Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
A016313BC090D337A66DCEFC7CC18A889F5C1CFC72118.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Microsoft Office\PackageManifests\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\QxlIbBvfmmiLPtDbEmcbEzzGXDoKTJhRPUdHsRAjpkYdyjyxMRKbbQnHkHkuvs\dasHost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Microsoft Office 15\ClientX64\System.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Uninstall Information\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Defender\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\AppData\Local\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\Links\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Desktop\WinStore.App.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Pictures\WinStore.App.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\mfpAZETTyI.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Windows\AppReadiness\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\GameBarPresenceWriter\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Resources\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\ServiceProfiles\NetworkService\Favorites\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\TAPI\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\en-GB\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\PackageManifests\9e8d7a4ca61bd9
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Microsoft Office\PackageManifests\RuntimeBroker.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\QxlIbBvfmmiLPtDbEmcbEzzGXDoKTJhRPUdHsRAjpkYdyjyxMRKbbQnHkHkuvs\21b1a557fd31cc
|
ASCII text, with very long lines (993), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\QxlIbBvfmmiLPtDbEmcbEzzGXDoKTJhRPUdHsRAjpkYdyjyxMRKbbQnHkHkuvs\dasHost.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Microsoft Office 15\ClientX64\27d1bcfc3c54e0
|
ASCII text, with very long lines (977), with no line terminators
|
dropped
|
||
|
C:\Program Files\Microsoft Office 15\ClientX64\System.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Uninstall Information\68fbfa4ee3a484
|
ASCII text, with very long lines (920), with no line terminators
|
dropped
|
||
|
C:\Program Files\Uninstall Information\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Windows Defender\9e8d7a4ca61bd9
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Defender\RuntimeBroker.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Recovery\68fbfa4ee3a484
|
ASCII text, with very long lines (783), with no line terminators
|
dropped
|
||
|
C:\Recovery\9e8d7a4ca61bd9
|
ASCII text, with very long lines (999), with no line terminators
|
dropped
|
||
|
C:\Recovery\RuntimeBroker.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Recovery\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Default\AppData\Local\9e8d7a4ca61bd9
|
ASCII text, with very long lines (648), with no line terminators
|
dropped
|
||
|
C:\Users\Default\AppData\Local\RuntimeBroker.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Default\Links\68fbfa4ee3a484
|
ASCII text, with very long lines (618), with no line terminators
|
dropped
|
||
|
C:\Users\Default\Links\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Desktop\WinStore.App.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Desktop\fd168b19609dff
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\Public\Pictures\WinStore.App.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Pictures\fd168b19609dff
|
ASCII text, with very long lines (595), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\A016313BC090D337A66DCEFC7CC18A889F5C1CFC72118.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RuntimeBroker.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\System.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cun6LdTaxp
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\AppReadiness\68fbfa4ee3a484
|
ASCII text, with very long lines (431), with no line terminators
|
dropped
|
||
|
C:\Windows\AppReadiness\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\GameBarPresenceWriter\9e8d7a4ca61bd9
|
ASCII text, with very long lines (448), with no line terminators
|
dropped
|
||
|
C:\Windows\GameBarPresenceWriter\RuntimeBroker.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Resources\68fbfa4ee3a484
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Resources\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\NetworkService\Favorites\9e8d7a4ca61bd9
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\NetworkService\Favorites\RuntimeBroker.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\TAPI\68fbfa4ee3a484
