Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
RmjVbD9QNK.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files (x86)\MSECache\OfficeKMS\win7\QWQpSrRPpykBmPKCQiELiILCQi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows Defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\Windows Photo Viewer\QWQpSrRPpykBmPKCQiELiILCQi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\AppData\Local\Microsoft\Windows\History\QWQpSrRPpykBmPKCQiELiILCQi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\smss.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\smss.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\Public\Videos\explorer.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Videos\explorer.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RmjVbD9QNK.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\Downloads\QWQpSrRPpykBmPKCQiELiILCQi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\QWQpSrRPpykBmPKCQiELiILCQi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Assets\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\74b655f41a3036
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\MSECache\OfficeKMS\win7\74b655f41a3036
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\MSECache\OfficeKMS\win7\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows Defender\en-GB\74b655f41a3036
|
ASCII text, with very long lines (811), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows Defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\7-Zip\Lang\55b276f4edf653
|
ASCII text, with very long lines (342), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Photo Viewer\74b655f41a3036
|
ASCII text, with very long lines (690), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Photo Viewer\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\WindowsPowerShell\Configuration\Schema\24dbde2999530e
|
ASCII text, with very long lines (854), with no line terminators
|
dropped
|
||
|
C:\Recovery\74b655f41a3036
|
ASCII text, with very long lines (483), with no line terminators
|
dropped
|
||
|
C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Default\69ddcba757bf72
|
ASCII text, with very long lines (696), with no line terminators
|
dropped
|
||
|
C:\Users\Default\AppData\Local\Microsoft\Windows\History\74b655f41a3036
|
ASCII text, with very long lines (403), with no line terminators
|
dropped
|
||
|
C:\Users\Default\AppData\Local\Microsoft\Windows\History\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Default\Saved Games\74b655f41a3036
|
ASCII text, with very long lines (716), with no line terminators
|
dropped
|
||
|
C:\Users\Default\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Videos\7a0fd90576e088
|
ASCII text, with very long lines (442), with no line terminators
|
dropped
|
||
|
C:\Users\user\74b655f41a3036
|
ASCII text, with very long lines (952), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\QWQpSrRPpykBmPKCQiELiILCQi.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WmiPrvSE.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\smss.exe.log
|
Unknown
|
dropped
|
||
|
C:\Users\user\Downloads\74b655f41a3036
|
ASCII text, with very long lines (994), with no line terminators
|
dropped
|
||
|
C:\Users\user\Downloads\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\AppReadiness\74b655f41a3036
|
ASCII text, with very long lines (321), with no line terminators
|
dropped
|
||
|
C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Cursors\74b655f41a3036
|
ASCII text, with very long lines (811), with no line terminators
|
dropped
|
||
|
C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Media\74b655f41a3036
|
ASCII text, with very long lines (624), with no line terminators
|
dropped
|
||
|
C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Assets\9e8d7a4ca61bd9
|
ASCII text, with very long lines (463), with no line terminators
|
dropped
|
||
|
C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Assets\RuntimeBroker.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 46 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\RmjVbD9QNK.exe
|
"C:\Users\user\Desktop\RmjVbD9QNK.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 11 /tr "'C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 13 /tr "'C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 12 /tr "'C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe
|
C:\Windows\Cursors\QWQpSrRPpykBmPKCQiELiILCQi.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 5 /tr "'C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe
|
