Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
CrPH91TEUL.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Java\XnhYPNWiKV.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\XnhYPNWiKV.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows Defender\en-GB\XnhYPNWiKV.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows NT\TableTextService\en-US\XnhYPNWiKV.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\MSBuild\Microsoft\System.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\MSBuild\Microsoft\System.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\XnhYPNWiKV.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Portable Devices\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Portable Devices\RuntimeBroker.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\Windows Security\BrowserCore\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\XnhYPNWiKV.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\WmiPrvSE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\WmiPrvSE.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\XnhYPNWiKV.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\CrPH91TEUL.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\zJkDGXNxvq.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Windows\AppReadiness\fontdrvhost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\AppReadiness\fontdrvhost.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Windows\ELAMBKUP\csrss.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\ELAMBKUP\csrss.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Windows\GameBarPresenceWriter\XnhYPNWiKV.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\IME\XnhYPNWiKV.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\ImmersiveControlPanel\ApplicationFrameHost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\ModemLogs\dasHost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\apppatch\CustomSDB\XnhYPNWiKV.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\d792c5fedef0ed
|
ASCII text, with very long lines (956), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows Defender\en-GB\XnhYPNWiKV.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows Defender\en-GB\d792c5fedef0ed
|
ASCII text, with very long lines (654), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows NT\TableTextService\en-US\XnhYPNWiKV.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows NT\TableTextService\en-US\d792c5fedef0ed
|
ASCII text, with very long lines (787), with no line terminators
|
dropped
|
||
|
C:\Program Files\MSBuild\Microsoft\27d1bcfc3c54e0
|
ASCII text, with very long lines (344), with no line terminators
|
dropped
|
||
|
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\XnhYPNWiKV.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\d792c5fedef0ed
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Portable Devices\9e8d7a4ca61bd9
|
ASCII text, with very long lines (892), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Security\BrowserCore\9e8d7a4ca61bd9
|
ASCII text, with very long lines (925), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Security\BrowserCore\RuntimeBroker.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Recovery\9e8d7a4ca61bd9
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Recovery\RuntimeBroker.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Recovery\XnhYPNWiKV.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Recovery\d792c5fedef0ed
|
ASCII text, with very long lines (859), with no line terminators
|
dropped
|
||
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\24dbde2999530e
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\XnhYPNWiKV.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\d792c5fedef0ed
|
ASCII text, with very long lines (672), with no line terminators
|
dropped
|
||
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\9e8d7a4ca61bd9
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\RuntimeBroker.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WmiPrvSE.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XnhYPNWiKV.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0Wk4yLAJYy
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\AppReadiness\5b884080fd4f94
|
ASCII text, with very long lines (919), with no line terminators
|
dropped
|
||
|
C:\Windows\ELAMBKUP\886983d96e3d3e
|
ASCII text, with very long lines (307), with no line terminators
|
dropped
|
||
|
