Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
jx2eCe6ymR.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Adobe\Acrobat DC\nEuTyBtWAvjkYQrIMhtZWE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Media Player\nEuTyBtWAvjkYQrIMhtZWE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Photo Viewer\en-GB\nEuTyBtWAvjkYQrIMhtZWE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\USOShared\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\nEuTyBtWAvjkYQrIMhtZWE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\AppData\Roaming\Microsoft\nEuTyBtWAvjkYQrIMhtZWE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\Downloads\nEuTyBtWAvjkYQrIMhtZWE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\rIyUTfpTbB.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Windows\System32\nEuTyBtWAvjkYQrIMhtZWE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\twain_32\backgroundTaskHost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\providerReviewperfsvc\82mN47a0TiFi3a9eGnk.vbe
|
data
|
dropped
|
|
|
|
C:\providerReviewperfsvc\Idle.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\providerReviewperfsvc\hyperIntoruntime.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\providerReviewperfsvc\nEuTyBtWAvjkYQrIMhtZWE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\9e8d7a4ca61bd9
|
ASCII text, with very long lines (537), with no line terminators
|
dropped
|
||
|
C:\Program Files\Adobe\Acrobat DC\76f3bf53489b45
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Media Player\76f3bf53489b45
|
ASCII text, with very long lines (418), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Photo Viewer\en-GB\76f3bf53489b45
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\USOShared\9e8d7a4ca61bd9
|
ASCII text, with very long lines (399), with no line terminators
|
dropped
|
||
|
C:\Recovery\76f3bf53489b45
|
ASCII text, with very long lines (998), with no line terminators
|
dropped
|
||
|
C:\Recovery\9e8d7a4ca61bd9
|
ASCII text, with very long lines (529), with no line terminators
|
dropped
|
||
|
C:\Users\Default\AppData\Roaming\Microsoft\76f3bf53489b45
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\Default\Downloads\76f3bf53489b45
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Idle.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\hyperIntoruntime.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\i5MIO4Vb1b
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp9385A.tmp
|
ASCII text, with very long lines (1380), with no line terminators
|
dropped
|
||
|
C:\Windows\System32\76f3bf53489b45
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\twain_32\eddb19405b7ce1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\providerReviewperfsvc\6ccacd8608530f
|
ASCII text, with very long lines (874), with no line terminators
|
dropped
|
||
|
C:\providerReviewperfsvc\76f3bf53489b45
|
ASCII text, with very long lines (623), with no line terminators
|
dropped
|
||
|
C:\providerReviewperfsvc\jW8bFRH7MHNFa6gk2NSgaGKIpk.bat
|
ASCII text, with no line terminators
|
dropped
|
There are 25 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\jx2eCe6ymR.exe
|
"C:\Users\user\Desktop\jx2eCe6ymR.exe"
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\providerReviewperfsvc\82mN47a0TiFi3a9eGnk.vbe"
|
|
|
|
C:\providerReviewperfsvc\hyperIntoruntime.exe
|
"C:\providerReviewperfsvc\hyperIntoruntime.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows Photo Viewer\en-GB\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWE" /sc ONLOGON /tr "'C:\Program Files\Windows Photo Viewer\en-GB\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Photo Viewer\en-GB\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 11 /tr "'C:\providerReviewperfsvc\Idle.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "Idle" /sc ONLOGON /tr "'C:\providerReviewperfsvc\Idle.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "IdleI" /sc MINUTE /mo 12 /tr "'C:\providerReviewperfsvc\Idle.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 13 /tr "'C:\Users\Default User\Downloads\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWE" /sc ONLOGON /tr "'C:\Users\Default User\Downloads\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\Downloads\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 7 /tr "'C:\Users\Default\Application Data\Microsoft\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWE" /sc ONLOGON /tr "'C:\Users\Default\Application Data\Microsoft\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 8 /tr "'C:\Users\Default\Application Data\Microsoft\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 7 /tr "'C:\Windows\System32\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWE" /sc ONLOGON /tr "'C:\Windows\System32\nEuTyBtWAvjkYQrIMhtZWE.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 14 /tr "'C:\Windows\System32\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 14 /tr "'C:\providerReviewperfsvc\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWE" /sc ONLOGON /tr "'C:\providerReviewperfsvc\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 5 /tr "'C:\providerReviewperfsvc\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 7 /tr "'C:\Recovery\RuntimeBroker.