
|
heap
|
page read and write
|
||
|
27031120000
|
heap
|
page readonly
|
||
|
270346A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9AEB4000
|
trusted library allocation
|
page read and write
|
||
|
2D71000
|
heap
|
page read and write
|
||
|
819000
|
heap
|
page read and write
|
||
|
1939EA7C000
|
heap
|
page read and write
|
||
|
270343DC000
|
trusted library allocation
|
page read and write
|
||
|
7FF691F3D000
|
unkown
|
page execute read
|
||
|
27034766000
|
trusted library allocation
|
page read and write
|
||
|
27042DDC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B110000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B140000
|
trusted library allocation
|
page read and write
|
||
|
6710000
|
heap
|
page read and write
|
||
|
6651000
|
heap
|
page read and write
|
||
|
7FF68B13D000
|
unkown
|
page execute read
|
||
|
C0E058E000
|
stack
|
page read and write
|
||
|
651D000
|
heap
|
page read and write
|
||
|
7FF69013D000
|
unkown
|
page execute read
|
||
|
81B000
|
heap
|
page read and write
|
||
|
27042B53000
|
trusted library allocation
|
page read and write
|
||
|
54CB000
|
heap
|
page read and write
|
||
|
7FFD9B0C0000
|
trusted library allocation
|
page read and write
|
||
|
22CC000
|
stack
|
page read and write
|
||
|
7FF68BB3D000
|
unkown
|
page execute read
|
||
|
5658000
|
heap
|
page read and write
|
||
|
27030EEA000
|
heap
|
page read and write
|
||
|
54A4000
|
heap
|
page read and write
|
||
|
23783130000
|
trusted library allocation
|
page read and write
|
||
|
7FF68AC90000
|
unkown
|
page readonly
|
||
|
C0DF6FE000
|
stack
|
page read and write
|
||
|
7FFD9B190000
|
trusted library allocation
|
page read and write
|
||
|
5650000
|
heap
|
page read and write
|
||
|
483000
|
unkown
|
page read and write
|
||
|
6527000
|
heap
|
page read and write
|
||
|
8B0C4FE000
|
stack
|
page read and write
|
||
|
82B000
|
heap
|
page read and write
|
||
|
DABF7E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
55D0000
|
heap
|
page read and write
|
||
|
273C3CAA000
|
heap
|
page read and write
|
||
|
54D2000
|
heap
|
page read and write
|
||
|
15AC8CD8000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
27032AE1000
|
trusted library allocation
|
page read and write
|
||
|
6E10000
|
direct allocation
|
page read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
90830BE000
|
stack
|
page read and write
|
||
|
26CE08B0000
|
heap
|
page read and write
|
||
|
7FFD9B1F0000
|
trusted library allocation
|
page read and write
|
||
|
6010000
|
direct allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
5658000
|
heap
|
page read and write
|
||
|
784000
|
heap
|
page read and write
|
||
|
6350000
|
direct allocation
|
page read and write
|
||
|
7FF69153D000
|
unkown
|
page execute read
|
||
|
24BB6BA9000
|
heap
|
page read and write
|
||
|
83B000
|
heap
|
page read and write
|
||
|
54CB000
|
heap
|
page read and write
|
||
|
54B4000
|
heap
|
page read and write
|
||
|
15AC8CA7000
|
heap
|
page read and write
|
||
|
27031220000
|
heap
|
page read and write
|
||
|
23783066000
|
trusted library allocation
|
page read and write
|
||
|
81F000
|
heap
|
page read and write
|
||
|
7FFD9AEC2000
|
trusted library allocation
|
page read and write
|
||
|
94F000
|
stack
|
page read and write
|
||
|
2274000
|
heap
|
page read and write
|
||
|
500D000
|
stack
|
page read and write
|
||
|
7FF69153D000
|
unkown
|
page execute read
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
15AC8C88000
|
heap
|
page read and write
|
||
|
5A90000
|
direct allocation
|
page read and write
|
||
|
23799A20000
|
heap
|
page execute and read and write
|
||
|
831000
|
heap
|
page read and write
|
||
|
7FFD9B150000
|
trusted library allocation
|
page read and write
|
||
|
42D0000
|
trusted library allocation
|
page read and write
|
||
|
27030F67000
|
heap
|
page read and write
|
||
|
A90E9FE000
|
unkown
|
page read and write
|
||
|
7CE000
|
heap
|
page read and write
|
||
|
448000
|
unkown
|
page read and write
|
||
|
15AC8CDB000
|
heap
|
page read and write
|
||
|
2704B130000
|
heap
|
page execute and read and write
|
||
|
9083C8E000
|
stack
|
page read and write
|
||
|
7FFD9B1D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B1E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF68C53D000
|
unkown
|
page execute read
|
||
|
7FF68E33D000
|
unkown
|
page execute read
|
||
|
54D1000
|
heap
|
page read and write
|
||
|
2921000
|
heap
|
page read and write
|
||
|
7FF68D93D000
|
unkown
|
page execute read
|
||
|
6650000
|
heap
|
page read and write
|
||
|
237816DD000
|
