Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Ym9pCkdQCN.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Microsoft Office\Office16\rxlSpmEkQUyDvxlFic.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Reference Assemblies\csrss.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows Media Player\Network Sharing\rxlSpmEkQUyDvxlFic.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\rxlSpmEkQUyDvxlFic.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Mail\TextInputHost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Portable Devices\rxlSpmEkQUyDvxlFic.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\rxlSpmEkQUyDvxlFic.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\rxlSpmEkQUyDvxlFic.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\ImmersiveControlPanel\pris\ApplicationFrameHost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Setup\State\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\TAPI\winlogon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\driverruntimeperfCommon\APcholoL7ETBvvAkO3nQrcw9B.vbe
|
data
|
dropped
|
|
|
|
C:\driverruntimeperfCommon\dllhost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\driverruntimeperfCommon\rxlSpmEkQUyDvxlFic.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\driverruntimeperfCommon\sessioncrt.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\driverruntimeperfCommon\wininit.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\24fab4fe41bce1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Reference Assemblies\886983d96e3d3e
|
ASCII text, with very long lines (781), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows Media Player\Network Sharing\24fab4fe41bce1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\24fab4fe41bce1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Mail\22eafd247d37c3
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Portable Devices\24fab4fe41bce1
|
ASCII text, with very long lines (660), with no line terminators
|
dropped
|
||
|
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\24fab4fe41bce1
|
ASCII text, with very long lines (769), with no line terminators
|
dropped
|
||
|
C:\Recovery\24fab4fe41bce1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rxlSpmEkQUyDvxlFic.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sessioncrt.exe.log
|
CSV text
|
dropped
|
||
|
C:\Windows\ImmersiveControlPanel\pris\6dd19aba3e2428
|
ASCII text, with very long lines (975), with no line terminators
|
dropped
|
||
|
C:\Windows\Setup\State\9e8d7a4ca61bd9
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\TAPI\cc11b995f2a76d
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\driverruntimeperfCommon\24fab4fe41bce1
|
ASCII text, with very long lines (982), with no line terminators
|
dropped
|
||
|
C:\driverruntimeperfCommon\56085415360792
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\driverruntimeperfCommon\5940a34987c991
|
ASCII text, with very long lines (681), with no line terminators
|
dropped
|
||
|
C:\driverruntimeperfCommon\RppzIJI6o4vFZ4Y4XgyK.bat
|
ASCII text, with no line terminators
|
dropped
|
There are 24 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Ym9pCkdQCN.exe
|
"C:\Users\user\Desktop\Ym9pCkdQCN.exe"
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\driverruntimeperfCommon\APcholoL7ETBvvAkO3nQrcw9B.vbe"
|
|
|
|
C:\driverruntimeperfCommon\sessioncrt.exe
|
"C:\driverruntimeperfCommon\sessioncrt.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFicr" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\windows media player\Network
Sharing\rxlSpmEkQUyDvxlFic.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFic" /sc ONLOGON /tr "'C:\Program Files (x86)\windows media player\Network Sharing\rxlSpmEkQUyDvxlFic.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFicr" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\windows media player\Network
Sharing\rxlSpmEkQUyDvxlFic.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFicr" /sc MINUTE /mo 5 /tr "'C:\Users\All Users\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\rxlSpmEkQUyDvxlFic.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFic" /sc ONLOGON /tr "'C:\Users\All Users\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\rxlSpmEkQUyDvxlFic.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFicr" /sc MINUTE /mo 14 /tr "'C:\Users\All Users\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\rxlSpmEkQUyDvxlFic.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFicr" /sc MINUTE /mo 12 /tr "'C:\Recovery\rxlSpmEkQUyDvxlFic.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFic" /sc ONLOGON /tr "'C:\Recovery\rxlSpmEkQUyDvxlFic.