Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
5P9EdUgv5r.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Microsoft Office\Office16\qwhJcOiWbbUoQMvwnJNr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft OneDrive\LogoImages\qwhJcOiWbbUoQMvwnJNr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows Mail\qwhJcOiWbbUoQMvwnJNr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows Media Player\en-US\backgroundTaskHost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows Portable Devices\winlogon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Portable Devices\qwhJcOiWbbUoQMvwnJNr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\SearchApp.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\RemotePackages\RemoteApps\qwhJcOiWbbUoQMvwnJNr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\serversessionmonitor\1ogacUYksBebmJ8WSR.vbe
|
data
|
dropped
|
|
|
|
C:\serversessionmonitor\blockfont.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\8057c8f30c1a8e
|
ASCII text, with very long lines (643), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Microsoft OneDrive\LogoImages\8057c8f30c1a8e
|
ASCII text, with very long lines (542), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows Mail\8057c8f30c1a8e
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows Media Player\en-US\eddb19405b7ce1
|
ASCII text, with very long lines (606), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows Portable Devices\cc11b995f2a76d
|
ASCII text, with very long lines (471), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Portable Devices\8057c8f30c1a8e
|
ASCII text, with very long lines (465), with no line terminators
|
dropped
|
||
|
C:\Recovery\38384e6a620884
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\blockfont.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\qwhJcOiWbbUoQMvwnJNr.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\RemotePackages\RemoteApps\8057c8f30c1a8e
|
ASCII text, with very long lines (690), with no line terminators
|
dropped
|
||
|
C:\serversessionmonitor\ovpXJB1x2XJwVqS.bat
|
ASCII text, with no line terminators
|
dropped
|
There are 12 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\5P9EdUgv5r.exe
|
"C:\Users\user\Desktop\5P9EdUgv5r.exe"
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\serversessionmonitor\1ogacUYksBebmJ8WSR.vbe"
|
|
|
|
C:\serversessionmonitor\blockfont.exe
|
"C:\serversessionmonitor\blockfont.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\windows portable devices\winlogon.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Program Files (x86)\windows portable devices\winlogon.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\windows portable devices\winlogon.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qwhJcOiWbbUoQMvwnJNrq" /sc MINUTE /mo 9 /tr "'C:\Windows\RemotePackages\RemoteApps\qwhJcOiWbbUoQMvwnJNr.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qwhJcOiWbbUoQMvwnJNr" /sc ONLOGON /tr "'C:\Windows\RemotePackages\RemoteApps\qwhJcOiWbbUoQMvwnJNr.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qwhJcOiWbbUoQMvwnJNrq" /sc MINUTE /mo 14 /tr "'C:\Windows\RemotePackages\RemoteApps\qwhJcOiWbbUoQMvwnJNr.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\windows media player\en-US\backgroundTaskHost.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "backgroundTaskHost" /sc ONLOGON /tr "'C:\Program Files (x86)\windows media player\en-US\backgroundTaskHost.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\windows media player\en-US\backgroundTaskHost.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qwhJcOiWbbUoQMvwnJNrq" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\microsoft onedrive\LogoImages\qwhJcOiWbbUoQMvwnJNr.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qwhJcOiWbbUoQMvwnJNr" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft onedrive\LogoImages\qwhJcOiWbbUoQMvwnJNr.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\RemotePackages\RemoteApps\qwhJcOiWbbUoQMvwnJNr.exe
|
C:\Windows\RemotePackages\RemoteApps\qwhJcOiWbbUoQMvwnJNr.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qwhJcOiWbbUoQMvwnJNrq" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\microsoft onedrive\LogoImages\qwhJcOiWbbUoQMvwnJNr.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Program Files (x86)\Microsoft OneDrive\LogoImages\qwhJcOiWbbUoQMvwnJNr.exe
|
