Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Heur.21832.3236.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\LICENSE.electron.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\LICENSES.chromium.html
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\Uninstall zentaoclient.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\chrome_100_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\chrome_200_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\d3dcompiler_47.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\ffmpeg.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\icudtl.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\libEGL.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\libGLESv2.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\am.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ar.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\bg.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\bn.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ca.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\cs.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\da.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\de.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\el.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\en-GB.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\en-US.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\es-419.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\es.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\et.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\fa.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\fi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\fil.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\fr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\gu.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\he.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\hi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\hr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\hu.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\id.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\it.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ja.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\kn.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ko.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\lt.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\lv.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ml.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\mr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ms.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\nb.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\nl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\pl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\pt-BR.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\pt-PT.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ro.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ru.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\sk.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\sl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\sr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\sv.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\sw.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ta.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\te.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\th.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\tr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\uk.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\vi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\zh-CN.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\zh-TW.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exe
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exe.manifest
|
exported SGML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\D3Dcompiler_47.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Core.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Gui.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Network.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Svg.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Widgets.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\bearer\qgenericbearer.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\iconengines\qsvgicon.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qgif.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qicns.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qico.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qjpeg.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qsvg.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtga.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtiff.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwbmp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwebp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libEGL.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libGLESv2.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libcrypto-1_1.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libssl-1_1.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\opengl32sw.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\platforms\qwindows.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\styles\qwindowsvistastyle.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_ar.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_bg.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_ca.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_cs.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_da.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_de.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_en.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_es.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_fi.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_fr.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_gd.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_he.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_hu.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_it.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_ja.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_ko.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_lv.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_pl.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_ru.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_sk.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_uk.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_zh_TW.qm
|
Qt Translation file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\api.json
|
Unicode text, UTF-8 text, with very long lines (55810), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\package.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\dark.css
|
assembler source, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\green.css
|
assembler source, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\highlightjs.css
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\pink.css
|
assembler source, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\red.css
|
assembler source, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\wisteria.css
|
assembler source, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\zentao.css
|
assembler source, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\extensions.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\ts-icons\icons.png
|
PNG image data, 238 x 204, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\ts-icons\icons@2x.png
|
PNG image data, 476 x 408, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\ts-icons\style.css
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\elevate.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\en.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\ja.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\vi.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\zh-cn.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\zh-tw.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\snapshot_blob.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libEGL.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libGLESv2.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\v8_context_snapshot.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\vk_swiftshader.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\vk_swiftshader_icd.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\vulkan-1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0f457d21-17bf-4e03-aa1f-a1ac32949cc3.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 6239690
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\3c5de39b-cfee-451d-a162-8917bb0017fa.tmp.ico
|
MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel,
-128x-128 with PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\81405a77-03fb-46fd-8a8d-32b4d884656f.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 32708
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\9e243358-8547-4f17-9223-a41ff30e3313.tmp.ico
|
MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel,
-128x-128 with PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\StdUtils.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\UAC.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\WinShell.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\app-64.7z
|
7-zip archive data, version 0.4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\modern-wizard.bmp
|
PC bitmap, Windows 3.x format, 164 x 314 x 24, image size 154490, resolution 11808 x 11808 px/m, cbSize 154544, bits offset
54
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsDialogs.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsProcess.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsis7z.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\zentaoclient-updater\installer.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\zentaoclient-updater\installer.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.acl
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.dic
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.exc
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Icon number=0, Archive, ctime=Thu Apr 18 16:34:30 2024, mtime=Thu Apr 18 16:34:31 2024, atime=Thu Apr 11 00:35:40
2024, length=136137616, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\js\index
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\js\index-dir\temp-index
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\js\index-dir\the-real-index (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\wasm\index
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\wasm\index-dir\temp-index
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\wasm\index-dir\the-real-index (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\GPUCache\data_0
|
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\GPUCache\data_2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\GPUCache\data_3
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\GPUCache\index
|
FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Preferences (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Session Storage\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Session Storage\000003.log
|
data
|
modified
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Session Storage\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\Session Storage\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\a40a4cd2-efa3-4554-8d9c-b29689e538c2.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\zentaoclient\c6479286-c23a-4895-9dc7-464f55ab4adf.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\Desktop\??.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Icon number=0, Archive, ctime=Thu Apr 18 16:34:30 2024, mtime=Thu Apr 18 16:34:37 2024, atime=Thu Apr 11 00:35:40
2024, length=136137616, window=hide
|
modified
|
There are 179 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe"
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
|
"C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe"
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
|
"C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072
--disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand
--gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA
--mojo-platform-channel-handle=1612 /prefetch:2
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
|
"C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand
--lang=en-GB --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features
--ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
|
"C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features
--field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand
--lang=en-GB --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1
--num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056
/prefetch:1
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
|
"C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features
--field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand
--disable-gpu-compositing --lang=en-GB --app-user-model-id=com.cnezsoft.zentaoclient --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar"
--no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5
--no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
|
||
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe
|
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://bugzilla.mozilla.org/show_bug.cgi?id=310299
|
unknown
|
||
|
https://url.spec.whatwg.org/#concept-url-origin
|
unknown
|
||
|
http://crbug.com/941620allow_translate_uniform_block_to_structured_bufferThere
|
unknown
|
||
|
https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
|
unknown
|
||
|
https://github.com/darrachequesne/has-binary/commit/3e88e81))
|
unknown
|
||
|
https://www.chromestatus.com/features/5144752345317376
|
unknown
|
||
|
https://github.com/chalk/chalk/pull/92
|
unknown
|
||
|
http://crbug.com/619103.Subsequence
|
unknown
|
||
|
https://tools.ietf.org/html/rfc4007#section-11
|
unknown
|
||
|
http://anglebug.com/4995
|
unknown
|
||
|
https://html.spec.whatwg.org/multipage/syntax.html#special
|
unknown
|
||
|
https://github.com/sindresorhus/path-is-absolute.git
|
unknown
|
||
|
http://dev.w3.org/csswg/css-color/#hwb-to-rgb
|
unknown
|
||
|
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
|
unknown
|
||
|
http://www.ecma-international.org/ecma-262/5.1/#sec-7.9.1
|
unknown
|
||
|
https://api.jquery.com/has/
|
unknown
|
||
|
https://github.com/fb55/entities?sponsor=1
|
unknown
|
||
|
https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
|
unknown
|
||
|
https://github.com/ChALkeR
|
unknown
|
||
|
https://github.com/spicyj/innerhtml-vs-createelement-vs-clonenode.