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFicr" /sc MINUTE /mo 12 /tr "'C:\Recovery\rxlSpmEkQUyDvxlFic.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFicr" /sc MINUTE /mo 5 /tr "'C:\driverruntimeperfCommon\rxlSpmEkQUyDvxlFic.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFic" /sc ONLOGON /tr "'C:\driverruntimeperfCommon\rxlSpmEkQUyDvxlFic.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFicr" /sc MINUTE /mo 11 /tr "'C:\driverruntimeperfCommon\rxlSpmEkQUyDvxlFic.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFicr" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\microsoft office\Office16\rxlSpmEkQUyDvxlFic.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFic" /sc ONLOGON /tr "'C:\Program Files (x86)\microsoft office\Office16\rxlSpmEkQUyDvxlFic.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFicr" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\microsoft office\Office16\rxlSpmEkQUyDvxlFic.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Windows\Setup\State\RuntimeBroker.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Windows\Setup\State\RuntimeBroker.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 5 /tr "'C:\Windows\Setup\State\RuntimeBroker.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFicr" /sc MINUTE /mo 13 /tr "'C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\rxlSpmEkQUyDvxlFic.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFic" /sc ONLOGON /tr "'C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\rxlSpmEkQUyDvxlFic.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFicr" /sc MINUTE /mo 8 /tr "'C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\rxlSpmEkQUyDvxlFic.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 7 /tr "'C:\driverruntimeperfCommon\wininit.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\driverruntimeperfCommon\wininit.exe'" /rl HIGHEST /f
|
|
|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\rxlSpmEkQUyDvxlFic.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\rxlSpmEkQUyDvxlFic.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 11 /tr "'C:\driverruntimeperfCommon\wininit.exe'" /rl HIGHEST /f
|
|
|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\rxlSpmEkQUyDvxlFic.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\rxlSpmEkQUyDvxlFic.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 7 /tr "'C:\Windows\TAPI\winlogon.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Windows\TAPI\winlogon.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 8 /tr "'C:\Windows\TAPI\winlogon.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFicr" /sc MINUTE /mo 11 /tr "'C:\Recovery\rxlSpmEkQUyDvxlFic.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFic" /sc ONLOGON /tr "'C:\Recovery\rxlSpmEkQUyDvxlFic.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "rxlSpmEkQUyDvxlFicr" /sc MINUTE /mo 6 /tr "'C:\Recovery\rxlSpmEkQUyDvxlFic.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "TextInputHostT" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Mail\TextInputHost.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "TextInputHost" /sc ONLOGON /tr "'C:\Program Files\Windows Mail\TextInputHost.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\driverruntimeperfCommon\RppzIJI6o4vFZ4Y4XgyK.bat" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 29 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
206.23.85.13.in-addr.arpa
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\159c35288771c760e02b8b470cb869dec2d7779c
|
c973def3e355ba7cf00a4df71740534a9dbddf52
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2E41000
|
trusted library allocation
|
page read and write
|
|
|
|
2961000
|
trusted library allocation
|
page read and write
|
|
|
|
27C1000
|
trusted library allocation
|
page read and write
|
|
|
|
28D1000
|
trusted library allocation
|
page read and write
|
|
|
|
2809000
|
trusted library allocation
|
page read and write
|
|
|
|
1BCCD000
|
heap
|
page read and write
|
||
|
1B9FA000
|
heap
|
page read and write
|
||
|
2DAF000
|
stack
|
page read and write
|
||
|
7FFB4ADBC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BEF000
|
heap
|
page read and write
|
||
|
7FFB4AD3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
7FFB4AD2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AD1C000
|
trusted library allocation
|
page read and write
|
||
|
1BC8E000
|
heap
|
page read and write
|
||
|
28DE000
|
stack
|
page read and write
|
||
|
1BC00000
|
heap
|
page read and write
|
||
|
127C1000
|
trusted library allocation
|
page read and write
|
||
|
128DD000
|
trusted library allocation
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