trusted library allocation
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
5494000
|
heap
|
page read and write
|
||
|
23781460000
|
heap
|
page execute and read and write
|
||
|
23782BA5000
|
trusted library allocation
|
page read and write
|
||
|
15AC8F55000
|
heap
|
page read and write
|
||
|
6525000
|
heap
|
page read and write
|
||
|
549A000
|
heap
|
page read and write
|
||
|
908323B000
|
stack
|
page read and write
|
||
|
237914C0000
|
trusted library allocation
|
page read and write
|
||
|
1939EA95000
|
heap
|
page read and write
|
||
|
237FF6D0000
|
heap
|
page read and write
|
||
|
26CE06BB000
|
heap
|
page read and write
|
||
|
7FF68ED3D000
|
unkown
|
page execute read
|
||
|
54CB000
|
heap
|
page read and write
|
||
|
5650000
|
heap
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
7DF439C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
C0DF93C000
|
stack
|
page read and write
|
||
|
83A000
|
heap
|
page read and write
|
||
|
9082F38000
|
stack
|
page read and write
|
||
|
23781530000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B090000
|
trusted library allocation
|
page execute and read and write
|
||
|
26CE0840000
|
heap
|
page read and write
|
||
|
54AF000
|
heap
|
page read and write
|
||
|
5391000
|
heap
|
page read and write
|
||
|
7FFD9B0D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B150000
|
trusted library allocation
|
page read and write
|
||
|
51BB000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
15AC8CDB000
|
heap
|
page read and write
|
||
|
6110000
|
direct allocation
|
page read and write
|
||
|
7FFD9B080000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B0A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B110000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B0D0000
|
trusted library allocation
|
page read and write
|
||
|
26CE0640000
|
heap
|
page read and write
|
||
|
7FFD9AFA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
5658000
|
heap
|
page read and write
|
||
|
7FFD9B1F9000
|
trusted library allocation
|
page read and write
|
||
|
24BB6A55000
|
heap
|
page read and write
|
||
|
2CEE000
|
stack
|
page read and write
|
||
|
237FF600000
|
heap
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
841000
|
heap
|
page read and write
|
||
|
9082EBE000
|
stack
|
page read and write
|
||
|
5391000
|
heap
|
page read and write
|
||
|
15AC8CCE000
|
heap
|
page read and write
|
||
|
7FFD9AEDB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9AF7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7BD000
|
heap
|
page read and write
|
||
|
54C2000
|
heap
|
page read and write
|
||
|
9082B7F000
|
stack
|
page read and write
|
||
|
65D0000
|
heap
|
page read and write
|
||
|
4D91000
|
heap
|
page read and write
|
||
|
241E9CF0000
|
heap
|
page read and write
|
||
|
5C10000
|
direct allocation
|
page read and write
|
||
|
237917AB000
|
trusted library allocation
|
page read and write
|
||
|
15AC8CB8000
|
heap
|
page read and write
|
||
|
7FFD9AEC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
5658000
|
heap
|
page read and write
|
||
|
7FFD9AEBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
54BF000
|
heap
|
page read and write
|
||
|
273C3B00000
|
heap
|
page read and write
|
||
|
2704B014000
|
heap
|
page read and write
|
||
|
83A000
|
heap
|
page read and write
|
||
|
40E000
|
unkown
|
page read and write
|
||
|
2703370D000
|
trusted library allocation
|
page read and write
|
||
|
5550000
|
heap
|
page read and write
|
||
|
51B4000
|
heap
|
page read and write
|
||
|
7FF68BB3D000
|
unkown
|
page execute read
|
||
|
27031110000
|
trusted library allocation
|
page read and write
|
||
|
5EA6000
|
direct allocation
|
page read and write
|
||
|
5658000
|
heap
|
page read and write
|
||
|
2378312C000
|
trusted library allocation
|
page read and write
|
||
|
27030F40000
|
heap
|
page read and write
|
||
|
5351000
|
heap
|
page read and write
|
||
|
6521000
|
heap
|
page read and write
|
||
|
23799BC0000
|
heap
|
page read and write
|
||
|
6010000
|
direct allocation
|
page read and write
|
||
|
837000
|
heap
|
page read and write
|
||
|
15AC8B40000
|
heap
|
page read and write
|
||
|
24BB6BA5000
|
heap
|
page read and write
|
||
|
15AC8CB9000
|
heap
|
page read and write
|
||
|
54D0000
|
heap
|
page read and write
|
||
|
81B000
|
heap
|
page read and write
|
||
|
7FFD9B170000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B130000
|
trusted library allocation
|
page read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
237FF756000
|
heap
|
page read and write
|
||
|
6590000
