Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
NewLoaderCracks_1.32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\MSECache\OfficeKMS\win8\SwpTnCnrsAAKjgTAQ.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Reference Assemblies\SwpTnCnrsAAKjgTAQ.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows Mail\SurrogateRef.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\WindowsPowerShell\SwpTnCnrsAAKjgTAQ.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\jDownloader\config\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\jDownloader\config\SwpTnCnrsAAKjgTAQ.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows NT\Idle.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\WindowsPowerShell\SwpTnCnrsAAKjgTAQ.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\SwpTnCnrsAAKjgTAQ.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\WmiPrvSE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\csrss.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\SwpTnCnrsAAKjgTAQ.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\AccountPictures\SwpTnCnrsAAKjgTAQ.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\CbsTemp\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\comcontainer\Kr8tZ.vbe
|
data
|
dropped
|
|
|
|
C:\comcontainer\SurrogateRef.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\comcontainer\SwpTnCnrsAAKjgTAQ.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\comcontainer\cmd.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\MSECache\OfficeKMS\win8\b85529a8a0a78e
|
ASCII text, with very long lines (950), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Reference Assemblies\b85529a8a0a78e
|
ASCII text, with very long lines (678), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows Mail\8f05d91182d17c
|
ASCII text, with very long lines (429), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\WindowsPowerShell\b85529a8a0a78e
|
ASCII text, with very long lines (918), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\jDownloader\config\9e8d7a4ca61bd9
|
ASCII text, with very long lines (745), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\jDownloader\config\b85529a8a0a78e
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows NT\6ccacd8608530f
|
ASCII text, with very long lines (603), with no line terminators
|
dropped
|
||
|
C:\Program Files\WindowsPowerShell\b85529a8a0a78e
|
ASCII text, with very long lines (641), with no line terminators
|
dropped
|
||
|
C:\Recovery\24dbde2999530e
|
ASCII text, with very long lines (947), with no line terminators
|
dropped
|
||
|
C:\Recovery\886983d96e3d3e
|
ASCII text, with very long lines (893), with no line terminators
|
dropped
|
||
|
C:\Recovery\b85529a8a0a78e
|
ASCII text, with very long lines (615), with no line terminators
|
dropped
|
||
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\b85529a8a0a78e
|
ASCII text, with very long lines (934), with no line terminators
|
dropped
|
||
|
C:\Users\Public\AccountPictures\b85529a8a0a78e
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SurrogateRef.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SwpTnCnrsAAKjgTAQ.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp9385A.tmp
|
ASCII text, with very long lines (1532), with no line terminators
|
dropped
|
||
|
C:\Windows\CbsTemp\9e8d7a4ca61bd9
|
ASCII text, with very long lines (879), with no line terminators
|
dropped
|
||
|
C:\comcontainer\b85529a8a0a78e
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\comcontainer\ebf1f9fa8afd6d
|
ASCII text, with very long lines (671), with no line terminators
|
dropped
|
||
|
C:\comcontainer\xNFGfK2ypxJsgsGsm5kX9.bat
|
ASCII text, with no line terminators
|
dropped
|
There are 29 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\NewLoaderCracks_1.32.exe
|
"C:\Users\user\Desktop\NewLoaderCracks_1.32.exe"
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\comcontainer\Kr8tZ.vbe"
|
|
|
|
C:\comcontainer\SurrogateRef.exe
|
"C:\comcontainer\SurrogateRef.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SwpTnCnrsAAKjgTAQS" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\jdownloader\config\SwpTnCnrsAAKjgTAQ.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SwpTnCnrsAAKjgTAQ" /sc ONLOGON /tr "'C:\Program Files (x86)\jdownloader\config\SwpTnCnrsAAKjgTAQ.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SwpTnCnrsAAKjgTAQS" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\jdownloader\config\SwpTnCnrsAAKjgTAQ.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 8 /tr "'C:\Recovery\csrss.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Recovery\csrss.exe'" /rl HIGHEST /f
|
|
|
|
C:\Program Files (x86)\jDownloader\config\SwpTnCnrsAAKjgTAQ.exe
|
"C:\Program Files (x86)\jdownloader\config\SwpTnCnrsAAKjgTAQ.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'C:\Recovery\csrss.exe'" /rl HIGHEST /f
|
|
|
|
C:\Program Files (x86)\jDownloader\config\SwpTnCnrsAAKjgTAQ.exe
|