C:\Windows\GameBarPresenceWriter\XnhYPNWiKV.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\GameBarPresenceWriter\d792c5fedef0ed
|
ASCII text, with very long lines (492), with no line terminators
|
dropped
|
||
|
C:\Windows\IME\XnhYPNWiKV.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\IME\d792c5fedef0ed
|
ASCII text, with very long lines (442), with no line terminators
|
dropped
|
||
|
C:\Windows\ImmersiveControlPanel\6dd19aba3e2428
|
ASCII text, with very long lines (381), with no line terminators
|
dropped
|
||
|
C:\Windows\ImmersiveControlPanel\ApplicationFrameHost.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\ModemLogs\21b1a557fd31cc
|
ASCII text, with very long lines (723), with no line terminators
|
dropped
|
||
|
C:\Windows\ModemLogs\dasHost.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\apppatch\CustomSDB\XnhYPNWiKV.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\apppatch\CustomSDB\d792c5fedef0ed
|
ASCII text, with very long lines (460), with no line terminators
|
dropped
|
There are 53 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\CrPH91TEUL.exe
|
"C:\Users\user\Desktop\CrPH91TEUL.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 14 /tr "'C:\Users\Default\SendTo\WmiPrvSE.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Users\Default\SendTo\WmiPrvSE.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 11 /tr "'C:\Users\Default\SendTo\WmiPrvSE.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "XnhYPNWiKVX" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\java\XnhYPNWiKV.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "XnhYPNWiKV" /sc ONLOGON /tr "'C:\Program Files (x86)\java\XnhYPNWiKV.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "XnhYPNWiKVX" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\java\XnhYPNWiKV.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "XnhYPNWiKVX" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\windows nt\TableTextService\en-US\XnhYPNWiKV.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "XnhYPNWiKV" /sc ONLOGON /tr "'C:\Program Files (x86)\windows nt\TableTextService\en-US\XnhYPNWiKV.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "XnhYPNWiKVX" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\windows nt\TableTextService\en-US\XnhYPNWiKV.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "XnhYPNWiKVX" /sc MINUTE /mo 14 /tr "'C:\Windows\GameBarPresenceWriter\XnhYPNWiKV.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "XnhYPNWiKV" /sc ONLOGON /tr "'C:\Windows\GameBarPresenceWriter\XnhYPNWiKV.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "XnhYPNWiKVX" /sc MINUTE /mo 11 /tr "'C:\Windows\GameBarPresenceWriter\XnhYPNWiKV.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "XnhYPNWiKVX" /sc MINUTE /mo 10 /tr "'C:\Users\Default User\SendTo\XnhYPNWiKV.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "XnhYPNWiKV" /sc ONLOGON /tr "'C:\Users\Default User\SendTo\XnhYPNWiKV.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "XnhYPNWiKVX" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\SendTo\XnhYPNWiKV.exe'" /rl HIGHEST /f
|
|
|
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\WmiPrvSE.exe
|
C:\Users\Default\SendTo\WmiPrvSE.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Portable Devices\RuntimeBroker.exe'"
/f
|
|
|
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\WmiPrvSE.exe
|
C:\Users\Default\SendTo\WmiPrvSE.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files\Windows Portable Devices\RuntimeBroker.exe'" /rl
HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows Portable Devices\RuntimeBroker.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\XnhYPNWiKV.exe
|
"C:\Users\Default User\SendTo\XnhYPNWiKV.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "ApplicationFrameHostA" /sc MINUTE /mo 14 /tr "'C:\Windows\ImmersiveControlPanel\ApplicationFrameHost.exe'"
/f
|
|
|
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\XnhYPNWiKV.exe
|