|
unknown
|
||
|
https://jsoneditoronline.org
|
unknown
|
||
|
https://url.spec.whatwg.org/#concept-urlencoded-serializer
|
unknown
|
||
|
https://www.chromium.org/blink/origin-trials/portals.
|
unknown
|
||
|
https://github.com/zulhilmizainuddin/nodejs-traceroute#readme
|
unknown
|
||
|
https://semver.org/
|
unknown
|
||
|
http://jsperf.com/obj-vs-arr-iteration
|
unknown
|
||
|
https://openjsf.org/
|
unknown
|
||
|
https://github.com/jrmuizel/qcms/tree/v4
|
unknown
|
||
|
https://chromium.googlesource.com/chromium/src/
|
unknown
|
||
|
https://developer.mozilla.org/en-US/docs/Web/HTML/Block-level_elements
|
unknown
|
||
|
https://developer.mozilla.org/en-US/docs/Web/API/AnimationEvent
|
unknown
|
||
|
https://tools.ietf.org/html/rfc7231#section-3.1.1.1
|
unknown
|
||
|
https://www.chromium.org/blink/origin-trials/portals.The
|
unknown
|
||
|
http://crbug.com/619103.
|
unknown
|
||
|
https://github.com/socketio/engine.io-parser
|
unknown
|
||
|
https://crbug.com/593024
|
unknown
|
||
|
https://github.com/MarshallOfSound/react-electron-web-view
|
unknown
|
||
|
https://github.com/facebook/react/issues/708.
|
unknown
|
||
|
https://github.com/fb55/domhandler?sponsor=1
|
unknown
|
||
|
https://w3c.github.io/manifest/#installability-signals
|
unknown
|
||
|
http://www.midnight-commander.org/browser/lib/tty/key.c
|
unknown
|
||
|
https://github.com/stiang/remove-markdown.git
|
unknown
|
||
|
https://tools.ietf.org/html/rfc7540#section-8.1.2.5
|
unknown
|
||
|
http://exslt.org/common
|
unknown
|
||
|
http://www.squid-cache.org/Doc/config/half_closed_clients/
|
unknown
|
||
|
https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
|
unknown
|
||
|
https://github.com/KhronosGroup/SPIRV-Headers.git
|
unknown
|
||
|
http://developers.google.com/speed/webp
|
unknown
|
||
|
https://jsperf.com/getall-vs-sizzle/2
|
unknown
|
||
|
https://issuetracker.google.com/161903006
|
unknown
|
||
|
https://github.com/nodejs/node/pull/33661
|
unknown
|
||
|
http://www.nongnu.org/freebangfont/downloads.html#mukti
|
unknown
|
||
|
http://narwhaljs.org)
|
unknown
|
||
|
https://api.jquery.com/addBack/
|
unknown
|
||
|
https://github.com/kriskowal/q
|
unknown
|
||
|
http://anglebug.com/1452
|
unknown
|
||
|
http://www.ogcio.gov.hk/tc/business/tech_promotion/ccli/terms/doc/hkscs-2008-big5-iso.txt
|
unknown
|
||
|
https://fb.me/react-special-props)
|
unknown
|
||
|
https://github.com/ChALkeR/safer-buffer#readme
|
unknown
|
||
|
https://www.chromestatus.com/feature/5738264052891648DeprecationReportBody
|
unknown
|
||
|
https://github.com/electron/electron/issues/18397.Module
|
unknown
|
||
|
http://travis-ci.org/substack/node-concat-map)
|
unknown
|
||
|
https://www.ecma-international.org/ecma-262/#sec-line-terminators
|
unknown
|
||
|
https://github.com/darrachequesne/has-binary/commit/2a7b25c))
|
unknown
|
||
|
https://sizzlejs.com/
|
unknown
|
||
|
https://www.iana.org/assignments/media-types/media-types.xhtml)
|
unknown
|
||
|
https://github.com/unshiftio/yeast.git
|
unknown
|
||
|
https://github.com/Qix-/color-convert.git
|
unknown
|
||
|
https://api.jquery.com/is/
|
unknown
|
||
|
https://github.com/get/parseuri
|
unknown
|
||
|
http://anglebug.com/3623
|
unknown
|
||
|
http://anglebug.com/3625
|
unknown
|
||
|
https://bugs.jquery.com/ticket/12359
|
unknown
|
||
|
https://github.com/visionmedia/debug#readme
|
unknown
|
||
|
http://anglebug.com/3624
|
unknown
|
||
|
http://www.unicode.org/copyright.html
|
unknown
|
||
|
https://beacons.gcp.gvt2.com/domainreliability/upload
|
unknown
|
||
|
https://github.com/facebook/react/pull/7232
|
unknown
|
||
|
https://crbug.com/1053756
|
unknown
|
||
|
https://issuetracker.google.com/issues/166475273
|
unknown
|
||
|
https://github.com/kriskowal/q/wiki/API-Reference
|
unknown
|
||
|
https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
|
unknown
|
||
|
https://heycam.github.io/webidl/#es-interfaces
|
unknown
|
||
|
https://api.jquery.com/removeAttr/
|
unknown
|
||
|
https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
|
unknown
|
||
|
http://ecma-international.org/ecma-262/7.0/#sec-tolength).