"C:\Program Files (x86)\jdownloader\config\SwpTnCnrsAAKjgTAQ.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 9 /tr "'C:\Recovery\WmiPrvSE.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Recovery\WmiPrvSE.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 7 /tr "'C:\Recovery\WmiPrvSE.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\jdownloader\config\RuntimeBroker.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files (x86)\jdownloader\config\RuntimeBroker.exe'" /rl
HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\jdownloader\config\RuntimeBroker.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SwpTnCnrsAAKjgTAQS" /sc MINUTE /mo 5 /tr "'C:\Users\Public\AccountPictures\SwpTnCnrsAAKjgTAQ.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SwpTnCnrsAAKjgTAQ" /sc ONLOGON /tr "'C:\Users\Public\AccountPictures\SwpTnCnrsAAKjgTAQ.exe'" /rl
HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SwpTnCnrsAAKjgTAQS" /sc MINUTE /mo 9 /tr "'C:\Users\Public\AccountPictures\SwpTnCnrsAAKjgTAQ.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SurrogateRefS" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\windows mail\SurrogateRef.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SurrogateRef" /sc ONLOGON /tr "'C:\Program Files (x86)\windows mail\SurrogateRef.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SurrogateRefS" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\windows mail\SurrogateRef.exe'" /rl
HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Windows\CbsTemp\RuntimeBroker.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\CbsTemp\RuntimeBroker.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 6 /tr "'C:\Windows\CbsTemp\RuntimeBroker.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SwpTnCnrsAAKjgTAQS" /sc MINUTE /mo 14 /tr "'C:\Program Files\WindowsPowerShell\SwpTnCnrsAAKjgTAQ.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SwpTnCnrsAAKjgTAQ" /sc ONLOGON /tr "'C:\Program Files\WindowsPowerShell\SwpTnCnrsAAKjgTAQ.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "SwpTnCnrsAAKjgTAQS" /sc MINUTE /mo 10 /tr "'C:\Program Files\WindowsPowerShell\SwpTnCnrsAAKjgTAQ.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\comcontainer\xNFGfK2ypxJsgsGsm5kX9.bat" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 21 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://ip-api.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip-api.com
|
208.95.112.1
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
PromptOnSecureDesktop
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SurrogateRef_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SurrogateRef_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SurrogateRef_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SurrogateRef_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SurrogateRef_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SurrogateRef_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SurrogateRef_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SurrogateRef_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SurrogateRef_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SurrogateRef_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SurrogateRef_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SurrogateRef_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SurrogateRef_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SurrogateRef_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
|
CheckSetting
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1239D000
|
trusted library allocation
|
page read and write
|
|
|
|
2391000
|
trusted library allocation
|
page read and write
|
|
|
|
2937000
|
trusted library allocation
|
page read and write
|
|
|
|
3081000
|
trusted library allocation
|
page read and write
|
|
|
|
3081000
|
trusted library allocation
|
page read and write
|
|
|
|
130C8000
|
trusted library allocation
|
page read and write
|
||
|
2E19000
|
heap
|
page read and write
|
||
|
2AE3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34554000
|
trusted library allocation
|
page read and write
|
||
|
6F3000
|
heap
|
page read and write
|
||
|
541000
|
unkown
|
page execute read
|
||
|
7FFD34574000
|
trusted library allocation
|
page read and write
|
||
|
93E000
|
heap
|
page read and write
|
||
|
724E000
|
stack
|
page read and write
|
||
|
7FFD34610000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
57E000
|
unkown
|
page write copy
|
||
|
1276000
|
heap
|
page read and write
|
||
|
2D50000
|
trusted library allocation
|
page read and write
|
||
|
910000
|
trusted library section
|
page read and write
|
||
|
933000
|
heap
|
page read and write
|
||
|
1311D000
|
trusted library allocation
|
page read and write
|
||
|
1B2D3000
|
heap
|
page read and write
|
||
|
1A71F000
|
heap
|
page read and write
|
||
|
64F000
|
heap
|
page read and write
|
||
|
573000
|
unkown
|
page readonly
|
||
|
130BF000
|
trusted library allocation
|
page read and write
|
||
|
1C161000
|
heap
|
page read and write
|
||
|
2A1B000
|
trusted library allocation
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
316D000
|
stack
|
page read and write
|
||
|
7FFD34543000
|
