Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
cylanceprotectsetupwithoptics.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\Cylance_PROTECT_with_OPTICS_20240416161711.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1028\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1029\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1030\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1031\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1032\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1035\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1036\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1038\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1040\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1041\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1042\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1043\mbapreq.wxl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1044\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1045\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1046\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1049\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1051\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1053\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1055\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\1060\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\2052\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\2070\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\3082\mbapreq.wxl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\BootstrapperApplicationData.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (558), with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\BootstrapperCore.config
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\BootstrapperCore.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\Cylance.Host.Installer.CustomBootstrapperWithOptics.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\Microsoft.Deployment.WindowsInstaller.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\mbahost.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\mbapreq.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\mbapreq.png
|
PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\mbapreq.thm
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{2386AC95-A39D-40D2-9EDA-FF9EA8E5DA36}\.ba\mbapreq.wxl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
There are 26 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\cylanceprotectsetupwithoptics.exe
|
"C:\Users\user\Desktop\cylanceprotectsetupwithoptics.exe"
|
||
|
C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe
|
"C:\Windows\Temp\{D29CB8BE-513E-4B9E-B69F-E8CB205B8828}\.cr\cylanceprotectsetupwithoptics.exe" -burn.clean.room="C:\Users\user\Desktop\cylanceprotectsetupwithoptics.exe"
-burn.filehandle.attached=512 -burn.filehandle.self=528
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://wixtoolset.org/schemas/thmutil/2010
|
unknown
|
||
|
http://foo/bar/mainview.baml
|
unknown
|
||
|
http://foo/bar/mainview.bamld
|
unknown
|
||
|
http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
|
unknown
|
||
|
http://wixtoolset.org/
|
unknown
|
||
|
http://wixtoolset.org/telemetry/v
|
unknown
|
||
|
http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
|
unknown
|
||
|
http://wixtoolset.org/news/
|
unknown
|
||
|
http://foo/mainview.xaml
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://defaultcontainer/Cylance.Host.Installer.CustomBootstrapperWithOptics;component/resources/inst
|
unknown
|
||
|
http://foo/resources/installerBannerProtect.bmp
|
unknown
|
||
|
http://appsyndication.org/2006/appsyn
|
unknown
|
||
|
http://defaultcontainer/Cylance.Host.Installer.CustomBootstrapperWithOptics;component/mainview.xamld
|
unknown
|
There are 4 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
10F7000
|
stack
|
page read and write
|
||
|
66D4000
|
unkown
|
page readonly
|
||
|
8EA000
|
unkown
|
page write copy
|
||
|
AEBD000
|
heap
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
8CB000
|
unkown
|
page readonly
|
||
|
7F9C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
ADAB000
|
heap
|
page read and write
|