|
heap
|
page read and write
|
||
|
273C3C00000
|
heap
|
page read and write
|
||
|
237FF5F5000
|
heap
|
page read and write
|
||
|
26CE06BB000
|
heap
|
page read and write
|
||
|
6511000
|
heap
|
page read and write
|
||
|
5350000
|
heap
|
page read and write
|
||
|
514F000
|
heap
|
page read and write
|
||
|
7FF68B13D000
|
unkown
|
page execute read
|
||
|
15AC8CDB000
|
heap
|
page read and write
|
||
|
6718000
|
heap
|
page read and write
|
||
|
7FFD9B180000
|
trusted library allocation
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
26CE06A7000
|
heap
|
page read and write
|
||
|
2704AF6E000
|
heap
|
page read and write
|
||
|
273C3CC7000
|
heap
|
page read and write
|
||
|
2704B191000
|
heap
|
page read and write
|
||
|
54D1000
|
heap
|
page read and write
|
||
|
C0DF5FE000
|
stack
|
page read and write
|
||
|
4B11000
|
heap
|
page read and write
|
||
|
1939ED50000
|
heap
|
page read and write
|
||
|
241E9A77000
|
heap
|
page read and write
|
||
|
DABE7E000
|
stack
|
page read and write
|
||
|
5611000
|
heap
|
page read and write
|
||
|
1939EA70000
|
heap
|
page read and write
|
||
|
7FFD9B160000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B107000
|
trusted library allocation
|
page read and write
|
||
|
C0DF4FE000
|
stack
|
page read and write
|
||
|
90831BE000
|
stack
|
page read and write
|
||
|
7FFD9B1A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF68CF3D000
|
unkown
|
page execute read
|
||
|
7FF68C53D000
|
unkown
|
page execute read
|
||
|
C508F9C000
|
stack
|
page read and write
|
||
|
7FFD9B220000
|
trusted library allocation
|
page read and write
|
||
|
5450000
|
heap
|
page read and write
|
||
|
7FF692ABA000
|
unkown
|
page readonly
|
||
|
6591000
|
heap
|
page read and write
|
||
|
1939EA40000
|
heap
|
page read and write
|
||
|
7FFD9AFE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1939ED59000
|
heap
|
page read and write
|
||
|
C0DF8B8000
|
stack
|
page read and write
|
||
|
27031163000
|
trusted library allocation
|
page read and write
|
||
|
2340000
|
heap
|
page read and write
|
||
|
4C13000
|
heap
|
page read and write
|
||
|
7A1000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
237FF6D9000
|
heap
|
page read and write
|
||
|
7FF68D93D000
|
unkown
|
page execute read
|
||
|
15AC8C80000
|
heap
|
page read and write
|
||
|
7FFD9AECD000
|
trusted library allocation
|
page execute and read and write
|
||
|
81C000
|
heap
|
page read and write
|
||
|
27032B63000
|
trusted library allocation
|
page read and write
|
||
|
23791522000
|
trusted library allocation
|
page read and write
|
||
|
288D000
|
stack
|
page read and write
|
||
|
5491000
|
heap
|
page read and write
|
||
|
2DF1000
|
heap
|
page read and write
|
||
|
6511000
|
heap
|
page read and write
|
||
|
4B10000
|
heap
|
page read and write
|
||
|
6525000
|
heap
|
page read and write
|
||
|
27030F26000
|
heap
|
page read and write
|
||
|
7DD000
|
heap
|
page read and write
|
||
|
5611000
|
heap
|
page read and write
|
||
|
6527000
|
heap
|
page read and write
|
||
|
7FF68F73D000
|
unkown
|
page execute read
|
||
|
15AC8CAC000
|
heap
|
page read and write
|
||
|
54C2000
|
heap
|
page read and write
|
||
|
7FF68BB3D000
|
unkown
|
page execute read
|
||
|
7FF68AC91000
|
unkown
|
page execute read
|
||
|
241E9930000
|
heap
|
page read and write
|
||
|
7FF690B3D000
|
unkown
|
page execute read
|
||
|
5412000
|
heap
|
page read and write
|
||
|
27032A47000
|
heap
|
page execute and read and write
|
||
|
7FFD9B210000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B170000
|
trusted library allocation
|
page read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
53D0000
|
heap
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
6513000
|
heap
|
page read and write
|
||
|
6511000
|
heap
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
54BF000
|
heap
|
page read and write
|
||
|
7FFD9B070000
|
trusted library allocation
|
page execute and read and write
|
||
|
7CF000
|
heap
|
page read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
4C90000
|
heap
|
page read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
26CE0697000
|
heap
|
page read and write
|
||
|
15AC8CDB000
|
heap
|
page read and write
|
||
|
23799CFF000
|
heap
|
page read and write
|
||
|
23799B20000
|
heap
|
page read and write
|
||
|
7FFD9B1A0000
|
trusted library allocation
|
page read and write
|
||
|
5691000
|
heap
|
page read and write
|
||
|
24BB6BA0000
|
heap
|
page read and write
|
||
|
7FF68CF3D000
|
unkown
|
page execute read
|
||
|
5690000
|
heap
|
page read and write
|
||