"C:\Users\Default User\SendTo\XnhYPNWiKV.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "ApplicationFrameHost" /sc ONLOGON /tr "'C:\Windows\ImmersiveControlPanel\ApplicationFrameHost.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "ApplicationFrameHostA" /sc MINUTE /mo 8 /tr "'C:\Windows\ImmersiveControlPanel\ApplicationFrameHost.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 8 /tr "'C:\Windows\ELAMBKUP\csrss.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Windows\ELAMBKUP\csrss.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 10 /tr "'C:\Windows\ELAMBKUP\csrss.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 9 /tr "'C:\Users\Default\Start Menu\Programs\Windows PowerShell\RuntimeBroker.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Users\Default\Start Menu\Programs\Windows PowerShell\RuntimeBroker.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Users\Default\Start Menu\Programs\Windows PowerShell\RuntimeBroker.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Security\BrowserCore\RuntimeBroker.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files\Windows Security\BrowserCore\RuntimeBroker.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Security\BrowserCore\RuntimeBroker.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "XnhYPNWiKVX" /sc MINUTE /mo 11 /tr "'C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\XnhYPNWiKV.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "XnhYPNWiKV" /sc ONLOGON /tr "'C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\XnhYPNWiKV.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "XnhYPNWiKVX" /sc MINUTE /mo 8 /tr "'C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\XnhYPNWiKV.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "XnhYPNWiKVX" /sc MINUTE /mo 10 /tr "'C:\Recovery\XnhYPNWiKV.exe'" /f
|
|
There are 29 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\bc6e1d144edd3eda0d925d029b5bc54a443266f1
|
68bb9b308f05c11f2475b81b3257aa37e2f346f4
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.ApplicationCompany
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2791000
|
trusted library allocation
|
page read and write
|
|
|
|
27E2000
|
trusted library allocation
|
page read and write
|
|
|
|
2318000
|
trusted library allocation
|
page read and write
|
|
|
|
2A2A000
|
trusted library allocation
|
page read and write
|
|
|
|
28D8000
|
trusted library allocation
|
page read and write
|
|
|
|
29E1000
|
trusted library allocation
|
page read and write
|
|
|
|
3012000
|
trusted library allocation
|
page read and write
|
|
|
|
22D1000
|
trusted library allocation
|
page read and write
|
|
|
|
2A11000
|
trusted library allocation
|
page read and write
|
|
|
|
28A5000
|
trusted library allocation
|
page read and write
|
|
|
|
2C4A000
|
trusted library allocation
|
page read and write
|
||
|
2850000
|
trusted library allocation
|
page read and write
|
||
|
C6A000
|
heap
|
page read and write
|
||
|
F60000
|
trusted library allocation
|
page read and write
|
||
|
1015000
|
heap
|
page read and write
|
||
|
1B41E000
|
stack
|
page read and write
|
||
|
6E2000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
7FFB4B470000
|
trusted library allocation
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
A25000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
7FFB4B263000
|
trusted library allocation
|
page execute and read and write
|
||
|
226F000
|
stack
|
page read and write
|
||
|
7FFB4B410000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B27D000
|
trusted library allocation
|
page execute and read and write
|
||
|
FF0000
|
trusted library allocation
|
page read and write
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
855000
|
heap
|
page read and write
|
||
|
CB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B26B000
|
trusted library allocation
|
page execute and read and write
|
||
|
12A11000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B273000
|
trusted library allocation
|
page read and write
|
||
|
129E1000
|
trusted library allocation
|
page read and write
|
||
|
1B6E4000
|
stack
|
page read and write
|
||
|
2A56000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
unkown
|
page readonly
|
||
|
7FFB4B420000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B420000
|
trusted library allocation
|
page read and write
|
||
|
122D8000
|
trusted library allocation
|
page read and write
|
||
|
1BEB8000
|
heap
|
page read and write
|
||
|
7FFB4B29D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BED0000
|
heap
|
page read and write
|
||
|
7FFB4B410000
|
trusted library allocation
|
page read and write
|
||
|
1BDF3000
|
heap
|
page read and write
|
||
|
2D3E000
|
trusted library allocation
|
page read and write
|
||
|
1BF78000
|
heap
|
page read and write
|
||
|
7FFB4B310000
|
trusted library allocation
|
page execute and read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