"C:\Program Files (x86)\microsoft onedrive\LogoImages\qwhJcOiWbbUoQMvwnJNr.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qwhJcOiWbbUoQMvwnJNrq" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows Portable Devices\qwhJcOiWbbUoQMvwnJNr.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qwhJcOiWbbUoQMvwnJNr" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\qwhJcOiWbbUoQMvwnJNr.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qwhJcOiWbbUoQMvwnJNrq" /sc MINUTE /mo 14 /tr "'C:\Program Files\Windows Portable Devices\qwhJcOiWbbUoQMvwnJNr.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SearchAppS" /sc MINUTE /mo 6 /tr "'C:\Recovery\SearchApp.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SearchApp" /sc ONLOGON /tr "'C:\Recovery\SearchApp.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SearchAppS" /sc MINUTE /mo 8 /tr "'C:\Recovery\SearchApp.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qwhJcOiWbbUoQMvwnJNrq" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\windows mail\qwhJcOiWbbUoQMvwnJNr.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qwhJcOiWbbUoQMvwnJNr" /sc ONLOGON /tr "'C:\Program Files (x86)\windows mail\qwhJcOiWbbUoQMvwnJNr.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qwhJcOiWbbUoQMvwnJNrq" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\windows mail\qwhJcOiWbbUoQMvwnJNr.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qwhJcOiWbbUoQMvwnJNrq" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\microsoft office\Office16\qwhJcOiWbbUoQMvwnJNr.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qwhJcOiWbbUoQMvwnJNr" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft office\Office16\qwhJcOiWbbUoQMvwnJNr.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "qwhJcOiWbbUoQMvwnJNrq" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\microsoft office\Office16\qwhJcOiWbbUoQMvwnJNr.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Program Files\Windows Portable Devices\qwhJcOiWbbUoQMvwnJNr.exe
|
"C:\Program Files\Windows Portable Devices\qwhJcOiWbbUoQMvwnJNr.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\serversessionmonitor\ovpXJB1x2XJwVqS.bat" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 22 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://a1023624.xsph.ru
|
unknown
|
|
|
|
http://a1023624.xsph.ru/1ffc0666.php?D6sO3=coW9eQnQdwC&8Qdw2X=mrLKL&03ZD=Zcs&494c04091cad695e488cec836843e29b=14eed2ab8e75c30d5e3051e42b208839&97fa7d33edb300ced93fc3fe0e6b5970=gMxYzM1kzY5YmY1QWNzQTZhJjNjhTZ0QDZ2ITY3MTZjJWMmNWO5YmN&D6sO3=coW9eQnQdwC&8Qdw2X=mrLKL&03ZD=Zcs
|
141.8.194.149
|
|
|
|
http://a1023624.xsph.ru/
|
unknown
|
|
|
|
http://a1023624.xsph.ru/1ffc0666.php?D6sO3=coW9eQnQdwC&8Qdw2X=mrLKL&03ZD=Zcs&494c04091cad695e488cec8
|
unknown
|
|
|
|
https://cp.sprinthost.ru
|
unknown
|
||
|
https://index.from.sh/pages/game.html
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://go.mic
|
unknown
|
||
|
https://cp.sprinthost.ru/auth/login
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
a1023624.xsph.ru
|
141.8.194.149
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
141.8.194.149
|
a1023624.xsph.ru
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
PromptOnSecureDesktop
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
|
CheckSetting
|
||
|
HKEY_CURRENT_USER\SOFTWARE\62af99aacb8b536aec4f83bb384ed810f953b231
|
89fd2dcf3ad7282e7e847f62b81223c3b3d73117
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qwhJcOiWbbUoQMvwnJNr_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qwhJcOiWbbUoQMvwnJNr_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qwhJcOiWbbUoQMvwnJNr_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qwhJcOiWbbUoQMvwnJNr_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qwhJcOiWbbUoQMvwnJNr_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qwhJcOiWbbUoQMvwnJNr_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qwhJcOiWbbUoQMvwnJNr_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qwhJcOiWbbUoQMvwnJNr_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qwhJcOiWbbUoQMvwnJNr_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qwhJcOiWbbUoQMvwnJNr_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qwhJcOiWbbUoQMvwnJNr_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qwhJcOiWbbUoQMvwnJNr_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qwhJcOiWbbUoQMvwnJNr_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\qwhJcOiWbbUoQMvwnJNr_RASMANCS
|
FileDirectory
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
132BF000
|
trusted library allocation
|
page read and write
|
|
|
|
302C000
|
trusted library allocation
|
page read and write
|
|
|
|
2E11000
|
trusted library allocation
|
page read and write
|
|
|
|
3657000
|
trusted library allocation
|
page read and write
|
|
|
|
2E4D000
|
trusted library allocation
|
page read and write
|
|
|
|
2FF1000
|
trusted library allocation
|
page read and write
|
|
|
|
3101000
|
trusted library allocation
|
page read and write
|
|
|
|
365B000
|
trusted library allocation
