Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
IdeaShareKeyInstaller.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\IdeaShareKey\ACE.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\APConfig.ini
|
Generic INItialization configuration [CONNECTION]
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\DumpTypeConfig.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\EUAConfig.ini
|
Generic INItialization configuration [EUA]
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\FaultReport.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\HME_Video.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263D.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H263E.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264D.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_H264E.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\HME_Video_Srtp_ALG.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\HW_H265dec_Win32D.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKey.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\Log\IdeaShareService.log
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\Qt5Core.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\Qt5Gui.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\Qt5Network.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\Qt5Widgets.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\QtSingleApp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-debug-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-errorhandling-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l1-2-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-file-l2-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-handle-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-heap-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-interlocked-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-io-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-libraryloader-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localization-l1-2-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-localregistry-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-memory-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-misc-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processenvironment-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-processthreads-l1-1-1.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-profile-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-rtlsupport-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-string-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-synch-l1-2-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-sysinfo-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-timezone-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-core-util-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-conio-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-convert-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-environment-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-filesystem-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-heap-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-locale-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-math-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-multibyte-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-private-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-process-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-runtime-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-stdio-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-string-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-time-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-crt-utility-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-downlevel-kernel32-l2-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-eventing-provider-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\api-ms-win-security-base-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\concrt140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\ctk.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\dbgcore.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\dbghelp.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\ecscommon.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\ecsdata.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\ecsframework.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\fr_config.ini
|
Generic INItialization configuration [CONFIGPATH]
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\fr_lang.ini
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\fr_plugin.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\h265EncDll.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\hwuc.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\ideasharesdk.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\language.txt
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\libcrypto-1_1.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\libipsi_crypto.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\libipsi_osal.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\libipsi_pse.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\libipsi_ssl.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\libssl-1_1.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\log_config.ini
|
Unicode text, UTF-16, little-endian text, with CRLF, CR line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\mfc110.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\mfc110u.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\mfc140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\mfc140u.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\mfcm140.dll
|
PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\mfcm140u.dll
|
PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\msvcp110.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\msvcr100.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\msvcr110.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\platforms\qwindows.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\rtp.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\securec.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\tup_air_client.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\tup_call_mediaservice.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\tup_call_video.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\tup_commonlib.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\tup_dns.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\tup_exception.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\tup_https_clt.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\tup_httptrans.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\tup_login.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\tup_msg.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\tup_os_adapter.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\tup_publiclib.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\tup_rtp.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\tup_xml.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\ucrtbase.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\uninst.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\vccorlib140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\zlib.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsv954A.tmp\FindProcDLL.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsv954A.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsv954A.tmp\UserInfo.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsv954A.tmp\nsExec.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
There are 113 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\IdeaShareKeyInstaller.exe
|
C:\Users\user\Desktop\IdeaShareKeyInstaller.exe
|
|
|
|
C:\Windows\SysWOW64\taskkill.exe
|
"taskkill" /F /T /IM FaultReport.exe
|
|
|
|
C:\Windows\SysWOW64\taskkill.exe
|
"taskkill" /F /T /IM IdeaShareKey.exe
|
|
|
|
C:\Windows\SysWOW64\taskkill.exe
|
taskkill" /F /IM IdeaShareService.exe /FI "STATUS eq running
|
|
|
|
C:\Windows\SysWOW64\taskkill.exe
|
"taskkill" /F /T /IM FaultReport.exe
|
|
|
|
C:\Windows\SysWOW64\taskkill.exe
|
"taskkill" /F /T /IM IdeaShareKey.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /delete /tn /f
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /xml C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.xml /tn IdeaShareServiceAt20230526130440
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe
|
C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe
|
C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe C:\Windows\system32\config\systemprofile\AppData\Local\IdeaShareKey\IdeaShareService.exe
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe
|
"C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe" service
|
||
|
C:\Windows\System32\dllhost.exe
|
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe
|
"C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe" service
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe
|
"C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe" service
|
||
|
C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe
|
"C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareService.exe" service
|
There are 12 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.phreedom.org/md5)
|
unknown
|
||
|
http://bugreports.qt.io/_q_receiveReplyMicrosoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogi
|
unknown
|
||
|
http://www.phreedom.org/md5)08:27
|
unknown
|
||
|
http://www.aiim.org/pdfa/ns/id/
|
unknown
|
||
|
https://www.openssl.org/H
|
unknown
|
||
|
https://%s/getClientParam.action?client=%s®iste=%u
|
unknown
|
||
|
http://%s/Ws/SmcExternal2.asmx
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://%s/Ws/SmcExternal2.asmx
|
unknown
|
||
|
https://%u.%u.%u.%u:%u%s
|
unknown
|
||
|
http://www.color.org)
|
unknown
|
||
|
http://bugreports.qt.io/
|
unknown
|
||
|
https://curCA.zipcurCA.tgz/newCA.tgz:8544/eua/rest/cert/downloadstup_http_download_file
|
unknown
|
||
|
https://curl.haxx.se/docs/http-cookies.html
|
unknown
|
There are 4 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
|
C:\Users\user\AppData\Local\IdeaShareKey\IdeaShareKey.exe
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\IdeaShareKey\IdeaShareKey
|
Installer Language
|
||
|
HKEY_CURRENT_USER\Software\IdeaShareKey\IdeaShareKey
|
Installer Language
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
|
IdeaShareKey
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3EE000
|
unkown
|
page read and write
|
||
|
33CE000
|
heap
|
page read and write
|
||
|
51DE000
|
stack
|
page read and write
|
||
|
7FF5B1FAB000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
11D3000
|
unkown
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
28D3000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
1231000
|
unkown
|
page readonly
|
||
|
11C1000
|
unkown
|
page execute read
|
||
|
11C0000
|
unkown
|
page readonly
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
314A000
|
heap
|
page read and write
|
||
|
6C783000
|
unkown
|
page readonly
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
28D7000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
11FA000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
11D4000
|
unkown
|
page readonly
|
||
|
529F000
|
stack
|
page read and write
|
||
|
6C768000
|
unkown
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
3107000
|
heap
|
page read and write
|
||
|
6C783000
|
unkown
|
page readonly
|
||
|
22BAF602000
|
unkown
|
page read and write
|
||
|
11FA000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
310B000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
312E000
|
heap
|
page read and write
|
||
|
3291000
|
heap
|
page read and write
|
||
|
3137000
|
heap
|
page read and write
|
||
|
501000
|
unkown
|
page readonly
|
||
|
241F000
|
stack
|
page read and write
|
||
|
6CAD2000
|
unkown
|
page write copy
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
327E000
|
heap
|
page read and write
|
||
|
2D6E4995000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
740000
|
trusted library allocation
|
page read and write
|
||
|
6CC13000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
359D000
|
heap
|
page read and write
|
||
|
51DF000
|
stack
|
page read and write
|
||
|
7FF5B1F57000
|
unkown
|
page readonly
|
||
|
3127000
|
heap
|
page read and write
|
||
|
A09C67B000
|
stack
|
page read and write
|
||
|
11CD000
|
unkown
|
page readonly
|
||
|
3160000
|
heap
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
11CD000
|
unkown
|
page readonly
|
||
|
35BF000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
28D2000
|
heap
|
page read and write
|
||
|
30FF000
|
heap
|
page read and write
|
||
|
92F000
|
stack
|
page read and write
|
||
|
35D0000
|
heap
|
page read and write
|
||
|
519F000
|
stack
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
30FD000
|
heap
|
page read and write
|
||
|
28D5000
|
heap
|
page read and write
|
||
|
70E000
|
stack
|
page read and write
|
||
|
32BC000
|
stack
|
page read and write
|
||
|
35BF000
|
heap
|
page read and write
|
||
|
33EE000
|
stack
|
page read and write
|
||
|
7FF5B2027000
|
unkown
|
page readonly
|
||
|
6F651000
|
unkown
|
page readonly
|
||
|
325A000
|
heap
|
page read and write
|
||
|
30F9000
|
heap
|
page read and write
|
||
|
3415000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