2B58000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B390000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B3AE000
|
stack
|
page read and write
|
||
|
27EC000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
7FFB4B40C000
|
trusted library allocation
|
page read and write
|
||
|
1B8FE000
|
stack
|
page read and write
|
||
|
1BF18000
|
heap
|
page read and write
|
||
|
7FFB4B283000
|
trusted library allocation
|
page read and write
|
||
|
1BC7E000
|
heap
|
page read and write
|
||
|
A8B000
|
heap
|
page read and write
|
||
|
1BC69000
|
heap
|
page read and write
|
||
|
1C03E000
|
heap
|
page read and write
|
||
|
7FFB4B3F0000
|
trusted library allocation
|
page read and write
|
||
|
C3F000
|
heap
|
page read and write
|
||
|
B61000
|
heap
|
page read and write
|
||
|
7FFB4B28B000
|
trusted library allocation
|
page execute and read and write
|
||
|
BE5000
|
heap
|
page read and write
|
||
|
1C085000
|
heap
|
page read and write
|
||
|
7FFB4B27D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BA7F000
|
heap
|
page read and write
|
||
|
7FFB4B440000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B26D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C51E000
|
stack
|
page read and write
|
||
|
F4F000
|
stack
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
C2A000
|
heap
|
page read and write
|
||
|
2E2A000
|
trusted library allocation
|
page read and write
|
||
|
1B430000
|
heap
|
page read and write
|
||
|
1C060000
|
heap
|
page read and write
|
||
|
7FFB4B391000
|
trusted library allocation
|
page execute and read and write
|
||
|
CE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B346000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B400000
|
trusted library allocation
|
page read and write
|
||
|
2B25000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B306000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B277000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AA2000
|
trusted library allocation
|
page read and write
|
||
|
1BAB9000
|
heap
|
page read and write
|
||
|
28EC000
|
trusted library allocation
|
page read and write
|
||
|
1B83E000
|
stack
|
page read and write
|
||
|
22C0000
|
heap
|
page execute and read and write
|
||
|
7FFB4B253000
|
trusted library allocation
|
page read and write
|
||
|
1289D000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B430000
|
trusted library allocation
|
page read and write
|
||
|
1BA00000
|
heap
|
page read and write
|
||
|
7FFB4B28C000
|
trusted library allocation
|
page read and write
|
||
|
A2C000
|
heap
|
page read and write
|
||
|
A06000
|
heap
|
page read and write
|
||
|
AF6000
|
stack
|
page read and write
|
||
|
1B42F000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
B64000
|
heap
|
page read and write
|
||
|
7FFB4B40C000
|
trusted library allocation
|
page read and write
|
||
|
1B33E000
|
stack
|
page read and write
|
||
|
215F000
|
stack
|
page read and write
|
||
|
12A18000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B3FB000
|
trusted library allocation
|
page read and write
|
||
|
1BFFC000
|
heap
|
page read and write
|
||
|
1BD28000
|
heap
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
67D000
|
heap
|
page read and write
|
||
|
7FFB4B284000
|
trusted library allocation
|
page read and write
|
||
|
A45000
|
heap
|
page read and write
|
||
|
A75000
|
heap
|
page read and write
|
||
|
1BE52000
|
heap
|
page read and write
|
||
|
7FFB4B29C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B356000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B123000
|
stack
|
page read and write
|
||
|
122DD000
|
trusted library allocation
|
page read and write
|
||
|
1BCC9000
|
heap
|
page read and write
|
||
|
1BF83000
|
heap
|
page read and write
|
||
|
1AE4E000
|
stack
|
page read and write
|
||
|
12891000
|
trusted library allocation
|
page read and write
|
||
|
E3F000
|
stack
|
page read and write
|
||
|
1C065000
|
heap
|
page read and write
|
||
|
8F6000
|
stack
|
page read and write
|
||
|
C6C000
|
heap
|
page read and write
|
||
|
2D1F000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B27C000
|
trusted library allocation
|
page read and write
|
||
|
1BA73000
|
heap
|
page read and write
|
||
|
CFB000
|
heap
|
page read and write
|
||
|
7FFB4B294000
|
trusted library allocation
|
page read and write
|
||
|
29D0000
|
heap
|
page execute and read and write
|
||
|
7FFB4B250000
|
trusted library allocation
|
page read and write
|
||
|
289E000
|
stack
|
page read and write
|
||