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Recovery\RuntimeBroker.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Recovery\RuntimeBroker.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 13 /tr "'C:\Recovery\nEuTyBtWAvjkYQrIMhtZWE.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWE" /sc ONLOGON /tr "'C:\Recovery\nEuTyBtWAvjkYQrIMhtZWE.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 12 /tr "'C:\Recovery\nEuTyBtWAvjkYQrIMhtZWE.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 9 /tr "'C:\providerReviewperfsvc\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWE" /sc ONLOGON /tr "'C:\providerReviewperfsvc\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 5 /tr "'C:\providerReviewperfsvc\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Media Player\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWE" /sc ONLOGON /tr "'C:\Program Files\Windows Media Player\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows Media Player\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\java\jre-1.8\bin\plugin2\RuntimeBroker.exe'"
/f
|
|
|
|
C:\providerReviewperfsvc\Idle.exe
|
C:\providerReviewperfsvc\Idle.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files (x86)\java\jre-1.8\bin\plugin2\RuntimeBroker.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\java\jre-1.8\bin\plugin2\RuntimeBroker.exe'"
/rl HIGHEST /f
|
|
|
|
C:\providerReviewperfsvc\Idle.exe
|
C:\providerReviewperfsvc\Idle.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "nEuTyBtWAvjkYQrIMhtZWEn" /sc MINUTE /mo 9 /tr "'C:\Program Files\Adobe\Acrobat DC\nEuTyBtWAvjkYQrIMhtZWE.exe'"
/f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\providerReviewperfsvc\jW8bFRH7MHNFa6gk2NSgaGKIpk.bat" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 31 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://a1000454.xsph.ru
|
unknown
|
|
|
|
http://a1000454.xsph.ru/
|
unknown
|
|
|
|
http://a1000454.xsph.ru/@==gbJBzYuFDT
|
|
||
|
https://cp.sprinthost.ru
|
unknown
|
||
|
https://index.from.sh/pages/game.html
|
unknown
|
||
|
http://www.enigmaprotector.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://cp.sprinthost.ru/auth/login
|
unknown
|
||
|
http://www.enigmaprotector.com/openU
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
a1000454.xsph.ru
|
141.8.192.58
|
|
|
|
56.126.166.20.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
141.8.192.58
|
a1000454.xsph.ru
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Idle_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Idle_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Idle_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Idle_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Idle_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Idle_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Idle_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Idle_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Idle_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Idle_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Idle_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Idle_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Idle_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Idle_RASMANCS
|
FileDirectory
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1327F000
|
trusted library allocation
|
page read and write
|
|
|
|
2731000
|
trusted library allocation
|
page read and write
|
|
|
|
3271000
|
trusted library allocation
|
page read and write
|
|
|
|
2A81000
|
trusted library allocation
|
page read and write
|
|
|
|
366C000
|
trusted library allocation
|
page read and write
|
|
|
|
3A8000
|
unkown
|
page execute and write copy
|
||
|
CE2000
|
heap
|
page read and write
|
||
|
3617000
|
heap
|
page read and write
|
||
|
1BAF8000
|
heap
|
page read and write
|
||
|
323000
|
unkown
|
page execute and write copy
|
||
|
821C000
|
stack
|
page read and write
|
||
|
7FFD345BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
35B8000
|
heap
|
page read and write
|
||
|
3199000
|
trusted library allocation
|
page read and write
|
||
|
3690000
|
heap
|
page read and write
|
||
|
30C6000
|
stack
|
page read and write
|
||
|
5ED0000
|
heap
|
page read and write
|
||
|
3400000
|
trusted library allocation
|
page read and write
|
||
|
15BD000
|
heap
|
page read and write
|
||
|
5030000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD34780000
|
trusted library allocation
|
page read and write
|
||
|
527000
|
unkown
|
page execute and read and write
|
||
|
27EE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3457C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346F0000
|
trusted library allocation
|
page read and write
|
||
|
991000
|
heap
|
page read and write
|
||
|
1C308000
|
heap
|
page read and write
|
||
|
3460000
|
heap
|
page read and write
|
||
|
35FC000
|
heap
|
page read and write
|
||
|
7FFD34703000
|
trusted library allocation
|
page read and write
|
||
|
4F60000
|
heap
|
page read and write
|
||
|
1C72A000
|
heap
|
page read and write
|
||
|
1C296000
|
heap
|
page read and write
|
||
|
35CE000
|
stack
|
page read and write
|
||
|