|
ASCII text, with very long lines (400), with no line terminators
|
dropped
|
||
|
C:\Windows\TAPI\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\en-GB\68fbfa4ee3a484
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\en-GB\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 48 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\A016313BC090D337A66DCEFC7CC18A889F5C1CFC72118.exe
|
"C:\Users\user\Desktop\A016313BC090D337A66DCEFC7CC18A889F5C1CFC72118.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\microsoft office\PackageManifests\RuntimeBroker.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft office\PackageManifests\RuntimeBroker.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\microsoft office\PackageManifests\RuntimeBroker.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\Recovery\RuntimeBroker.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Recovery\RuntimeBroker.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 9 /tr "'C:\Recovery\RuntimeBroker.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Defender\RuntimeBroker.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files\Windows Defender\RuntimeBroker.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Defender\RuntimeBroker.exe'" /rl
HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cvIUSBGMIPvyKBvHuBSeZckQsnonc" /sc MINUTE /mo 14 /tr "'C:\Program Files\Uninstall Information\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cvIUSBGMIPvyKBvHuBSeZckQsnon" /sc ONLOGON /tr "'C:\Program Files\Uninstall Information\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cvIUSBGMIPvyKBvHuBSeZckQsnonc" /sc MINUTE /mo 12 /tr "'C:\Program Files\Uninstall Information\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cvIUSBGMIPvyKBvHuBSeZckQsnonc" /sc MINUTE /mo 9 /tr "'C:\Windows\AppReadiness\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cvIUSBGMIPvyKBvHuBSeZckQsnon" /sc ONLOGON /tr "'C:\Windows\AppReadiness\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cvIUSBGMIPvyKBvHuBSeZckQsnonc" /sc MINUTE /mo 10 /tr "'C:\Windows\AppReadiness\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Windows\ServiceProfiles\NetworkService\Favorites\RuntimeBroker.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\ServiceProfiles\NetworkService\Favorites\RuntimeBroker.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 7 /tr "'C:\Windows\ServiceProfiles\NetworkService\Favorites\RuntimeBroker.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 13 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\System.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Program Files\Microsoft Office 15\ClientX64\System.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 13 /tr "'C:\Program Files\Microsoft Office 15\ClientX64\System.exe'" /rl
HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 10 /tr "'C:\Users\Public\Pictures\WinStore.App.exe'" /f
|
|
|
|
C:\Windows\AppReadiness\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe
|
C:\Windows\AppReadiness\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WinStore.App" /sc ONLOGON /tr "'C:\Users\Public\Pictures\WinStore.App.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 5 /tr "'C:\Users\Public\Pictures\WinStore.App.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\AppReadiness\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe
|
C:\Windows\AppReadiness\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe
|
|
|
|
C:\Windows\ServiceProfiles\NetworkService\Favorites\RuntimeBroker.exe
|
C:\Windows\ServiceProfiles\NetworkService\Favorites\RuntimeBroker.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cvIUSBGMIPvyKBvHuBSeZckQsnonc" /sc MINUTE /mo 7 /tr "'C:\Users\Default\Links\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cvIUSBGMIPvyKBvHuBSeZckQsnon" /sc ONLOGON /tr "'C:\Users\Default\Links\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\ServiceProfiles\NetworkService\Favorites\RuntimeBroker.exe
|
C:\Windows\ServiceProfiles\NetworkService\Favorites\RuntimeBroker.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cvIUSBGMIPvyKBvHuBSeZckQsnonc" /sc MINUTE /mo 9 /tr "'C:\Users\Default\Links\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Program Files\Microsoft Office 15\ClientX64\System.exe
|
"C:\Program Files\Microsoft Office 15\ClientX64\System.exe"
|
|
|
|
C:\Program Files\Microsoft Office 15\ClientX64\System.exe
|