C:\Windows\Media\QWQpSrRPpykBmPKCQiELiILCQi.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 6 /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 9 /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 13 /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 11 /tr "'C:\Recovery\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\windows defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Program Files (x86)\windows defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\windows defender\en-GB\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "smsss" /sc MINUTE /mo 5 /tr "'C:\Users\Default\smss.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\Users\Default\smss.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "smsss" /sc MINUTE /mo 14 /tr "'C:\Users\Default\smss.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 14 /tr "'C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 12 /tr "'C:\Windows\AppReadiness\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 9 /tr "'C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 7 /tr "'C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 10 /tr "'C:\Users\Default User\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Users\Default User\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 5 /tr "'C:\Users\Default User\Saved Games\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Users\Default\smss.exe
|
C:\Users\Default\smss.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 7 /tr "'C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "StartMenuExperienceHost" /sc ONLOGON /tr "'C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Users\Default\smss.exe
|
C:\Users\Default\smss.exe
|
|
|
|
C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe
|
"C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "StartMenuExperienceHostS" /sc MINUTE /mo 14 /tr "'C:\Program Files\7-Zip\Lang\StartMenuExperienceHost.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe
|
"C:\Program Files\WindowsPowerShell\Configuration\Schema\WmiPrvSE.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQiQ" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\msecache\OfficeKMS\win7\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "QWQpSrRPpykBmPKCQiELiILCQi" /sc ONLOGON /tr "'C:\Program Files (x86)\msecache\OfficeKMS\win7\QWQpSrRPpykBmPKCQiELiILCQi.exe'"
/rl HIGHEST /f
|
|
There are 29 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ch67763.tw1.ru/@==gbJBzYuFDT
|
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\2f2c3ade1e858d8d8f55d2ed4fa00c00c45a111b
|
e5a2df0a9cd28690a8f7b1102bccbdb59801c342
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2B67000
|
trusted library allocation
|
page read and write
|
|
|
|
2AC1000
|
trusted library allocation
|
page read and write
|
|
|
|
2CD1000
|
trusted library allocation
|
page read and write
|
|
|
|
2D1A000
|
trusted library allocation
|
page read and write
|
|
|
|
2971000
|
trusted library allocation
|
page read and write
|
|
|
|
2B12000
|
trusted library allocation
|
page read and write
|
|
|
|
24F2000
|
trusted library allocation
|
page read and write
|
|
|
|
2E64000
|
trusted library allocation
|
page read and write
|
|
|
|
24A1000
|
trusted library allocation
|
page read and write
|
|
|
|
2901000
|
trusted library allocation
|
page read and write
|
|
|
|
2FAA000
|
trusted library allocation
|
page read and write
|
|
|
|
2B21000
|
trusted library allocation
|
page read and write
|
|
|
|
2F61000
|
trusted library allocation
|
page read and write
|
|
|
|
7FF848BAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C56000
|
trusted library allocation
|
page read and write
|
||
|
2FE7000
|
trusted library allocation
|
page read and write
|
||
|
27BF000
|
stack
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
7FF848D4C000
|
trusted library allocation
|
page read and write
|
||
|
1BD9E000
|
stack
|
page read and write
|
||
|
7FF848D53000
|
trusted library allocation
|
page read and write
|
||
|
1B96A000
|
heap
|
page read and write
|
||
|
7FF848D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D2E000
|
trusted library allocation
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
7FF848BA7000
|
trusted library allocation
|
page read and write
|
||
|
1297D000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D33000
|
trusted library allocation
|
page read and write
|
||
|
12B2D000
|
trusted library allocation
|
page read and write
|
||
|
1B310000
|
heap
|
page read and write
|
||
|
2FD1000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D60000
|
trusted library allocation
|
page read and write
|
||
|
6C2000
|
heap
|
page read and write
|
||
|
7FF848C50000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
7FF848D6C000
|
trusted library allocation
|
page read and write
|
||
|
6A3000
|
heap
|
page read and write
|
||
|
AB3000
|
heap
|
page read and write
|
||
|
1102000
|
heap
|
page read and write
|
||
|
7FF848CC1000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848C86000
|
trusted library allocation
|
page execute and read and write
|
||
|
698000
|
heap
|
page read and write
|
||
|
7FF848B92000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D46000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D3C000
|
trusted library allocation
|
page read and write
|
||
|
2660000
|
heap
|
page execute and read and write
|
||
|
1B94B000
|
heap
|
page read and write
|
||
|
CF1000
|
heap
|
page read and write
|
||
|
7FF848BDB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AAE000
|
stack
|
page read and write
|
||
|