C15000
|
heap
|
page read and write
|
||
|
1C7B0000
|
heap
|
page read and write
|
||
|
1C2BD000
|
heap
|
page read and write
|
||
|
1C2DC000
|
heap
|
page read and write
|
||
|
1C773000
|
heap
|
page read and write
|
||
|
157B000
|
heap
|
page read and write
|
||
|
1C8CF000
|
heap
|
page read and write
|
||
|
7FFD34720000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page read and write
|
||
|
12C64000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
35B8000
|
heap
|
page read and write
|
||
|
32C0000
|
direct allocation
|
page execute and read and write
|
||
|
D4F000
|
heap
|
page read and write
|
||
|
1C2CE000
|
heap
|
page read and write
|
||
|
7FFD347B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C87000
|
trusted library allocation
|
page read and write
|
||
|
5FAC000
|
stack
|
page read and write
|
||
|
33A1000
|
trusted library allocation
|
page read and write
|
||
|
12F8E000
|
trusted library allocation
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
13278000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
unkown
|
page readonly
|
||
|
32FB000
|
stack
|
page read and write
|
||
|
1C784000
|
heap
|
page read and write
|
||
|
1C8BC000
|
heap
|
page read and write
|
||
|
1C7F7000
|
heap
|
page read and write
|
||
|
1BB40000
|
trusted library section
|
page read and write
|
||
|
35DF000
|
heap
|
page read and write
|
||
|
7FFD347B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34553000
|
trusted library allocation
|
page read and write
|
||
|
33BD000
|
trusted library allocation
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
12733000
|
trusted library allocation
|
page read and write
|
||
|
1BD4F000
|
stack
|
page read and write
|
||
|
5BBE000
|
stack
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
7FFD3475D000
|
trusted library allocation
|
page read and write
|
||
|
2A70000
|
heap
|
page execute and read and write
|
||
|
7173000
|
trusted library allocation
|
page read and write
|
||
|
7A86000
|
trusted library allocation
|
page read and write
|
||
|
27E5000
|
trusted library allocation
|
page read and write
|
||
|
5ABE000
|
stack
|
page read and write
|
||
|
35C5000
|
heap
|
page read and write
|
||
|
1B550000
|
heap
|
page execute and read and write
|
||
|
30E9000
|
stack
|
page read and write
|
||
|
35FC000
|
heap
|
page read and write
|
||
|
1C76E000
|
heap
|
page read and write
|
||
|
7FFD3474C000
|
trusted library allocation
|
page read and write
|
||
|
39A000
|
unkown
|
page execute and write copy
|
||
|
35B7000
|
heap
|
page read and write
|
||
|
D56000
|
heap
|
page read and write
|
||
|
D5C000
|
heap
|
page read and write
|
||
|
BD0000
|
trusted library allocation
|
page read and write
|
||
|
1C5BE000
|
heap
|
page read and write
|
||
|
1C5C8000
|
heap
|
page read and write
|
||
|
28AF000
|
stack
|
page read and write
|
||
|
1B24F000
|
stack
|
page read and write
|
||
|
597D000
|
stack
|
page read and write
|
||
|
7FFD3456D000
|
trusted library allocation
|
page execute and read and write
|
||
|
35B3000
|
heap
|
page read and write
|
||
|
1638000
|
heap
|
page read and write
|
||
|
30D6000
|
stack
|
page read and write
|
||
|
127AE000
|
trusted library allocation
|
page read and write
|
||
|
1C6B9000
|
heap
|
page read and write
|
||
|
2BE3000
|
trusted library allocation
|
page read and write
|
||
|
1C61D000
|
heap
|
page read and write
|
||
|
3DD000
|
unkown
|
page execute and write copy
|
||
|
1607000
|
heap
|
page read and write
|
||
|
7FFD3455D000
|
trusted library allocation
|
page execute and read and write
|
||
|
35BF000
|
heap
|
page read and write
|
||
|
7FFD34563000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34600000
|
trusted library allocation
|
page execute and read and write
|
||
|
342C000
|
trusted library allocation
|
page read and write
|
||
|
1BEBE000
|
stack
|
page read and write
|
||
|
35C2000
|
heap
|
page read and write
|
||
|
7FFD34580000
|
trusted library allocation
|
page read and write
|
||
|
12CFA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3456D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C839000
|
heap
|
page read and write
|
||
|
2DED000
|
stack
|
page read and write
|
||
|
7FFD34703000
|
trusted library allocation
|
page read and write
|
||
|
33FE000
|
trusted library allocation
|
page read and write
|
||
|
267E000
|
stack
|
page read and write
|
||
|
7E5E000
|
stack
|
page read and write
|
||
|
8C8000
|
heap
|
page read and write
|
||
|
321D000
|
heap
|
page read and write
|
||
|
7FFD34544000
|
trusted library allocation
|
page read and write
|
||
|
1C72D000
|
heap
|
page read and write
|
||
|
995000
|
heap
|
page read and write
|
||
|
35D5000
|
heap
|
page read and write
|
||
|
7FFD34710000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3456B000
|
trusted library allocation
|
page execute and read and write
|
||
|
35AF000
|
heap
|
page read and write
|
||
|
7FFD346FB000
|
trusted library allocation
|
page read and write
|
||
|
1C284000
|
heap
|
page read and write
|
||
|
319A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
3730000
|
heap
|
page read and write
|
||
|
3617000
|
heap
|
page read and write
|
||
|
351E000
|
trusted library allocation
|