"C:\Program Files\Microsoft Office 15\ClientX64\System.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cvIUSBGMIPvyKBvHuBSeZckQsnonc" /sc MINUTE /mo 9 /tr "'C:\Windows\en-GB\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cvIUSBGMIPvyKBvHuBSeZckQsnon" /sc ONLOGON /tr "'C:\Windows\en-GB\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cvIUSBGMIPvyKBvHuBSeZckQsnonc" /sc MINUTE /mo 11 /tr "'C:\Windows\en-GB\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cvIUSBGMIPvyKBvHuBSeZckQsnonc" /sc MINUTE /mo 10 /tr "'C:\Windows\Resources\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cvIUSBGMIPvyKBvHuBSeZckQsnon" /sc ONLOGON /tr "'C:\Windows\Resources\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cvIUSBGMIPvyKBvHuBSeZckQsnonc" /sc MINUTE /mo 11 /tr "'C:\Windows\Resources\cvIUSBGMIPvyKBvHuBSeZckQsnon.exe'"
/rl HIGHEST /f
|
|
There are 30 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://822987529cm.whiteproducts.ru/@==gbJBzYuFDT
|
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\dd20d2bedcdb8b4edd563455fa049d4e420a2ca2
|
2209edda8b5be66e79ed0c923dc9cf2115e29723
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.ApplicationCompany
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
26D1000
|
trusted library allocation
|
page read and write
|
|
|
|
32DD000
|
trusted library allocation
|
page read and write
|
|
|
|
2891000
|
trusted library allocation
|
page read and write
|
|
|
|
32DF000
|
trusted library allocation
|
page read and write
|
|
|
|
32A1000
|
trusted library allocation
|
page read and write
|
|
|
|
32A1000
|
trusted library allocation
|
page read and write
|
|
|
|
126DF000
|
trusted library allocation
|
page read and write
|
|
|
|
3001000
|
trusted library allocation
|
page read and write
|
|
|
|
2EF1000
|
trusted library allocation
|
page read and write
|
|
|
|
7FFD9B8BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BAE7000
|
heap
|
page read and write
|
||
|
1B9EC000
|
heap
|
page read and write
|
||
|
2846000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B92B000
|
trusted library allocation
|
page read and write
|
||
|
1BFCE000
|
stack
|
page read and write
|
||
|
1B9B6000
|
heap
|
page read and write
|
||
|
1C2AE000
|
stack
|
page read and write
|
||
|
1360000
|
trusted library allocation
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
6F6000
|
stack
|
page read and write
|
||
|
29E2000
|
trusted library allocation
|
page read and write
|
||
|
1BB2D000
|
heap
|
page read and write
|
||
|
1BACE000
|
stack
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BAA5000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
133B3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page read and write
|
||
|
1339B000
|
trusted library allocation
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
1BFFE000
|
stack
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
1245000
|
heap
|
page read and write
|
||
|
1B060000
|
heap
|
page execute and read and write
|
||
|
2B0D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B923000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
B7E000
|
stack
|
page read and write
|
||
|
1BD02000
|
heap
|
page execute and read and write
|
||
|
1BA86000
|
heap
|
page read and write
|
||
|
13001000
|
trusted library allocation
|
page read and write
|
||
|
1B36E000
|
stack
|
page read and write
|
||
|
1AF20000
|
trusted library allocation
|
page read and write
|
||
|
130E7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
14A0000
|
trusted library allocation
|
page read and write
|
||
|
1BCF1000
|
heap
|
page read and write
|
||
|
1BA69000
|
heap
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
122D000
|
heap
|
page read and write
|
||
|
13ADF000
|
trusted library allocation
|
page read and write
|
||
|
1B6D3000
|
heap
|
page read and write
|
||
|
133A3000
|
trusted library allocation
|
page read and write
|
||
|
13116000
|
trusted library allocation
|
page read and write
|
||
|
2670000
|
trusted library section
|
page read and write
|
||
|
142D000
|
heap
|
page read and write
|
||
|
8FA000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
133C8000
|
trusted library allocation
|
page read and write
|
||
|
1555000
|
heap
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page read and write
|
||
|
8EF000
|
heap
|
page read and write
|
||
|
1B2D0000
|
trusted library allocation
|
page read and write
|
||
|
11DB000
|
heap
|
page read and write
|
||
|
130E9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
1B985000
|
heap
|
page read and write
|
||
|
2C7A000
|
trusted library allocation
|
page read and write
|
||
|
130F6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B58D000
|
stack
|
page read and write