|
page read and write
|
|
|
|
32B1000
|
trusted library allocation
|
page read and write
|
|
|
|
6B8D000
|
heap
|
page read and write
|
||
|
1C103000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
141F000
|
heap
|
page read and write
|
||
|
BD7000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
C16000
|
heap
|
page read and write
|
||
|
324D000
|
trusted library allocation
|
page read and write
|
||
|
132B8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
1C4FF000
|
heap
|
page read and write
|
||
|
316E000
|
heap
|
page read and write
|
||
|
314C000
|
heap
|
page read and write
|
||
|
7FFD9B7C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
D20000
|
heap
|
page readonly
|
||
|
1BD7F000
|
stack
|
page read and write
|
||
|
7FFD9B98B000
|
trusted library allocation
|
page read and write
|
||
|
1C42D000
|
stack
|
page read and write
|
||
|
7FFD9B7FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9A5000
|
trusted library allocation
|
page read and write
|
||
|
30D6000
|
stack
|
page read and write
|
||
|
52A4000
|
heap
|
page read and write
|
||
|
7FFD9B7E4000
|
trusted library allocation
|
page read and write
|
||
|
1C4C6000
|
heap
|
page read and write
|
||
|
4A0E000
|
stack
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B973000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
unkown
|
page readonly
|
||
|
BD8000
|
heap
|
page read and write
|
||
|
751E000
|
stack
|
page read and write
|
||
|
3160000
|
trusted library section
|
page read and write
|
||
|
1C76E000
|
stack
|
page read and write
|
||
|
BDE000
|
heap
|
page read and write
|
||
|
7FFD9B7E4000
|
trusted library allocation
|
page read and write
|
||
|
1311000
|
heap
|
page read and write
|
||
|
11C6000
|
stack
|
page read and write
|
||
|
D9E000
|
unkown
|
page write copy
|
||
|
7FFD9B7D3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7E3000
|
trusted library allocation
|
page read and write
|
||
|
149F000
|
stack
|
page read and write
|
||
|
130F000
|
heap
|
page read and write
|
||
|
1B020000
|
trusted library allocation
|
page read and write
|
||
|
346D000
|
stack
|
page read and write
|
||
|
554E000
|
stack
|
page read and write
|
||
|
7FFD9B7CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7F4000
|
trusted library allocation
|
page read and write
|
||
|
1C49B000
|
heap
|
page read and write
|
||
|
7FFD9B7B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
12E21000
|
trusted library allocation
|
page read and write
|
||
|
1C0CE000
|
stack
|
page read and write
|
||
|
30E3000
|
stack
|
page read and write
|
||
|
7FFD9B7BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
13071000
|
trusted library allocation
|
page read and write
|
||
|
3627000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page execute and read and write
|
||
|
BE3000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
1088000
|
unkown
|
page readonly
|
||
|
132BD000
|
trusted library allocation
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
30BC000
|
stack
|
page read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
D61000
|
unkown
|
page execute read
|
||
|
110B000
|
heap
|
page read and write
|
||
|
1C16D000
|
heap
|
page read and write
|
||
|
7FFD9B9BD000
|
trusted library allocation
|
page read and write
|
||
|
CA6000
|
stack
|
page read and write
|
||
|
BED000
|
heap
|
page read and write
|
||
|
7FFD9B8F1000
|
trusted library allocation
|
page execute and read and write
|
||
|
30D0000
|
stack
|
page read and write
|
||
|
E5F000
|
stack
|
page read and write
|
||
|
1C48D000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
7FFD9B96B000
|
trusted library allocation
|
page read and write
|
||
|
10AC000
|
heap
|
page read and write
|
||
|
1B83D000
|
stack
|
page read and write
|
||
|
7FFD9B88C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page execute and read and write
|
||
|
5520000
|
heap
|
page read and write
|
||
|
2F80000
|
heap
|
page execute and read and write
|
||
|
7FFD9B7D0000
|
trusted library allocation
|
page read and write
|
||
|
1C143000
|
heap
|
page read and write
|
||
|
BDE000
|
heap
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
1C2CE000
|
stack
|
page read and write
|
||
|
7FFD9B7DC000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
1C4DF000
|
heap
|
page read and write
|
||
|
3139000
|
heap
|
page read and write
|
||
|
7FFD9B7C2000
|
trusted library allocation
|
page read and write
|
||
|
1421000
|
heap
|
page read and write
|
||
|
1BAF4000
|
stack
|
page read and write
|
||
|
F50000
|
unkown
|
page readonly
|
||
|
1CB8E000
|
stack
|
page read and write
|
||
|
7FFD9B983000
|
trusted library allocation
|
page read and write
|
||
|
1C0E9000
|
heap
|