|
23781430000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9AED0000
|
trusted library allocation
|
page read and write
|
||
|
7FF68F73D000
|
unkown
|
page execute read
|
||
|
241E9A10000
|
heap
|
page read and write
|
||
|
5658000
|
heap
|
page read and write
|
||
|
2D71000
|
heap
|
page read and write
|
||
|
908303E000
|
stack
|
page read and write
|
||
|
24BB6A3C000
|
heap
|
page read and write
|
||
|
7310000
|
direct allocation
|
page read and write
|
||
|
66D1000
|
heap
|
page read and write
|
||
|
5391000
|
heap
|
page read and write
|
||
|
5610000
|
heap
|
page read and write
|
||
|
65D1000
|
heap
|
page read and write
|
||
|
24BB6BB0000
|
heap
|
page read and write
|
||
|
15AC8CCC000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
2D2C000
|
stack
|
page read and write
|
||
|
2D76000
|
heap
|
page read and write
|
||
|
9082D7F000
|
stack
|
page read and write
|
||
|
270311F0000
|
heap
|
page read and write
|
||
|
51B0000
|
heap
|
page read and write
|
||
|
6610000
|
heap
|
page read and write
|
||
|
838000
|
heap
|
page read and write
|
||
|
23782D86000
|
trusted library allocation
|
page read and write
|
||
|
4C90000
|
heap
|
page read and write
|
||
|
6523000
|
heap
|
page read and write
|
||
|
5C10000
|
direct allocation
|
page read and write
|
||
|
51B7000
|
heap
|
page read and write
|
||
|
53D1000
|
heap
|
page read and write
|
||
|
27042C95000
|
trusted library allocation
|
page read and write
|
||
|
54BA000
|
heap
|
page read and write
|
||
|
7FF692ABA000
|
unkown
|
page readonly
|
||
|
2704AFE0000
|
heap
|
page read and write
|
||
|
7FFD9AEC4000
|
trusted library allocation
|
page read and write
|
||
|
603F3FF000
|
unkown
|
page read and write
|
||
|
237FF4F0000
|
heap
|
page read and write
|
||
|
837000
|
heap
|
page read and write
|
||
|
C0DF7BE000
|
stack
|
page read and write
|
||
|
241E9A75000
|
heap
|
page read and write
|
||
|
278C000
|
stack
|
page read and write
|
||
|
27032A40000
|
heap
|
page execute and read and write
|
||
|
7FF69013D000
|
unkown
|
page execute read
|
||
|
56D0000
|
heap
|
page read and write
|
||
|
4C11000
|
heap
|
page read and write
|
||
|
2704B530000
|
heap
|
page read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
7FFD9B200000
|
trusted library allocation
|
page read and write
|
||
|
838000
|
heap
|
page read and write
|
||
|
603F2FB000
|
stack
|
page read and write
|
||
|
54B4000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
15AC8CCC000
|
heap
|
page read and write
|
||
|
2D71000
|
heap
|
page read and write
|
||
|
23799B19000
|
heap
|
page read and write
|
||
|
7FFD9B120000
|
trusted library allocation
|
page read and write
|
||
|
26CE0678000
|
heap
|
page read and write
|
||
|
6527000
|
heap
|
page read and write
|
||
|
26CE06CD000
|
heap
|
page read and write
|
||
|
56D0000
|
heap
|
page read and write
|
||
|
23799CA0000
|
heap
|
page execute and read and write
|
||
|
5658000
|
heap
|
page read and write
|
||
|
6521000
|
heap
|
page read and write
|
||
|
9082A7E000
|
stack
|
page read and write
|
||
|
241E9A50000
|
heap
|
page read and write
|
||
|
5392000
|
heap
|
page read and write
|
||
|
7FFD9B1D3000
|
trusted library allocation
|
page read and write
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
59F000
|
unkown
|
page readonly
|
||
|
7FFD9B130000
|
trusted library allocation
|
page read and write
|
||
|
7FF690B3D000
|
unkown
|
page execute read
|
||
|
2704AAE7000
|
heap
|
page read and write
|
||
|
23799CD0000
|
heap
|
page read and write
|
||
|
5034000
|
heap
|
page read and write
|
||
|
23799CE8000
|
heap
|
page read and write
|
||
|
7FF68AC91000
|
unkown
|
page execute read
|
||
|
226C000
|
stack
|
page read and write
|
||
|
26CE069C000
|
heap
|
page read and write
|
||
|
7FFD9B230000
|
trusted library allocation
|
page read and write
|
||
|
6D7000
|
heap
|
page read and write
|
||
|
5659000
|
heap
|
page read and write
|
||
|
27030E80000
|
heap
|
page read and write
|
||
|
6521000
|
heap
|
page read and write
|
||
|
26CE06BB000
|
heap
|
page read and write
|
||
|
7FFD9B1F0000
|
trusted library allocation
|
page read and write
|
||
|
4D11000
|
heap
|
page read and write
|
||
|
4F0F000
|
stack
|
page read and write
|
||
|
23799B2A000
|
heap
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
273C3BE0000
|
heap
|
page read and write
|
||
|
54B6000
|
heap
|
page read and write
|
||
|
A4F000
|
stack
|
page read and write
|
||
|
C0DF837000
|
stack
|
page read and write
|
||
|
237FF72E000
|
heap
|
page read and write
|
||
|
7FFD9B120000
|
trusted library allocation
|
page read and write