|
||
|
1BB8E000
|
stack
|
page read and write
|
||
|
1338E000
|
trusted library allocation
|
page read and write
|
||
|
1B98C000
|
heap
|
page read and write
|
||
|
1BF8E000
|
stack
|
page read and write
|
||
|
1B6ED000
|
heap
|
page read and write
|
||
|
1B970000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
140000
|
unkown
|
page readonly
|
||
|
7FFD9B7B4000
|
trusted library allocation
|
page read and write
|
||
|
1BD02000
|
heap
|
page execute and read and write
|
||
|
2A08000
|
trusted library allocation
|
page read and write
|
||
|
12DF000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
911000
|
heap
|
page read and write
|
||
|
860000
|
trusted library allocation
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
13003000
|
trusted library allocation
|
page read and write
|
||
|
13127000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
29E0000
|
trusted library allocation
|
page read and write
|
||
|
1BCFF000
|
heap
|
page read and write
|
||
|
7FFD9B856000
|
trusted library allocation
|
page execute and read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
93E000
|
heap
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
3051000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B772000
|
trusted library allocation
|
page read and write
|
||
|
329F000
|
stack
|
page read and write
|
||
|
29D6000
|
trusted library allocation
|
page read and write
|
||
|
133C6000
|
trusted library allocation
|
page read and write
|
||
|
1BBCE000
|
stack
|
page read and write
|
||
|
2B71000
|
trusted library allocation
|
page read and write
|
||
|
BC5000
|
heap
|
page read and write
|
||
|
144A000
|
heap
|
page read and write
|
||
|
7FFD9B93C000
|
trusted library allocation
|
page read and write
|
||
|
1B701000
|
heap
|
page read and write
|
||
|
7FFD9B80C000
|
trusted library allocation
|
page execute and read and write
|
||
|
129B000
|
heap
|
page read and write
|
||
|
2A2E000
|
trusted library allocation
|
page read and write
|
||
|
3350000
|
trusted library allocation
|
page read and write
|
||
|
1BA1A000
|
heap
|
page read and write
|
||
|
126D8000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
13397000
|
trusted library allocation
|
page read and write
|
||
|
1447000
|
heap
|
page read and write
|
||
|
1B9A1000
|
heap
|
page read and write
|
||
|
7FFD9B98D000
|
trusted library allocation
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
1C1AE000
|
stack
|
page read and write
|
||
|
130FA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B792000
|
trusted library allocation
|
page read and write
|
||
|
1BADB000
|
heap
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
130ED000
|
trusted library allocation
|
page read and write
|
||
|
1BA5E000
|
heap
|
page read and write
|
||
|
127C000
|
heap
|
page read and write
|
||
|
1D1FE000
|
stack
|
page read and write
|
||
|
14E1000
|
heap
|
page read and write
|
||
|
7FFD9B8B5000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B721000
|
heap
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
1B741000
|
heap
|
page read and write
|
||
|
143D000
|
heap
|
page read and write
|
||
|
335A000
|
trusted library allocation
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
93B000
|
heap
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
13102000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B933000
|
trusted library allocation
|
page read and write
|
||
|
1BD61000
|
heap
|
page read and write
|
||
|
362000
|
unkown
|
page readonly
|
||
|
130F8000
|
trusted library allocation
|
page read and write
|
||
|
16FF000
|
stack
|
page read and write
|
||
|
1502000
|
heap
|
page read and write
|
||
|
1BA8E000
|
stack
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
1B980000
|
heap
|
page read and write
|
||
|
335F000
|
trusted library allocation
|
page read and write
|
||
|
2909000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B84C000
|
trusted library allocation
|
page execute and read and write
|
||
|
13388000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B755000
|
heap
|
page read and write
|
||
|
1339D000
|
trusted library allocation
|
page read and write
|
||
|
2FA8000
|
trusted library allocation
|
page read and write
|
||
|
1B744000
|
heap
|
page read and write
|
||
|
28C9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
132A8000
|
trusted library allocation
|
page read and write
|
||
|
1B71C000
|
stack
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
12EF3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B774000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79B000