page read and write
|
||
|
6B80000
|
trusted library allocation
|
page read and write
|
||
|
312F000
|
heap
|
page read and write
|
||
|
31DC000
|
heap
|
page read and write
|
||
|
562B000
|
heap
|
page read and write
|
||
|
7FFD9B9A1000
|
trusted library allocation
|
page read and write
|
||
|
BE4000
|
heap
|
page read and write
|
||
|
14B7000
|
heap
|
page read and write
|
||
|
139F000
|
stack
|
page read and write
|
||
|
2F20000
|
heap
|
page execute and read and write
|
||
|
1434000
|
heap
|
page read and write
|
||
|
1C51F000
|
heap
|
page read and write
|
||
|
AFB000
|
stack
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
550E000
|
stack
|
page read and write
|
||
|
1050000
|
heap
|
page execute and read and write
|
||
|
1BACE000
|
stack
|
page read and write
|
||
|
5627000
|
heap
|
page read and write
|
||
|
7FFD9B7C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B876000
|
trusted library allocation
|
page read and write
|
||
|
35D4000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
7FFD9B7D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B82C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page execute and read and write
|
||
|
761F000
|
stack
|
page read and write
|
||
|
7FFD9B7D4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B963000
|
trusted library allocation
|
page read and write
|
||
|
5624000
|
heap
|
page read and write
|
||
|
131F0000
|
trusted library allocation
|
page read and write
|
||
|
10CA000
|
heap
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
1C46F000
|
heap
|
page read and write
|
||
|
34D9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B896000
|
trusted library allocation
|
page execute and read and write
|
||
|
13181000
|
trusted library allocation
|
page read and write
|
||
|
1B130000
|
trusted library allocation
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
B98000
|
heap
|
page read and write
|
||
|
7FFD9B983000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C400000
|
heap
|
page read and write
|
||
|
14CF000
|
stack
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7C4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
3136000
|
heap
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page read and write
|
||
|
DC3000
|
unkown
|
page readonly
|
||
|
1451000
|
heap
|
page read and write
|
||
|
1C458000
|
heap
|
page read and write
|
||
|
BF4000
|
heap
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
1C561000
|
heap
|
page read and write
|
||
|
18A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
C38000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
1C6DE000
|
stack
|
page read and write
|
||
|
58CC000
|
stack
|
page read and write
|
||
|
172F000
|
stack
|
page read and write
|
||
|
1C0D0000
|
heap
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
4A60000
|
heap
|
page read and write
|
||
|
1C0ED000
|
heap
|
page read and write
|
||
|
31DC000
|
heap
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
1C3DD000
|
stack
|
page read and write
|
||
|
1C148000
|
heap
|
page read and write
|
||
|
14DE000
|
heap
|
page read and write
|
||
|
7FFD9B7B4000
|
trusted library allocation
|
page read and write
|
||
|
1904000
|
heap
|
page read and write
|
||
|
3139000
|
heap
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1310D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9FA000
|
trusted library allocation
|
page read and write
|
||
|
18E0000
|
trusted library allocation
|
page read and write
|
||
|
1BBBF000
|
stack
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
10A6000
|
heap
|
page read and write
|
||
|
12D6000
|
heap
|
page read and write
|
||
|
1B57D000
|
stack
|
page read and write
|
||
|
7FFD9B96C000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
316C000
|
heap
|
page read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
31A4000
|
trusted library allocation
|
page read and write
|
||
|
C38000
|
heap
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7E7000
|
trusted library allocation
|
page read and write
|
||
|
1377000
|
heap
|
page read and write
|
||
|
BD4000
|
heap
|
page read and write
|
||
|
1C42B000
|
heap
|
page read and write
|
||
|
7FFD9B9B2000
|
trusted library allocation
|
page read and write
|
||
|
BD6000
|
heap
|
page read and write
|
||
|
1BEC0000
|
heap
|
page read and write
|
||
|
3194000
|
heap
|
page read and write
|
||
|
BE7000
|
heap
|
page read and write
|
||
|
BB8000
|
heap
|
page read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
7FFD9B96A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7DC000
|
trusted library allocation
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
132B1000
|
trusted library allocation
|
page read and write