|
||
|
6524000
|
heap
|
page read and write
|
||
|
7FFD9B092000
|
trusted library allocation
|
page read and write
|
||
|
4D50000
|
heap
|
page read and write
|
||
|
5658000
|
heap
|
page read and write
|
||
|
15AC8CA6000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
23799A72000
|
heap
|
page read and write
|
||
|
7FFD9B220000
|
trusted library allocation
|
page read and write
|
||
|
5451000
|
heap
|
page read and write
|
||
|
5490000
|
heap
|
page read and write
|
||
|
23781470000
|
heap
|
page readonly
|
||
|
23799A81000
|
heap
|
page read and write
|
||
|
4F2C000
|
heap
|
page read and write
|
||
|
27033E78000
|
trusted library allocation
|
page read and write
|
||
|
71E000
|
stack
|
page read and write
|
||
|
1939EA20000
|
heap
|
page read and write
|
||
|
C0DFBBB000
|
stack
|
page read and write
|
||
|
270341D9000
|
trusted library allocation
|
page read and write
|
||
|
6525000
|
heap
|
page read and write
|
||
|
7FFD9B1D0000
|
trusted library allocation
|
page read and write
|
||
|
23781450000
|
trusted library allocation
|
page read and write
|
||
|
237FF5D0000
|
heap
|
page read and write
|
||
|
83A000
|
heap
|
page read and write
|
||
|
2704AF9C000
|
heap
|
page read and write
|
||
|
51AD000
|
stack
|
page read and write
|
||
|
7A7000
|
heap
|
page read and write
|
||
|
5658000
|
heap
|
page read and write
|
||
|
529E000
|
stack
|
page read and write
|
||
|
1939EA10000
|
heap
|
page read and write
|
||
|
590F000
|
stack
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
7FFD9B1C0000
|
trusted library allocation
|
page read and write
|
||
|
273C3E80000
|
heap
|
page read and write
|
||
|
26CE0696000
|
heap
|
page read and write
|
||
|
6525000
|
heap
|
page read and write
|
||
|
C5092FE000
|
unkown
|
page read and write
|
||
|
27030F69000
|
heap
|
page read and write
|
||
|
23782DE2000
|
trusted library allocation
|
page read and write
|
||
|
81B000
|
heap
|
page read and write
|
||
|
5658000
|
heap
|
page read and write
|
||
|
2DF1000
|
heap
|
page read and write
|
||
|
2D71000
|
heap
|
page read and write
|
||
|
23782D5B000
|
trusted library allocation
|
page read and write
|
||
|
9082CFE000
|
stack
|
page read and write
|
||
|
27030EA0000
|
heap
|
page read and write
|
||
|
7FFD9B0E0000
|
trusted library allocation
|
page read and write
|
||
|
C0DF779000
|
stack
|
page read and write
|
||
|
5499000
|
heap
|
page read and write
|
||
|
C0DF67F000
|
stack
|
page read and write
|
||
|
7D7000
|
heap
|
page read and write
|
||
|
24BB69C0000
|
heap
|
page read and write
|
||
|
7B3000
|
heap
|
page read and write
|
||
|
27034392000
|
trusted library allocation
|
page read and write
|
||
|
54B5000
|
heap
|
page read and write
|
||
|
6550000
|
heap
|
page read and write
|
||
|
270311A0000
|
trusted library allocation
|
page read and write
|
||
|
66D1000
|
heap
|
page read and write
|
||
|
7FFD9B100000
|
trusted library allocation
|
page read and write
|
||
|
7FF692ACA000
|
unkown
|
page readonly
|
||
|
4FBA000
|
direct allocation
|
page read and write
|
||
|
826000
|
heap
|
page read and write
|
||
|
2915000
|
heap
|
page read and write
|
||
|
23799CF0000
|
heap
|
page read and write
|
||
|
5590000
|
heap
|
page read and write
|
||
|
90827E3000
|
stack
|
page read and write
|
||
|
841000
|
heap
|
page read and write
|
||
|
7FFD9B062000
|
trusted library allocation
|
page read and write
|
||
|
65D0000
|
heap
|
page read and write
|
||
|
6527000
|
heap
|
page read and write
|
||
|
27031160000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9AF70000
|
trusted library allocation
|
page execute and read and write
|
||
|
27030F2E000
|
heap
|
page read and write
|
||
|
8B0C18B000
|
stack
|
page read and write
|
||
|
7FFD9B210000
|
trusted library allocation
|
page read and write
|
||
|
6718000
|
heap
|
page read and write
|
||
|
5511000
|
heap
|
page read and write
|
||
|
3030000
|
direct allocation
|
page read and write
|
||
|
6521000
|
heap
|
page read and write
|
||
|
51B1000
|
heap
|
page read and write
|
||
|
5710000
|
direct allocation
|
page read and write
|
||
|
DABFFF000
|
stack
|
page read and write
|
||
|
C0DF9BE000
|
stack
|
page read and write
|
||
|
23799AA0000
|
heap
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
6510000
|
heap
|
page read and write
|
||
|
7FFD9AF70000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
237FF758000
|
heap
|
page read and write
|
||
|
6591000
|
heap
|
page read and write
|
||
|
27032AC0000
|
heap
|
page execute and read and write
|
||
|
C0DF57D000
|
stack
|
page read and write
|
||
|
270343BD000