9D6000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
7FF848BC7000
|
trusted library allocation
|
page read and write
|
||
|
9FB000
|
heap
|
page read and write
|
||
|
7FF848BAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
12CDD000
|
trusted library allocation
|
page read and write
|
||
|
1D0000
|
trusted library allocation
|
page read and write
|
||
|
1BA32000
|
heap
|
page read and write
|
||
|
7FF848D57000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F6000
|
heap
|
page read and write
|
||
|
1B5CB000
|
stack
|
page read and write
|
||
|
115E000
|
heap
|
page read and write
|
||
|
7FF848BBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AF90000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BA2000
|
trusted library allocation
|
page read and write
|
||
|
1B7D0000
|
heap
|
page read and write
|
||
|
1C8FF000
|
stack
|
page read and write
|
||
|
1BA25000
|
heap
|
page read and write
|
||
|
1A91D000
|
stack
|
page read and write
|
||
|
1B82E000
|
heap
|
page read and write
|
||
|
12B28000
|
trusted library allocation
|
page read and write
|
||
|
1B83E000
|
stack
|
page read and write
|
||
|
2D9B000
|
trusted library allocation
|
page read and write
|
||
|
DF5000
|
heap
|
page read and write
|
||
|
A12000
|
heap
|
page read and write
|
||
|
2E1D000
|
trusted library allocation
|
page read and write
|
||
|
F88000
|
heap
|
page read and write
|
||
|
7FF848D50000
|
trusted library allocation
|
page read and write
|
||
|
1B7C5000
|
stack
|
page read and write
|
||
|
CF6000
|
heap
|
page read and write
|
||
|
D66000
|
stack
|
page read and write
|
||
|
1B91B000
|
stack
|
page read and write
|
||
|
7FF848BD3000
|
trusted library allocation
|
page read and write
|
||
|
2860000
|
heap
|
page execute and read and write
|
||
|
1BDB3000
|
stack
|
page read and write
|
||
|
15B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C1C000
|
trusted library allocation
|
page execute and read and write
|
||
|
12EF000
|
stack
|
page read and write
|
||
|
7FF848CB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1125000
|
heap
|
page read and write
|
||
|
A02000
|
heap
|
page read and write
|
||
|
2B86000
|
trusted library allocation
|
page read and write
|
||
|
2A45000
|
trusted library allocation
|
page read and write
|
||
|
12973000
|
trusted library allocation
|
page read and write
|
||
|
1B890000
|
heap
|
page read and write
|
||
|
1B812000
|
heap
|
page read and write
|
||
|
12911000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D4C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BB0000
|
trusted library allocation
|
page read and write
|
||
|
12908000
|
trusted library allocation
|
page read and write
|
||
|
1AE8D000
|
stack
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
7FF848C60000
|
trusted library allocation
|
page read and write
|
||
|
10F6000
|
heap
|
page read and write
|
||
|
115A000
|
heap
|
page read and write
|
||
|
2FC9000
|
trusted library allocation
|
page read and write
|
||
|
2ABE000
|
stack
|
page read and write
|
||
|
7FF848D81000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D3A000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D70000
|
trusted library allocation
|
page read and write
|
||
|
2FCB000
|
trusted library allocation
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
7FF848BE4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D80000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A4D0000
|
trusted library allocation
|
page read and write
|
||
|
29D4000
|
trusted library allocation
|
page read and write
|
||
|
F1F000
|
heap
|
page read and write
|
||
|
2BEC000
|
trusted library allocation
|
page read and write
|
||
|
1105000
|
heap
|
page read and write
|
||
|
7FF848CD1000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848D5B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CCF000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C63E000
|
stack
|
page read and write
|
||
|
1B8DA000
|
heap
|
page read and write
|
||
|
10BC000
|
heap
|
page read and write
|
||
|
CAA000
|
heap
|
page read and write
|
||
|
7FF848D3C000
|
trusted library allocation
|
page read and write
|
||
|
2BE6000
|
trusted library allocation
|
page read and write
|
||
|
1AB50000
|
trusted library allocation
|
page read and write
|
||
|
1B86C000
|
heap
|
page read and write
|
||
|
1B81E000
|
stack
|
page read and write
|
||
|
7FF848BB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D80000
|
trusted library allocation
|
page read and write
|
||
|
2572000
|
trusted library allocation
|
page read and write
|
||
|
8F6000
|
stack
|
page read and write
|
||
|
7FF848D7B000
|
trusted library allocation
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
6ED000
|
heap
|
page read and write
|
||
|
8FF000
|
stack
|
page read and write
|
||
|
12992000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
trusted library allocation
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
1B83F000
|
heap
|
page read and write
|
||
|
2FCD000
|
trusted library allocation
|
page read and write
|
||
|
308C000
|
trusted library allocation