||
|
B9B0000
|
heap
|
page read and write
|
||
|
AEDC000
|
heap
|
page read and write
|
||
|
AD90000
|
heap
|
page read and write
|
||
|
6AC0000
|
heap
|
page read and write
|
||
|
B1A0000
|
trusted library allocation
|
page read and write
|
||
|
6AB5000
|
trusted library allocation
|
page read and write
|
||
|
7F9BA000
|
trusted library allocation
|
page execute read
|
||
|
B9F2000
|
heap
|
page read and write
|
||
|
1660000
|
heap
|
page read and write
|
||
|
3420000
|
trusted library allocation
|
page execute and read and write
|
||
|
700C000
|
heap
|
page read and write
|
||
|
7043000
|
heap
|
page read and write
|
||
|
703D000
|
heap
|
page read and write
|
||
|
1321000
|
heap
|
page read and write
|
||
|
B3B3000
|
heap
|
page read and write
|
||
|
6670000
|
heap
|
page execute and read and write
|
||
|
B3F2000
|
trusted library allocation
|
page read and write
|
||
|
B030000
|
trusted library allocation
|
page read and write
|
||
|
B010000
|
trusted library allocation
|
page read and write
|
||
|
7F9B8000
|
trusted library allocation
|
page execute read
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
B11F000
|
heap
|
page read and write
|
||
|
7F9B5000
|
trusted library allocation
|
page readonly
|
||
|
B969000
|
heap
|
page read and write
|
||
|
6AB5000
|
trusted library allocation
|
page read and write
|
||
|
5454000
|
trusted library allocation
|
page read and write
|
||
|
B040000
|
trusted library allocation
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
B9F4000
|
heap
|
page read and write
|
||
|
B956000
|
heap
|
page read and write
|
||
|
3550000
|
trusted library allocation
|
page read and write
|
||
|
D4C000
|
stack
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
B446000
|
heap
|
page read and write
|
||
|
6E830000
|
unkown
|
page readonly
|
||
|
B4B000
|
unkown
|
page readonly
|
||
|
6660000
|
trusted library allocation
|
page read and write
|
||
|
356D000
|
trusted library allocation
|
page execute and read and write
|
||
|
11F3000
|
heap
|
page read and write
|
||
|
7268000
|
stack
|
page read and write
|
||
|
117F000
|
heap
|
page read and write
|
||
|
1141000
|
heap
|
page read and write
|
||
|
6E84C000
|
unkown
|
page read and write
|
||
|
B892000
|
heap
|
page read and write
|
||
|
B2BA000
|
trusted library allocation
|
page read and write
|
||
|
AEB7000
|
heap
|
page read and write
|
||
|
ADAB000
|
heap
|
page read and write
|
||
|
AEC3000
|
heap
|
page read and write
|
||
|
1630000
|
heap
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
1750000
|
heap
|
page read and write
|
||
|
AD97000
|
heap
|
page read and write
|
||
|
6AA0000
|
trusted library allocation
|
page read and write
|
||
|
AFB0000
|
trusted library allocation
|
page read and write
|
||
|
AECD000
|
heap
|
page read and write
|
||
|
7F9BC000
|
trusted library allocation
|
page execute read
|
||
|
33BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FE0000
|
heap
|
page read and write
|
||
|
AEDC000
|
heap
|
page read and write
|
||
|
729A000
|
heap
|
page read and write
|
||
|
AEB7000
|
heap
|
page read and write
|
||
|
3AD0000
|
trusted library allocation
|
page read and write
|
||
|
72A0000
|
heap
|
page read and write
|
||
|
7280000
|
heap
|
page read and write
|
||
|
7078000
|
heap
|
page read and write
|
||
|
43D3000
|
trusted library allocation
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
B19C000
|
heap
|
page read and write
|
||
|
72A7000
|
heap
|
page read and write
|
||
|
6AD9000
|
unkown
|
page readonly
|
||
|
881000
|
unkown
|
page execute read
|
||
|
7051000
|
heap
|
page read and write
|
||
|
B310000
|
heap
|
page read and write
|
||
|
AEA7000
|
heap
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
8CB000
|
unkown
|
page readonly
|
||
|
43F0000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
B420000
|
heap
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
AED4000
|
heap
|
page read and write
|
||
|
B6A000
|
unkown
|
page write copy
|
||
|
695C000
|
stack
|
page read and write
|
||
|
33B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1182000
|
heap
|
page read and write
|
||
|
B030000
|
trusted library allocation
|
page read and write
|
||
|
70B2000
|
heap
|
page read and write
|
||
|