311D000
|
heap
|
page read and write
|
||
|
30FC000
|
heap
|
page read and write
|
||
|
3598000
|
heap
|
page read and write
|
||
|
35C3000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6D2000
|
heap
|
page read and write
|
||
|
11C1000
|
unkown
|
page execute read
|
||
|
720000
|
heap
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
11D4000
|
unkown
|
page readonly
|
||
|
6F661000
|
unkown
|
page execute read
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
32B8000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
504E000
|
stack
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
B2E000
|
stack
|
page read and write
|
||
|
F70BB7D000
|
stack
|
page read and write
|
||
|
329C000
|
heap
|
page read and write
|
||
|
22BAEE41000
|
unkown
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
8FC000
|
stack
|
page read and write
|
||
|
6CAD3000
|
unkown
|
page write copy
|
||
|
2D6E47B5000
|
heap
|
page read and write
|
||
|
3570000
|
heap
|
page read and write
|
||
|
3167000
|
heap
|
page read and write
|
||
|
8AF000
|
stack
|
page read and write
|
||
|
2D45000
|
heap
|
page read and write
|
||
|
32B8000
|
heap
|
page read and write
|
||
|
59F000
|
unkown
|
page read and write
|
||
|
22BAF390000
|
unkown
|
page readonly
|
||
|
703151E000
|
unkown
|
page read and write
|
||
|
67E000
|
stack
|
page read and write
|
||
|
22BAEE24000
|
unkown
|
page read and write
|
||
|
359C000
|
heap
|
page read and write
|
||
|
2E3A000
|
stack
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
28DA000
|
heap
|
page read and write
|
||
|
6CAD6000
|
unkown
|
page read and write
|
||
|
2D6E479B000
|
heap
|
page read and write
|
||
|
761000
|
heap
|
page read and write
|
||
|
30FF000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
35C8000
|
heap
|
page read and write
|
||
|
2D05000
|
heap
|
page read and write
|
||
|
244B36F5000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
30E8000
|
heap
|
page read and write
|
||
|
4640000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
11FA000
|
unkown
|
page readonly
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
7FF5B1F61000
|
unkown
|
page readonly
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
28DC000
|
heap
|
page read and write
|
||
|
35B9000
|
heap
|
page read and write
|
||
|
703149A000
|
stack
|
page read and write
|
||
|
30FD000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
11C1000
|
unkown
|
page execute read
|
||
|
52BF000
|
stack
|
page read and write
|
||
|
11CD000
|
unkown
|
page readonly
|
||
|
630000
|
heap
|
page read and write
|
||
|
3257000
|
heap
|
page read and write
|
||
|
62E000
|
stack
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
6CAD0000
|
unkown
|
page read and write
|
||
|
30FE000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
35B3000
|
heap
|
page read and write
|
||
|
313F000
|
heap
|
page read and write
|
||
|
6CAD8000
|
unkown
|
page readonly
|
||
|
30FF000
|
heap
|
page read and write
|
||
|
28DC000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
318A000
|
heap
|
page read and write
|
||
|
2DDC000
|
stack
|
page read and write
|
||
|
2D6E52D0000
|
trusted library allocation
|
page read and write
|
||
|
2D6E4750000
|
heap
|
page read and write
|
||
|
244B37B3000
|
heap
|
page read and write
|
||
|
11FA000
|
unkown
|
page readonly
|
||
|
28D7000
|
heap
|
page read and write
|
||
|
3292000
|
heap
|
page read and write
|
||
|
3225000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
3117000
|
heap
|
page read and write
|
||
|
1231000
|
unkown
|
page readonly
|
||
|
40C000
|
unkown
|
page read and write
|
||
|
32B7000
|
heap
|
page read and write
|
||
|
96E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
244B3792000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
28D9000
|
heap
|
page read and write
|
||
|
6CAD6000
|
unkown
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
30FD000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
2CA9000
|
heap
|
page read and write
|
||
|
311E000
|
heap
|
page read and write
|
||
|
6F661000
|
unkown
|
page execute read
|
||
|
634000
|
heap
|
page read and write
|
||
|
9AF000
|
stack
|
page read and write
|
||
|
F70B5FB000
|
stack
|
page read and write
|
||
|
6C7A1000
|
unkown
|
page execute read
|
||
|
28D2000
|
heap
|
page read and write
|
||
|
1231000
|
unkown
|
page readonly
|
||
|
778000
|
heap
|
page read and write
|
||
|
104E000
|
stack
|
page read and write
|
||
|
70318FF000
|
stack
|
page read and write
|
||
|
30FB000
|
heap
|
page read and write
|
||
|
6CAD0000
|
unkown
|
page read and write
|
||
|
34CE000
|
stack
|
page read and write
|
||
|
30F8000
|
heap
|
page read and write
|
||
|
11D3000
|
unkown
|
page read and write
|
||
|
244B36F0000
|
heap
|
page read and write
|
||
|
30F9000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
244B3755000
|
heap
|
page read and write
|
||
|
6C764000
|
unkown
|
page read and write
|
||
|
303C000
|
stack
|
page read and write
|
||
|
6F6C2000
|
unkown
|
page read and write
|
||
|
3268000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
244B377D000
|
heap
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
11CD000
|
unkown
|
page readonly
|
||
|
78C000
|
heap
|
page read and write
|
||
|
6C768000
|
unkown
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
462000
|
unkown
|
page read and write
|
||
|
326C000
|
heap
|
page read and write
|
||
|
6C783000
|
unkown
|
page readonly
|
||
|
511E000
|
stack
|
page read and write
|
||
|
6CAD0000
|
unkown
|
page read and write
|
||
|
7FF5B1CAD000
|
unkown
|
page readonly
|
||
|
35A8000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
7FF5B1FA2000
|
unkown
|
page readonly
|
||
|
3250000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6C76A000
|
unkown
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
11CD000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
11C0000
|
unkown
|
page readonly
|
||
|
3617000
|
heap
|
page read and write
|
||
|
6F640000
|
unkown
|
page readonly
|
||
|
11C0000
|
unkown
|
page readonly
|
||
|
6C766000
|
unkown
|
page write copy
|
||
|
762000
|
heap
|
page read and write
|
||
|
7FF5B1F3F000
|
unkown
|
page readonly
|
||
|
28DC000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
706000
|
heap
|
page read and write
|
||
|
5F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF5B1F4B000
|
unkown
|
page readonly
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
7FF5B1F82000
|
unkown
|
page readonly
|
||
|
6F661000
|
unkown
|
page execute read
|
||
|
350E000
|
stack
|
page read and write
|
||
|
11DF000
|
unkown
|
page readonly
|
||
|
1231000
|
unkown
|
page readonly
|
||
|
D08000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
11D3000
|
unkown
|
page write copy
|
||
|