|
page read and write
|
||
|
F08000
|
heap
|
page read and write
|
||
|
2FE3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C56000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C86000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848C4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C6FE000
|
stack
|
page read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
2FE1000
|
trusted library allocation
|
page read and write
|
||
|
C13000
|
heap
|
page read and write
|
||
|
CFF000
|
heap
|
page read and write
|
||
|
6BE000
|
heap
|
page read and write
|
||
|
F15000
|
heap
|
page read and write
|
||
|
7FF848D6B000
|
trusted library allocation
|
page read and write
|
||
|
2D90000
|
heap
|
page execute and read and write
|
||
|
7FF848D4C000
|
trusted library allocation
|
page read and write
|
||
|
1BEC0000
|
heap
|
page read and write
|
||
|
1B944000
|
heap
|
page read and write
|
||
|
613000
|
heap
|
page read and write
|
||
|
1132000
|
heap
|
page read and write
|
||
|
7FF848BC4000
|
trusted library allocation
|
page read and write
|
||
|
DB5000
|
heap
|
page read and write
|
||
|
12B21000
|
trusted library allocation
|
page read and write
|
||
|
1BC9B000
|
stack
|
page read and write
|
||
|
BD0000
|
trusted library allocation
|
page read and write
|
||
|
1AE02000
|
heap
|
page read and write
|
||
|
1BB94000
|
stack
|
page read and write
|
||
|
1B91E000
|
stack
|
page read and write
|
||
|
1B932000
|
heap
|
page read and write
|
||
|
124AD000
|
trusted library allocation
|
page read and write
|
||
|
124A8000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848C60000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A42000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D63000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
1040000
|
trusted library allocation
|
page read and write
|
||
|
B02000
|
heap
|
page read and write
|
||
|
7FF848D56000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BEC000
|
trusted library allocation
|
page execute and read and write
|
||
|
3110000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C76000
|
trusted library allocation
|
page execute and read and write
|
||
|
C3D000
|
heap
|
page read and write
|
||
|
1BABF000
|
stack
|
page read and write
|
||
|
EFF000
|
stack
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
C4A000
|
heap
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
1BA9F000
|
stack
|
page read and write
|
||
|
12F5000
|
heap
|
page read and write
|
||
|
7FF848BAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848C5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
9C0000
|
trusted library allocation
|
page read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
1B61F000
|
stack
|
page read and write
|
||
|
2FE5000
|
trusted library allocation
|
page read and write
|
||
|
D0F000
|
stack
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
2CC0000
|
heap
|
page execute and read and write
|
||
|
7FF848D63000
|
trusted library allocation
|
page read and write
|
||
|
12901000
|
trusted library allocation
|
page read and write
|
||
|
1B3CF000
|
stack
|
page read and write
|
||
|
7FF848CA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848D56000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
1BC1E000
|
stack
|
page read and write
|
||
|
1BE93000
|
stack
|
page read and write
|
||
|
E3E000
|
stack
|
page read and write
|
||
|
7FF848BCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
E70000
|
trusted library allocation
|
page read and write
|
||
|
1C402000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
1B71E000
|
stack
|
page read and write
|
||
|
7FF848CCA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B730000
|
heap
|
page read and write
|
||
|
7FF848C40000
|
trusted library allocation
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
12ACD000
|
trusted library allocation
|
page read and write
|
||
|
137F000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page execute and read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
7FF848BD7000
|
trusted library allocation
|
page read and write
|
||
|
1C2F4000
|
stack
|
page read and write
|
||
|
1AD00000
|
trusted library allocation
|
page read and write
|
||
|
2A3C000
|
trusted library allocation
|
page read and write
|
||
|
1B8A5000
|
heap
|
page read and write
|
||
|
7FF848B96000
|
trusted library allocation
|
page read and write
|
||
|
2B80000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE9000
|
trusted library allocation
|
page read and write
|
||
|
CF6000
|
stack
|
page read and write
|
||
|
12AC1000
|
trusted library allocation
|
page read and write
|
||
|
1CBFE000
|
stack
|
page read and write
|
||
|
4B0000
|
unkown
|
page readonly
|
||
|
1095000
|
heap
|
page read and write
|
||
|
CAE000
|
heap
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
7FF848D80000
|
trusted library allocation
|
page read and write
|
||
|
3028000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
124A1000
|
trusted library allocation
|
page read and write
|
||
|
1BA13000
|
stack
|