|
unknown
|
||
|
https://github.com/google/shaderc
|
unknown
|
||
|
https://github.com/facebook/jest.git
|
unknown
|
||
|
https://github.com/nodejs/node/issues
|
unknown
|
||
|
https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
|
unknown
|
||
|
https://bugs.chromium.org/p/chromium/issues/detail?id=378607
|
unknown
|
||
|
https://tc39.github.io/ecma262/#sec-object.prototype.tostring
|
unknown
|
||
|
https://url.spec.whatwg.org/#urlsearchparams
|
unknown
|
||
|
https://api.jquery.com/last/
|
unknown
|
||
|
https://infra.spec.whatwg.org/#ascii-whitespace
|
unknown
|
||
|
https://dejavu-fonts.github.io/Download.html
|
unknown
|
||
|
http://stackoverflow.com/a/16459606/376773
|
unknown
|
||
|
https://pagure.io/lohit
|
unknown
|
||
|
https://github.com/jquery/jquery.git
|
unknown
|
||
|
http://anglebug.com/3859
|
unknown
|
There are 90 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\f3057352-10e3-53a8-8e7d-c7f226474698
|
InstallLocation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\f3057352-10e3-53a8-8e7d-c7f226474698
|
KeepShortcuts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\f3057352-10e3-53a8-8e7d-c7f226474698
|
ShortcutName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f3057352-10e3-53a8-8e7d-c7f226474698
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f3057352-10e3-53a8-8e7d-c7f226474698
|
UninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f3057352-10e3-53a8-8e7d-c7f226474698
|
QuietUninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f3057352-10e3-53a8-8e7d-c7f226474698
|
DisplayVersion
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f3057352-10e3-53a8-8e7d-c7f226474698
|
DisplayIcon
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f3057352-10e3-53a8-8e7d-c7f226474698
|
Publisher
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f3057352-10e3-53a8-8e7d-c7f226474698
|
NoModify
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f3057352-10e3-53a8-8e7d-c7f226474698
|
NoRepair
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f3057352-10e3-53a8-8e7d-c7f226474698
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF7731F1000
|
unkown
|
page execute read
|
||
|
54B1000
|
heap
|
page read and write
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
55B0000
|
heap
|
page read and write
|
||
|
57B1000
|
heap
|
page read and write
|
||
|
55F0000
|
heap
|
page read and write
|
||
|
7FF7747BF000
|
unkown
|
page readonly
|
||
|
9B9000
|
heap
|
page read and write
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
5431000
|
heap
|
page read and write
|
||
|
7FF773BF1000
|
unkown
|
page execute read
|
||
|
29BF000
|
stack
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
57B1000
|
heap
|
page read and write
|
||
|
7FF774940000
|
unkown
|
page readonly
|
||
|
7FF775501000
|
unkown
|
page write copy
|
||
|
7FF774737000
|
unkown
|
page readonly
|
||
|
8E8000
|
heap
|
page read and write
|
||
|
214BCB25000
|
heap
|
page read and write
|
||
|
9CC000
|
heap
|
page read and write
|
||
|
7FF77411D000
|
unkown
|
page readonly
|
||
|
5652000
|
heap
|
page read and write
|
||
|
214BCB25000
|
heap
|
page read and write
|
||
|
999000
|
heap
|
page read and write
|
||
|
62B000
|
unkown
|
page readonly
|
||
|
940000
|
heap
|
page read and write
|
||
|
7FF774DC9000
|
unkown
|
page readonly
|
||
|
2F05000
|
heap
|
page read and write
|
||
|
7FF774940000
|
unkown
|
page readonly
|
||
|
2EFD000
|
heap
|
page read and write
|
||
|
7FF7747D5000
|
unkown
|
page readonly
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
7FF7749D8000
|
unkown
|
page readonly
|
||
|
9CC000
|
heap
|
page read and write
|
||
|
6C95000
|
direct allocation
|
page read and write
|
||
|
7FF771DF1000
|
unkown
|
page execute read
|
||
|
9D3000
|
heap
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
7FF77411D000
|
unkown
|
page readonly
|
||
|
52B1000
|
heap
|
page read and write
|
||
|
7FF76D7F1000
|
unkown
|
page execute read
|
||
|
942000
|
heap
|
page read and write
|
||
|
214BFACA000
|
heap
|
page read and write
|
||
|
7FF76D7F0000
|
unkown
|
page readonly
|
||
|
7FF771DF1000
|
unkown
|
page execute read
|
||
|
2E74000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
7FF77412F000
|
unkown
|
page readonly
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
9DD000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
7FF7747CA000
|
unkown
|
page readonly
|
||
|
5EA1000
|
heap
|
page read and write
|
||
|
4E8F000
|
stack
|
page read and write
|
||
|
214BFAC4000
|
heap
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
75F4000
|