3141000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
410000
|
unkown
|
page read and write
|
||
|
303B000
|
stack
|
page read and write
|
||
|
7FF5B2011000
|
unkown
|
page readonly
|
||
|
2D6E479B000
|
heap
|
page read and write
|
||
|
3550000
|
heap
|
page read and write
|
||
|
2D6E4710000
|
heap
|
page read and write
|
||
|
30FB000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
767000
|
heap
|
page read and write
|
||
|
32BC000
|
heap
|
page read and write
|
||
|
78F000
|
heap
|
page read and write
|
||
|
6CACE000
|
unkown
|
page write copy
|
||
|
7FF5B1F65000
|
unkown
|
page readonly
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
7FF5B1F53000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
2D6E45C0000
|
trusted library allocation
|
page read and write
|
||
|
40C000
|
unkown
|
page write copy
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6E2000
|
heap
|
page read and write
|
||
|
78B000
|
heap
|
page read and write
|
||
|
30AF000
|
stack
|
page read and write
|
||
|
312E000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
716000
|
heap
|
page read and write
|
||
|
6C76A000
|
unkown
|
page read and write
|
||
|
22C0000
|
heap
|
page read and write
|
||
|
30F2000
|
heap
|
page read and write
|
||
|
329C000
|
heap
|
page read and write
|
||
|
130000
|
heap
|
page read and write
|
||
|
7FF5B1FA2000
|
unkown
|
page readonly
|
||
|
22BAEE24000
|
unkown
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
6FB000
|
heap
|
page read and write
|
||
|
1231000
|
unkown
|
page readonly
|
||
|
30F1000
|
heap
|
page read and write
|
||
|
329D000
|
heap
|
page read and write
|
||
|
11CD000
|
unkown
|
page readonly
|
||
|
51A000
|
stack
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
30FC000
|
heap
|
page read and write
|
||
|
30FD000
|
heap
|
page read and write
|
||
|
6C611000
|
unkown
|
page execute read
|
||
|
6C786000
|
unkown
|
page readonly
|
||
|
3113000
|
heap
|
page read and write
|
||
|
3AE000
|
stack
|
page read and write
|
||
|
28D6000
|
heap
|
page read and write
|
||
|
28DB000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
28D6000
|
heap
|
page read and write
|
||
|
30F2000
|
heap
|
page read and write
|
||
|
310C000
|
heap
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
28D4000
|
heap
|
page read and write
|
||
|
6C764000
|
unkown
|
page read and write
|
||
|
501000
|
unkown
|
page readonly
|
||
|
11C1000
|
unkown
|
page execute read
|
||
|
327D000
|
stack
|
page read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
11D4000
|
unkown
|
page readonly
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
32B1000
|
heap
|
page read and write
|
||
|
30F3000
|
heap
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
313B000
|
heap
|
page read and write
|
||
|
7FF5B1F82000
|
unkown
|
page readonly
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
331E000
|
stack
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
77A000
|
heap
|
page read and write
|
||
|
6F630000
|
unkown
|
page readonly
|
||
|
30FF000
|
heap
|
page read and write
|
||
|
3342000
|
heap
|
page read and write
|
||
|
11C1000
|
unkown
|
page execute read
|
||
|
3189000
|
heap
|
page read and write
|
||
|
244B37C8000
|
heap
|
page read and write
|
||
|
F70B9F9000
|
stack
|
page read and write
|
||
|
2F0E000
|
unkown
|
page read and write
|
||
|
28DC000
|
heap
|
page read and write
|
||
|
343E000
|
stack
|
page read and write
|
||
|
2D18000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
2BB7000
|
heap
|
page read and write
|
||
|
6F6C2000
|
unkown
|
page read and write
|
||
|
315C000
|
heap
|
page read and write
|
||
|
6F611000
|
unkown
|
page execute read
|
||
|
6F6C5000
|
unkown
|
page readonly
|
||
|
6C610000
|
unkown
|
page readonly
|
||
|
29E0000
|
trusted library allocation
|
page read and write
|
||
|
6F6C5000
|
unkown
|
page readonly
|
||
|
703000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
77D000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
7FF5B1F39000
|
unkown
|
page readonly
|
||
|
1300000
|
heap
|
page read and write
|
||
|
22BAEF02000
|
unkown
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
3285000
|
heap
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
28D8000
|
heap
|
page read and write
|
||
|
92C000
|
stack
|
page read and write
|
||
|
30FC000
|
heap
|
page read and write
|
||
|
45FE000
|
stack
|
page read and write
|
||
|
312B000
|
heap
|
page read and write
|
||
|
3352000
|
heap
|
page read and write
|
||
|
F70BAF9000
|
stack
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
311D000
|
heap
|
page read and write
|
||
|
6CC13000
|
unkown
|
page readonly
|
||
|
28DC000
|
heap
|
page read and write
|
||
|
28D3000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6C786000
|
unkown
|
page readonly
|
||
|
7FF5B2031000
|
unkown
|
page readonly
|
||
|
70E000
|
stack
|
page read and write
|
||
|
11C0000
|
unkown
|
page readonly
|
||
|
634000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
30FF000
|
heap
|
page read and write
|
||
|
30F1000
|
heap
|
page read and write
|
||
|
B4F000
|
stack
|
page read and write
|
||
|
30EB000
|
heap
|
page read and write
|
||
|
244B3799000
|
heap
|
page read and write
|
||
|
7FF5B2027000
|
unkown
|
page readonly
|
||
|
773000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6C766000
|
unkown
|
page write copy
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6C786000
|
unkown
|
page readonly
|
||
|
7FF5B1FB2000
|
unkown
|
page readonly
|
||
|
28DA000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
6F6C5000
|
unkown
|
page readonly
|
||
|
A09C67B000
|
stack
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
329F000
|
heap
|
page read and write
|
||
|
35BC000
|
heap
|
page read and write
|
||
|
11DF000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6F641000
|
unkown
|
page execute read
|
||
|
2D6E5500000
|
trusted library allocation
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
2D6E4960000
|
trusted library allocation
|
page read and write
|
||
|
3284000
|
heap
|
page read and write
|
||
|
6F6C8000
|
unkown
|
page readonly
|
||
|
6CAD8000
|
unkown
|
page readonly
|
||
|
703197E000
|
stack
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
3283000
|
heap
|
page read and write
|
||
|
3288000
|
heap
|
page read and write
|
||
|
28D7000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
28AF000
|
stack
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6C783000
|
unkown
|
page readonly
|
||
|
3109000
|
heap
|
page read and write
|
||
|
6CAD8000
|
unkown
|
page readonly
|
||
|
7FF5B1F99000
|
unkown
|
page readonly
|
||
|
345E000
|
unkown
|
page read and write
|
||
|
313A000
|
heap
|
page read and write
|
||
|
3113000
|
heap
|
page read and write
|
||
|
11C0000
|
unkown
|