|
1BD03000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
2A7B000
|
trusted library allocation
|
page read and write
|
||
|
1B32E000
|
stack
|
page read and write
|
||
|
B8E000
|
heap
|
page read and write
|
||
|
1C06D000
|
heap
|
page read and write
|
||
|
7FFB4B274000
|
trusted library allocation
|
page read and write
|
||
|
1B9E0000
|
heap
|
page read and write
|
||
|
1B9DE000
|
stack
|
page read and write
|
||
|
1C011000
|
heap
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
7FFB4B2F0000
|
trusted library allocation
|
page read and write
|
||
|
A29000
|
heap
|
page read and write
|
||
|
7D6000
|
stack
|
page read and write
|
||
|
7FFB4B403000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B254000
|
trusted library allocation
|
page read and write
|
||
|
DC5000
|
heap
|
page read and write
|
||
|
1B3EF000
|
stack
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
232C000
|
trusted library allocation
|
page read and write
|
||
|
1BE32000
|
heap
|
page read and write
|
||
|
7FFB4B380000
|
trusted library allocation
|
page execute and read and write
|
||
|
12A21000
|
trusted library allocation
|
page read and write
|
||
|
1BF69000
|
heap
|
page read and write
|
||
|
1B6F4000
|
stack
|
page read and write
|
||
|
7FFB4B336000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BB3000
|
trusted library allocation
|
page read and write
|
||
|
630000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B410000
|
trusted library allocation
|
page read and write
|
||
|
2A0E000
|
stack
|
page read and write
|
||
|
7FFB4B320000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD1B000
|
heap
|
page read and write
|
||
|
1BA27000
|
heap
|
page read and write
|
||
|
7FFB4B420000
|
trusted library allocation
|
page read and write
|
||
|
2FBE000
|
trusted library allocation
|
page read and write
|
||
|
2BF8000
|
trusted library allocation
|
page read and write
|
||
|
28B5000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B262000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B263000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B27D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A3E000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
heap
|
page execute and read and write
|
||
|
7FFB4B450000
|
trusted library allocation
|
page read and write
|
||
|
1BF5C000
|
heap
|
page read and write
|
||
|
1BE7C000
|
heap
|
page read and write
|
||
|
1B4D0000
|
heap
|
page execute and read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
1BE20000
|
heap
|
page read and write
|
||
|
1BE8B000
|
heap
|
page read and write
|
||
|
7FFB4B423000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B274000
|
trusted library allocation
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
6ED000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
7FFB4B410000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B460000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B423000
|
trusted library allocation
|
page read and write
|
||
|
2DA4000
|
trusted library allocation
|
page read and write
|
||
|
1A85D000
|
stack
|
page read and write
|
||
|
6AC000
|
heap
|
page read and write
|
||
|
1BE0A000
|
heap
|
page read and write
|
||
|
1BA60000
|
heap
|
page read and write
|
||
|
7FFB4B316000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B320000
|
trusted library allocation
|
page read and write
|
||
|
3033000
|
trusted library allocation
|
page read and write
|
||
|
12898000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B420000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B273000
|
trusted library allocation
|
page execute and read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
28E9000
|
trusted library allocation
|
page read and write
|
||
|
DFF000
|
stack
|
page read and write
|
||
|
7FFB4B441000
|
trusted library allocation
|
page read and write
|
||
|
1B4E0000
|
heap
|
page execute and read and write
|
||
|
1AA40000
|
trusted library allocation
|
page read and write
|
||
|
1BF2A000
|
heap
|
page read and write
|
||
|
B95000
|
heap
|
page read and write
|
||
|
1AD40000
|
heap
|
page read and write
|
||
|
1A300000
|
trusted library allocation
|
page read and write
|
||
|
E45000
|
heap
|
page read and write
|
||
|
7FFB4B370000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B32C000
|
trusted library allocation
|
page execute and read and write
|
||
|
C06000
|
heap
|
page read and write
|
||
|
1BEE3000
|
heap
|
page read and write
|