B8D9000
|
heap
|
page read and write
|
||
|
6AA0000
|
trusted library allocation
|
page read and write
|
||
|
7F9B1000
|
trusted library allocation
|
page readonly
|
||
|
B040000
|
trusted library allocation
|
page read and write
|
||
|
3380000
|
trusted library allocation
|
page read and write
|
||
|
B3C6000
|
heap
|
page read and write
|
||
|
7093000
|
heap
|
page read and write
|
||
|
43D0000
|
trusted library allocation
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
B6A000
|
unkown
|
page read and write
|
||
|
1308000
|
heap
|
page read and write
|
||
|
AED4000
|
heap
|
page read and write
|
||
|
1123000
|
heap
|
page read and write
|
||
|
699B000
|
stack
|
page read and write
|
||
|
8EE000
|
unkown
|
page readonly
|
||
|
4441000
|
trusted library allocation
|
page read and write
|
||
|
AE77000
|
heap
|
page read and write
|
||
|
7F9B2000
|
trusted library allocation
|
page execute read
|
||
|
AECB000
|
heap
|
page read and write
|
||
|
113F000
|
heap
|
page read and write
|
||
|
131F000
|
heap
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
15D8000
|
stack
|
page read and write
|
||
|
7F9B4000
|
trusted library allocation
|
page execute read
|
||
|
AECA000
|
heap
|
page read and write
|
||
|
B42D000
|
heap
|
page read and write
|
||
|
ADA7000
|
heap
|
page read and write
|
||
|
AD80000
|
trusted library allocation
|
page read and write
|
||
|
7F9B0000
|
trusted library allocation
|
page execute read
|
||
|
6C38000
|
stack
|
page read and write
|
||
|
1141000
|
heap
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
B440000
|
heap
|
page read and write
|
||
|
AEB3000
|
heap
|
page read and write
|
||
|
66C0000
|
unkown
|
page readonly
|
||
|
661E000
|
stack
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
D7C000
|
stack
|
page read and write
|
||
|
B91B000
|
heap
|
page read and write
|
||
|
AEDC000
|
heap
|
page read and write
|
||
|
B6E000
|
unkown
|
page readonly
|
||
|
1139000
|
heap
|
page read and write
|
||
|
3320000
|
trusted library section
|
page read and write
|
||
|
AFD0000
|
trusted library allocation
|
page read and write
|
||
|
4410000
|
heap
|
page read and write
|
||
|
3570000
|
trusted library allocation
|
page read and write
|
||
|
1679000
|
heap
|
page read and write
|
||
|
B9FC000
|
heap
|
page read and write
|
||
|
6E831000
|
unkown
|
page execute read
|
||
|
7293000
|
heap
|
page read and write
|
||
|
ADBE000
|
heap
|
page read and write
|
||
|
B030000
|
heap
|
page read and write
|
||
|
1319000
|
heap
|
page read and write
|
||
|
6AC0000
|
trusted library allocation
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
AEC3000
|
heap
|
page read and write
|
||
|
AEBB000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
1175000
|
heap
|
page read and write
|
||
|
44A4000
|
trusted library allocation
|
page read and write
|
||
|
AD70000
|
trusted library allocation
|
page read and write
|
||
|
43DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
B2C4000
|
trusted library allocation
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
10FB000
|
stack
|
page read and write
|
||
|
70A7000
|
heap
|
page read and write
|
||
|
880000
|
unkown
|
page readonly
|
||
|
B3A0000
|
heap
|
page read and write
|
||
|
1159000
|
heap
|
page read and write
|
||
|
3370000
|
trusted library allocation
|
page read and write
|
||
|
132E000
|
heap
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
B426000
|
heap
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
ADA7000
|
heap
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
AEBB000
|
heap
|
page read and write
|
||
|
6E844000
|
unkown
|
page readonly
|
||
|
AD96000
|
heap
|
page read and write
|
||
|
AE80000
|
heap
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
880000
|
unkown
|
page readonly
|
||
|
B3B6000
|
heap
|
page read and write
|
||
|
12E8000
|
heap
|
page read and write
|
||
|
3560000
|
trusted library allocation
|
page read and write
|
||
|
ADC0000
|
heap
|
page read and write
|
||
|
1610000
|
trusted library allocation
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
4420000
|
trusted library allocation
|
page read and write
|
||
|
1128000
|
heap
|
page read and write
|
||
|
7F9BB000
|
trusted library allocation
|
page readonly