page readonly
|
||
|
30FB000
|
heap
|
page read and write
|
||
|
6C766000
|
unkown
|
page write copy
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
11CD000
|
unkown
|
page readonly
|
||
|
28DB000
|
heap
|
page read and write
|
||
|
6F610000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
706000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
28DD000
|
heap
|
page read and write
|
||
|
7FF5B2031000
|
unkown
|
page readonly
|
||
|
3113000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
30F5000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
533F000
|
stack
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
6CAC9000
|
unkown
|
page read and write
|
||
|
78F000
|
heap
|
page read and write
|
||
|
28DE000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
28D9000
|
heap
|
page read and write
|
||
|
D18000
|
heap
|
page read and write
|
||
|
2D6E4759000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
2BED000
|
stack
|
page read and write
|
||
|
28D2000
|
heap
|
page read and write
|
||
|
7FF5B1F27000
|
unkown
|
page readonly
|
||
|
2D6E47BD000
|
heap
|
page read and write
|
||
|
319C000
|
heap
|
page read and write
|
||
|
28E1000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
6CACE000
|
unkown
|
page write copy
|
||
|
3797000
|
heap
|
page read and write
|
||
|
28D8000
|
heap
|
page read and write
|
||
|
2D6E49A0000
|
trusted library allocation
|
page read and write
|
||
|
6F653000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
11DF000
|
unkown
|
page readonly
|
||
|
11DF000
|
unkown
|
page readonly
|
||
|
3288000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
3132000
|
heap
|
page read and write
|
||
|
2EEC000
|
stack
|
page read and write
|
||
|
174E000
|
stack
|
page read and write
|
||
|
1231000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
22BAF000000
|
unkown
|
page readonly
|
||
|
6F660000
|
unkown
|
page readonly
|
||
|
525E000
|
stack
|
page read and write
|
||
|
6F641000
|
unkown
|
page execute read
|
||
|
3287000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6F611000
|
unkown
|
page execute read
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
3104000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
244B37A6000
|
heap
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
11C1000
|
unkown
|
page execute read
|
||
|
29E0000
|
trusted library allocation
|
page read and write
|
||
|
A09C27C000
|
stack
|
page read and write
|
||
|
11C0000
|
unkown
|
page readonly
|
||
|
77C000
|
heap
|
page read and write
|
||
|
357F000
|
heap
|
page read and write
|
||
|
35D2000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
1468000
|
heap
|
page read and write
|
||
|
333E000
|
unkown
|
page read and write
|
||
|
6F661000
|
unkown
|
page execute read
|
||
|
6CAD6000
|
unkown
|
page read and write
|
||
|
328C000
|
heap
|
page read and write
|
||
|
7FF5B1F45000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
33B5000
|
heap
|
page read and write
|
||
|
766000
|
heap
|
page read and write
|
||
|
6F630000
|
unkown
|
page readonly
|
||
|
11C0000
|
unkown
|
page readonly
|
||
|
22BAEE13000
|
unkown
|
page read and write
|
||
|
2D6E479B000
|
heap
|
page read and write
|
||
|
3165000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
33BE000
|
stack
|
page read and write
|
||
|
338F000
|
stack
|
page read and write
|
||
|
6F6C2000
|
unkown
|
page read and write
|
||
|
52FE000
|
stack
|
page read and write
|
||
|
6C786000
|
unkown
|
page readonly
|
||
|
11FA000
|
unkown
|
page readonly
|
||
|
6F641000
|
unkown
|
page execute read
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6C7A1000
|
unkown
|
page execute read
|
||
|
727000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
7FF5B1F45000
|
unkown
|
page readonly
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
22BAEE02000
|
unkown
|
page read and write
|
||
|
2D6E5520000
|
trusted library allocation
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
28DE000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
6FB000
|
heap
|
page read and write
|
||
|
28D8000
|
heap
|
page read and write
|
||
|
1420000
|
trusted library allocation
|
page read and write
|
||
|
329D000
|
unkown
|
page read and write
|
||
|
28DA000
|
heap
|
page read and write
|
||
|
11DF000
|
unkown
|
page readonly
|
||
|
73E000
|
stack
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
3610000
|
heap
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
32DF000
|
unkown
|
page read and write
|
||
|
35B8000
|
heap
|
page read and write
|
||
|
765000
|
heap
|
page read and write
|
||
|
320E000
|
unkown
|
page read and write
|
||
|
11DF000
|
unkown
|
page readonly
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
11D4000
|
unkown
|
page readonly
|
||
|
783000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
11D3000
|
unkown
|
page write copy
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
30F1000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
244B3520000
|
heap
|
page read and write
|
||
|
7FF5B1F53000
|
unkown
|
page readonly
|
||
|
3594000
|
heap
|
page read and write
|
||
|
35A6000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
314D000
|
heap
|
page read and write
|
||
|
359C000
|
heap
|
page read and write
|
||
|
A09C27C000
|
stack
|
page read and write
|
||
|
6F650000
|
unkown
|
page read and write
|
||
|
6F660000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
11D4000
|
unkown
|
page readonly
|
||
|
35DB000
|
heap
|
page read and write
|
||
|
317C000
|
heap
|
page read and write
|
||
|
9EE000
|
stack
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6F610000
|
unkown
|
page readonly
|
||
|
63E000
|
stack
|
page read and write
|
||
|
30FD000
|
heap
|
page read and write
|
||
|
30C000
|
stack
|
page read and write
|
||
|
22BAEE02000
|
unkown
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
2D6E4970000
|
trusted library allocation
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
244B3738000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
30F7000
|
heap
|
page read and write
|
||
|
E40000
|
trusted library allocation
|
page read and write
|
||
|
3261000
|
heap
|
page read and write
|
||
|
30FE000
|
heap
|
page read and write
|
||
|
74F000
|
stack
|
page read and write
|
||
|
30F7000
|
heap
|
page read and write
|
||
|
3112000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6F630000
|
unkown
|
page readonly
|
||
|
114F000
|
stack
|
page read and write
|
||
|
3288000
|
heap
|
page read and write
|
||
|
6C7A0000
|
unkown
|
page readonly
|
||
|
7FF5B1F39000
|
unkown
|
page readonly
|
||
|
E3E000
|
stack
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
11DF000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
3295000
|
heap
|
page read and write
|
||
|
1231000
|
unkown