|
trusted library allocation
|
page read and write
|
||
|
5350000
|
heap
|
page read and write
|
||
|
5EA0000
|
direct allocation
|
page read and write
|
||
|
A90EAFF000
|
stack
|
page read and write
|
||
|
23799BA0000
|
heap
|
page read and write
|
||
|
4E1E000
|
heap
|
page read and write
|
||
|
2348000
|
heap
|
page read and write
|
||
|
7E1000
|
heap
|
page read and write
|
||
|
C0DF1DF000
|
stack
|
page read and write
|
||
|
4FB000
|
unkown
|
page read and write
|
||
|
7FFD9B060000
|
trusted library allocation
|
page read and write
|
||
|
2704B030000
|
heap
|
page read and write
|
||
|
81B000
|
heap
|
page read and write
|
||
|
6526000
|
heap
|
page read and write
|
||
|
82E000
|
heap
|
page read and write
|
||
|
9082EB7000
|
stack
|
page read and write
|
||
|
7FFD9B0A2000
|
trusted library allocation
|
page read and write
|
||
|
841000
|
heap
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
549F000
|
heap
|
page read and write
|
||
|
7FF69293D000
|
unkown
|
page execute read
|
||
|
8B0C5FE000
|
stack
|
page read and write
|
||
|
4E10000
|
direct allocation
|
page read and write
|
||
|
1939ED55000
|
heap
|
page read and write
|
||
|
23781480000
|
trusted library allocation
|
page read and write
|
||
|
4C10000
|
heap
|
page read and write
|
||
|
7FFD9AEB2000
|
trusted library allocation
|
page read and write
|
||
|
6010000
|
direct allocation
|
page read and write
|
||
|
2910000
|
heap
|
page read and write
|
||
|
841000
|
heap
|
page read and write
|
||
|
54AE000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2703476A000
|
trusted library allocation
|
page read and write
|
||
|
7A3000
|
heap
|
page read and write
|
||
|
26CE06A9000
|
heap
|
page read and write
|
||
|
9082E3F000
|
stack
|
page read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
7FFD9AECB000
|
trusted library allocation
|
page read and write
|
||
|
23799A26000
|
heap
|
page execute and read and write
|
||
|
603F4FF000
|
stack
|
page read and write
|
||
|
27030E70000
|
heap
|
page read and write
|
||
|
5260000
|
direct allocation
|
page read and write
|
||
|
C0DF47E000
|
stack
|
page read and write
|
||
|
56D0000
|
heap
|
page read and write
|
||
|
54B3000
|
heap
|
page read and write
|
||
|
7DF000
|
heap
|
page read and write
|
||
|
2D71000
|
heap
|
page read and write
|
||
|
9082C7E000
|
stack
|
page read and write
|
||
|
273C3CA7000
|
heap
|
page read and write
|
||
|
5658000
|
heap
|
page read and write
|
||
|
4D11000
|
heap
|
page read and write
|
||
|
6511000
|
heap
|
page read and write
|
||
|
549E000
|
heap
|
page read and write
|
||
|
54A4000
|
heap
|
page read and write
|
||
|
DABBBE000
|
stack
|
page read and write
|
||
|
27031225000
|
heap
|
page read and write
|
||
|
270341E3000
|
trusted library allocation
|
page read and write
|
||
|
83A000
|
heap
|
page read and write
|
||
|
27042AF0000
|
trusted library allocation
|
page read and write
|
||
|
56D1000
|
heap
|
page read and write
|
||
|
2CB0000
|
direct allocation
|
page read and write
|
||
|
15AC8C20000
|
heap
|
page read and write
|
||
|
6525000
|
heap
|
page read and write
|
||
|
7FFD9B071000
|
trusted library allocation
|
page read and write
|
||
|
237994E3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B0F0000
|
trusted library allocation
|
page read and write
|
||
|
51B2000
|
heap
|
page read and write
|
||
|
C0DFB3E000
|
stack
|
page read and write
|
||
|
C0DFA3E000
|
stack
|
page read and write
|
||
|
7FFD9B1B0000
|
trusted library allocation
|
page read and write
|
||
|
829000
|
heap
|
page read and write
|
||
|
24BB68E0000
|
heap
|
page read and write
|
||
|
522D000
|
heap
|
page read and write
|
||
|
5A10000
|
direct allocation
|
page read and write
|
||
|
23799D20000
|
heap
|
page read and write
|
||
|
81F000
|
heap
|
page read and write
|
||
|
7FFD9AF76000
|
trusted library allocation
|
page read and write
|
||
|
6718000
|
heap
|
page read and write
|
||
|
27030F6D000
|
heap
|
page read and write
|
||
|
5411000
|
heap
|
page read and write
|
||
|
54B9000
|
heap
|
page read and write
|
||
|
5410000
|
heap
|
page read and write
|
||
|
5391000
|
heap
|
page read and write
|
||
|
4D91000
|
heap
|
page read and write
|
||
|
5658000
|
heap
|
page read and write
|
||
|
2704B150000
|
heap
|
page read and write
|
||
|
6522000
|
heap
|
page read and write
|
||
|
237FF5F0000
|
heap
|
page read and write
|
||
|
6527000
|
heap
|
page read and write
|
||
|
270311FA000
|
heap
|
page read and write
|
||
|
7FF691F3D000
|
unkown
|
page execute read
|
||
|
54CB000
|
heap
|
page read and write
|
||
|
2D71000
|
heap
|