page read and write
|
||
|
1B7FD000
|
stack
|
page read and write
|
||
|
1AEFD000
|
stack
|
page read and write
|
||
|
1C04B000
|
stack
|
page read and write
|
||
|
33E2000
|
trusted library allocation
|
page read and write
|
||
|
35FC000
|
heap
|
page read and write
|
||
|
12A8D000
|
trusted library allocation
|
page read and write
|
||
|
35FE000
|
heap
|
page read and write
|
||
|
1BDBD000
|
stack
|
page read and write
|
||
|
7FFD34670000
|
trusted library allocation
|
page execute and read and write
|
||
|
17E4000
|
heap
|
page read and write
|
||
|
7FFD346EC000
|
trusted library allocation
|
page read and write
|
||
|
35B0000
|
heap
|
page read and write
|
||
|
318F000
|
heap
|
page read and write
|
||
|
965000
|
heap
|
page read and write
|
||
|
92B000
|
heap
|
page read and write
|
||
|
7FFD34790000
|
trusted library allocation
|
page read and write
|
||
|
F50000
|
unkown
|
page readonly
|
||
|
1C7EA000
|
heap
|
page read and write
|
||
|
2C59000
|
trusted library allocation
|
page read and write
|
||
|
D5F000
|
heap
|
page read and write
|
||
|
7FDE000
|
stack
|
page read and write
|
||
|
7FFD34542000
|
trusted library allocation
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
52DF000
|
stack
|
page read and write
|
||
|
71A3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34710000
|
trusted library allocation
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
1C892000
|
heap
|
page read and write
|
||
|
7A8D000
|
trusted library allocation
|
page read and write
|
||
|
2CBC000
|
trusted library allocation
|
page read and write
|
||
|
1C32C000
|
heap
|
page read and write
|
||
|
1BB60000
|
trusted library section
|
page read and write
|
||
|
7FFD34720000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34790000
|
trusted library allocation
|
page read and write
|
||
|
3617000
|
heap
|
page read and write
|
||
|
35D4000
|
heap
|
page read and write
|
||
|
1C2AF000
|
heap
|
page read and write
|
||
|
7FFD3457D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD347F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
11C6000
|
stack
|
page read and write
|
||
|
35E2000
|
trusted library allocation
|
page read and write
|
||
|
5045000
|
direct allocation
|
page execute and read and write
|
||
|
3222000
|
heap
|
page read and write
|
||
|
7FFD3474D000
|
trusted library allocation
|
page read and write
|
||
|
356F000
|
stack
|
page read and write
|
||
|
7FFD34740000
|
trusted library allocation
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
35D1000
|
heap
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
35C8000
|
heap
|
page read and write
|
||
|
8DB000
|
heap
|
page read and write
|
||
|
362C000
|
heap
|
page read and write
|
||
|
8B0000
|
trusted library allocation
|
page read and write
|
||
|
3199000
|
trusted library allocation
|
page read and write
|
||
|
1C8F3000
|
heap
|
page read and write
|
||
|
3578000
|
heap
|
page read and write
|
||
|
1C2F6000
|
heap
|
page read and write
|
||
|
4D70000
|
direct allocation
|
page execute and read and write
|
||
|
1C86C000
|
heap
|
page read and write
|
||
|
35B6000
|
heap
|
page read and write
|
||
|
35C8000
|
heap
|
page read and write
|
||
|
35FC000
|
heap
|
page read and write
|
||
|
1C680000
|
heap
|
page read and write
|
||
|
4FF0000
|
direct allocation
|
page execute and read and write
|
||
|
1CCAE000
|
stack
|
page read and write
|
||
|
581F000
|
stack
|
page read and write
|
||
|
321D000
|
unkown
|
page read and write
|
||
|
59C0000
|
heap
|
page read and write
|
||
|
1BA92000
|
heap
|
page read and write
|
||
|
7FFD34680000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EFE000
|
stack
|
page read and write
|
||
|
2F0000
|
unkown
|
page readonly
|
||
|
1C8E8000
|
heap
|
page read and write
|
||
|
35E7000
|
heap
|
page read and write
|
||
|
3607000
|
heap
|
page read and write
|
||
|
32F5000
|
heap
|
page read and write
|
||
|
7FFD3458D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1780000
|
trusted library allocation
|
page read and write
|
||
|
1C660000
|
heap
|
page read and write
|
||
|
7E9E000
|
stack
|
page read and write
|
||
|
1C89A000
|
heap
|
page read and write
|
||
|
332C000
|
trusted library allocation
|
page read and write
|
||
|
3250000
|
trusted library section
|
page read and write
|
||
|
334000
|
unkown
|
page execute and read and write
|
||
|
7FFD34713000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34771000
|
trusted library allocation
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
3692000
|
trusted library allocation
|
page read and write
|
||
|
3565000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34560000
|
trusted library allocation
|
page read and write
|
||
|
35FE000
|
heap
|
page read and write
|
||
|
13221000
|
trusted library allocation
|
page read and write
|
||
|
1C337000
|
heap
|
page read and write
|
||
|
1C2F4000
|
heap
|
page read and write
|
||
|
7FFD34564000
|
trusted library allocation
|
page read and write
|
||
|
1C60C000
|
heap
|
page read and write
|
||
|
319D000
|
unkown
|
page read and write
|
||
|
927000
|
heap
|
page read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34540000
|
trusted library allocation
|