|
page readonly
|
||
|
409000
|
unkown
|
page readonly
|
||
|
6F6C8000
|
unkown
|
page readonly
|
||
|
6C7A1000
|
unkown
|
page execute read
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
2EAD000
|
stack
|
page read and write
|
||
|
28D8000
|
heap
|
page read and write
|
||
|
703159F000
|
stack
|
page read and write
|
||
|
6F653000
|
unkown
|
page readonly
|
||
|
2D6E5510000
|
heap
|
page readonly
|
||
|
690000
|
heap
|
page read and write
|
||
|
7FF5B1F61000
|
unkown
|
page readonly
|
||
|
22BAED00000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
2A2C000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
28D1000
|
heap
|
page read and write
|
||
|
244B5160000
|
heap
|
page read and write
|
||
|
6F650000
|
unkown
|
page read and write
|
||
|
6F650000
|
unkown
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
22BAF602000
|
unkown
|
page read and write
|
||
|
32A7000
|
heap
|
page read and write
|
||
|
2D6E479D000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
CE5000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
3178000
|
heap
|
page read and write
|
||
|
6C610000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
28DD000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
32A1000
|
heap
|
page read and write
|
||
|
11FA000
|
unkown
|
page readonly
|
||
|
329C000
|
heap
|
page read and write
|
||
|
537E000
|
stack
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
3297000
|
heap
|
page read and write
|
||
|
22BAED00000
|
heap
|
page read and write
|
||
|
6CACC000
|
unkown
|
page read and write
|
||
|
32B3000
|
heap
|
page read and write
|
||
|
32FE000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
28D8000
|
heap
|
page read and write
|
||
|
313F000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
11C0000
|
unkown
|
page readonly
|
||
|
6C610000
|
unkown
|
page readonly
|
||
|
2FCE000
|
unkown
|
page read and write
|
||
|
6BA000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
30D8000
|
heap
|
page read and write
|
||
|
521F000
|
stack
|
page read and write
|
||
|
22BAF000000
|
unkown
|
page readonly
|
||
|
30F6000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
7FF5B1FA5000
|
unkown
|
page readonly
|
||
|
3567000
|
heap
|
page read and write
|
||
|
244B3759000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6C611000
|
unkown
|
page execute read
|
||
|
634000
|
heap
|
page read and write
|
||
|
244B3690000
|
heap
|
page read and write
|
||
|
1DC000
|
stack
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
A09C57C000
|
stack
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
7FF5B1FA5000
|
unkown
|
page readonly
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
11D4000
|
unkown
|
page readonly
|
||
|
310D000
|
heap
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
3578000
|
heap
|
page read and write
|
||
|
73E000
|
heap
|
page read and write
|
||
|
11FA000
|
unkown
|
page readonly
|
||
|
6F660000
|
unkown
|
page readonly
|
||
|
35CC000
|
heap
|
page read and write
|
||
|
3118000
|
heap
|
page read and write
|
||
|
311D000
|
heap
|
page read and write
|
||
|
2954000
|
heap
|
page read and write
|
||
|
244B37EA000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
7FF5B1F65000
|
unkown
|
page readonly
|
||
|
354E000
|
stack
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
11D4000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
164E000
|
stack
|
page read and write
|
||
|
3102000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
32AA000
|
heap
|
page read and write
|
||
|
28DE000
|
heap
|
page read and write
|
||
|
6C764000
|
unkown
|
page read and write
|
||
|
327C000
|
heap
|
page read and write
|
||
|
2C02000
|
heap
|
page read and write
|
||
|
CFC000
|
stack
|
page read and write
|
||
|
1231000
|
unkown
|
page readonly
|
||
|
11DF000
|
unkown
|
page readonly
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
184E000
|
stack
|
page read and write
|
||
|
6F651000
|
unkown
|
page readonly
|
||
|
75D000
|
heap
|
page read and write
|
||
|
28DD000
|
heap
|
page read and write
|
||
|
28D4000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
3128000
|
heap
|
page read and write
|
||
|
310C000
|
heap
|
page read and write
|
||
|
32C2000
|
heap
|
page read and write
|
||
|
11DF000
|
unkown
|
page readonly
|
||
|
509E000
|
stack
|
page read and write
|
||
|
30F8000
|
heap
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
73C000
|
heap
|
page read and write
|
||
|
35CB000
|
heap
|
page read and write
|
||
|
1231000
|
unkown
|
page readonly
|
||
|
634000
|
heap
|
page read and write
|
||
|
6F640000
|
unkown
|
page readonly
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
342D000
|
heap
|
page read and write
|
||
|
12CE000
|
stack
|
page read and write
|
||
|
11CD000
|
unkown
|
page readonly
|
||
|
6F611000
|
unkown
|
page execute read
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
3108000
|
heap
|
page read and write
|
||
|
73F000
|
heap
|
page read and write
|
||
|
30FF000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
A09C57C000
|
stack
|
page read and write
|
||
|
105C000
|
stack
|
page read and write
|
||
|
2D6E4793000
|
heap
|
page read and write
|
||
|
7FF5B2018000
|
unkown
|
page readonly
|
||
|
634000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
3591000
|
heap
|
page read and write
|
||
|
781000
|
heap
|
page read and write
|
||
|
79C000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
738000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
11D3000
|
unkown
|
page write copy
|
||
|
F70B979000
|
stack
|
page read and write
|
||
|
310F000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6F660000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
508F000
|
stack
|
page read and write
|
||
|
11C1000
|
unkown
|
page execute read
|
||
|
970000
|
heap
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
7FF5B1ECE000
|
unkown
|
page readonly
|
||
|
2CC000
|
stack
|
page read and write
|
||
|
CD3000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
30FF000
|
heap
|
page read and write
|
||
|
6F6C2000
|
unkown
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
313F000
|
heap
|
page read and write
|
||
|
35E0000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
22BAEC90000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
2D6E45B0000
|
heap
|
page read and write
|
||
|
3288000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
244B3660000
|
heap
|
page read and write
|
||
|
7FF5B1F27000
|
unkown
|
page readonly
|
||
|
754000
|
heap
|
page read and write
|
||
|
22BAEC90000
|
heap
|
page read and write
|
||
|
6C611000
|
unkown
|
page execute read
|
||
|
2ECE000
|
unkown
|
page read and write
|
||
|
6F653000
|
unkown
|
page readonly
|
||
|
30F7000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