trusted library allocation
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
4C8E000
|
stack
|
page read and write
|
||
|
5A1000
|
unkown
|
page read and write
|
||
|
7FFD34770000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C145000
|
heap
|
page read and write
|
||
|
1AFCE000
|
stack
|
page read and write
|
||
|
130D3000
|
trusted library allocation
|
page read and write
|
||
|
130D4000
|
trusted library allocation
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
2D82000
|
stack
|
page read and write
|
||
|
550F000
|
stack
|
page read and write
|
||
|
5FB000
|
stack
|
page read and write
|
||
|
1BB7E000
|
stack
|
page read and write
|
||
|
7FFD34626000
|
trusted library allocation
|
page execute and read and write
|
||
|
917000
|
heap
|
page read and write
|
||
|
91A000
|
heap
|
page read and write
|
||
|
2E36000
|
heap
|
page read and write
|
||
|
130C0000
|
trusted library allocation
|
page read and write
|
||
|
8F1000
|
heap
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
1ACA0000
|
trusted library section
|
page read and write
|
||
|
4F1D000
|
stack
|
page read and write
|
||
|
936000
|
heap
|
page read and write
|
||
|
1ACC3000
|
heap
|
page execute and read and write
|
||
|
57E000
|
unkown
|
page read and write
|
||
|
7FFD346E3000
|
trusted library allocation
|
page read and write
|
||
|
1C1B3000
|
heap
|
page read and write
|
||
|
28B7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346D3000
|
trusted library allocation
|
page read and write
|
||
|
2E1A000
|
heap
|
page read and write
|
||
|
67A000
|
heap
|
page read and write
|
||
|
2E53000
|
trusted library allocation
|
page read and write
|
||
|
13121000
|
trusted library allocation
|
page read and write
|
||
|
1B5FD000
|
stack
|
page read and write
|
||
|
7FFD346FC000
|
trusted library allocation
|
page read and write
|
||
|
2D66000
|
stack
|
page read and write
|
||
|
95B000
|
heap
|
page read and write
|
||
|
130BD000
|
trusted library allocation
|
page read and write
|
||
|
E19000
|
heap
|
page read and write
|
||
|
886000
|
heap
|
page read and write
|
||
|
2D73000
|
stack
|
page read and write
|
||
|
13088000
|
trusted library allocation
|
page read and write
|
||
|
1B0C2000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
1B4D0000
|
trusted library section
|
page read and write
|
||
|
13A5000
|
heap
|
page read and write
|
||
|
1B93F000
|
stack
|
page read and write
|
||
|
913000
|
heap
|
page read and write
|
||
|
2E19000
|
heap
|
page read and write
|
||
|
93D000
|
heap
|
page read and write
|
||
|
1C135000
|
heap
|
page read and write
|
||
|
541000
|
unkown
|
page execute read
|
||
|
1BF60000
|
trusted library section
|
page read and write
|
||
|
156F000
|
stack
|
page read and write
|
||
|
2E1D000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
6910000
|
trusted library allocation
|
page read and write
|
||
|
2DC5000
|
trusted library allocation
|
page read and write
|
||
|
1B392000
|
heap
|
page read and write
|
||
|
13122000
|
trusted library allocation
|
page read and write
|
||
|
1B34C000
|
heap
|
page read and write
|
||
|
1313F000
|
trusted library allocation
|
page read and write
|
||
|
913000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
7FFD34780000
|
trusted library allocation
|
page read and write
|
||
|
27EF000
|
trusted library allocation
|
page read and write
|
||
|
5E7000
|
unkown
|
page readonly
|
||
|
52B7000
|
heap
|
page read and write
|
||
|
51B0000
|
heap
|
page read and write
|
||
|
5338000
|
heap
|
page read and write
|
||
|
313F000
|
trusted library allocation
|
page read and write
|
||
|
255E000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
1760000
|
heap
|
page execute and read and write
|
||
|
501E000
|
stack
|
page read and write
|
||
|
130CC000
|
trusted library allocation
|
page read and write
|
||
|
938000
|
heap
|
page read and write
|
||
|
130DA000
|
trusted library allocation
|
page read and write
|
||
|
5170000
|
heap
|
page read and write
|
||
|
1BEC4000
|
stack
|
page read and write
|
||
|
7FFD34740000
|
trusted library allocation
|
page read and write
|
||
|
130CB000
|
trusted library allocation
|
page read and write
|
||
|
2EA9000
|
heap
|
page read and write
|
||
|
2C44000
|
trusted library allocation
|
page read and write
|
||
|
13081000
|
trusted library allocation
|
page read and write
|
||
|
2E45000
|
heap
|
page read and write
|
||
|
5160000
|
heap
|
page read and write
|
||
|
565E000
|
stack
|
page read and write
|
||
|
7FFD346E0000
|
trusted library allocation
|
page read and write
|
||
|
13088000
|
trusted library allocation
|
page read and write
|
||
|
2380000
|
heap
|
page execute and read and write
|
||
|
130CD000
|
trusted library allocation
|
page read and write
|
||
|
1312C000
|
trusted library allocation
|
page read and write
|
||
|
52B8000
|
heap
|
page read and write
|
||
|
2E47000
|
heap
|
page read and write
|
||
|
7FFD34550000
|
trusted library allocation
|
page read and write
|
||
|
2D4C000
|
stack
|
page read and write
|
||
|
2AE5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34530000
|
trusted library allocation