page read and write
|
||
|
7FF848D43000
|
trusted library allocation
|
page read and write
|
||
|
2D13000
|
trusted library allocation
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
1B900000
|
heap
|
page read and write
|
||
|
7FF848CBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
115C000
|
heap
|
page read and write
|
||
|
7FF848C50000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C46000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D80000
|
trusted library allocation
|
page read and write
|
||
|
12F6D000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848BBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
12971000
|
trusted library allocation
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
7FF848C50000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848BBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848B9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848D5B000
|
trusted library allocation
|
page read and write
|
||
|
1B3DD000
|
stack
|
page read and write
|
||
|
7FF848D50000
|
trusted library allocation
|
page read and write
|
||
|
15D5000
|
heap
|
page read and write
|
||
|
1A9A0000
|
trusted library allocation
|
page read and write
|
||
|
1B7FA000
|
heap
|
page read and write
|
||
|
7FF848CBF000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B972000
|
heap
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
1B80E000
|
heap
|
page read and write
|
||
|
11AD000
|
heap
|
page read and write
|
||
|
1B0AE000
|
stack
|
page read and write
|
||
|
2560000
|
trusted library allocation
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
302E000
|
trusted library allocation
|
page read and write
|
||
|
1BEDB000
|
stack
|
page read and write
|
||
|
C34000
|
heap
|
page read and write
|
||
|
6B2000
|
heap
|
page read and write
|
||
|
12F68000
|
trusted library allocation
|
page read and write
|
||
|
1B6C3000
|
stack
|
page read and write
|
||
|
A41000
|
heap
|
page read and write
|
||
|
6AC000
|
heap
|
page read and write
|
||
|
7FF848BA0000
|
trusted library allocation
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
7FF848BE0000
|
trusted library allocation
|
page read and write
|
||
|
1AC90000
|
trusted library allocation
|
page read and write
|
||
|
1B809000
|
heap
|
page read and write
|
||
|
7FF848BB0000
|
trusted library allocation
|
page read and write
|
||
|
1C7FE000
|
stack
|
page read and write
|
||
|
7FF848D70000
|
trusted library allocation
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
3134000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BFC000
|
trusted library allocation
|
page execute and read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
2FD7000
|
trusted library allocation
|
page read and write
|
||
|
1B510000
|
heap
|
page read and write
|
||
|
FE5000
|
heap
|
page read and write
|
||
|
12F61000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B957000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
28FE000
|
stack
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
7FF848BA3000
|
trusted library allocation
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CCF000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848C66000
|
trusted library allocation
|
page read and write
|
||
|
10EF000
|
heap
|
page read and write
|
||
|
7FF848D63000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BB4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BBC000
|
trusted library allocation
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
7FF848BA7000
|
trusted library allocation
|
page read and write
|
||
|
1BA1E000
|
stack
|
page read and write
|
||
|
AEE000
|
heap
|
page read and write
|
||
|
7FF848BCC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D53000
|
trusted library allocation
|
page read and write
|
||
|
A49000
|
heap
|
page read and write
|
||
|
1BEBE000
|
stack
|
page read and write
|
||
|
7FF848B90000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FE9000
|
trusted library allocation
|
page read and write
|
||
|
A46000
|
heap
|
page read and write
|
||
|
1B8B9000
|
heap
|
page read and write
|
||
|
7FF848BEB000
|
trusted library allocation
|
page execute and read and write
|
||
|
D56000
|
stack
|
page read and write
|
||
|
1B61E000
|
stack
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
24FC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BBB000
|
trusted library allocation
|
page execute and read and write
|
||
|
D35000
|
heap
|
page read and write
|
||
|
7FF848BAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848C56000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
AF8000
|
heap
|
page read and write
|
||
|
C26000
|
heap
|
page read and write
|
||
|
A14000
|
heap
|
page read and write
|
||
|
CA7000
|
heap
|
page read and write
|
||
|
12978000
|
trusted library allocation
|
page read and write
|
||
|
1B8F7000
|
heap
|
page read and write
|
||
|
7FF848B90000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BDC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BEC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BDDE000