direct allocation
|
page read and write
|
||
|
7FF775508000
|
unkown
|
page write copy
|
||
|
6020000
|
heap
|
page read and write
|
||
|
2EF4000
|
heap
|
page read and write
|
||
|
7FF774B83000
|
unkown
|
page readonly
|
||
|
5670000
|
heap
|
page read and write
|
||
|
999000
|
heap
|
page read and write
|
||
|
780B000
|
direct allocation
|
page read and write
|
||
|
7FF775926000
|
unkown
|
page readonly
|
||
|
7FF774C67000
|
unkown
|
page readonly
|
||
|
41E000
|
unkown
|
page read and write
|
||
|
5240000
|
direct allocation
|
page read and write
|
||
|
214BFAC4000
|
heap
|
page read and write
|
||
|
214BFCD6000
|
heap
|
page read and write
|
||
|
7FF775344000
|
unkown
|
page readonly
|
||
|
214BCAC3000
|
heap
|
page read and write
|
||
|
564F000
|
heap
|
page read and write
|
||
|
57F0000
|
heap
|
page read and write
|
||
|
5530000
|
heap
|
page read and write
|
||
|
7FF77412F000
|
unkown
|
page readonly
|
||
|
942000
|
heap
|
page read and write
|
||
|
4FCD000
|
stack
|
page read and write
|
||
|
7FF76EBF1000
|
unkown
|
page execute read
|
||
|
3094000
|
unkown
|
page readonly
|
||
|
7FF76EBF1000
|
unkown
|
page execute read
|
||
|
3092000
|
unkown
|
page readonly
|
||
|
7FF7727F1000
|
unkown
|
page execute read
|
||
|
2E72000
|
heap
|
page read and write
|
||
|
7FF7753D3000
|
unkown
|
page readonly
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
7FF76D7F1000
|
unkown
|
page execute read
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
7FF774946000
|
unkown
|
page readonly
|
||
|
7FF774D9A000
|
unkown
|
page readonly
|
||
|
7FF774CA4000
|
unkown
|
page readonly
|
||
|
7FF774CAC000
|
unkown
|
page readonly
|
||
|
5832000
|
heap
|
page read and write
|
||
|
5331000
|
heap
|
page read and write
|
||
|
7FF7747DF000
|
unkown
|
page readonly
|
||
|
5BB0000
|
direct allocation
|
page read and write
|
||
|
2F05000
|
heap
|
page read and write
|
||
|
214BFADD000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
214BFAD4000
|
heap
|
page read and write
|
||
|
777B000
|
direct allocation
|
page read and write
|
||
|
942000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
912000
|
heap
|
page read and write
|
||
|
7517000
|
direct allocation
|
page read and write
|
||
|
7FF774D3C000
|
unkown
|
page readonly
|
||
|
54B0000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
999000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
7FF774D3C000
|
unkown
|
page readonly
|
||
|
7FF7731F1000
|
unkown
|
page execute read
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
56F1000
|
heap
|
page read and write
|
||
|
765C000
|
direct allocation
|
page read and write
|
||
|
5F21000
|
heap
|
page read and write
|
||
|
2F05000
|
heap
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
469000
|
unkown
|
page read and write
|
||
|
5EA80051C000
|
direct allocation
|
page read and write
|
||
|
74A0000
|
direct allocation
|
page read and write
|
||
|
7FF7753D3000
|
unkown
|
page readonly
|
||
|
7FF76D7F0000
|
unkown
|
page readonly
|
||
|
5772000
|
heap
|
page read and write
|
||
|
7FF76FFF1000
|
unkown
|
page execute read
|
||
|
5531000
|
heap
|
page read and write
|
||
|
57B1000
|
heap
|
page read and write
|
||
|
5671000
|
heap
|
page read and write
|
||
|
214BFADD000
|
heap
|
page read and write
|
||
|
214BFB69000
|
heap
|
page read and write
|
||
|
56F0000
|
heap
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
29CD000
|
heap
|
page read and write
|
||
|
55F000
|
unkown
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
54B1000
|
heap
|
page read and write
|
||
|
214BFCD6000
|
heap
|
page read and write
|
||
|
30A1000
|
heap
|
page read and write
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
5FA0000
|
heap
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
94A000
|
heap
|
page read and write
|
||
|
7FF76F5F1000
|
unkown
|
page execute read
|
||
|
6269000
|
heap
|
page read and write
|
||
|
7FF774A60000
|
unkown
|
page readonly
|
||
|
9C4000
|
heap
|
page read and write
|
||
|
9A9000
|
heap
|
page read and write
|
||
|
7FF773BF1000
|
unkown
|
page execute read
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
52B0000
|
heap
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
214BFADD000
|
heap
|
page read and write
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
4EA7000
|
heap
|
page read and write
|
||
|
5F20000
|
heap
|
page read and write
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
7FF774CD0000
|
unkown
|
page readonly
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
7FF7713F1000
|
unkown
|
page execute read
|