|
trusted library allocation
|
page execute and read and write
|
||
|
11E5000
|
heap
|
page read and write
|
||
|
14F6000
|
heap
|
page read and write
|
||
|
1BAF2000
|
heap
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD31000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
1BA01000
|
heap
|
page read and write
|
||
|
1422000
|
heap
|
page read and write
|
||
|
1B70F000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B93C000
|
trusted library allocation
|
page read and write
|
||
|
2921000
|
trusted library allocation
|
page read and write
|
||
|
14C8000
|
heap
|
page read and write
|
||
|
1AA50000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
2AEF000
|
trusted library allocation
|
page read and write
|
||
|
1B9D5000
|
heap
|
page read and write
|
||
|
132AD000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
1BA34000
|
heap
|
page read and write
|
||
|
7FFD9B7EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page execute and read and write
|
||
|
132AD000
|
trusted library allocation
|
page read and write
|
||
|
126DD000
|
trusted library allocation
|
page read and write
|
||
|
1BCF9000
|
heap
|
page read and write
|
||
|
29D4000
|
trusted library allocation
|
page read and write
|
||
|
2E20000
|
heap
|
page execute and read and write
|
||
|
14EF000
|
heap
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page execute and read and write
|
||
|
1433000
|
heap
|
page read and write
|
||
|
7FFD9B7DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BA97000
|
heap
|
page read and write
|
||
|
134C000
|
heap
|
page read and write
|
||
|
1BAEC000
|
heap
|
page read and write
|
||
|
1BB6F000
|
stack
|
page read and write
|
||
|
1BD0B000
|
heap
|
page read and write
|
||
|
1B96E000
|
stack
|
page read and write
|
||
|
1802000
|
heap
|
page read and write
|
||
|
12B3000
|
heap
|
page read and write
|
||
|
1249000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
1BEC3000
|
stack
|
page read and write
|
||
|
1B6B7000
|
heap
|
page read and write
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
132B000
|
heap
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
1D2FE000
|
stack
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
7FFD9B978000
|
trusted library allocation
|
page read and write
|
||
|
1B75C000
|
heap
|
page read and write
|
||
|
1339F000
|
trusted library allocation
|
page read and write
|
||
|
90E000
|
heap
|
page read and write
|
||
|
1499000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1247000
|
heap
|
page read and write
|
||
|
130E5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F2000
|
trusted library allocation
|
page read and write
|
||
|
1231000
|
heap
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B77B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1451000
|
heap
|
page read and write
|
||
|
133F5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B957000
|
trusted library allocation
|
page read and write
|
||
|
13152000
|
trusted library allocation
|
page read and write
|
||
|
1BD6E000
|
heap
|
page read and write
|
||
|
7FFD9B753000
|
trusted library allocation
|
page execute and read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
1B2D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8FC000
|
trusted library allocation
|
page read and write
|
||
|
1BC02000
|
heap
|
page read and write
|
||
|
11FB000
|
heap
|
page read and write
|
||
|
13384000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
8FD000
|
heap
|
page read and write
|
||
|
11C8000
|
heap
|
page read and write
|
||
|
7FFD9B7A8000
|
trusted library allocation
|
page read and write
|
||
|
13B0000
|
heap
|
page execute and read and write
|
||
|
29C4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
1D1F3000
|
stack
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
1B565000
|
stack
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
1B670000
|
heap
|
page read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
1321000
|
heap
|
page read and write
|
||
|
1BC83000
|
stack
|
page read and write
|
||
|
1BA60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
1B99F000
|
heap
|
page read and write
|
||
|
1442000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
7FFD9B754000
|
trusted library allocation
|
page read and write
|
||
|
1BEFE000
|
stack
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
2BE5000
|
trusted library allocation
|
page read and write
|
||
|
1BA4B000
|
heap
|
page read and write
|
||
|
1B9A8000
|
heap
|
page read and write
|
||
|
133CA000
|
trusted library allocation
|
page read and write
|
||