page read and write
|
||
|
522000
|
unkown
|
page execute and read and write
|
||
|
7FFD34626000
|
trusted library allocation
|
page execute and read and write
|
||
|
18EE000
|
stack
|
page read and write
|
||
|
7FFD347D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34761000
|
trusted library allocation
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
7FFD3454D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
1C858000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
35FE000
|
heap
|
page read and write
|
||
|
12D9F000
|
trusted library allocation
|
page read and write
|
||
|
4EB0000
|
heap
|
page read and write
|
||
|
12738000
|
trusted library allocation
|
page read and write
|
||
|
1C75E000
|
heap
|
page read and write
|
||
|
2C91000
|
trusted library allocation
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
7FFD346EA000
|
trusted library allocation
|
page read and write
|
||
|
1BBC0000
|
heap
|
page execute and read and write
|
||
|
5350000
|
heap
|
page read and write
|
||
|
1327D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3471B000
|
trusted library allocation
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
7FFD3458B000
|
trusted library allocation
|
page execute and read and write
|
||
|
31BD000
|
heap
|
page read and write
|
||
|
3695000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34563000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C921000
|
heap
|
page read and write
|
||
|
35B7000
|
heap
|
page read and write
|
||
|
1C0BD000
|
stack
|
page read and write
|
||
|
321D000
|
unkown
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
7C5000
|
heap
|
page read and write
|
||
|
7FFD345F6000
|
trusted library allocation
|
page read and write
|
||
|
1BF4E000
|
stack
|
page read and write
|
||
|
321D000
|
heap
|
page read and write
|
||
|
12A81000
|
trusted library allocation
|
page read and write
|
||
|
340E000
|
stack
|
page read and write
|
||
|
15BB000
|
heap
|
page read and write
|
||
|
3617000
|
heap
|
page read and write
|
||
|
1B37E000
|
stack
|
page read and write
|
||
|
7AEE000
|
trusted library allocation
|
page read and write
|
||
|
60AD000
|
stack
|
page read and write
|
||
|
57CF000
|
stack
|
page read and write
|
||
|
7FFD3472B000
|
trusted library allocation
|
page read and write
|
||
|
2570000
|
heap
|
page read and write
|
||
|
2B39000
|
trusted library allocation
|
page read and write
|
||
|
12B6B000
|
trusted library allocation
|
page read and write
|
||
|
80DF000
|
stack
|
page read and write
|
||
|
30E7000
|
stack
|
page read and write
|
||
|
7FFD34780000
|
trusted library allocation
|
page read and write
|
||
|
57E0000
|
heap
|
page read and write
|
||
|
7FFD346F0000
|
trusted library allocation
|
page read and write
|
||
|
2C64000
|
trusted library allocation
|
page read and write
|
||
|
1B6C3000
|
stack
|
page read and write
|
||
|
7FFD3471B000
|
trusted library allocation
|
page read and write
|
||
|
5034000
|
direct allocation
|
page execute and read and write
|
||
|
1BFBE000
|
stack
|
page read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
397000
|
unkown
|
page execute and read and write
|
||
|
2F0000
|
unkown
|
page readonly
|
||
|
7FFD34740000
|
trusted library allocation
|
page read and write
|
||
|
12FF6000
|
trusted library allocation
|
page read and write
|
||
|
B8F000
|
stack
|
page read and write
|
||
|
C9B000
|
heap
|
page read and write
|
||
|
31E3000
|
heap
|
page read and write
|
||
|
1B140000
|
heap
|
page read and write
|
||
|
7FFD34577000
|
trusted library allocation
|
page read and write
|
||
|
3199000
|
heap
|
page read and write
|
||
|
56CE000
|
stack
|
page read and write
|
||
|
31BB000
|
heap
|
page read and write
|
||
|
5F6F000
|
stack
|
page read and write
|
||
|
35BF000
|
heap
|
page read and write
|
||
|
1C34C000
|
heap
|
page read and write
|
||
|
7170000
|
heap
|
page read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
3188000
|
heap
|
page read and write
|
||
|
1C5B0000
|
heap
|
page read and write
|
||
|
7FFD346FA000
|
trusted library allocation
|
page read and write
|
||
|
1C24E000
|
stack
|
page read and write
|
||
|
2BF3000
|
trusted library allocation
|
page read and write
|
||
|
13704000
|
trusted library allocation
|
page read and write
|
||
|
1281B000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347A8000
|
trusted library allocation
|
page read and write
|
||
|
3607000
|
heap
|
page read and write
|
||
|
D24000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
1C74D000
|
heap
|
page read and write
|
||
|
2F1000
|
unkown
|
page execute and write copy
|
||
|
30BC000
|
stack
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
35B3000
|
heap
|
page read and write
|
||
|
1BE4E000
|
stack
|
page read and write
|
||
|
7FFD3470A000
|
trusted library allocation
|
page read and write
|
||
|
1BB80000
|
trusted library section
|
page read and write
|
||
|
5034000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD34560000
|
trusted library allocation
|
page read and write
|
||
|
1B754000
|
stack
|
page read and write
|
||
|
D4F000
|
stack
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
30F2000
|
stack
|
page read and write
|
||
|
5034000