22BAECA0000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6CC13000
|
unkown
|
page readonly
|
||
|
2D6E4950000
|
trusted library allocation
|
page read and write
|
||
|
22BAF460000
|
unkown
|
page read and write
|
||
|
3283000
|
heap
|
page read and write
|
||
|
28DE000
|
heap
|
page read and write
|
||
|
463F000
|
stack
|
page read and write
|
||
|
30F1000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
28D1000
|
heap
|
page read and write
|
||
|
3107000
|
heap
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
6C7A0000
|
unkown
|
page readonly
|
||
|
3598000
|
heap
|
page read and write
|
||
|
6FC000
|
stack
|
page read and write
|
||
|
6C768000
|
unkown
|
page read and write
|
||
|
3590000
|
heap
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
716000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
1458000
|
heap
|
page read and write
|
||
|
11CD000
|
unkown
|
page readonly
|
||
|
73E000
|
heap
|
page read and write
|
||
|
6F651000
|
unkown
|
page readonly
|
||
|
11D3000
|
unkown
|
page write copy
|
||
|
22BAEE00000
|
unkown
|
page read and write
|
||
|
6CACC000
|
unkown
|
page read and write
|
||
|
2310000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
28DC000
|
heap
|
page read and write
|
||
|
328F000
|
heap
|
page read and write
|
||
|
6CACE000
|
unkown
|
page write copy
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
22BAEE3B000
|
unkown
|
page read and write
|
||
|
32AC000
|
heap
|
page read and write
|
||
|
30FA000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
11FA000
|
unkown
|
page readonly
|
||
|
244B37C7000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
7FF5B1F99000
|
unkown
|
page readonly
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
6CAC9000
|
unkown
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
510F000
|
stack
|
page read and write
|
||
|
6F610000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
7FF5B2018000
|
unkown
|
page readonly
|
||
|
2D6E5580000
|
trusted library allocation
|
page read and write
|
||
|
6F610000
|
unkown
|
page readonly
|
||
|
409000
|
unkown
|
page readonly
|
||
|
28D8000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
30FC000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
2DFC000
|
stack
|
page read and write
|
||
|
35CF000
|
heap
|
page read and write
|
||
|
30FF000
|
heap
|
page read and write
|
||
|
244B37C7000
|
heap
|
page read and write
|
||
|
30F7000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
6CAD6000
|
unkown
|
page read and write
|
||
|
3592000
|
heap
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
11C1000
|
unkown
|
page execute read
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
695000
|
heap
|
page read and write
|
||
|
30FB000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
11D3000
|
unkown
|
page write copy
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
30F6000
|
heap
|
page read and write
|
||
|
28D6000
|
heap
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
32B1000
|
heap
|
page read and write
|
||
|
357C000
|
heap
|
page read and write
|
||
|
11DF000
|
unkown
|
page readonly
|
||
|
28DD000
|
heap
|
page read and write
|
||
|
11C1000
|
unkown
|
page execute read
|
||
|
7FF5B1F4B000
|
unkown
|
page readonly
|
||
|
6F640000
|
unkown
|
page readonly
|
||
|
127E000
|
stack
|
page read and write
|
||
|
707000
|
heap
|
page read and write
|
||
|
53E0000
|
heap
|
page read and write
|
||
|
D1A000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6C768000
|
unkown
|
page read and write
|
||
|
51E0000
|
heap
|
page read and write
|
||
|
47E000
|
unkown
|
page read and write
|
||
|
32AD000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
30FC000
|
heap
|
page read and write
|
||
|
335E000
|
stack
|
page read and write
|
||
|
3104000
|
heap
|
page read and write
|
||
|
3113000
|
heap
|
page read and write
|
||
|
11D3000
|
unkown
|
page read and write
|
||
|
6C611000
|
unkown
|
page execute read
|
||
|
22BAEE41000
|
unkown
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
2D6E46F0000
|
heap
|
page read and write
|
||
|
11D3000
|
unkown
|
page write copy
|
||
|
28DC000
|
heap
|
page read and write
|
||
|
45D000
|
unkown
|
page read and write
|
||
|
6CAD0000
|
unkown
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
28DD000
|
heap
|
page read and write
|
||
|
11D3000
|
unkown
|
page write copy
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
AEF000
|
stack
|
page read and write
|
||
|
11D4000
|
unkown
|
page readonly
|
||
|
53BF000
|
stack
|
page read and write
|
||
|
28DB000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
28D7000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
28D4000
|
heap
|
page read and write
|
||
|
30C000
|
stack
|
page read and write
|
||
|
28DD000
|
heap
|
page read and write
|
||
|
32A9000
|
heap
|
page read and write
|
||
|
3196000
|
heap
|
page read and write
|
||
|
2D6E47C1000
|
heap
|
page read and write
|
||
|
7FF5B1CAD000
|
unkown
|
page readonly
|
||
|
3109000
|
heap
|
page read and write
|
||
|
6C766000
|
unkown
|
page write copy
|
||
|
3138000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
1231000
|
unkown
|
page readonly
|
||
|
11FA000
|
unkown
|
page readonly
|
||
|
35A5000
|
heap
|
page read and write
|
||
|
3116000
|
heap
|
page read and write
|
||
|
6C610000
|
unkown
|
page readonly
|
||
|
28E1000
|
heap
|
page read and write
|
||
|
11CD000
|
unkown
|
page readonly
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
11D4000
|
unkown
|
page readonly
|
||
|
1A10000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
30F9000
|
heap
|
page read and write
|
||
|
28D2000
|
heap
|
page read and write
|
||
|
515F000
|
stack
|
page read and write
|
||
|
6CACC000
|
unkown
|
page read and write
|
||
|
312E000
|
heap
|
page read and write
|
||
|
349F000
|
unkown
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
6CAC9000
|
unkown
|
page read and write
|
||
|
11C0000
|
unkown
|
page readonly
|
||
|
35A4000
|
heap
|
page read and write
|
||
|
35C1000
|
heap
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
244B37A6000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
35CF000
|
heap
|
page read and write
|
||
|
245E000
|
stack
|
page read and write
|
||
|
2D6E4990000
|
heap
|
page read and write
|
||
|
CD1000
|
heap
|
page read and write
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
2F8D000
|
unkown
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
28D2000
|
heap
|
page read and write
|
||
|
30FD000
|
heap
|
page read and write
|
||
|
11C0000
|
unkown
|
page readonly
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
30C7000
|
heap
|
page read and write
|
||
|
6CAD3000
|
unkown
|
page write copy
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