|
2807000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7AC000
|
trusted library allocation
|
page read and write
|
||
|
1BAD2000
|
heap
|
page read and write
|
||
|
913000
|
heap
|
page read and write
|
||
|
133B5000
|
trusted library allocation
|
page read and write
|
||
|
17FF000
|
stack
|
page read and write
|
||
|
7FFD9B7A3000
|
trusted library allocation
|
page read and write
|
||
|
D96000
|
stack
|
page read and write
|
||
|
1D3FE000
|
stack
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BA51000
|
heap
|
page read and write
|
||
|
1BA0A000
|
heap
|
page read and write
|
||
|
1B6CB000
|
heap
|
page read and write
|
||
|
132B1000
|
trusted library allocation
|
page read and write
|
||
|
1B9CE000
|
stack
|
page read and write
|
||
|
7FFD9B796000
|
trusted library allocation
|
page read and write
|
||
|
1BD3B000
|
heap
|
page read and write
|
||
|
13386000
|
trusted library allocation
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
143E000
|
heap
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A700000
|
trusted library allocation
|
page read and write
|
||
|
2925000
|
trusted library allocation
|
page read and write
|
||
|
17FF000
|
stack
|
page read and write
|
||
|
1338C000
|
trusted library allocation
|
page read and write
|
||
|
14C3000
|
heap
|
page read and write
|
||
|
7FFD9B797000
|
trusted library allocation
|
page read and write
|
||
|
29C6000
|
trusted library allocation
|
page read and write
|
||
|
1135000
|
heap
|
page read and write
|
||
|
1902000
|
heap
|
page read and write
|
||
|
1BEFE000
|
stack
|
page read and write
|
||
|
29C8000
|
trusted library allocation
|
page read and write
|
||
|
1B71D000
|
stack
|
page read and write
|
||
|
8A0000
|
heap
|
page execute and read and write
|
||
|
165E000
|
stack
|
page read and write
|
||
|
132A8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B752000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
13395000
|
trusted library allocation
|
page read and write
|
||
|
1340B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page execute and read and write
|
||
|
132A1000
|
trusted library allocation
|
page read and write
|
||
|
1B6B3000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8BF000
|
trusted library allocation
|
page execute and read and write
|
||
|
1340B000
|
trusted library allocation
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
FF6000
|
stack
|
page read and write
|
||
|
13100000
|
trusted library allocation
|
page read and write
|
||
|
29CE000
|
trusted library allocation
|
page read and write
|
||
|
2CFC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B75D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
1B6DF000
|
heap
|
page read and write
|
||
|
880000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B953000
|
trusted library allocation
|
page read and write
|
||
|
142D000
|
heap
|
page read and write
|
||
|
1B66D000
|
stack
|
page read and write
|
||
|
1BD4E000
|
heap
|
page read and write
|
||
|
13399000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B82C000
|
trusted library allocation
|
page execute and read and write
|
||
|
130FE000
|
trusted library allocation
|
page read and write
|
||
|
28C0000
|
trusted library allocation
|
page read and write
|
||
|
1B030000
|
trusted library allocation
|
page read and write
|
||
|
1433000
|
heap
|
page read and write
|
||
|
29CC000
|
trusted library allocation
|
page read and write
|
||
|
1445000
|
heap
|
page read and write
|
||
|
1D3FE000
|
stack
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
132A3000
|
trusted library allocation
|
page read and write
|
||
|
14FB000
|
heap
|
page read and write
|
||
|
BB0000
|
trusted library section
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
DCE000
|
stack
|
page read and write
|
||
|
8F3000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B90B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B913000
|
trusted library allocation
|
page read and write
|
||
|
13F0000
|
trusted library allocation
|
page read and write
|
||
|
132B1000
|
trusted library allocation
|
page read and write
|
||
|
1BC02000
|
heap
|
page read and write
|
||
|
2C1D000
|
trusted library allocation
|
page read and write
|
||
|
1BB01000
|
heap
|
page read and write
|
||
|
7FF44F420000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CCF000
|
trusted library allocation
|
page read and write
|
||
|
1380000
|
trusted library allocation
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
1555000
|
heap
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page read and write