|
page read and write
|
||
|
13083000
|
trusted library allocation
|
page read and write
|
||
|
13129000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34552000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DE8000
|
heap
|
page read and write
|
||
|
1C186000
|
heap
|
page read and write
|
||
|
2C7C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3454D000
|
trusted library allocation
|
page execute and read and write
|
||
|
13091000
|
trusted library allocation
|
page read and write
|
||
|
2B01000
|
trusted library allocation
|
page read and write
|
||
|
2D60000
|
stack
|
page read and write
|
||
|
AAF000
|
stack
|
page read and write
|
||
|
90F000
|
heap
|
page read and write
|
||
|
1C0CE000
|
stack
|
page read and write
|
||
|
2E5A000
|
trusted library allocation
|
page read and write
|
||
|
301E000
|
stack
|
page read and write
|
||
|
1BE9E000
|
stack
|
page read and write
|
||
|
2E60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3456C000
|
trusted library allocation
|
page read and write
|
||
|
2AE9000
|
trusted library allocation
|
page read and write
|
||
|
1C110000
|
heap
|
page read and write
|
||
|
93D000
|
heap
|
page read and write
|
||
|
12B1000
|
heap
|
page read and write
|
||
|
1BAF0000
|
heap
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
95B000
|
heap
|
page read and write
|
||
|
1BD00000
|
trusted library section
|
page read and write
|
||
|
7FFD347F0000
|
trusted library allocation
|
page read and write
|
||
|
1311B000
|
trusted library allocation
|
page read and write
|
||
|
326E000
|
stack
|
page read and write
|
||
|
2AFF000
|
trusted library allocation
|
page read and write
|
||
|
912000
|
heap
|
page read and write
|
||
|
1BA50000
|
heap
|
page execute and read and write
|
||
|
2D79000
|
stack
|
page read and write
|
||
|
91D000
|
heap
|
page read and write
|
||
|
2D8A000
|
stack
|
page read and write
|
||
|
738B000
|
stack
|
page read and write
|
||
|
133B000
|
heap
|
page read and write
|
||
|
7FFD3455C000
|
trusted library allocation
|
page read and write
|
||
|
2D30000
|
trusted library allocation
|
page read and write
|
||
|
1C12C000
|
heap
|
page read and write
|
||
|
2E04000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
130C7000
|
trusted library allocation
|
page read and write
|
||
|
1B332000
|
heap
|
page read and write
|
||
|
12E85000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34543000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD346FA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346EC000
|
trusted library allocation
|
page read and write
|
||
|
8D0000
|
trusted library allocation
|
page read and write
|
||
|
1B2D0000
|
heap
|
page read and write
|
||
|
2E08000
|
heap
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
13120000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345E6000
|
trusted library allocation
|
page read and write
|
||
|
130C6000
|
trusted library allocation
|
page read and write
|
||
|
1C158000
|
heap
|
page read and write
|
||
|
7FFD34544000
|
trusted library allocation
|
page read and write
|
||
|
1BCC0000
|
heap
|
page execute and read and write
|
||
|
1ACCE000
|
heap
|
page execute and read and write
|
||
|
1C252000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
15CF000
|
stack
|
page read and write
|
||
|
130B2000
|
trusted library allocation
|
page read and write
|
||
|
2AF1000
|
trusted library allocation
|
page read and write
|
||
|
130C3000
|
trusted library allocation
|
page read and write
|
||
|
8D8000
|
heap
|
page read and write
|
||
|
1BCBB000
|
stack
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
13091000
|
trusted library allocation
|
page read and write
|
||
|
80E000
|
stack
|
page read and write
|
||
|
7FFD34600000
|
trusted library allocation
|
page read and write
|
||
|
5A2000
|
unkown
|
page readonly
|
||
|
938000
|
heap
|
page read and write
|
||
|
7FFD3459C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E19000
|
heap
|
page read and write
|
||
|
2E58000
|
trusted library allocation
|
page read and write
|
||
|
2EA9000
|
heap
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
1308D000
|
trusted library allocation
|
page read and write
|
||
|
90E000
|
heap
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34790000
|
trusted library allocation
|
page read and write
|
||
|
1BA9F000
|
stack
|
page read and write
|
||
|
7FFD34650000
|
trusted library allocation
|
page execute and read and write
|
||
|
2903000
|
trusted library allocation
|
page read and write
|
||
|
196000
|
unkown
|
page readonly
|
||
|
1C233000
|
heap
|
page read and write
|
||
|
5A2000
|
unkown
|
page write copy
|
||
|
7FFD34570000
|
trusted library allocation
|
page read and write
|
||
|
6BA000
|
heap
|
page read and write
|
||
|
7FFD347A4000
|
trusted library allocation
|
page read and write
|
||
|
50B0000
|
heap
|
page read and write
|
||
|
130F1000
|
trusted library allocation
|
page read and write
|
||
|
51B4000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
130C9000
|
trusted library allocation
|
page read and write
|
||
|
1C198000
|