|
stack
|
page read and write
|
||
|
1B8B0000
|
heap
|
page execute and read and write
|
||
|
7FF848D60000
|
trusted library allocation
|
page read and write
|
||
|
3153000
|
trusted library allocation
|
page read and write
|
||
|
1B87C000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
1CCFE000
|
stack
|
page read and write
|
||
|
7FF848D4E000
|
trusted library allocation
|
page read and write
|
||
|
111A000
|
heap
|
page read and write
|
||
|
7FF848D5C000
|
trusted library allocation
|
page read and write
|
||
|
CC4000
|
heap
|
page read and write
|
||
|
7FF848BB4000
|
trusted library allocation
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
7FF848BCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F63000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DA0000
|
trusted library allocation
|
page read and write
|
||
|
10DE000
|
stack
|
page read and write
|
||
|
E90000
|
trusted library allocation
|
page read and write
|
||
|
1161000
|
heap
|
page read and write
|
||
|
1B90D000
|
heap
|
page read and write
|
||
|
1B903000
|
heap
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
7FF848D30000
|
trusted library allocation
|
page read and write
|
||
|
12CD8000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D4E000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C76000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848BC0000
|
trusted library allocation
|
page read and write
|
||
|
AF6000
|
stack
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
26F0000
|
heap
|
page execute and read and write
|
||
|
2B10000
|
heap
|
page execute and read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
1AF40000
|
heap
|
page read and write
|
||
|
7FF848BFC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F50000
|
heap
|
page execute and read and write
|
||
|
2FD5000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BC4000
|
trusted library allocation
|
page read and write
|
||
|
1B7EC000
|
heap
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
2C6E000
|
stack
|
page read and write
|
||
|
7FF848CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848C40000
|
trusted library allocation
|
page read and write
|
||
|
30DC000
|
trusted library allocation
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
1C9F4000
|
stack
|
page read and write
|
||
|
120F000
|
stack
|
page read and write
|
||
|
1290D000
|
trusted library allocation
|
page read and write
|
||
|
2B8F000
|
trusted library allocation
|
page read and write
|
||
|
1A930000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BBC000
|
trusted library allocation
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
7FF848BD0000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
1B92B000
|
heap
|
page read and write
|
||
|
1189000
|
heap
|
page read and write
|
||
|
7FF848BA3000
|
trusted library allocation
|
page read and write
|
||
|
C22000
|
heap
|
page read and write
|
||
|
7FF848BCB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DCE000
|
trusted library allocation
|
page read and write
|
||
|
62C000
|
heap
|
page read and write
|
||
|
7FF848CB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
674000
|
heap
|
page read and write
|
||
|
7FF848BA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848BB3000
|
trusted library allocation
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
7FF848BAC000
|
trusted library allocation
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
7FF848BDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AEFD000
|
stack
|
page read and write
|
||
|
7FF848C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848BFC000
|
trusted library allocation
|
page execute and read and write
|
||
|
EE8000
|
heap
|
page read and write
|
||
|
A46000
|
heap
|
page read and write
|
||
|
7FF4A9DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B9A8000
|
heap
|
page read and write
|
||
|
C9E000
|
stack
|
page read and write
|
||
|
12CD1000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FCF000
|
trusted library allocation
|
page read and write
|
||
|
1BCBE000
|
stack
|
page read and write
|
||
|
1C802000
|
heap
|
page read and write
|
||
|
1B850000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page execute and read and write
|
||
|
2B80000
|
trusted library allocation
|
page read and write
|
||
|
2FDD000
|
trusted library allocation
|
page read and write
|
||
|
2A39000
|
trusted library allocation
|
page read and write
|
||
|
12B23000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D83000
|
trusted library allocation
|
page read and write
|
||
|
2BF2000
|
trusted library allocation
|
page read and write
|
||
|
249E000
|
stack
|
page read and write
|
||
|
7FF848CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CAF3000
|
stack
|
page read and write
|
||
|
2FBD000
|
trusted library allocation
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
7FF848D81000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C70000
|
trusted library allocation
|
page execute and read and write
|
||
|
9A0000
|
trusted library allocation