||
|
6021000
|
heap
|
page read and write
|
||
|
61A1000
|
heap
|
page read and write
|
||
|
214BCB25000
|
heap
|
page read and write
|
||
|
4FB000
|
unkown
|
page read and write
|
||
|
7FF775344000
|
unkown
|
page readonly
|
||
|
9DB000
|
heap
|
page read and write
|
||
|
999000
|
heap
|
page read and write
|
||
|
214BFAC5000
|
heap
|
page read and write
|
||
|
54F0000
|
heap
|
page read and write
|
||
|
7E7000
|
heap
|
page read and write
|
||
|
57B1000
|
heap
|
page read and write
|
||
|
7FF76D7F1000
|
unkown
|
page execute read
|
||
|
5730000
|
heap
|
page read and write
|
||
|
5AD0000
|
direct allocation
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
7FF7709F1000
|
unkown
|
page execute read
|
||
|
5F60000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
5731000
|
heap
|
page read and write
|
||
|
5772000
|
heap
|
page read and write
|
||
|
9DB000
|
heap
|
page read and write
|
||
|
7FF76F5F1000
|
unkown
|
page execute read
|
||
|
7FF77495B000
|
unkown
|
page readonly
|
||
|
61E9000
|
heap
|
page read and write
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
6228000
|
heap
|
page read and write
|
||
|
214BCB25000
|
heap
|
page read and write
|
||
|
29C6000
|
heap
|
page read and write
|
||
|
9AA000
|
heap
|
page read and write
|
||
|
7FF774127000
|
unkown
|
page readonly
|
||
|
7FF7747DF000
|
unkown
|
page readonly
|
||
|
9A9000
|
heap
|
page read and write
|
||
|
700A000
|
direct allocation
|
page read and write
|
||
|
7FF77522C000
|
unkown
|
page readonly
|
||
|
5631000
|
heap
|
page read and write
|
||
|
7FF7727F1000
|
unkown
|
page execute read
|
||
|
4D9E000
|
heap
|
page read and write
|
||
|
214BFAC6000
|
heap
|
page read and write
|
||
|
7FF774946000
|
unkown
|
page readonly
|
||
|
5FE0000
|
heap
|
page read and write
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
999000
|
heap
|
page read and write
|
||
|
2470000
|
heap
|
page read and write
|
||
|
5EA800568000
|
direct allocation
|
page read and write
|
||
|
9AA000
|
heap
|
page read and write
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
7FF76D7F0000
|
unkown
|
page readonly
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
214BFAC4000
|
heap
|
page read and write
|
||
|
7FF76FFF1000
|
unkown
|
page execute read
|
||
|
7FF7747BF000
|
unkown
|
page readonly
|
||
|
55B0000
|
heap
|
page read and write
|
||
|
7FF774A60000
|
unkown
|
page readonly
|
||
|
999000
|
heap
|
page read and write
|
||
|
5EA80024C000
|
direct allocation
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
2EB5000
|
heap
|
page read and write
|
||
|
28BC000
|
stack
|
page read and write
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
7FF774976000
|
unkown
|
page readonly
|
||
|
4FB3000
|
heap
|
page read and write
|
||
|
4FF000
|
unkown
|
page read and write
|
||
|
5531000
|
heap
|
page read and write
|
||
|
62A8000
|
heap
|
page read and write
|
||
|
4ECC000
|
stack
|
page read and write
|
||
|
61E0000
|
heap
|
page read and write
|
||
|
5EA0000
|
heap
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
7FF7747D0000
|
unkown
|
page readonly
|
||
|
7FF7747EA000
|
unkown
|
page readonly
|
||
|
40E000
|
unkown
|
page read and write
|
||
|
56F1000
|
heap
|
page read and write
|
||
|
4590000
|
trusted library allocation
|
page read and write
|
||
|
7FF775C80000
|
unkown
|
page execute read
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
214BCAC8000
|
heap
|
page read and write
|
||
|
57F1000
|
heap
|
page read and write
|
||
|
6AA0000
|
direct allocation
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
7FF774A60000
|
unkown
|
page readonly
|
||
|
7FF774737000
|
unkown
|
page readonly
|
||
|
5FA1000
|
heap
|
page read and write
|
||
|
2EB4000
|
heap
|
page read and write
|
||
|
7FF775501000
|
unkown
|
page write copy
|
||
|
441308202000
|
direct allocation
|
page read and write
|
||
|
2E74000
|
heap
|
page read and write
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
5530000
|
heap
|
page read and write
|
||
|
9CF000
|
heap
|
page read and write
|
||
|
7FF774D9A000
|
unkown
|
page readonly
|
||
|
75C3000
|
direct allocation
|
page read and write
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
3300000
|
direct allocation
|
page read and write
|
||
|
57F1000
|
heap
|
page read and write
|
||
|
57B1000
|
heap
|
page read and write
|
||
|
6328000
|
heap
|
page read and write
|
||
|
7FF774D9A000
|
unkown
|
page readonly
|
||
|
7FF7749D8000
|
unkown
|
page readonly
|
||
|
9D1000
|
heap
|
page read and write
|
||
|
7FF7747D0000
|
unkown
|
page readonly
|
||
|
9CC000
|