heap
|
page read and write
|
||
|
20000
|
unkown
|
page readonly
|
||
|
1BBBE000
|
stack
|
page read and write
|
||
|
1B0B0000
|
trusted library allocation
|
page read and write
|
||
|
6EF000
|
heap
|
page read and write
|
||
|
1BB9E000
|
stack
|
page read and write
|
||
|
7FFD346D0000
|
trusted library allocation
|
page read and write
|
||
|
312F000
|
stack
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
2D56000
|
stack
|
page read and write
|
||
|
1C1CE000
|
stack
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
1B93D000
|
stack
|
page read and write
|
||
|
95B000
|
heap
|
page read and write
|
||
|
1BF70000
|
trusted library section
|
page read and write
|
||
|
92C000
|
heap
|
page read and write
|
||
|
130D7000
|
trusted library allocation
|
page read and write
|
||
|
130D5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34616000
|
trusted library allocation
|
page execute and read and write
|
||
|
1311A000
|
trusted library allocation
|
page read and write
|
||
|
1C212000
|
heap
|
page read and write
|
||
|
91F000
|
heap
|
page read and write
|
||
|
93E000
|
heap
|
page read and write
|
||
|
130D6000
|
trusted library allocation
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
1B3BD000
|
heap
|
page read and write
|
||
|
130ED000
|
trusted library allocation
|
page read and write
|
||
|
2E5C000
|
trusted library allocation
|
page read and write
|
||
|
12E42000
|
trusted library allocation
|
page read and write
|
||
|
554B000
|
stack
|
page read and write
|
||
|
4D8F000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
7FFD3454C000
|
trusted library allocation
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
2A64000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347D0000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
2B23000
|
trusted library allocation
|
page read and write
|
||
|
1BA4E000
|
stack
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
7FFD347E0000
|
trusted library allocation
|
page read and write
|
||
|
1C1EA000
|
heap
|
page read and write
|
||
|
2AF5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3460C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
6ED000
|
heap
|
page read and write
|
||
|
2E5E000
|
trusted library allocation
|
page read and write
|
||
|
130CF000
|
trusted library allocation
|
page read and write
|
||
|
2FE0000
|
heap
|
page readonly
|
||
|
130CA000
|
trusted library allocation
|
page read and write
|
||
|
915000
|
heap
|
page read and write
|
||
|
7FFD34550000
|
trusted library allocation
|
page read and write
|
||
|
929000
|
heap
|
page read and write
|
||
|
3139000
|
trusted library allocation
|
page read and write
|
||
|
B9E000
|
stack
|
page read and write
|
||
|
1C17B000
|
heap
|
page read and write
|
||
|
20000
|
unkown
|
page readonly
|
||
|
923000
|
heap
|
page read and write
|
||
|
734F000
|
stack
|
page read and write
|
||
|
2AF3000
|
trusted library allocation
|
page read and write
|
||
|
1C175000
|
heap
|
page read and write
|
||
|
921000
|
heap
|
page read and write
|
||
|
7FFD34636000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EA9000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
7FFD34533000
|
trusted library allocation
|
page execute and read and write
|
||
|
130DC000
|
trusted library allocation
|
page read and write
|
||
|
1B369000
|
heap
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
7FFD34713000
|
trusted library allocation
|
page read and write
|
||
|
22000
|
unkown
|
page readonly
|
||
|
1200000
|
heap
|
page read and write
|
||
|
12CA7000
|
trusted library allocation
|
page read and write
|
||
|
284A000
|
trusted library allocation
|
page read and write
|
||
|
1730000
|
trusted library allocation
|
page read and write
|
||
|
1B3C8000
|
heap
|
page read and write
|
||
|
130B0000
|
trusted library allocation
|
page read and write
|
||
|
1775000
|
heap
|
page read and write
|
||
|
7FFD3456D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A0A000
|
trusted library allocation
|
page read and write
|
||
|
2C3C000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
2AE1000
|
trusted library allocation
|
page read and write
|
||
|
1C65B000
|
stack
|
page read and write
|
||
|
234F000
|
stack
|
page read and write
|
||
|
1BD9E000
|
stack
|
page read and write
|
||
|
936000
|
heap
|
page read and write
|
||
|
131EC000
|
trusted library allocation
|
page read and write
|
||
|
1C13A000
|
heap
|
page read and write
|
||
|
7FFD345FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
26FA000
|
trusted library allocation
|
page read and write
|
||
|
2E9F000
|
heap
|
page read and write
|
||
|
7FFD346F0000
|
trusted library allocation
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
4FB000
|
stack
|
page read and write
|
||
|
3040000
|
trusted library allocation
|
page read and write
|
||
|
92E000
|
heap
|
page read and write
|
||
|
33EB000
|
heap
|
page read and write
|
||
|
2B03000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3457D000
|
trusted library allocation
|
page execute and read and write
|
||
|
13112000
|
trusted library allocation
|