|
page read and write
|
||
|
F1B000
|
heap
|
page read and write
|
||
|
C44000
|
heap
|
page read and write
|
||
|
7FF848D50000
|
trusted library allocation
|
page read and write
|
||
|
1B9BE000
|
stack
|
page read and write
|
||
|
1B905000
|
heap
|
page read and write
|
||
|
C3F000
|
heap
|
page read and write
|
||
|
2B92000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D30000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D70000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D4A000
|
trusted library allocation
|
page read and write
|
||
|
582000
|
unkown
|
page readonly
|
||
|
1B999000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
2575000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D40000
|
trusted library allocation
|
page read and write
|
||
|
1AAF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CD1000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848BB3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BB4000
|
trusted library allocation
|
page read and write
|
||
|
AAC000
|
heap
|
page read and write
|
||
|
63C000
|
heap
|
page read and write
|
||
|
2B95000
|
trusted library allocation
|
page read and write
|
||
|
1AC84000
|
heap
|
page read and write
|
||
|
1B820000
|
heap
|
page read and write
|
||
|
1B99E000
|
stack
|
page read and write
|
||
|
7FF848BBB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848BC4000
|
trusted library allocation
|
page read and write
|
||
|
1B51E000
|
stack
|
page read and write
|
||
|
1B9CA000
|
heap
|
page read and write
|
||
|
7FF848C46000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
2FDF000
|
trusted library allocation
|
page read and write
|
||
|
1B713000
|
stack
|
page read and write
|
||
|
4B2000
|
unkown
|
page readonly
|
||
|
4B0000
|
unkown
|
page readonly
|
||
|
2D54000
|
trusted library allocation
|
page read and write
|
||
|
D0F000
|
stack
|
page read and write
|
||
|
1B857000
|
heap
|
page read and write
|
||
|
111B000
|
heap
|
page read and write
|
||
|
1AF80000
|
trusted library allocation
|
page read and write
|
||
|
1B81E000
|
stack
|
page read and write
|
||
|
1C502000
|
heap
|
page execute and read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
7FF848CCA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A30000
|
trusted library allocation
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
7FF848D40000
|
trusted library allocation
|
page read and write
|
||
|
1B470000
|
heap
|
page execute and read and write
|
||
|
1B814000
|
stack
|
page read and write
|
||
|
1AF60000
|
heap
|
page execute and read and write
|
||
|
C2D000
|
heap
|
page read and write
|
||
|
1BB1F000
|
stack
|
page read and write
|
||
|
7FF848C6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848D51000
|
trusted library allocation
|
page read and write
|
||
|
F0D000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
12972000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BB7000
|
trusted library allocation
|
page read and write
|
||
|
2569000
|
trusted library allocation
|
page read and write
|
||
|
1B836000
|
heap
|
page read and write
|
||
|
7FF848D3E000
|
trusted library allocation
|
page read and write
|
||
|
2BF0000
|
trusted library allocation
|
page read and write
|
||
|
702000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
1C433000
|
stack
|
page read and write
|
||
|
7FF848BC0000
|
trusted library allocation
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
1B8D0000
|
heap
|
page read and write
|
||
|
2B8C000
|
trusted library allocation
|
page read and write
|
||
|
3193000
|
trusted library allocation
|
page read and write
|
||
|
1B4CF000
|
stack
|
page read and write
|
||
|
F48000
|
heap
|
page read and write
|
||
|
2FD3000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
256C000
|
trusted library allocation
|
page read and write
|
||
|
E25000
|
heap
|
page read and write
|
||
|
1B85F000
|
heap
|
page read and write
|
||
|
7FF848BB7000
|
trusted library allocation
|
page read and write
|
||
|
1B91F000
|
heap
|
page read and write
|
||
|
7FF848C0C000
|
trusted library allocation
|
page execute and read and write
|
||
|
AF6000
|
heap
|
page read and write
|
||
|
1B97C000
|
heap
|
page read and write
|
||
|
1CE02000
|
heap
|
page read and write
|
||
|
12CD3000
|
trusted library allocation
|
page read and write
|
||
|
1C0FE000
|
stack
|
page read and write
|
||
|
124A3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BB7000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BBC000
|
trusted library allocation
|
page read and write
|
||
|
1B9D6000
|
heap
|
page read and write
|
||
|
1B895000
|
heap
|
page read and write
|
||
|
7FF848D51000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D60000
|
trusted library allocation
|
page read and write
|
||
|
FFF000
|
stack
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
786000
|
stack
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
1B25C000
|
stack
|
page read and write
|
||
|
2FC7000
|
trusted library allocation
|
page read and write
|
||
|
1B8B2000
|
heap
|
page read and write