heap
|
page read and write
|
||
|
57B2000
|
heap
|
page read and write
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
214BCAA9000
|
heap
|
page read and write
|
||
|
214BCAC8000
|
heap
|
page read and write
|
||
|
7FF775242000
|
unkown
|
page readonly
|
||
|
55F0000
|
heap
|
page read and write
|
||
|
7FF774127000
|
unkown
|
page readonly
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
2EF4000
|
heap
|
page read and write
|
||
|
5831000
|
heap
|
page read and write
|
||
|
214BFAD2000
|
heap
|
page read and write
|
||
|
7E7000
|
heap
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
5370000
|
heap
|
page read and write
|
||
|
7FF7747BF000
|
unkown
|
page readonly
|
||
|
57B1000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
7FF76EBF1000
|
unkown
|
page execute read
|
||
|
5430000
|
heap
|
page read and write
|
||
|
9CC000
|
heap
|
page read and write
|
||
|
7FF774974000
|
unkown
|
page readonly
|
||
|
7FF77518A000
|
unkown
|
page readonly
|
||
|
999000
|
heap
|
page read and write
|
||
|
9DB000
|
heap
|
page read and write
|
||
|
5330000
|
heap
|
page read and write
|
||
|
942000
|
heap
|
page read and write
|
||
|
5631000
|
heap
|
page read and write
|
||
|
7FF775508000
|
unkown
|
page write copy
|
||
|
31B2000
|
heap
|
page read and write
|
||
|
7FF774CA4000
|
unkown
|
page readonly
|
||
|
2EF6000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
214BCAC9000
|
heap
|
page read and write
|
||
|
214BFB69000
|
heap
|
page read and write
|
||
|
7FF775508000
|
unkown
|
page write copy
|
||
|
7FF77495B000
|
unkown
|
page readonly
|
||
|
7FF7713F1000
|
unkown
|
page execute read
|
||
|
7FF774DC9000
|
unkown
|
page readonly
|
||
|
79E000
|
stack
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
5B30000
|
direct allocation
|
page read and write
|
||
|
2EB4000
|
heap
|
page read and write
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
9CC000
|
heap
|
page read and write
|
||
|
214BCB25000
|
heap
|
page read and write
|
||
|
7FF774C67000
|
unkown
|
page readonly
|
||
|
214BFCD6000
|
heap
|
page read and write
|
||
|
214BFCD6000
|
heap
|
page read and write
|
||
|
942000
|
heap
|
page read and write
|
||
|
6FA1000
|
direct allocation
|
page read and write
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
7FF775C80000
|
unkown
|
page execute read
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
7503000
|
direct allocation
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
5F60000
|
heap
|
page read and write
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
214BFACC000
|
heap
|
page read and write
|
||
|
7FF775242000
|
unkown
|
page readonly
|
||
|
6DBC000
|
direct allocation
|
page read and write
|
||
|
214BFCD6000
|
heap
|
page read and write
|
||
|
55F0000
|
heap
|
page read and write
|
||
|
7FF77518A000
|
unkown
|
page readonly
|
||
|
5EA800454000
|
direct allocation
|
page read and write
|
||
|
31B0000
|
direct allocation
|
page read and write
|
||
|
7FF77518A000
|
unkown
|
page readonly
|
||
|
2EFC000
|
heap
|
page read and write
|
||
|
5190000
|
direct allocation
|
page read and write
|
||
|
7FF774D3C000
|
unkown
|
page readonly
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
9DC000
|
heap
|
page read and write
|
||
|
9AA000
|
heap
|
page read and write
|
||
|
6C12000
|
direct allocation
|
page read and write
|
||
|
7FF773BF1000
|
unkown
|
page execute read
|
||
|
61A0000
|
heap
|
page read and write
|
||
|
5EA800560000
|
direct allocation
|
page read and write
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
564F000
|
heap
|
page read and write
|
||
|
7FF774DC9000
|
unkown
|
page readonly
|
||
|
7FF775926000
|
unkown
|
page readonly
|
||
|
6121000
|
heap
|
page read and write
|
||
|
7FF7747DF000
|
unkown
|
page readonly
|
||
|
7FF775242000
|
unkown
|
page readonly
|
||
|
5F21000
|
heap
|
page read and write
|
||
|
564F000
|
heap
|
page read and write
|
||
|
61E0000
|
heap
|
page read and write
|
||
|
7FF774127000
|
unkown
|
page readonly
|
||
|
483000
|
unkown
|
page read and write
|
||
|
2EFD000
|
heap
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
7FF77452E000
|
unkown
|
page readonly
|
||
|
7FF774974000
|
unkown
|
page readonly
|
||
|
7FF774AA6000
|
unkown
|
page readonly
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
5431000
|
heap
|
page read and write
|
||
|
5530000
|
heap
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
6120000
|
heap
|
page read and write
|
||
|
55B1000
|
heap
|
page read and write
|
||
|
56F2000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
214BFCD6000