327C000
|
heap
|
page read and write
|
||
|
11C0000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
11D4000
|
unkown
|
page readonly
|
||
|
3296000
|
heap
|
page read and write
|
||
|
244B3730000
|
heap
|
page read and write
|
||
|
30FF000
|
heap
|
page read and write
|
||
|
6E2000
|
heap
|
page read and write
|
||
|
6CACE000
|
unkown
|
page write copy
|
||
|
9CD000
|
stack
|
page read and write
|
||
|
28D8000
|
heap
|
page read and write
|
||
|
28DA000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
79B000
|
heap
|
page read and write
|
||
|
28D3000
|
heap
|
page read and write
|
||
|
22BAECA0000
|
heap
|
page read and write
|
||
|
11FA000
|
unkown
|
page readonly
|
||
|
30F9000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
50CE000
|
stack
|
page read and write
|
||
|
115C000
|
stack
|
page read and write
|
||
|
32F3000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
22BAEE46000
|
unkown
|
page read and write
|
||
|
22BAEE13000
|
unkown
|
page read and write
|
||
|
11D4000
|
unkown
|
page readonly
|
||
|
33FE000
|
stack
|
page read and write
|
||
|
337E000
|
stack
|
page read and write
|
||
|
7FF5B1F57000
|
unkown
|
page readonly
|
||
|
1231000
|
unkown
|
page readonly
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
28D2000
|
heap
|
page read and write
|
||
|
7FF5B2011000
|
unkown
|
page readonly
|
||
|
977000
|
heap
|
page read and write
|
||
|
28D6000
|
heap
|
page read and write
|
||
|
778000
|
heap
|
page read and write
|
||
|
F70BA7E000
|
stack
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
378E000
|
stack
|
page read and write
|
||
|
53C0000
|
heap
|
page read and write
|
||
|
CBA000
|
heap
|
page read and write
|
||
|
2D6E4999000
|
heap
|
page read and write
|
||
|
3138000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
11C1000
|
unkown
|
page execute read
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
22BAEE3B000
|
unkown
|
page read and write
|
||
|
30FB000
|
heap
|
page read and write
|
||
|
30F1000
|
heap
|
page read and write
|
||
|
30FE000
|
heap
|
page read and write
|
||
|
329C000
|
heap
|
page read and write
|
||
|
6F6C8000
|
unkown
|
page readonly
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
3AE000
|
unkown
|
page read and write
|
||
|
32C2000
|
heap
|
page read and write
|
||
|
6C76A000
|
unkown
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
6C76A000
|
unkown
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
328F000
|
heap
|
page read and write
|
||
|
11FA000
|
unkown
|
page readonly
|
||
|
11C0000
|
unkown
|
page readonly
|
||
|
11DF000
|
unkown
|
page readonly
|
||
|
351E000
|
stack
|
page read and write
|
||
|
6C7A1000
|
unkown
|
page execute read
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
2B85000
|
heap
|
page read and write
|
||
|
781000
|
heap
|
page read and write
|
||
|
6F641000
|
unkown
|
page execute read
|
||
|
32EB000
|
heap
|
page read and write
|
||
|
7FF5B1FB2000
|
unkown
|
page readonly
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
458000
|
unkown
|
page read and write
|
||
|
313C000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
6CAD8000
|
unkown
|
page readonly
|
||
|
22BAEDE0000
|
unkown
|
page readonly
|
||
|
6CC13000
|
unkown
|
page readonly
|
||
|
6F611000
|
unkown
|
page execute read
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
A2D000
|
stack
|
page read and write
|
||
|
6F640000
|
unkown
|
page readonly
|
||
|
6C7A0000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
519E000
|
stack
|
page read and write
|
||
|
6CAD3000
|
unkown
|
page write copy
|
||
|
6F6C8000
|
unkown
|
page readonly
|
||
|
1450000
|
heap
|
page read and write
|
||
|
22BAEF02000
|
unkown
|
page read and write
|
||
|
35C1000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
2D6E5530000
|
trusted library allocation
|
page read and write
|
||
|
11CD000
|
unkown
|
page readonly
|
||
|
2D6E47B8000
|
heap
|
page read and write
|
||
|
6F653000
|
unkown
|
page readonly
|
||
|
28D1000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
13FE000
|
stack
|
page read and write
|
||
|
11C1000
|
unkown
|
page execute read
|
||
|
30FE000
|
heap
|
page read and write
|
||
|
11D3000
|
unkown
|
page read and write
|
||
|
306E000
|
stack
|
page read and write
|
||
|
67F000
|
stack
|
page read and write
|
||
|
420000
|
unkown
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
28D7000
|
heap
|
page read and write
|
||
|
32A8000
|
heap
|
page read and write
|
||
|
11D4000
|
unkown
|
page readonly
|
||
|
6C7A0000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
7FF5B1F3F000
|
unkown
|
page readonly
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
7FF5B1ECE000
|
unkown
|
page readonly
|
||
|
310D000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
6F630000
|
unkown
|
page readonly
|
||
|
3587000
|
heap
|
page read and write
|
||
|
22BAF390000
|
unkown
|
page readonly
|
||
|
11D3000
|
unkown
|
page write copy
|
||
|
22BAF460000
|
unkown
|
page read and write
|
||
|
32A2000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
11FA000
|
unkown
|
page readonly
|
||
|
32BB000
|
heap
|
page read and write
|
||
|
788000
|
heap
|
page read and write
|
||
|
3790000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
7FF5B1FAB000
|
unkown
|
page readonly
|
||
|
22BAEE00000
|
unkown
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
50DF000
|
stack
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
28D1000
|
heap
|
page read and write
|
||
|
3123000
|
heap
|
page read and write
|
||
|
359E000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
11DF000
|
unkown
|
page readonly
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
30F3000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
230E000
|
stack
|
page read and write
|
||
|
6CAC9000
|
unkown
|
page read and write
|
||
|
22BAEE1A000
|
unkown
|
page read and write
|
||
|
30F3000
|
heap
|
page read and write
|
||
|
28DA000
|
heap
|
page read and write
|
||
|
6C764000
|
unkown
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
5D8000
|
heap
|
page read and write
|
||
|
1231000
|
unkown
|
page readonly
|
||
|
11CD000
|
unkown
|
page readonly
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6F6C5000
|
unkown
|
page readonly
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
34DE000
|
stack
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
3363000
|
heap
|
page read and write
|
||
|
22BAEDE0000
|
unkown
|
page readonly
|
||
|
342F000
|
stack
|
page read and write
|
||
|
6F651000
|
unkown
|
page readonly
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
6F650000
|
unkown
|
page read and write
|
||
|
792000
|
heap
|
page read and write
|
||
|
11C1000
|
unkown
|
page execute read
|
There are 1148 hidden memdumps, click here to show them.