|
||
|
3356000
|
trusted library allocation
|
page read and write
|
||
|
13BF000
|
stack
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
1425000
|
heap
|
page read and write
|
||
|
13E0000
|
heap
|
page execute and read and write
|
||
|
29D8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
130DF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B93A000
|
trusted library allocation
|
page read and write
|
||
|
12F01000
|
trusted library allocation
|
page read and write
|
||
|
14269000
|
trusted library allocation
|
page read and write
|
||
|
299A000
|
trusted library allocation
|
page read and write
|
||
|
1B9E3000
|
heap
|
page read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
1479000
|
heap
|
page read and write
|
||
|
7FFD9B806000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A3000
|
trusted library allocation
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
7FFD9B933000
|
trusted library allocation
|
page read and write
|
||
|
13008000
|
trusted library allocation
|
page read and write
|
||
|
14B1000
|
heap
|
page read and write
|
||
|
140000
|
unkown
|
page readonly
|
||
|
1413000
|
heap
|
page read and write
|
||
|
1502000
|
heap
|
page read and write
|
||
|
1BD46000
|
heap
|
page read and write
|
||
|
3362000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
14BE000
|
stack
|
page read and write
|
||
|
1B26F000
|
stack
|
page read and write
|
||
|
266E000
|
stack
|
page read and write
|
||
|
1BADF000
|
heap
|
page read and write
|
||
|
1426000
|
heap
|
page read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
7FFD9B750000
|
trusted library allocation
|
page read and write
|
||
|
1BFFE000
|
stack
|
page read and write
|
||
|
1370000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D0F4000
|
stack
|
page read and write
|
||
|
126D1000
|
trusted library allocation
|
page read and write
|
||
|
1902000
|
heap
|
page read and write
|
||
|
130FC000
|
trusted library allocation
|
page read and write
|
||
|
28B7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
28B5000
|
trusted library allocation
|
page read and write
|
||
|
27CB000
|
trusted library allocation
|
page read and write
|
||
|
1BE8E000
|
stack
|
page read and write
|
||
|
1BCB0000
|
heap
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page read and write
|
||
|
1305B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B93E000
|
trusted library allocation
|
page read and write
|
||
|
132C5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page read and write
|
||
|
1BD8E000
|
stack
|
page read and write
|
||
|
1BDC4000
|
stack
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
7FFD9B943000
|
trusted library allocation
|
page read and write
|
||
|
1D0F4000
|
stack
|
page read and write
|
||
|
7FFD9B7BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1530000
|
heap
|
page execute and read and write
|
||
|
142000
|
unkown
|
page readonly
|
||
|
14F9000
|
heap
|
page read and write
|
||
|
944000
|
heap
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
13129000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B946000
|
trusted library allocation
|
page read and write
|
||
|
1BD79000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
29D0000
|
trusted library allocation
|
page read and write
|
||
|
1BA58000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
2ACD000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
13112000
|
trusted library allocation
|
page read and write
|
||
|
13154000
|
trusted library allocation
|
page read and write
|
||
|
1AFF0000
|
trusted library section
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
130F4000
|
trusted library allocation
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
1B75F000
|
heap
|
page read and write
|
||
|
1BD29000
|
heap
|
page read and write
|
||
|
1BA76000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page execute and read and write
|
||
|
12EF8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B774000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B876000
|
trusted library allocation
|
page execute and read and write
|
||
|
11FE000
|
heap
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
132A3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B93B000
|
trusted library allocation
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
7FFD9B953000
|
trusted library allocation
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
1B6E5000
|
heap
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
8C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B84C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B463000