|
||
|
3531000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9BF000
|
trusted library allocation
|
page read and write
|
||
|
550E000
|
stack
|
page read and write
|
||
|
31CC000
|
heap
|
page read and write
|
||
|
1BDBB000
|
stack
|
page read and write
|
||
|
7FFD9B96A000
|
trusted library allocation
|
page read and write
|
||
|
329D000
|
trusted library allocation
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
564F000
|
stack
|
page read and write
|
||
|
35F1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9AA000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
7FFD9B7FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C10D000
|
heap
|
page read and write
|
||
|
7FFD9B7D7000
|
trusted library allocation
|
page read and write
|
||
|
362B000
|
heap
|
page read and write
|
||
|
1C440000
|
heap
|
page read and write
|
||
|
7FFD9B9F3000
|
trusted library allocation
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
57CC000
|
stack
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
1BEB3000
|
stack
|
page read and write
|
||
|
12E13000
|
trusted library allocation
|
page read and write
|
||
|
1750000
|
heap
|
page read and write
|
||
|
3108000
|
heap
|
page read and write
|
||
|
30FA000
|
stack
|
page read and write
|
||
|
3156000
|
heap
|
page read and write
|
||
|
BD5000
|
heap
|
page read and write
|
||
|
1C0D4000
|
heap
|
page read and write
|
||
|
7FFD9B7C6000
|
trusted library allocation
|
page read and write
|
||
|
332E000
|
stack
|
page read and write
|
||
|
324F000
|
trusted library allocation
|
page read and write
|
||
|
2F10000
|
trusted library allocation
|
page read and write
|
||
|
3139000
|
heap
|
page read and write
|
||
|
1C486000
|
heap
|
page read and write
|
||
|
775F000
|
stack
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
12F9000
|
heap
|
page read and write
|
||
|
32C8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
FE5000
|
heap
|
page read and write
|
||
|
1C41C000
|
heap
|
page read and write
|
||
|
BFF000
|
heap
|
page read and write
|
||
|
1C535000
|
heap
|
page read and write
|
||
|
1BFCE000
|
stack
|
page read and write
|
||
|
18F0000
|
heap
|
page execute and read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
7FFD9B7D3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9DC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
14EF000
|
heap
|
page read and write
|
||
|
BE2000
|
heap
|
page read and write
|
||
|
2EFF000
|
stack
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
EF6000
|
stack
|
page read and write
|
||
|
D93000
|
unkown
|
page readonly
|
||
|
1177000
|
heap
|
page read and write
|
||
|
144C000
|
heap
|
page read and write
|
||
|
3600000
|
heap
|
page read and write
|
||
|
31C8000
|
heap
|
page read and write
|
||
|
177E000
|
stack
|
page read and write
|
||
|
1BCCE000
|
stack
|
page read and write
|
||
|
BF4000
|
heap
|
page read and write
|
||
|
1C0D1000
|
heap
|
page read and write
|
||
|
BB1000
|
heap
|
page read and write
|
||
|
1B7F0000
|
heap
|
page execute and read and write
|
||
|
12E1D000
|
trusted library allocation
|
page read and write
|
||
|
1C96D000
|
stack
|
page read and write
|
||
|
33EC000
|
trusted library allocation
|
page read and write
|
||
|
BC1000
|
heap
|
page read and write
|
||
|
C1F000
|
heap
|
page read and write
|
||
|
139C000
|
heap
|
page read and write
|
||
|
BB8000
|
heap
|
page read and write
|
||
|
7FFD9B886000
|
trusted library allocation
|
page read and write
|
||
|
1B39D000
|
stack
|
page read and write
|
||
|
15DE000
|
stack
|
page read and write
|
||
|
7FFD9B9F3000
|
trusted library allocation
|
page read and write
|
||
|
1540000
|
heap
|
page execute and read and write
|
||
|
3129000
|
heap
|
page read and write
|
||
|
BF3000
|
heap
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
35B3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
13686000
|
trusted library allocation
|
page read and write
|
||
|
1C86E000
|
stack
|
page read and write
|
||
|
31C2000
|
heap
|
page read and write
|
||
|
BCF000
|
heap
|
page read and write
|
||
|
133A000
|
heap
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1740000
|
trusted library allocation
|
page read and write
|
||
|
13001000
|
trusted library allocation
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
3215000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
30E9000
|
stack
|
page read and write
|
||
|
313E000
|
heap
|
page read and write
|
||
|
18C0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B8A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EAF000
|
stack
|
page read and write
|
||
|
1C132000
|
heap
|
page read and write
|
||
|
31CC000
|
heap
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