page read and write
|
||
|
1AECF000
|
stack
|
page read and write
|
||
|
5E7000
|
unkown
|
page readonly
|
||
|
2E1E000
|
heap
|
page read and write
|
||
|
720F000
|
stack
|
page read and write
|
||
|
7FFD34532000
|
trusted library allocation
|
page read and write
|
||
|
928000
|
heap
|
page read and write
|
||
|
7FFD346EA000
|
trusted library allocation
|
page read and write
|
||
|
13130000
|
trusted library allocation
|
page read and write
|
||
|
1329000
|
heap
|
page read and write
|
||
|
3105000
|
trusted library allocation
|
page read and write
|
||
|
1BCD0000
|
trusted library section
|
page read and write
|
||
|
5A3000
|
unkown
|
page readonly
|
||
|
2AED000
|
trusted library allocation
|
page read and write
|
||
|
1B3CA000
|
heap
|
page read and write
|
||
|
5060000
|
heap
|
page read and write
|
||
|
748D000
|
stack
|
page read and write
|
||
|
1BA3B000
|
stack
|
page read and write
|
||
|
13113000
|
trusted library allocation
|
page read and write
|
||
|
95B000
|
heap
|
page read and write
|
||
|
1C21F000
|
heap
|
page read and write
|
||
|
52B8000
|
heap
|
page read and write
|
||
|
7FFD34720000
|
trusted library allocation
|
page read and write
|
||
|
131B000
|
heap
|
page read and write
|
||
|
7FFD346E0000
|
trusted library allocation
|
page read and write
|
||
|
2AEB000
|
trusted library allocation
|
page read and write
|
||
|
8A0000
|
trusted library allocation
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
7FFD34750000
|
trusted library allocation
|
page execute and read and write
|
||
|
13102000
|
trusted library allocation
|
page read and write
|
||
|
1B4FD000
|
stack
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
2C4C000
|
trusted library allocation
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
555D000
|
stack
|
page read and write
|
||
|
11F5000
|
heap
|
page read and write
|
||
|
1326000
|
heap
|
page read and write
|
||
|
7FFD34554000
|
trusted library allocation
|
page read and write
|
||
|
1C1FA000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page execute and read and write
|
||
|
2AF9000
|
trusted library allocation
|
page read and write
|
||
|
130F0000
|
trusted library allocation
|
page read and write
|
||
|
1308000
|
heap
|
page read and write
|
||
|
505E000
|
stack
|
page read and write
|
||
|
7FFD3455B000
|
trusted library allocation
|
page execute and read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
2EA9000
|
heap
|
page read and write
|
||
|
63A000
|
heap
|
page read and write
|
||
|
302D000
|
stack
|
page read and write
|
||
|
11E5000
|
heap
|
page read and write
|
||
|
33C4000
|
heap
|
page read and write
|
||
|
7FFD346EB000
|
trusted library allocation
|
page read and write
|
||
|
12DF000
|
heap
|
page read and write
|
||
|
6996000
|
heap
|
page read and write
|
||
|
7FFD34547000
|
trusted library allocation
|
page read and write
|
||
|
1312B000
|
trusted library allocation
|
page read and write
|
||
|
12EA1000
|
trusted library allocation
|
page read and write
|
||
|
2E0C000
|
heap
|
page read and write
|
||
|
1C24F000
|
heap
|
page read and write
|
||
|
130EE000
|
trusted library allocation
|
page read and write
|
||
|
CDE000
|
stack
|
page read and write
|
||
|
1C141000
|
heap
|
page read and write
|
||
|
1B2CA000
|
stack
|
page read and write
|
||
|
12A6000
|
heap
|
page read and write
|
||
|
10F6000
|
stack
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
1C0EC000
|
stack
|
page read and write
|
||
|
8F7000
|
heap
|
page read and write
|
||
|
7FFD347F6000
|
trusted library allocation
|
page read and write
|
||
|
13126000
|
trusted library allocation
|
page read and write
|
||
|
92F000
|
heap
|
page read and write
|
||
|
1C249000
|
heap
|
page read and write
|
||
|
130D8000
|
trusted library allocation
|
page read and write
|
||
|
3070000
|
heap
|
page execute and read and write
|
||
|
1605000
|
heap
|
page read and write
|
||
|
2D77000
|
stack
|
page read and write
|
||
|
13119000
|
trusted library allocation
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
938000
|
heap
|
page read and write
|
||
|
2E08000
|
heap
|
page read and write
|
||
|
7FFD34760000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
52B3000
|
heap
|
page read and write
|
||
|
93F000
|
heap
|
page read and write
|
||
|
584000
|
unkown
|
page read and write
|
||
|
8E4000
|
heap
|
page read and write
|
||
|
1ADCF000
|
stack
|
page read and write
|
||
|
13125000
|
trusted library allocation
|
page read and write
|
||
|
170F000
|
stack
|
page read and write
|
||
|
192000
|
unkown
|
page readonly
|
||
|
8CE000
|
stack
|
page read and write
|
||
|
569D000
|
stack
|
page read and write
|
||
|
2E0E000
|
heap
|
page read and write
|
||
|
2E0F000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
7FFD34564000
|
trusted library allocation
|
page read and write
|
||
|
1311F000
|
trusted library allocation
|
page read and write
|
||
|
93E000
|
heap
|
page read and write
|
||
|
2EA9000
|
heap
|
page read and write
|
||
|
7FFD3455D000
|
trusted library allocation
|
page execute and read and write
|
||
|
632000
|
heap
|
page read and write
|