|
stack
|
page read and write
|
||
|
12DD000
|
heap
|
page read and write
|
||
|
1B47C000
|
stack
|
page read and write
|
||
|
132A1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7B4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BCE000
|
trusted library allocation
|
page read and write
|
||
|
1D2F3000
|
stack
|
page read and write
|
||
|
7FFD9B92A000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
28BE000
|
trusted library allocation
|
page read and write
|
||
|
1B708000
|
heap
|
page read and write
|
||
|
1444000
|
heap
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
299C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
1BA48000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
1B988000
|
heap
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
1B8BE000
|
stack
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
1B9F0000
|
heap
|
page read and write
|
||
|
7FFD9B7AC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library section
|
page read and write
|
||
|
1413000
|
heap
|
page read and write
|
||
|
12EFD000
|
trusted library allocation
|
page read and write
|
||
|
131A000
|
heap
|
page read and write
|
||
|
13011000
|
trusted library allocation
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BA79000
|
heap
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
146F000
|
stack
|
page read and write
|
||
|
10F6000
|
stack
|
page read and write
|
||
|
1B991000
|
heap
|
page read and write
|
||
|
133F3000
|
trusted library allocation
|
page read and write
|
||
|
1447000
|
heap
|
page read and write
|
||
|
1BD20000
|
heap
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
7FFD9B95B000
|
trusted library allocation
|
page read and write
|
||
|
1802000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B826000
|
trusted library allocation
|
page read and write
|
||
|
845000
|
heap
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BB5E000
|
stack
|
page read and write
|
||
|
1316B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
2C4A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
35E000
|
unkown
|
page readonly
|
||
|
13A0000
|
heap
|
page execute and read and write
|
||
|
12A1000
|
heap
|
page read and write
|
||
|
1BAB9000
|
heap
|
page read and write
|
||
|
1B9CF000
|
heap
|
page read and write
|
||
|
7FFD9B92C000
|
trusted library allocation
|
page read and write
|
||
|
1BFD0000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
1B72A000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
1BF90000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page execute and read and write
|
||
|
14AE000
|
heap
|
page read and write
|
||
|
1BD1D000
|
heap
|
page read and write
|
||
|
1497000
|
heap
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C4EB000
|
stack
|
page read and write
|
||
|
133A1000
|
trusted library allocation
|
page read and write
|
||
|
29C0000
|
trusted library allocation
|
page read and write
|
||
|
9CE000
|
heap
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
1451000
|
heap
|
page read and write
|
||
|
16FF000
|
stack
|
page read and write
|
||
|
13114000
|
trusted library allocation
|
page read and write
|
||
|
1300D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B91C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
13E9B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
1B980000
|
heap
|
page execute and read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
1170000
|
trusted library allocation
|
page read and write
|
||
|
299E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8C1000
|
trusted library allocation
|
page execute and read and write
|
||
|
1276000
|
heap
|
page read and write
|
||
|
1AC5D000
|
stack
|
page read and write
|
||
|
1B16E000
|
stack
|
page read and write
|
||
|
12EF1000
|
trusted library allocation
|
page read and write
|
||
|
28F9000
|
trusted library allocation
|
page read and write
|
||
|
1B73D000
|
heap
|
page read and write
|
||
|
1BB08000
|
heap
|
page read and write
|
||
|
FE6000
|
stack
|
page read and write
|
||
|
ACE000
|
stack
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
1B736000
|
heap
|
page read and write
|
||
|
7FFD9B76C000
|
trusted library allocation
|
page read and write
|
||
|
32DD000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B876000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A8E000
|
trusted library allocation
|
page read and write
|
||
|
1BCCB000
|
stack
|
page read and write
|
||
|
12E2000
|
heap
|
page read and write
|
There are 586 hidden memdumps, click here to show them.