page read and write
|
||
|
2704AF30000
|
heap
|
page read and write
|
||
|
27030F20000
|
heap
|
page read and write
|
||
|
237814A0000
|
heap
|
page read and write
|
||
|
7FFD9B160000
|
trusted library allocation
|
page read and write
|
||
|
7FF69293D000
|
unkown
|
page execute read
|
||
|
23799A7F000
|
heap
|
page read and write
|
||
|
241E9B50000
|
heap
|
page read and write
|
||
|
7FFD9B205000
|
trusted library allocation
|
page read and write
|
||
|
54AA000
|
heap
|
page read and write
|
||
|
7FFD9AF6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B080000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B100000
|
trusted library allocation
|
page read and write
|
||
|
6CE000
|
stack
|
page read and write
|
||
|
10E7BFF000
|
unkown
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
15AC8CD1000
|
heap
|
page read and write
|
||
|
81B000
|
heap
|
page read and write
|
||
|
7FF68CF3D000
|
unkown
|
page execute read
|
||
|
23782BA3000
|
trusted library allocation
|
page read and write
|
||
|
24BB6A30000
|
heap
|
page read and write
|
||
|
51B3000
|
heap
|
page read and write
|
||
|
5552000
|
heap
|
page read and write
|
||
|
54B2000
|
heap
|
page read and write
|
||
|
C0DF153000
|
stack
|
page read and write
|
||
|
7FFD9AEB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
9082AFE000
|
stack
|
page read and write
|
||
|
7A7000
|
heap
|
page read and write
|
||
|
841000
|
heap
|
page read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
237994E0000
|
trusted library allocation
|
page read and write
|
||
|
10E7CFF000
|
stack
|
page read and write
|
||
|
273C3CC9000
|
heap
|
page read and write
|
||
|
23791664000
|
trusted library allocation
|
page read and write
|
||
|
1939EC40000
|
heap
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
27030F2C000
|
heap
|
page read and write
|
||
|
7FF68AC90000
|
unkown
|
page readonly
|
||
|
7F5000
|
heap
|
page read and write
|
||
|
7FFD9B209000
|
trusted library allocation
|
page read and write
|
||
|
273C3E90000
|
heap
|
page read and write
|
||
|
23799A4A000
|
heap
|
page read and write
|
||
|
23799EE0000
|
heap
|
page read and write
|
||
|
7FFD9B0E0000
|
trusted library allocation
|
page read and write
|
||
|
5591000
|
heap
|
page read and write
|
||
|
6521000
|
heap
|
page read and write
|
||
|
23782ADD000
|
trusted library allocation
|
page read and write
|
||
|
15AC8CA6000
|
heap
|
page read and write
|
||
|
2703450A000
|
trusted library allocation
|
page read and write
|
||
|
26CE08B5000
|
heap
|
page read and write
|
||
|
6690000
|
heap
|
page read and write
|
||
|
8B0C47E000
|
stack
|
page read and write
|
||
|
7FFD9B1E0000
|
trusted library allocation
|
page read and write
|
||
|
54AF000
|
heap
|
page read and write
|
||
|
7FF68E33D000
|
unkown
|
page execute read
|
||
|
7FF68AC91000
|
unkown
|
page execute read
|
||
|
7FFD9B190000
|
trusted library allocation
|
page read and write
|
||
|
54CB000
|
heap
|
page read and write
|
||
|
237FF712000
|
heap
|
page read and write
|
||
|
2FB0000
|
direct allocation
|
page read and write
|
||
|
4FF000
|
unkown
|
page read and write
|
||
|
54CB000
|
heap
|
page read and write
|
||
|
7FF68AC90000
|
unkown
|
page readonly
|
||
|
4C11000
|
heap
|
page read and write
|
||
|
5310000
|
heap
|
page read and write
|
||
|
26CE0630000
|
heap
|
page read and write
|
||
|
2703441A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9AF60000
|
trusted library allocation
|
page read and write
|
||
|
54A0000
|
heap
|
page read and write
|
||
|
237820DD000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B06A000
|
trusted library allocation
|
page read and write
|
||
|
553000
|
unkown
|
page read and write
|
||
|
2D71000
|
heap
|
page read and write
|
||
|
841000
|
heap
|
page read and write
|
||
|
2CB0000
|
trusted library allocation
|
page read and write
|
||
|
2704B176000
|
heap
|
page read and write
|
||
|
7FFD9AF96000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B050000
|
trusted library allocation
|
page read and write
|
||
|
6527000
|
heap
|
page read and write
|
||
|
23799524000
|
heap
|
page read and write
|
||
|
237814B1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B1C0000
|
trusted library allocation
|
page read and write
|
||
|
15AC8CCC000
|
heap
|
page read and write
|
||
|
7AF000
|
heap
|
page read and write
|
||
|
7FF68ED3D000
|
unkown
|
page execute read
|
||
|
2270000
|
heap
|
page read and write
|
||
|
5658000
|
heap
|
page read and write
|
||
|
6511000
|
heap
|
page read and write
|
||
|
5658000
|
heap
|
page read and write
|
||
|
7FFD9B0F0000