||
|
6915000
|
heap
|
page read and write
|
||
|
7FFD34567000
|
trusted library allocation
|
page read and write
|
||
|
1770000
|
heap
|
page read and write
|
||
|
95B000
|
heap
|
page read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page read and write
|
||
|
13114000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34560000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347B0000
|
trusted library allocation
|
page read and write
|
||
|
67F000
|
heap
|
page read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
7FFD3458C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34563000
|
trusted library allocation
|
page read and write
|
||
|
1A92D000
|
stack
|
page read and write
|
||
|
540E000
|
stack
|
page read and write
|
||
|
7FFD346F3000
|
trusted library allocation
|
page read and write
|
||
|
130C4000
|
trusted library allocation
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
1BFA0000
|
heap
|
page read and write
|
||
|
1BCF0000
|
trusted library section
|
page read and write
|
||
|
1C240000
|
heap
|
page read and write
|
||
|
132C000
|
heap
|
page read and write
|
||
|
1BC93000
|
stack
|
page read and write
|
||
|
7FFD347C2000
|
trusted library allocation
|
page read and write
|
||
|
130EF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34534000
|
trusted library allocation
|
page read and write
|
||
|
1279000
|
heap
|
page read and write
|
||
|
3139000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BF9E000
|
stack
|
page read and write
|
||
|
33BA000
|
trusted library allocation
|
page read and write
|
||
|
1BBFE000
|
stack
|
page read and write
|
||
|
7FFD34720000
|
trusted library allocation
|
page read and write
|
||
|
1BCC0000
|
trusted library section
|
page read and write
|
||
|
1311E000
|
trusted library allocation
|
page read and write
|
||
|
938000
|
heap
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
7FFD34606000
|
trusted library allocation
|
page read and write
|
||
|
1B0B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345F6000
|
trusted library allocation
|
page read and write
|
||
|
678000
|
heap
|
page read and write
|
||
|
13123000
|
trusted library allocation
|
page read and write
|
||
|
1313F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page read and write
|
||
|
13A8000
|
heap
|
page read and write
|
||
|
919000
|
heap
|
page read and write
|
||
|
1C26A000
|
heap
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page read and write
|
||
|
DFE000
|
stack
|
page read and write
|
||
|
12E7000
|
heap
|
page read and write
|
||
|
1B4CF000
|
stack
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
933000
|
heap
|
page read and write
|
||
|
1ACC0000
|
heap
|
page execute and read and write
|
||
|
7FFD345F0000
|
trusted library allocation
|
page read and write
|
||
|
13117000
|
trusted library allocation
|
page read and write
|
||
|
130D9000
|
trusted library allocation
|
page read and write
|
||
|
12DD000
|
heap
|
page read and write
|
||
|
13124000
|
trusted library allocation
|
page read and write
|
||
|
2E0C000
|
heap
|
page read and write
|
||
|
130DB000
|
trusted library allocation
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
130CE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346F0000
|
trusted library allocation
|
page read and write
|
||
|
1311C000
|
trusted library allocation
|
page read and write
|
||
|
52B1000
|
heap
|
page read and write
|
||
|
7FFD34553000
|
trusted library allocation
|
page execute and read and write
|
||
|
130BE000
|
trusted library allocation
|
page read and write
|
||
|
2C86000
|
stack
|
page read and write
|
||
|
1C190000
|
heap
|
page read and write
|
||
|
33E7000
|
heap
|
page read and write
|
||
|
69F000
|
heap
|
page read and write
|
||
|
13083000
|
trusted library allocation
|
page read and write
|
||
|
8F7000
|
heap
|
page read and write
|
||
|
1B33E000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
2AE7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34542000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3453D000
|
trusted library allocation
|
page execute and read and write
|
||
|
95B000
|
heap
|
page read and write
|
||
|
1750000
|
trusted library allocation
|
page read and write
|
||
|
1BCE0000
|
trusted library section
|
page read and write
|
||
|
12391000
|
trusted library allocation
|
page read and write
|
||
|
1BDCE000
|
stack
|
page read and write
|
||
|
1C25C000
|
heap
|
page read and write
|
||
|
2E19000
|
heap
|
page read and write
|
||
|
901000
|
heap
|
page read and write
|
||
|
1293000
|
heap
|
page read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3455D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B387000
|
heap
|
page read and write
|
||
|
1B4E0000
|
trusted library section
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
564C000
|
stack
|
page read and write
|
||
|
7FFD34540000
|
trusted library allocation
|
page read and write
|
||
|
922000
|
heap
|
page read and write
|
||
|
1C264000
|
heap
|
page read and write
|
||
|
7FFD34710000
|
trusted library allocation
|
page read and write
|
||
|
1312D000