7FFD9B98B000
|
trusted library allocation
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
7FFD9B87C000
|
trusted library allocation
|
page execute and read and write
|
||
|
363F000
|
trusted library allocation
|
page read and write
|
||
|
30FE000
|
stack
|
page read and write
|
||
|
31DC000
|
heap
|
page read and write
|
||
|
314C000
|
heap
|
page read and write
|
||
|
12F2000
|
heap
|
page read and write
|
||
|
1BCFE000
|
stack
|
page read and write
|
||
|
1C30E000
|
stack
|
page read and write
|
||
|
3129000
|
heap
|
page read and write
|
||
|
7FFD9B7D7000
|
trusted library allocation
|
page read and write
|
||
|
765E000
|
stack
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page read and write
|
||
|
C36000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
1C50F000
|
heap
|
page read and write
|
||
|
52A0000
|
heap
|
page read and write
|
||
|
58BE000
|
stack
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B80C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C1A0000
|
trusted library section
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
12F6000
|
stack
|
page read and write
|
||
|
7FF4BD7B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
7FFD9B7ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B96C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7CC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
314C000
|
heap
|
page read and write
|
||
|
31D6000
|
trusted library allocation
|
page read and write
|
||
|
F46000
|
stack
|
page read and write
|
||
|
7FFD9B9F8000
|
trusted library allocation
|
page read and write
|
||
|
1BDFE000
|
stack
|
page read and write
|
||
|
313D000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
D61000
|
unkown
|
page execute read
|
||
|
316B000
|
heap
|
page read and write
|
||
|
BE5000
|
heap
|
page read and write
|
||
|
7FFD9B7EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
1BBF3000
|
stack
|
page read and write
|
||
|
BE3000
|
heap
|
page read and write
|
||
|
1C157000
|
heap
|
page read and write
|
||
|
1084000
|
unkown
|
page readonly
|
||
|
1C3E0000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
7FFD9B96E000
|
trusted library allocation
|
page read and write
|
||
|
1C26F000
|
stack
|
page read and write
|
||
|
31CC000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
1C3F6000
|
heap
|
page read and write
|
||
|
BD9000
|
heap
|
page read and write
|
||
|
BF9000
|
heap
|
page read and write
|
||
|
53DD000
|
heap
|
page read and write
|
||
|
187E000
|
stack
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
1B8FE000
|
stack
|
page read and write
|
||
|
F50000
|
unkown
|
page readonly
|
||
|
BEC000
|
heap
|
page read and write
|
||
|
7FFD9B7DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3241000
|
trusted library allocation
|
page read and write
|
||
|
165F000
|
stack
|
page read and write
|
||
|
7FFD9B9D1000
|
trusted library allocation
|
page read and write
|
||
|
151C000
|
heap
|
page read and write
|
||
|
7FFD9B95C000
|
trusted library allocation
|
page read and write
|
||
|
562A000
|
heap
|
page read and write
|
||
|
F52000
|
unkown
|
page readonly
|
||
|
7FFD9B9D8000
|
trusted library allocation
|
page read and write
|
||
|
BE2000
|
heap
|
page read and write
|
||
|
1CD8B000
|
stack
|
page read and write
|
||
|
316E000
|
heap
|
page read and write
|
||
|
BFB000
|
heap
|
page read and write
|
||
|
3665000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
31DC000
|
heap
|
page read and write
|
||
|
12FF1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page read and write
|
||
|
73B000
|
stack
|
page read and write
|
||
|
1449000
|
heap
|
page read and write
|
||
|
7FFD9B7EC000
|
trusted library allocation
|
page read and write
|
||
|
1C4A2000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
316E000
|
heap
|
page read and write
|
||
|
4A5E000
|
stack
|
page read and write
|
||
|
1C540000
|
heap
|
page read and write
|
||
|
1B9BF000
|
stack
|
page read and write
|
||
|
13176000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
||
|
1C15F000
|
heap
|
page read and write
|
||
|
BF1000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
1880000
|
trusted library allocation
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
568E000
|
stack
|
page read and write
|
||
|
D9E000
|
unkown
|
page read and write
|
||
|
32F4000
|
trusted library allocation
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
1020000
|
trusted library allocation
|
page read and write
|
||
|
3575000
|
trusted library allocation
|
page read and write
|
||
|
1AE40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
1C0E0000
|
heap
|
page read and write
|
||
|
360A000
|
trusted library allocation