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
B01000
|
unkown
|
page execute read
|
||
|
1670000
|
heap
|
page read and write
|
||
|
AEBD000
|
heap
|
page read and write
|
||
|
132E000
|
heap
|
page read and write
|
||
|
6AA0000
|
trusted library allocation
|
page read and write
|
||
|
1610000
|
trusted library allocation
|
page read and write
|
||
|
B010000
|
trusted library allocation
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
ADC4000
|
heap
|
page read and write
|
||
|
16E0000
|
trusted library allocation
|
page read and write
|
||
|
43D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
12E6000
|
heap
|
page read and write
|
||
|
1137000
|
heap
|
page read and write
|
||
|
BA2D000
|
heap
|
page read and write
|
||
|
B6E000
|
unkown
|
page readonly
|
||
|
B01000
|
unkown
|
page execute read
|
||
|
B090000
|
trusted library allocation
|
page read and write
|
||
|
B436000
|
heap
|
page read and write
|
||
|
AEC3000
|
heap
|
page read and write
|
||
|
B433000
|
heap
|
page read and write
|
||
|
AECF000
|
heap
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
AEB3000
|
heap
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
7055000
|
heap
|
page read and write
|
||
|
B090000
|
trusted library allocation
|
page read and write
|
||
|
AEB7000
|
heap
|
page read and write
|
||
|
AEBD000
|
heap
|
page read and write
|
||
|
AECF000
|
heap
|
page read and write
|
||
|
6FE9000
|
heap
|
page read and write
|
||
|
B3AD000
|
heap
|
page read and write
|
||
|
685E000
|
stack
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
B3A6000
|
heap
|
page read and write
|
||
|
1303000
|
heap
|
page read and write
|
||
|
B00000
|
unkown
|
page readonly
|
||
|
6AF0000
|
unkown
|
page readonly
|
||
|
702D000
|
heap
|
page read and write
|
||
|
6FED000
|
heap
|
page read and write
|
||
|
881000
|
unkown
|
page execute read
|
||
|
43E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
66BF000
|
stack
|
page read and write
|
||
|
341E000
|
stack
|
page read and write
|
||
|
36D0000
|
trusted library allocation
|
page read and write
|
||
|
3390000
|
trusted library allocation
|
page read and write
|
||
|
AFA0000
|
trusted library allocation
|
page read and write
|
||
|
B0D8000
|
heap
|
page read and write
|
||
|
B0E0000
|
trusted library allocation
|
page read and write
|
||
|
5441000
|
trusted library allocation
|
page read and write
|
||
|
1650000
|
unkown
|
page read and write
|
||
|
33B2000
|
trusted library allocation
|
page read and write
|
||
|
1159000
|
heap
|
page read and write
|
||
|
131F000
|
heap
|
page read and write
|
||
|
B0C0000
|
trusted library allocation
|
page read and write
|
||
|
6A9C000
|
stack
|
page read and write
|
||
|
AECF000
|
heap
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
B163000
|
heap
|
page read and write
|
||
|
665E000
|
stack
|
page read and write
|
||
|
6677000
|
heap
|
page execute and read and write
|
||
|
7008000
|
heap
|
page read and write
|
||
|
AFC0000
|
trusted library allocation
|
page read and write
|
||
|
6AE9000
|
unkown
|
page readonly
|
||
|
3260000
|
heap
|
page read and write
|
||
|
1108000
|
heap
|
page read and write
|
||
|
ADB2000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
AFC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7097000
|
heap
|
page read and write
|
||
|
43FE000
|
trusted library allocation
|
page read and write
|
||
|
3384000
|
trusted library allocation
|
page read and write
|
||
|
131F000
|
heap
|
page read and write
|
||
|
1141000
|
heap
|
page read and write
|
||
|
6FB0000
|
heap
|
page execute and read and write
|
||
|
AE45000
|
heap
|
page read and write
|
||
|
B00000
|
unkown
|
page readonly
|
||
|
32F3000
|
heap
|
page read and write
|
||
|
3383000
|
trusted library allocation
|
page execute and read and write
|
||
|
1319000
|
heap
|
page read and write
|
||
|
130F000
|
heap
|
page read and write
|
||
|
AE46000
|
heap
|
page read and write
|
||
|
7031000
|
heap
|
page read and write
|
||
|
651E000
|
stack
|
page read and write
|
||
|
B0D0000
|
trusted library allocation
|
page read and write
|
||
|
B0A0000
|
trusted library allocation
|
page read and write
|
||
|
AEB3000
|
heap
|
page read and write
|
||
|
112F000
|
heap
|