|
heap
|
page read and write
|
||
|
7FF77495B000
|
unkown
|
page readonly
|
||
|
5F20000
|
heap
|
page read and write
|
||
|
7FF7747D0000
|
unkown
|
page readonly
|
||
|
6740000
|
direct allocation
|
page read and write
|
||
|
7FF76FFF1000
|
unkown
|
page execute read
|
||
|
9DB000
|
heap
|
page read and write
|
||
|
66A0000
|
direct allocation
|
page read and write
|
||
|
9DB000
|
heap
|
page read and write
|
||
|
2EB4000
|
heap
|
page read and write
|
||
|
57B1000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
214BCAC3000
|
heap
|
page read and write
|
||
|
7FF774946000
|
unkown
|
page readonly
|
||
|
7075000
|
direct allocation
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
7FF76E1F1000
|
unkown
|
page execute read
|
||
|
ADF000
|
stack
|
page read and write
|
||
|
53B1000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
7FF77411D000
|
unkown
|
page readonly
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
9CC000
|
heap
|
page read and write
|
||
|
7FF7747EA000
|
unkown
|
page readonly
|
||
|
7FF77522C000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7FF774CA4000
|
unkown
|
page readonly
|
||
|
448000
|
unkown
|
page read and write
|
||
|
5630000
|
heap
|
page read and write
|
||
|
5330000
|
heap
|
page read and write
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
7FF774B83000
|
unkown
|
page readonly
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
5EA1000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
31A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF774AA6000
|
unkown
|
page readonly
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
7FF7749D8000
|
unkown
|
page readonly
|
||
|
6060000
|
heap
|
page read and write
|
||
|
74A0000
|
direct allocation
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
6AA0000
|
direct allocation
|
page read and write
|
||
|
60E0000
|
heap
|
page read and write
|
||
|
7FF76F5F1000
|
unkown
|
page execute read
|
||
|
7FF7747D5000
|
unkown
|
page readonly
|
||
|
62E9000
|
heap
|
page read and write
|
||
|
7D8000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
5830000
|
heap
|
page read and write
|
||
|
6FE5000
|
direct allocation
|
page read and write
|
||
|
999000
|
heap
|
page read and write
|
||
|
7FF774AA6000
|
unkown
|
page readonly
|
||
|
7FF771DF1000
|
unkown
|
page execute read
|
||
|
5770000
|
heap
|
page read and write
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
6AA0000
|
direct allocation
|
page read and write
|
||
|
6160000
|
heap
|
page read and write
|
||
|
5731000
|
heap
|
page read and write
|
||
|
7665000
|
direct allocation
|
page read and write
|
||
|
214BFAC0000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
214BCB25000
|
heap
|
page read and write
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
999000
|
heap
|
page read and write
|
||
|
7FF775C84000
|
unkown
|
page readonly
|
||
|
4D90000
|
direct allocation
|
page read and write
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
62B000
|
unkown
|
page readonly
|
||
|
7FF7709F1000
|
unkown
|
page execute read
|
||
|
7FF7747F5000
|
unkown
|
page readonly
|
||
|
7FF7747F5000
|
unkown
|
page readonly
|
||
|
9DB000
|
heap
|
page read and write
|
||
|
2474000
|
heap
|
page read and write
|
||
|
214BFCD6000
|
heap
|
page read and write
|
||
|
61A1000
|
heap
|
page read and write
|
||
|
66A0000
|
direct allocation
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
9AA000
|
heap
|
page read and write
|
||
|
7FF77452E000
|
unkown
|
page readonly
|
||
|
9B9000
|
heap
|
page read and write
|
||
|
94A000
|
heap
|
page read and write
|
||
|
5FA2000
|
heap
|
page read and write
|
||
|
7FF7713F1000
|
unkown
|
page execute read
|
||
|
7FF774737000
|
unkown
|
page readonly
|
||
|
214BFADD000
|
heap
|
page read and write
|
||
|
2EF5000
|
heap
|
page read and write
|
||
|
7FF7747CA000
|
unkown
|
page readonly
|
||
|
5CB0000
|
direct allocation
|
page read and write
|
||
|
7FF775C84000
|
unkown
|
page readonly
|
||
|
999000
|
heap
|
page read and write
|
||
|
7FF775344000
|
unkown
|
page readonly
|
||
|
214BFADD000
|
heap
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
7FF775501000
|
unkown
|
page write copy
|
||
|
214BFADD000
|
heap
|
page read and write
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
214BCAC0000
|
heap
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
214BFCD6000
|
heap
|
page read and write
|
||
|
93D000
|
heap
|
page read and write
|
||
|
9D3000
|
heap
|
page read and write
|
||
|
5731000
|
heap
|
page read and write
|
||
|
7FF7709F1000
|
unkown
|