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
1C47C000
|
heap
|
page read and write
|
||
|
14CF000
|
heap
|
page read and write
|
||
|
BD6000
|
heap
|
page read and write
|
||
|
C1F000
|
heap
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
BC2000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
31CC000
|
heap
|
page read and write
|
||
|
12E11000
|
trusted library allocation
|
page read and write
|
||
|
1BABE000
|
stack
|
page read and write
|
||
|
153C000
|
heap
|
page read and write
|
||
|
1B2E0000
|
trusted library allocation
|
page read and write
|
||
|
31C2000
|
heap
|
page read and write
|
||
|
7FFD9B9AE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B976000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7C4000
|
trusted library allocation
|
page read and write
|
||
|
12DC000
|
heap
|
page read and write
|
||
|
7FFD9B963000
|
trusted library allocation
|
page read and write
|
||
|
BD3000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
31CC000
|
heap
|
page read and write
|
||
|
1C073000
|
stack
|
page read and write
|
||
|
D60000
|
unkown
|
page readonly
|
||
|
13101000
|
trusted library allocation
|
page read and write
|
||
|
13381000
|
trusted library allocation
|
page read and write
|
||
|
B7E000
|
stack
|
page read and write
|
||
|
7FFD9B87C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3129000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
326B000
|
trusted library allocation
|
page read and write
|
||
|
30AF000
|
trusted library allocation
|
page read and write
|
||
|
1C553000
|
heap
|
page read and write
|
||
|
31C9000
|
heap
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
3667000
|
trusted library allocation
|
page read and write
|
||
|
3139000
|
heap
|
page read and write
|
||
|
1B9FF000
|
stack
|
page read and write
|
||
|
7FFD9B9EC000
|
trusted library allocation
|
page read and write
|
||
|
1C7DE000
|
stack
|
page read and write
|
||
|
12FF3000
|
trusted library allocation
|
page read and write
|
||
|
525F000
|
stack
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
1C080000
|
heap
|
page read and write
|
||
|
1C573000
|
heap
|
page read and write
|
||
|
515D000
|
stack
|
page read and write
|
||
|
14F2000
|
heap
|
page read and write
|
||
|
1CC8F000
|
stack
|
page read and write
|
||
|
31C2000
|
heap
|
page read and write
|
||
|
789C000
|
stack
|
page read and write
|
||
|
1C0AC000
|
heap
|
page read and write
|
||
|
13EC000
|
heap
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
31CC000
|
heap
|
page read and write
|
||
|
1900000
|
heap
|
page read and write
|
||
|
301E000
|
stack
|
page read and write
|
||
|
7FFD9B8B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
31C2000
|
heap
|
page read and write
|
||
|
7FFD9B98B000
|
trusted library allocation
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
30E7000
|
stack
|
page read and write
|
||
|
C1F000
|
heap
|
page read and write
|
||
|
1B68D000
|
stack
|
page read and write
|
||
|
152A000
|
heap
|
page read and write
|
||
|
1BDC2000
|
stack
|
page read and write
|
||
|
FF5000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
3620000
|
heap
|
page read and write
|
||
|
BD3000
|
heap
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
DC1000
|
unkown
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
BDD000
|
heap
|
page read and write
|
||
|
1310F000
|
trusted library allocation
|
page read and write
|
||
|
540E000
|
stack
|
page read and write
|
||
|
32F1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page read and write
|
||
|
12E18000
|
trusted library allocation
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
DC2000
|
unkown
|
page readonly
|
||
|
B90000
|
heap
|
page read and write
|
||
|
7FFD9B7D4000
|
trusted library allocation
|
page read and write
|
||
|
1C180000
|
trusted library section
|
page read and write
|
||
|
32AE000
|
stack
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
34E7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page execute and read and write
|
||
|
3180000
|
trusted library section
|
page read and write
|
||
|
7FFD9B7C3000
|
trusted library allocation
|
page read and write
|
||
|
33CD000
|
trusted library allocation
|
page read and write
|
||
|
10E3000
|
heap
|
page read and write
|
||
|
1624000
|
heap
|
page read and write
|
||
|
1BE7F000
|
stack
|
page read and write
|
||
|
587E000
|
stack
|
page read and write
|
||
|
1C452000
|
heap
|
page read and write
|
||
|
7FFD9B9D5000
|
trusted library allocation
|
page read and write
|
||
|
1555000
|
heap
|
page read and write
|
||
|
BD5000
|
heap
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
13427000
|
trusted library allocation
|
page read and write
|
||