|
trusted library allocation
|
page read and write
|
||
|
1312F000
|
trusted library allocation
|
page read and write
|
||
|
130C2000
|
trusted library allocation
|
page read and write
|
||
|
1C1C1000
|
heap
|
page read and write
|
||
|
7FFD34670000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C16B000
|
heap
|
page read and write
|
||
|
2E47000
|
heap
|
page read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
7FFD34553000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34703000
|
trusted library allocation
|
page read and write
|
||
|
515E000
|
stack
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
1C129000
|
heap
|
page read and write
|
||
|
7FFD3456D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C1D6000
|
heap
|
page read and write
|
||
|
1B39A000
|
heap
|
page read and write
|
||
|
13127000
|
trusted library allocation
|
page read and write
|
||
|
912000
|
heap
|
page read and write
|
||
|
1312A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page read and write
|
||
|
12F6000
|
stack
|
page read and write
|
||
|
1A3C0000
|
trusted library allocation
|
page read and write
|
||
|
130F2000
|
trusted library allocation
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
2E16000
|
heap
|
page read and write
|
||
|
130C5000
|
trusted library allocation
|
page read and write
|
||
|
2A39000
|
trusted library allocation
|
page read and write
|
||
|
1BF5A000
|
stack
|
page read and write
|
||
|
573000
|
unkown
|
page readonly
|
||
|
7FFD3456B000
|
trusted library allocation
|
page execute and read and write
|
||
|
12B7000
|
heap
|
page read and write
|
||
|
2AEF000
|
trusted library allocation
|
page read and write
|
||
|
130D0000
|
trusted library allocation
|
page read and write
|
||
|
880000
|
trusted library allocation
|
page read and write
|
||
|
2600000
|
trusted library allocation
|
page read and write
|
||
|
95B000
|
heap
|
page read and write
|
||
|
130B1000
|
trusted library allocation
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
7FFD3457B000
|
trusted library allocation
|
page execute and read and write
|
||
|
13118000
|
trusted library allocation
|
page read and write
|
||
|
924000
|
heap
|
page read and write
|
||
|
1B37F000
|
heap
|
page read and write
|
||
|
13116000
|
trusted library allocation
|
page read and write
|
||
|
1BFC3000
|
stack
|
page read and write
|
||
|
2360000
|
heap
|
page execute and read and write
|
||
|
7FF4828C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
1BE5A000
|
stack
|
page read and write
|
||
|
1B1CA000
|
stack
|
page read and write
|
||
|
33A1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3470B000
|
trusted library allocation
|
page read and write
|
||
|
1B83E000
|
stack
|
page read and write
|
||
|
25FE000
|
trusted library allocation
|
page read and write
|
||
|
2AF7000
|
trusted library allocation
|
page read and write
|
||
|
4C4F000
|
stack
|
page read and write
|
||
|
2AFB000
|
trusted library allocation
|
page read and write
|
||
|
2E47000
|
heap
|
page read and write
|
||
|
7FFD34710000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346DC000
|
trusted library allocation
|
page read and write
|
||
|
5000000
|
heap
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
919000
|
heap
|
page read and write
|
||
|
7FFD34660000
|
trusted library allocation
|
page execute and read and write
|
||
|
540000
|
unkown
|
page readonly
|
||
|
13128000
|
trusted library allocation
|
page read and write
|
||
|
1BA40000
|
heap
|
page execute and read and write
|
||
|
146E000
|
stack
|
page read and write
|
||
|
13081000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
unkown
|
page readonly
|
||
|
1308D000
|
trusted library allocation
|
page read and write
|
||
|
2ADF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3454D000
|
trusted library allocation
|
page execute and read and write
|
||
|
51B0000
|
trusted library allocation
|
page read and write
|
||
|
9A4000
|
heap
|
page read and write
|
||
|
7FFD34557000
|
trusted library allocation
|
page read and write
|
||
|
931000
|
heap
|
page read and write
|
||
|
1B990000
|
heap
|
page read and write
|
||
|
7FFD345E0000
|
trusted library allocation
|
page read and write
|
||
|
2E6D000
|
heap
|
page read and write
|
||
|
128F000
|
heap
|
page read and write
|
||
|
7FFD3478B000
|
trusted library allocation
|
page read and write
|
||
|
92D000
|
heap
|
page read and write
|
||
|
7FFD34600000
|
trusted library allocation
|
page execute and read and write
|
||
|
1367000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
4F6000
|
stack
|
page read and write
|
||
|
130C1000
|
trusted library allocation
|
page read and write
|
||
|
133E000
|
heap
|
page read and write
|
||
|
7FFD3470B000
|
trusted library allocation
|
page read and write
|
||
|
130EC000
|
trusted library allocation
|
page read and write
|
||
|
1B60D000
|
stack
|
page read and write
|
||
|
7FFD34710000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3455D000
|
trusted library allocation
|
page execute and read and write
|
There are 618 hidden memdumps, click here to show them.