|
direct allocation
|
page execute and read and write
|
||
|
27E8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346E0000
|
trusted library allocation
|
page read and write
|
||
|
7980000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
35D0000
|
heap
|
page read and write
|
||
|
3225000
|
heap
|
page read and write
|
||
|
133F8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34553000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34750000
|
trusted library allocation
|
page read and write
|
||
|
35FE000
|
heap
|
page read and write
|
||
|
3570000
|
heap
|
page read and write
|
||
|
2C43000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
35D0000
|
heap
|
page read and write
|
||
|
318E000
|
stack
|
page read and write
|
||
|
1C78B000
|
heap
|
page read and write
|
||
|
1C792000
|
heap
|
page read and write
|
||
|
7FFD34606000
|
trusted library allocation
|
page read and write
|
||
|
351000
|
unkown
|
page execute and read and write
|
||
|
1B380000
|
heap
|
page read and write
|
||
|
1B33E000
|
stack
|
page read and write
|
||
|
1C648000
|
heap
|
page read and write
|
||
|
2720000
|
heap
|
page execute and read and write
|
||
|
17D0000
|
trusted library allocation
|
page read and write
|
||
|
1C88B000
|
heap
|
page read and write
|
||
|
321D000
|
unkown
|
page read and write
|
||
|
1B2C0000
|
heap
|
page execute and read and write
|
||
|
3158000
|
unkown
|
page read and write
|
||
|
2B77000
|
trusted library allocation
|
page read and write
|
||
|
35D8000
|
heap
|
page read and write
|
||
|
1273D000
|
trusted library allocation
|
page read and write
|
||
|
542000
|
unkown
|
page execute and read and write
|
||
|
7FFD34660000
|
trusted library allocation
|
page execute and read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
1591000
|
heap
|
page read and write
|
||
|
7FF42A1B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD3478A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34620000
|
trusted library allocation
|
page execute and read and write
|
||
|
35D6000
|
heap
|
page read and write
|
||
|
5301000
|
trusted library allocation
|
page read and write
|
||
|
3199000
|
heap
|
page read and write
|
||
|
3DF000
|
unkown
|
page execute and write copy
|
||
|
3617000
|
heap
|
page read and write
|
||
|
12EF0000
|
trusted library allocation
|
page read and write
|
||
|
1B5CE000
|
stack
|
page read and write
|
||
|
7FFD3455D000
|
trusted library allocation
|
page execute and read and write
|
||
|
35BC000
|
heap
|
page read and write
|
||
|
7FFD34710000
|
trusted library allocation
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
12AF3000
|
trusted library allocation
|
page read and write
|
||
|
35FC000
|
heap
|
page read and write
|
||
|
7FFD34646000
|
trusted library allocation
|
page execute and read and write
|
||
|
71D8000
|
trusted library allocation
|
page read and write
|
||
|
1C6FD000
|
heap
|
page read and write
|
||
|
7FFD347C0000
|
trusted library allocation
|
page read and write
|
||
|
30D0000
|
stack
|
page read and write
|
||
|
3607000
|
heap
|
page read and write
|
||
|
1C5D4000
|
heap
|
page read and write
|
||
|
5E6E000
|
stack
|
page read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page read and write
|
||
|
7D5D000
|
stack
|
page read and write
|
||
|
567F000
|
stack
|
page read and write
|
||
|
7FFD3457B000
|
trusted library allocation
|
page execute and read and write
|
||
|
35FC000
|
heap
|
page read and write
|
||
|
1C77A000
|
heap
|
page read and write
|
||
|
1C2DF000
|
heap
|
page read and write
|
||
|
3199000
|
heap
|
page read and write
|
||
|
8FD000
|
heap
|
page read and write
|
||
|
1C5AD000
|
stack
|
page read and write
|
||
|
160C000
|
heap
|
page read and write
|
||
|
36DE000
|
stack
|
page read and write
|
||
|
2F8B000
|
stack
|
page read and write
|
||
|
7174000
|
trusted library allocation
|
page read and write
|
||
|
3607000
|
heap
|
page read and write
|
||
|
7FFD34552000
|
trusted library allocation
|
page read and write
|
||
|
3221000
|
heap
|
page read and write
|
||
|
3597000
|
heap
|
page read and write
|
||
|
35D6000
|
heap
|
page read and write
|
||
|
352000
|
unkown
|
page execute and write copy
|
||
|
1B95E000
|
stack
|
page read and write
|
||
|
1B3CE000
|
stack
|
page read and write
|
||
|
7FFD346F3000
|
trusted library allocation
|
page read and write
|
||
|
39D000
|
unkown
|
page execute and write copy
|
||
|
3DD000
|
unkown
|
page execute and write copy
|
||
|
12A8F000
|
trusted library allocation
|
page read and write
|
||
|
35FE000
|
heap
|
page read and write
|
||
|
3617000
|
heap
|
page read and write
|
||
|
32E6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3470C000
|
trusted library allocation
|
page read and write
|
||
|
30CC000
|
stack
|
page read and write
|
||
|
7FFD34610000
|
trusted library allocation
|
page execute and read and write
|
||
|
13271000
|
trusted library allocation
|
page read and write
|
||
|
139A1000
|
trusted library allocation
|
page read and write
|
||
|
35CD000
|
heap
|
page read and write
|
||
|
35DA000
|
heap
|
page read and write
|
||
|
39D000
|
unkown
|
page execute and write copy
|
||
|
59D0000
|
trusted library allocation
|