||
|
CE5000
|
heap
|
page read and write
|
||
|
7FFB4B30C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B5DF000
|
stack
|
page read and write
|
||
|
7FFB4B430000
|
trusted library allocation
|
page read and write
|
||
|
2CA8000
|
trusted library allocation
|
page read and write
|
||
|
B4C000
|
heap
|
page read and write
|
||
|
AA3000
|
heap
|
page read and write
|
||
|
2750000
|
heap
|
page execute and read and write
|
||
|
7FFB4B25D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C020000
|
heap
|
page read and write
|
||
|
5C2000
|
unkown
|
page readonly
|
||
|
67B000
|
heap
|
page read and write
|
||
|
7FFB4B244000
|
trusted library allocation
|
page read and write
|
||
|
12793000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B26D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AF20000
|
heap
|
page execute and read and write
|
||
|
297E000
|
stack
|
page read and write
|
||
|
3036000
|
trusted library allocation
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
1BDE6000
|
heap
|
page read and write
|
||
|
2393000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B260000
|
trusted library allocation
|
page read and write
|
||
|
AF7000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
1BC99000
|
heap
|
page read and write
|
||
|
7FFB4B280000
|
trusted library allocation
|
page read and write
|
||
|
10B5000
|
heap
|
page read and write
|
||
|
D35000
|
heap
|
page read and write
|
||
|
129ED000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
unkown
|
page readonly
|
||
|
2EA2000
|
trusted library allocation
|
page read and write
|
||
|
8F6000
|
stack
|
page read and write
|
||
|
1BA30000
|
heap
|
page read and write
|
||
|
CFD000
|
heap
|
page read and write
|
||
|
7FFB4B242000
|
trusted library allocation
|
page read and write
|
||
|
12798000
|
trusted library allocation
|
page read and write
|
||
|
1B3F0000
|
heap
|
page read and write
|
||
|
7FFB4B43B000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B31C000
|
trusted library allocation
|
page execute and read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
AD5000
|
heap
|
page read and write
|
||
|
1BAA8000
|
heap
|
page read and write
|
||
|
1C053000
|
heap
|
page read and write
|
||
|
FEE000
|
stack
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
EEE000
|
stack
|
page read and write
|
||
|
692000
|
unkown
|
page readonly
|
||
|
1BCBA000
|
heap
|
page read and write
|
||
|
2853000
|
trusted library allocation
|
page read and write
|
||
|
2F89000
|
trusted library allocation
|
page read and write
|
||
|
1B15F000
|
stack
|
page read and write
|
||
|
1C062000
|
heap
|
page read and write
|
||
|
1BC27000
|
heap
|
page read and write
|
||
|
1B4FE000
|
stack
|
page read and write
|
||
|
7FFB4B41A000
|
trusted library allocation
|
page read and write
|
||
|
1BAD9000
|
heap
|
page read and write
|
||
|
288E000
|
stack
|
page read and write
|
||
|
2B27000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B444000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B403000
|
trusted library allocation
|
page read and write
|
||
|
600000
|
trusted library allocation
|
page read and write
|
||
|
266F000
|
stack
|
page read and write
|
||
|
7FFB4B264000
|
trusted library allocation
|
page read and write
|
||
|
83F000
|
stack
|
page read and write
|
||
|
C0C000
|
heap
|
page read and write
|
||
|
7FFB4B24D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B413000
|
trusted library allocation
|
page read and write
|
||
|
DEE000
|
stack
|
page read and write
|
||
|
122D1000
|
trusted library allocation
|
page read and write
|
||
|
1B534000
|
stack
|
page read and write
|
||
|
7FFB4B316000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B29B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B2CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2390000
|
trusted library allocation
|
page read and write
|
||
|
1BFF7000
|
heap
|
page read and write
|
||
|
A6B000
|
heap
|
page read and write
|
||
|
6A8000
|
heap
|
page read and write
|
||
|
129E3000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B26D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B273000
|
trusted library allocation
|
page read and write
|
||
|
12A1D000
|
trusted library allocation
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
2EE5000
|
trusted library allocation
|
page read and write
|
||
|
1AF6E000
|
stack
|
page read and write
|
||
|
7FFB4B41C000
|
trusted library allocation
|
page read and write