page read and write
|
||
|
AED4000
|
heap
|
page read and write
|
||
|
AECA000
|
heap
|
page read and write
|
||
|
AEAB000
|
heap
|
page read and write
|
||
|
B925000
|
heap
|
page read and write
|
||
|
113F000
|
heap
|
page read and write
|
||
|
8EA000
|
unkown
|
page read and write
|
||
|
B2A0000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
ADC0000
|
heap
|
page read and write
|
||
|
AE80000
|
heap
|
page read and write
|
||
|
11FD000
|
heap
|
page read and write
|
||
|
AECA000
|
heap
|
page read and write
|
||
|
AECF000
|
heap
|
page read and write
|
||
|
B16B000
|
heap
|
page read and write
|
||
|
AEDC000
|
heap
|
page read and write
|
||
|
6FC0000
|
heap
|
page read and write
|
||
|
5445000
|
trusted library allocation
|
page read and write
|
||
|
716C000
|
stack
|
page read and write
|
||
|
B2DE000
|
stack
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
1321000
|
heap
|
page read and write
|
||
|
AF90000
|
trusted library allocation
|
page read and write
|
||
|
72A1000
|
heap
|
page read and write
|
||
|
AED4000
|
heap
|
page read and write
|
||
|
132E000
|
heap
|
page read and write
|
||
|
B320000
|
trusted library allocation
|
page read and write
|
||
|
33B0000
|
trusted library allocation
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
728C000
|
heap
|
page read and write
|
||
|
B0B0000
|
trusted library allocation
|
page read and write
|
||
|
B4B000
|
unkown
|
page readonly
|
||
|
3450000
|
heap
|
page read and write
|
||
|
B2AE000
|
trusted library allocation
|
page read and write
|
||
|
B1A0000
|
trusted library allocation
|
page read and write
|
||
|
AE80000
|
heap
|
page read and write
|
||
|
7028000
|
heap
|
page read and write
|
||
|
7270000
|
heap
|
page read and write
|
||
|
AE77000
|
heap
|
page read and write
|
||
|
6AD0000
|
unkown
|
page readonly
|
||
|
705E000
|
heap
|
page read and write
|
||
|
AFB0000
|
trusted library allocation
|
page read and write
|
||
|
70AD000
|
heap
|
page read and write
|
||
|
4400000
|
heap
|
page execute and read and write
|
||
|
7F9B6000
|
trusted library allocation
|
page execute read
|
||
|
66C2000
|
unkown
|
page readonly
|
||
|
7F9D8000
|
trusted library allocation
|
page execute and read and write
|
||
|
43CF000
|
stack
|
page read and write
|
||
|
729C000
|
heap
|
page read and write
|
||
|
B3E1000
|
heap
|
page read and write
|
||
|
ADC4000
|
heap
|
page read and write
|
||
|
1676000
|
heap
|
page read and write
|
||
|
AE13000
|
heap
|
page read and write
|
||
|
6B39000
|
stack
|
page read and write
|
||
|
AF90000
|
trusted library allocation
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
ADBE000
|
heap
|
page read and write
|
||
|
325C000
|
stack
|
page read and write
|
||
|
36D0000
|
trusted library allocation
|
page read and write
|
||
|
B1DE000
|
stack
|
page read and write
|
||
|
B020000
|
trusted library allocation
|
page read and write
|
||
|
701E000
|
heap
|
page read and write
|
||
|
43D9000
|
trusted library allocation
|
page execute and read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
B2BE000
|
trusted library allocation
|
page read and write
|
||
|
6AD2000
|
unkown
|
page readonly
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
B161000
|
heap
|
page read and write
|
||
|
4430000
|
heap
|
page read and write
|
||
|
7049000
|
heap
|
page read and write
|
||
|
6E84E000
|
unkown
|
page readonly
|
||
|
AEDC000
|
heap
|
page read and write
|
||
|
113F000
|
heap
|
page read and write
|
||
|
ADB2000
|
heap
|
page read and write
|
||
|
6AA0000
|
trusted library allocation
|
page read and write
|
||
|
703F000
|
heap
|
page read and write
|
||
|
AE77000
|
heap
|
page read and write
|
||
|
AEBB000
|
heap
|
page read and write
|
||
|
B91D000
|
heap
|
page read and write
|
||
|
338D000
|
trusted library allocation
|
page execute and read and write
|
||
|
AE13000
|
heap
|
page read and write
|
||
|
1321000
|
heap
|
page read and write
|
||
|
B2B7000
|
trusted library allocation
|
page read and write
|
||
|
33B5000
|
trusted library allocation
|
page execute and read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
8EE000
|
unkown
|
page readonly
|
||
|
72A4000
|
heap
|
page read and write
|
There are 353 hidden memdumps, click here to show them.