page read and write
|
||
|
7A88000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34750000
|
trusted library allocation
|
page read and write
|
||
|
3DF000
|
unkown
|
page execute and write copy
|
||
|
7F9F000
|
stack
|
page read and write
|
||
|
3466000
|
heap
|
page read and write
|
||
|
30E3000
|
stack
|
page read and write
|
||
|
5024000
|
direct allocation
|
page execute and read and write
|
||
|
32E000
|
unkown
|
page execute and write copy
|
||
|
1B7CE000
|
stack
|
page read and write
|
||
|
7FFD34723000
|
trusted library allocation
|
page read and write
|
||
|
3607000
|
heap
|
page read and write
|
||
|
1A760000
|
trusted library allocation
|
page read and write
|
||
|
324F000
|
stack
|
page read and write
|
||
|
30FA000
|
stack
|
page read and write
|
||
|
1C6E3000
|
heap
|
page read and write
|
||
|
35C4000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
4FFF000
|
stack
|
page read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page read and write
|
||
|
35FE000
|
heap
|
page read and write
|
||
|
17E0000
|
heap
|
page read and write
|
||
|
12FBD000
|
trusted library allocation
|
page read and write
|
||
|
3750000
|
heap
|
page read and write
|
||
|
7FFD34570000
|
trusted library allocation
|
page read and write
|
||
|
1005000
|
heap
|
page read and write
|
||
|
1C8AA000
|
heap
|
page read and write
|
||
|
7FFD34574000
|
trusted library allocation
|
page read and write
|
||
|
12741000
|
trusted library allocation
|
page read and write
|
||
|
32E000
|
unkown
|
page execute and read and write
|
||
|
1634000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
CB3000
|
heap
|
page read and write
|
||
|
2C6A000
|
trusted library allocation
|
page read and write
|
||
|
1C1BD000
|
stack
|
page read and write
|
||
|
5023000
|
direct allocation
|
page execute and read and write
|
||
|
3150000
|
unkown
|
page read and write
|
||
|
27EB000
|
trusted library allocation
|
page read and write
|
||
|
319A000
|
unkown
|
page read and write
|
||
|
7FFD34760000
|
trusted library allocation
|
page read and write
|
||
|
1C878000
|
heap
|
page read and write
|
||
|
811B000
|
stack
|
page read and write
|
||
|
1C605000
|
heap
|
page read and write
|
||
|
1593000
|
heap
|
page read and write
|
||
|
71DA000
|
trusted library allocation
|
page read and write
|
||
|
1C6D1000
|
heap
|
page read and write
|
||
|
1C82E000
|
heap
|
page read and write
|
||
|
12AFE000
|
trusted library allocation
|
page read and write
|
||
|
35A0000
|
heap
|
page read and write
|
||
|
1C5F0000
|
heap
|
page read and write
|
||
|
7FFD34616000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345F0000
|
trusted library allocation
|
page read and write
|
||
|
5034000
|
direct allocation
|
page execute and read and write
|
||
|
1084000
|
unkown
|
page readonly
|
||
|
35B8000
|
heap
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
7FFD3479A000
|
trusted library allocation
|
page read and write
|
||
|
35C1000
|
heap
|
page read and write
|
||
|
7FFD34567000
|
trusted library allocation
|
page read and write
|
||
|
531A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
15C3000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
8E9000
|
heap
|
page read and write
|
||
|
3759000
|
heap
|
page read and write
|
||
|
C76000
|
heap
|
page read and write
|
||
|
7FFD3459C000
|
trusted library allocation
|
page execute and read and write
|
||
|
174E000
|
stack
|
page read and write
|
||
|
7FFD34584000
|
trusted library allocation
|
page read and write
|
||
|
2C45000
|
trusted library allocation
|
page read and write
|
||
|
3617000
|
heap
|
page read and write
|
||
|
CDD000
|
heap
|
page read and write
|
||
|
1C143000
|
stack
|
page read and write
|
||
|
3188000
|
unkown
|
page read and write
|
||
|
7FFD34770000
|
trusted library allocation
|
page read and write
|
||
|
12731000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3456C000
|
trusted library allocation
|
page read and write
|
||
|
35D6000
|
heap
|
page read and write
|
||
|
321D000
|
unkown
|
page read and write
|
||
|
5D6000
|
stack
|
page read and write
|
||
|
5034000
|
direct allocation
|
page execute and read and write
|
||
|
17A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34562000
|
trusted library allocation
|
page read and write
|
||
|
34BB000
|
trusted library allocation
|
page read and write
|
||
|
1CF9C000
|
stack
|
page read and write
|
||
|
31B6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34600000
|
trusted library allocation
|
page read and write
|
||
|
1BA60000
|
heap
|
page read and write
|
||
|
35C3000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
32AD000
|
heap
|
page read and write
|
||
|
5034000
|
direct allocation
|
page execute and read and write
|
||
|
1B4C4000
|
stack
|
page read and write
|
||
|
35A1000
|
heap
|
page read and write
|
||
|
1B851000
|
stack
|
page read and write
|
||
|
35B4000
|
heap
|
page read and write
|
||
|
5BC0000
|
heap
|
page read and write
|
||
|
35CF000
|
heap
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
7FFD3457D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3197000
|
trusted library allocation
|
page read and write
|
||
|
1C616000
|
heap
|