|
||
|
A6D000
|
heap
|
page read and write
|
||
|
C90000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B326000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B3FC000
|
trusted library allocation
|
page read and write
|
||
|
2396000
|
trusted library allocation
|
page read and write
|
||
|
AB8000
|
heap
|
page read and write
|
||
|
1AFAC000
|
stack
|
page read and write
|
||
|
7FFB4B263000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B2AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
1BF42000
|
heap
|
page read and write
|
||
|
1BABD000
|
heap
|
page read and write
|
||
|
7FFB4B26D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B433000
|
trusted library allocation
|
page read and write
|
||
|
C42000
|
heap
|
page read and write
|
||
|
1C6BB000
|
stack
|
page read and write
|
||
|
AD7000
|
heap
|
page read and write
|
||
|
7FFB4B38A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BEAF000
|
heap
|
page read and write
|
||
|
12893000
|
trusted library allocation
|
page read and write
|
||
|
1BEB3000
|
heap
|
page read and write
|
||
|
1BC56000
|
heap
|
page read and write
|
||
|
7FFB4B38F000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B8DB000
|
stack
|
page read and write
|
||
|
2E75000
|
trusted library allocation
|
page read and write
|
||
|
CD5000
|
heap
|
page read and write
|
||
|
28B3000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B243000
|
trusted library allocation
|
page execute and read and write
|
||
|
C1D000
|
heap
|
page read and write
|
||
|
7FFB4B260000
|
trusted library allocation
|
page read and write
|
||
|
A0C000
|
heap
|
page read and write
|
||
|
7FFB4B253000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B73E000
|
stack
|
page read and write
|
||
|
28B7000
|
trusted library allocation
|
page read and write
|
||
|
1BD51000
|
heap
|
page read and write
|
||
|
1BAC1000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
1BFCD000
|
heap
|
page read and write
|
||
|
1279D000
|
trusted library allocation
|
page read and write
|
||
|
B1F000
|
heap
|
page read and write
|
||
|
AB6000
|
heap
|
page read and write
|
||
|
1BDAD000
|
heap
|
page read and write
|
||
|
1BD58000
|
heap
|
page read and write
|
||
|
2950000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B300000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B40A000
|
trusted library allocation
|
page read and write
|
||
|
1BCEA000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
7FFB4B41B000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B27B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2891000
|
trusted library allocation
|
page read and write
|
||
|
1B9EE000
|
stack
|
page read and write
|
||
|
7FFB4B25C000
|
trusted library allocation
|
page read and write
|
||
|
1B9FE000
|
stack
|
page read and write
|
||
|
1B230000
|
heap
|
page execute and read and write
|
||
|
7FFB4B272000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B411000
|
trusted library allocation
|
page read and write
|
||
|
E30000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
7FFB4B3E0000
|
trusted library allocation
|
page read and write
|
||
|
1BE02000
|
heap
|
page read and write
|
||
|
1BFE6000
|
heap
|
page read and write
|
||
|
B26000
|
heap
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
1B25E000
|
stack
|
page read and write
|
||
|
129E8000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B430000
|
trusted library allocation
|
page read and write
|
||
|
1B6DE000
|
stack
|
page read and write
|
||
|
2DD2000
|
trusted library allocation
|
page read and write
|
||
|
1BDDB000
|
heap
|
page read and write
|
||
|
A32000
|
heap
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
C31000
|
heap
|
page read and write
|
||
|
7FFB4B28D000
|
trusted library allocation
|
page execute and read and write
|
||
|
C6F000
|
heap
|
page read and write
|
||
|
2160000
|
heap
|
page read and write
|
||
|
7FFB4B264000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B3F0000
|
trusted library allocation
|
page read and write
|
||
|
1C09D000
|
heap
|
page read and write
|
||
|
1C41E000
|
stack
|
page read and write
|
||
|
4F6000
|
stack
|
page read and write
|
||
|
7FFB4B270000
|
trusted library allocation
|
page read and write
|
||
|
1AE1D000
|
stack
|
page read and write
|
||
|
7FFB4B416000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
2CE8000
|
trusted library allocation
|
page read and write
|
||
|
1BA03000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