|
||
|
1B8F1000
|
heap
|
page read and write
|
||
|
7FF848B93000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B83000
|
trusted library allocation
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
2FD9000
|
trusted library allocation
|
page read and write
|
||
|
29CA000
|
trusted library allocation
|
page read and write
|
||
|
1002000
|
heap
|
page read and write
|
||
|
7FF848BC4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D70000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BAC000
|
trusted library allocation
|
page read and write
|
||
|
1B2CE000
|
stack
|
page read and write
|
||
|
7FF848BDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BCDE000
|
stack
|
page read and write
|
||
|
7FF848C70000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D90000
|
trusted library allocation
|
page read and write
|
||
|
F05000
|
heap
|
page read and write
|
||
|
7FF848BC2000
|
trusted library allocation
|
page read and write
|
||
|
2FDB000
|
trusted library allocation
|
page read and write
|
||
|
12AC3000
|
trusted library allocation
|
page read and write
|
||
|
2A33000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B8E6000
|
heap
|
page read and write
|
||
|
C8D000
|
heap
|
page read and write
|
||
|
2A36000
|
trusted library allocation
|
page read and write
|
||
|
1C53E000
|
stack
|
page read and write
|
||
|
7FF848D60000
|
trusted library allocation
|
page read and write
|
||
|
11CA000
|
heap
|
page read and write
|
||
|
111C000
|
heap
|
page read and write
|
||
|
7FF848C96000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848BA4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BED000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B966000
|
heap
|
page read and write
|
||
|
1B9F8000
|
heap
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
1AC70000
|
heap
|
page execute and read and write
|
||
|
296F000
|
stack
|
page read and write
|
||
|
2563000
|
trusted library allocation
|
page read and write
|
||
|
29B0000
|
heap
|
page execute and read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
7FF848B94000
|
trusted library allocation
|
page read and write
|
||
|
D02000
|
heap
|
page read and write
|
||
|
1B80B000
|
heap
|
page read and write
|
||
|
7FF848D78000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D50000
|
trusted library allocation
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
7FF848C76000
|
trusted library allocation
|
page read and write
|
||
|
1BFDF000
|
stack
|
page read and write
|
||
|
7FF848C86000
|
trusted library allocation
|
page execute and read and write
|
||
|
A71000
|
heap
|
page read and write
|
||
|
7FF848BB2000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B915000
|
heap
|
page read and write
|
||
|
7FF848BC3000
|
trusted library allocation
|
page read and write
|
||
|
2B1C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B94000
|
trusted library allocation
|
page read and write
|
||
|
10FC000
|
heap
|
page read and write
|
||
|
7FF848BCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
1136000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
7FF848D90000
|
trusted library allocation
|
page read and write
|
||
|
12AC8000
|
trusted library allocation
|
page read and write
|
||
|
13FE000
|
stack
|
page read and write
|
||
|
1AD9E000
|
stack
|
page read and write
|
||
|
7FF848D73000
|
trusted library allocation
|
page read and write
|
||
|
1AF02000
|
heap
|
page execute and read and write
|
||
|
256F000
|
trusted library allocation
|
page read and write
|
||
|
4F6000
|
stack
|
page read and write
|
||
|
7FF848BD4000
|
trusted library allocation
|
page read and write
|
||
|
2BEF000
|
trusted library allocation
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
2FF8000
|
trusted library allocation
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
2566000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
1B41E000
|
stack
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
1B35F000
|
stack
|
page read and write
|
||
|
1B9E3000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
1B88F000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
2B7A000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D90000
|
trusted library allocation
|
page read and write
|
||
|
2B89000
|
trusted library allocation
|
page read and write
|
||
|
C46000
|
heap
|
page read and write
|
||
|
1AF3D000
|
stack
|
page read and write
|
||
|
7FF848B93000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BBB4000
|
stack
|
page read and write
|
||
|
7FF848D70000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BB3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D60000
|
trusted library allocation
|
page read and write
|
||
|
1C1FE000
|
stack
|
page read and write
|
||
|
2D94000
|
trusted library allocation
|
page read and write
|
||
|
621000
|
heap
|
page read and write
|
||
|
7FF848BA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
C77000
|
heap
|
page read and write
|
||
|
10B6000
|
heap
|
page read and write
|
There are 643 hidden memdumps, click here to show them.