page read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
35FE000
|
heap
|
page read and write
|
||
|
31BB000
|
heap
|
page read and write
|
||
|
7FFD3460C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3225000
|
heap
|
page read and write
|
||
|
1B48F000
|
stack
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
35BA000
|
heap
|
page read and write
|
||
|
35CB000
|
heap
|
page read and write
|
||
|
3E1000
|
unkown
|
page execute and read and write
|
||
|
7A8B000
|
trusted library allocation
|
page read and write
|
||
|
4EB3000
|
heap
|
page read and write
|
||
|
1CDAE000
|
stack
|
page read and write
|
||
|
321D000
|
heap
|
page read and write
|
||
|
7FFD347E0000
|
trusted library allocation
|
page read and write
|
||
|
1C250000
|
heap
|
page read and write
|
||
|
35BE000
|
heap
|
page read and write
|
||
|
7FFD34610000
|
trusted library allocation
|
page read and write
|
||
|
1C7AC000
|
heap
|
page read and write
|
||
|
4EAE000
|
stack
|
page read and write
|
||
|
2CE6000
|
trusted library allocation
|
page read and write
|
||
|
1BC40000
|
heap
|
page read and write
|
||
|
AF6000
|
stack
|
page read and write
|
||
|
3196000
|
trusted library allocation
|
page read and write
|
||
|
3A8000
|
unkown
|
page execute and write copy
|
||
|
35FC000
|
heap
|
page read and write
|
||
|
35B3000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
1C910000
|
heap
|
page read and write
|
||
|
3607000
|
heap
|
page read and write
|
||
|
1C29B000
|
heap
|
page read and write
|
||
|
7FFD34720000
|
trusted library allocation
|
page read and write
|
||
|
3597000
|
heap
|
page read and write
|
||
|
660000
|
unkown
|
page execute and write copy
|
||
|
5034000
|
direct allocation
|
page execute and read and write
|
||
|
3225000
|
heap
|
page read and write
|
||
|
7FFD34550000
|
trusted library allocation
|
page read and write
|
||
|
C45000
|
heap
|
page read and write
|
||
|
1AAB0000
|
trusted library allocation
|
page read and write
|
||
|
1B2A0000
|
trusted library allocation
|
page read and write
|
||
|
35C2000
|
heap
|
page read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
5034000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD346E3000
|
trusted library allocation
|
page read and write
|
||
|
C7C000
|
heap
|
page read and write
|
||
|
7AB7000
|
trusted library allocation
|
page read and write
|
||
|
3225000
|
heap
|
page read and write
|
||
|
557E000
|
stack
|
page read and write
|
||
|
2F1000
|
unkown
|
page execute and read and write
|
||
|
D52000
|
heap
|
page read and write
|
||
|
1ACBD000
|
stack
|
page read and write
|
||
|
3605000
|
trusted library allocation
|
page read and write
|
||
|
F52000
|
unkown
|
page readonly
|
||
|
7FFD34564000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34554000
|
trusted library allocation
|
page read and write
|
||
|
2DA0000
|
heap
|
page readonly
|
||
|
1000000
|
heap
|
page read and write
|
||
|
7FFD34636000
|
trusted library allocation
|
page execute and read and write
|
||
|
35B8000
|
heap
|
page read and write
|
||
|
7FFD3455C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34557000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
1C322000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page execute and read and write
|
||
|
8E6000
|
heap
|
page read and write
|
||
|
F50000
|
unkown
|
page readonly
|
||
|
1B4CF000
|
stack
|
page read and write
|
||
|
7FFD34543000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C630000
|
heap
|
page read and write
|
||
|
5A7E000
|
stack
|
page read and write
|
||
|
1B65E000
|
stack
|
page read and write
|
||
|
7AEC000
|
trusted library allocation
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
2D26000
|
stack
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
32A8000
|
heap
|
page read and write
|
||
|
35B3000
|
heap
|
page read and write
|
||
|
35D8000
|
heap
|
page read and write
|
||
|
3477000
|
trusted library allocation
|
page read and write
|
||
|
7180000
|
trusted library allocation
|
page read and write
|
||
|
3185000
|
heap
|
page read and write
|
||
|
7FFD346FC000
|
trusted library allocation
|
page read and write
|
||
|
3635000
|
trusted library allocation
|
page read and write
|
||
|
359E000
|
trusted library allocation
|
page read and write
|
||
|
1573000
|
heap
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
7FFD34573000
|
trusted library allocation
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
1B0FF000
|
stack
|
page read and write
|
||
|
1BA57000
|
stack
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page read and write
|
||
|
8EC000
|
heap
|
page read and write
|
||
|
3225000
|
heap
|
page read and write
|
||
|
35CD000
|
heap
|
page read and write
|
||
|
8DF000
|
heap
|
page read and write
|
||
|
7A80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3461C000
|
trusted library allocation
|
page execute and read and write
|
||
|
321D000
|
heap
|
page read and write
|
||
|
1C768000
|
heap
|
page read and write
|
||
|
7FFD3456D000
|
trusted library allocation
|
page execute and read and write
|
||
|
34CE000
|
stack
|
page read and write
|
||
|
3607000
|
heap
|
page read and write
|
There are 632 hidden memdumps, click here to show them.