|
1BC7F000
|
stack
|
page read and write
|
||
|
1B7DE000
|
stack
|
page read and write
|
||
|
7FFD9B9BD000
|
trusted library allocation
|
page read and write
|
||
|
BE1000
|
heap
|
page read and write
|
||
|
31B0000
|
trusted library allocation
|
page read and write
|
||
|
356F000
|
stack
|
page read and write
|
||
|
DA4000
|
unkown
|
page read and write
|
||
|
5622000
|
heap
|
page read and write
|
||
|
7FFD9B9A8000
|
trusted library allocation
|
page read and write
|
||
|
31C2000
|
heap
|
page read and write
|
||
|
14DB000
|
heap
|
page read and write
|
||
|
1C0D5000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
35F5000
|
trusted library allocation
|
page read and write
|
||
|
BE6000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
7FFD9B993000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
1C0EF000
|
heap
|
page read and write
|
||
|
C38000
|
heap
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
779C000
|
stack
|
page read and write
|
||
|
1040000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9D1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
7FFD9B7C7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B876000
|
trusted library allocation
|
page read and write
|
||
|
1C0F6000
|
heap
|
page read and write
|
||
|
313A000
|
heap
|
page read and write
|
||
|
1C57B000
|
heap
|
page read and write
|
||
|
30C6000
|
stack
|
page read and write
|
||
|
3263000
|
trusted library allocation
|
page read and write
|
||
|
12FFD000
|
trusted library allocation
|
page read and write
|
||
|
12FF8000
|
trusted library allocation
|
page read and write
|
||
|
BB2000
|
heap
|
page read and write
|
||
|
1543000
|
heap
|
page read and write
|
||
|
1484000
|
heap
|
page read and write
|
||
|
31DC000
|
heap
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
||
|
5900000
|
heap
|
page read and write
|
||
|
316E000
|
heap
|
page read and write
|
||
|
7FFD9B7B2000
|
trusted library allocation
|
page read and write
|
||
|
1C4F2000
|
heap
|
page read and write
|
||
|
1BECE000
|
stack
|
page read and write
|
||
|
1C4A8000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
316C000
|
heap
|
page read and write
|
||
|
C36000
|
heap
|
page read and write
|
||
|
130D000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
1CA8E000
|
stack
|
page read and write
|
||
|
7FFD9B8E5000
|
trusted library allocation
|
page execute and read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
1754000
|
heap
|
page read and write
|
||
|
1C12C000
|
heap
|
page read and write
|
||
|
1BF74000
|
stack
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
1BBCE000
|
stack
|
page read and write
|
||
|
7FFD9B86C000
|
trusted library allocation
|
page execute and read and write
|
||
|
31DC000
|
heap
|
page read and write
|
||
|
7FFD9B7DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
1BCB4000
|
stack
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B97C000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
7FFD9B7D2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FAF000
|
stack
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
7FFD9B7D0000
|
trusted library allocation
|
page read and write
|
||
|
1620000
|
heap
|
page read and write
|
||
|
3292000
|
trusted library allocation
|
page read and write
|
||
|
540E000
|
stack
|
page read and write
|
||
|
133E000
|
heap
|
page read and write
|
||
|
BF9000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
D93000
|
unkown
|
page readonly
|
||
|
7FFD9B7DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C49E000
|
heap
|
page read and write
|
||
|
7FFD9B7EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
BF4000
|
heap
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
136B000
|
heap
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
BE5000
|
heap
|
page read and write
|
||
|
1C66E000
|
stack
|
page read and write
|
||
|
12E91000
|
trusted library allocation
|
page read and write
|
||
|
30F2000
|
stack
|
page read and write
|
||
|
C16000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
C36000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
1386E000
|
trusted library allocation
|
page read and write
|
||
|
C16000
|
heap
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B987000
|
trusted library allocation
|
page read and write
|
||
|
3184000
|
trusted library allocation
|
page read and write
|
||
|
DC2000
|
unkown
|
page write copy
|
||
|
578F000
|
stack
|
page read and write
|
||
|
3126000
|
heap
|
page read and write
|
||
|
1600000
|
trusted library allocation
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
15E0000
|
trusted library allocation
|
page read and write
|
There are 638 hidden memdumps, click here to show them.