|
trusted library allocation
|
page read and write
|
||
|
7DF000
|
heap
|
page read and write
|
||
|
83A000
|
heap
|
page read and write
|
||
|
237FF680000
|
heap
|
page read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
15AC8F50000
|
heap
|
page read and write
|
||
|
9082DF9000
|
stack
|
page read and write
|
||
|
241E9A30000
|
heap
|
page read and write
|
||
|
2704AF6C000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7FF68C53D000
|
unkown
|
page execute read
|
||
|
A90E8FC000
|
stack
|
page read and write
|
||
|
27030EE0000
|
heap
|
page read and write
|
||
|
7FFD9B0B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF68B13D000
|
unkown
|
page execute read
|
||
|
5411000
|
heap
|
page read and write
|
||
|
59F000
|
unkown
|
page readonly
|
||
|
7FFD9B0B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
838000
|
heap
|
page read and write
|
||
|
7FFD9B061000
|
trusted library allocation
|
page read and write
|
||
|
5690000
|
heap
|
page read and write
|
||
|
6036000
|
direct allocation
|
page read and write
|
||
|
5391000
|
heap
|
page read and write
|
||
|
5311000
|
heap
|
page read and write
|
||
|
241E9A5B000
|
heap
|
page read and write
|
||
|
270310F0000
|
trusted library allocation
|
page read and write
|
||
|
237914B1000
|
trusted library allocation
|
page read and write
|
||
|
838000
|
heap
|
page read and write
|
||
|
237FF70E000
|
heap
|
page read and write
|
||
|
2D71000
|
heap
|
page read and write
|
||
|
237FF640000
|
heap
|
page read and write
|
||
|
7FFD9AEC0000
|
trusted library allocation
|
page read and write
|
||
|
823000
|
heap
|
page read and write
|
||
|
2D71000
|
heap
|
page read and write
|
||
|
651E000
|
heap
|
page read and write
|
||
|
54B1000
|
heap
|
page read and write
|
||
|
5511000
|
heap
|
page read and write
|
||
|
66D0000
|
heap
|
page read and write
|
||
|
7FFD9B1F5000
|
trusted library allocation
|
page read and write
|
||
|
2CB0000
|
direct allocation
|
page read and write
|
||
|
7FFD9B140000
|
trusted library allocation
|
page read and write
|
||
|
26CE0670000
|
heap
|
page read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
4D50000
|
heap
|
page read and write
|
||
|
5311000
|
heap
|
page read and write
|
||
|
9082BFC000
|
stack
|
page read and write
|
||
|
7FF692AB1000
|
unkown
|
page readonly
|
||
|
237FF686000
|
heap
|
page read and write
|
||
|
27042AE1000
|
trusted library allocation
|
page read and write
|
||
|
9083C0E000
|
stack
|
page read and write
|
||
|
C5093FF000
|
stack
|
page read and write
|
||
|
51B4000
|
heap
|
page read and write
|
||
|
DABEFE000
|
stack
|
page read and write
|
||
|
7FFD9B180000
|
trusted library allocation
|
page read and write
|
||
|
27032AD0000
|
heap
|
page read and write
|
||
|
7FFD9B200000
|
trusted library allocation
|
page read and write
|
||
|
41E000
|
unkown
|
page read and write
|
||
|
6527000
|
heap
|
page read and write
|
||
|
469000
|
unkown
|
page read and write
|
||
|
5AD0000
|
direct allocation
|
page read and write
|
||
|
24BB69E0000
|
heap
|
page read and write
|
||
|
15AC8CCF000
|
heap
|
page read and write
|
||
|
6650000
|
heap
|
page read and write
|
||
|
8B0C67F000
|
stack
|
page read and write
|
||
|
7FFD9AFD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6511000
|
heap
|
page read and write
|
||
|
DABB3B000
|
stack
|
page read and write
|
||
|
7FF692ACA000
|
unkown
|
page readonly
|
||
|
5510000
|
heap
|
page read and write
|
||
|
303C000
|
stack
|
page read and write
|
||
|
15AC8CD6000
|
heap
|
page read and write
|
||
|
6527000
|
heap
|
page read and write
|
||
|
273C3CA0000
|
heap
|
page read and write
|
||
|
15AC8CDB000
|
heap
|
page read and write
|
||
|
2D71000
|
heap
|
page read and write
|
||
|
51BE000
|
heap
|
page read and write
|
||
|
7BA000
|
heap
|
page read and write
|
||
|
54B4000
|
heap
|
page read and write
|
||
|
7FFD9AF66000
|
trusted library allocation
|
page read and write
|
||
|
56D0000
|
heap
|
page read and write
|
||
|
7FFD9AF80000
|
trusted library allocation
|
page execute and read and write
|
||
|
412000
|
unkown
|
page read and write
|
||
|
237FF710000
|
heap
|
page read and write
|
||
|
4E61000
|
direct allocation
|
page read and write
|
||
|
7FFD9B1B0000
|
trusted library allocation
|
page read and write
|
||
|
270311F6000
|
heap
|
page read and write
|
||
|
51BD000
|
heap
|
page read and write
|
||
|
27032D0D000
|
trusted library allocation
|
page read and write
|
||
|
6529000
|
heap
|
page read and write
|
||
|
7FF692AB1000
|
unkown
|
page readonly
|
There are 751 hidden memdumps, click here to show them.