2B23000
|
trusted library allocation
|
page read and write
|
||
|
1BC93000
|
heap
|
page read and write
|
||
|
7FFB4B387000
|
trusted library allocation
|
page execute and read and write
|
||
|
A7E000
|
heap
|
page read and write
|
||
|
122D3000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B290000
|
trusted library allocation
|
page read and write
|
||
|
2AA5000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B346000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B43F000
|
stack
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
7FFB4B240000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B413000
|
trusted library allocation
|
page read and write
|
||
|
1B7E3000
|
stack
|
page read and write
|
||
|
7FFB4B3EC000
|
trusted library allocation
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
1B310000
|
heap
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
682000
|
heap
|
page read and write
|
||
|
7FF4F1B00000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B284000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B3F4000
|
trusted library allocation
|
page read and write
|
||
|
1BEB5000
|
heap
|
page read and write
|
||
|
12791000
|
trusted library allocation
|
page read and write
|
||
|
2953000
|
trusted library allocation
|
page read and write
|
||
|
278E000
|
stack
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
A78000
|
heap
|
page read and write
|
||
|
1BE18000
|
heap
|
page read and write
|
||
|
1B7F3000
|
stack
|
page read and write
|
||
|
C4F000
|
stack
|
page read and write
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
1A8C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B330000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AC9F000
|
stack
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
7FFB4B27C000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B26C000
|
trusted library allocation
|
page read and write
|
||
|
1B5FF000
|
stack
|
page read and write
|
||
|
1B224000
|
stack
|
page read and write
|
||
|
7FFB4B326000
|
trusted library allocation
|
page execute and read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
A59000
|
heap
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
1B5EF000
|
stack
|
page read and write
|
||
|
7FFB4B380000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B8EE000
|
stack
|
page read and write
|
||
|
2780000
|
heap
|
page read and write
|
||
|
7FFB4B270000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2F6000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B310000
|
trusted library allocation
|
page read and write
|
||
|
1BA64000
|
heap
|
page read and write
|
||
|
2D41000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B300000
|
trusted library allocation
|
page execute and read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
2A65000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B28D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7D3000
|
stack
|
page read and write
|
||
|
6FA000
|
heap
|
page read and write
|
||
|
CEF000
|
stack
|
page read and write
|
||
|
7FFB4B40E000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B400000
|
trusted library allocation
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
7FFB4B27D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BEFE000
|
heap
|
page read and write
|
||
|
1A7C0000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
7FFB4B440000
|
trusted library allocation
|
page read and write
|
||
|
1B02F000
|
stack
|
page read and write
|
||
|
1B633000
|
stack
|
page read and write
|
||
|
1AD1D000
|
stack
|
page read and write
|
||
|
1BC79000
|
heap
|
page read and write
|
||
|
7FFB4B25D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2900000
|
heap
|
page execute and read and write
|
||
|
1AA10000
|
trusted library allocation
|
page read and write
|
||
|
A42000
|
heap
|
page read and write
|
||
|
7FFB4B400000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B252000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B40B000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
heap
|
page execute and read and write
|
||
|
2F48000
|
trusted library allocation
|
page read and write
|
||
|
1BC20000
|
heap
|
page read and write
|
||
|
1BA48000
|
heap
|
page read and write
|
||
|
72A000
|
heap
|
page read and write
|
||
|
7FFB4B360000
|
trusted library allocation
|
page execute and read and write
|
There are 479 hidden memdumps, click here to show them.