page execute read
|
||
|
BDF000
|
stack
|
page read and write
|
||
|
9DB000
|
heap
|
page read and write
|
||
|
999000
|
heap
|
page read and write
|
||
|
7FF7747CA000
|
unkown
|
page readonly
|
||
|
7FF774CAC000
|
unkown
|
page readonly
|
||
|
7FF774CD0000
|
unkown
|
page readonly
|
||
|
5AB0000
|
direct allocation
|
page read and write
|
||
|
214BFACA000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
214BFAD7000
|
heap
|
page read and write
|
||
|
214BFCD6000
|
heap
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
60A1000
|
heap
|
page read and write
|
||
|
5661000
|
heap
|
page read and write
|
||
|
9DB000
|
heap
|
page read and write
|
||
|
6268000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
9AA000
|
heap
|
page read and write
|
||
|
5731000
|
heap
|
page read and write
|
||
|
52B1000
|
heap
|
page read and write
|
||
|
7FF77522C000
|
unkown
|
page readonly
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
214BCB25000
|
heap
|
page read and write
|
||
|
30A1000
|
heap
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
7FF77412F000
|
unkown
|
page readonly
|
||
|
5EA800560000
|
direct allocation
|
page read and write
|
||
|
7FF774B83000
|
unkown
|
page readonly
|
||
|
70D3000
|
direct allocation
|
page read and write
|
||
|
214BFADD000
|
heap
|
page read and write
|
||
|
7FF774CAC000
|
unkown
|
page readonly
|
||
|
5C30000
|
direct allocation
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
214BCB25000
|
heap
|
page read and write
|
||
|
9A9000
|
heap
|
page read and write
|
||
|
4FE3000
|
heap
|
page read and write
|
||
|
943000
|
heap
|
page read and write
|
||
|
7FF775926000
|
unkown
|
page readonly
|
||
|
999000
|
heap
|
page read and write
|
||
|
62E8000
|
heap
|
page read and write
|
||
|
2EF5000
|
heap
|
page read and write
|
||
|
7102000
|
direct allocation
|
page read and write
|
||
|
7FF774974000
|
unkown
|
page readonly
|
||
|
7FF77452E000
|
unkown
|
page readonly
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
7FF774C67000
|
unkown
|
page readonly
|
||
|
99D000
|
heap
|
page read and write
|
||
|
55F0000
|
heap
|
page read and write
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
58B0000
|
direct allocation
|
page read and write
|
||
|
412000
|
unkown
|
page read and write
|
||
|
999000
|
heap
|
page read and write
|
||
|
9DD000
|
heap
|
page read and write
|
||
|
6C9A000
|
direct allocation
|
page read and write
|
||
|
5671000
|
heap
|
page read and write
|
||
|
999000
|
heap
|
page read and write
|
||
|
5EE0000
|
heap
|
page read and write
|
||
|
214BFAD4000
|
heap
|
page read and write
|
||
|
214BFADD000
|
heap
|
page read and write
|
||
|
94D000
|
heap
|
page read and write
|
||
|
2F04000
|
heap
|
page read and write
|
||
|
6CE0000
|
direct allocation
|
page read and write
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
55F0000
|
heap
|
page read and write
|
||
|
9DD000
|
heap
|
page read and write
|
||
|
8BE000
|
stack
|
page read and write
|
||
|
2EFD000
|
heap
|
page read and write
|
||
|
7FF774976000
|
unkown
|
page readonly
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
7FF7753D3000
|
unkown
|
page readonly
|
||
|
5F60000
|
heap
|
page read and write
|
||
|
7FF76E1F1000
|
unkown
|
page execute read
|
||
|
60A0000
|
heap
|
page read and write
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
7FF774976000
|
unkown
|
page readonly
|
||
|
93D000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
2EF6000
|
heap
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
9A9000
|
heap
|
page read and write
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
2EB4000
|
heap
|
page read and write
|
||
|
7FF7747F5000
|
unkown
|
page readonly
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
86C000
|
stack
|
page read and write
|
||
|
7FF7747D5000
|
unkown
|
page readonly
|
||
|
7FF774940000
|
unkown
|
page readonly
|
||
|
7FF774CD0000
|
unkown
|
page readonly
|
||
|
55B1000
|
heap
|
page read and write
|
||
|
7FF7731F1000
|
unkown
|
page execute read
|
||
|
61E8000
|
heap
|
page read and write
|
||
|
7FF7727F1000
|
unkown
|
page execute read
|
||
|
3090000
|
unkown
|
page readonly
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
3091000
|
unkown
|
page execute read
|
||
|
999000
|
heap
|
page read and write
|
||
|
7FF76E1F1000
|
unkown
|
page execute read
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
7FF7747EA000
|
unkown
|
page readonly
|
||
|
9CC000
|
heap
|
page read and write
|
||
|
999000
|
heap
|
page read and write
|
There are 575 hidden memdumps, click here to show them.