128D1000
|
trusted library allocation
|
page read and write
|
||
|
1B6FA000
|
stack
|
page read and write
|
||
|
1BC7F000
|
heap
|
page read and write
|
||
|
2BF8000
|
trusted library allocation
|
page read and write
|
||
|
1B29E000
|
stack
|
page read and write
|
||
|
E81000
|
unkown
|
page execute read
|
||
|
A60000
|
heap
|
page read and write
|
||
|
2C68000
|
heap
|
page read and write
|
||
|
7FFB4AD37000
|
trusted library allocation
|
page read and write
|
||
|
1C65B000
|
stack
|
page read and write
|
||
|
7FFB4AD22000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
7FFB4AE40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
A8C000
|
heap
|
page read and write
|
||
|
1B923000
|
heap
|
page read and write
|
||
|
7FFB4ADE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
AE3000
|
stack
|
page read and write
|
||
|
A67000
|
heap
|
page read and write
|
||
|
EE5000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
287F000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
DFA000
|
heap
|
page read and write
|
||
|
D9D000
|
heap
|
page read and write
|
||
|
1BA00000
|
heap
|
page read and write
|
||
|
1B8FE000
|
stack
|
page read and write
|
||
|
2C03000
|
heap
|
page read and write
|
||
|
7FFB4AE20000
|
trusted library allocation
|
page execute and read and write
|
||
|
278E000
|
stack
|
page read and write
|
||
|
7FFB4ADB6000
|
trusted library allocation
|
page read and write
|
||
|
281C000
|
trusted library allocation
|
page read and write
|
||
|
1BD12000
|
heap
|
page read and write
|
||
|
2AAF000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEC3000
|
trusted library allocation
|
page read and write
|
||
|
AB1000
|
heap
|
page read and write
|
||
|
7FFB4AE31000
|
trusted library allocation
|
page execute and read and write
|
||
|
6660000
|
heap
|
page read and write
|
||
|
EE3000
|
unkown
|
page readonly
|
||
|
B60000
|
heap
|
page read and write
|
||
|
AE7000
|
stack
|
page read and write
|
||
|
2BFD000
|
heap
|
page read and write
|
||
|
7FFB4AD17000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
7FFB4AEB0000
|
trusted library allocation
|
page read and write
|
||
|
2F89000
|
heap
|
page read and write
|
||
|
7FFB4AD4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C54000
|
heap
|
page read and write
|
||
|
2BB8000
|
heap
|
page read and write
|
||
|
9E5000
|
heap
|
page read and write
|
||
|
980000
|
trusted library allocation
|
page read and write
|
||
|
2C32000
|
heap
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
D2E000
|
stack
|
page read and write
|
||
|
A86000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
7FFB4ADDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
D98000
|
heap
|
page read and write
|
||
|
1034000
|
heap
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
4BAA000
|
trusted library allocation
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
292A000
|
trusted library allocation
|
page read and write
|
||
|
1BC09000
|
heap
|
page read and write
|
||
|
2950000
|
heap
|
page execute and read and write
|
||
|
2B8C000
|
trusted library allocation
|
page read and write
|
||
|
DFA000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
7FFB4AD00000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF00000
|
trusted library allocation
|
page read and write
|
||
|
1BC70000
|
heap
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
12968000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4ADBC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AEC0000
|
trusted library allocation
|
page read and write
|
||
|
502E000
|
stack
|
page read and write
|
||
|
9DB000
|
heap
|
page read and write
|
||
|
E7E000
|
stack
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
DE0000
|
trusted library allocation
|
page read and write
|
||
|
1B84E000
|
stack
|
page read and write
|
||
|
1B90A000
|
heap
|
page read and write
|
||
|
AF1000
|
stack
|
page read and write
|
||
|
D38000
|
heap
|
page read and write
|
||
|
EB3000
|
unkown
|
page readonly
|
||
|
2BF6000
|
trusted library allocation
|
page read and write
|
||
|
1BB71000
|
heap
|
page read and write
|
||
|
4C34000
|
heap
|
page read and write
|
||
|
51FD000
|
stack
|
page read and write
|
||
|
AF9000
|
stack
|
page read and write
|
||
|
52FF000
|
stack
|
page read and write
|
||
|
7FF417BE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
D6E000
|
heap
|
page read and write
|
||
|
486E000
|
stack
|
page read and write
|
||
|
EE2000
|
unkown
|
page write copy
|
||
|
AC3000
|
heap
|
page read and write
|
||
|
1BBC4000
|
heap
|
page read and write
|
||
|
2BD7000
|
heap
|
page read and write
|
||
|
EBE000
|
unkown
|
page read and write
|
||
|
1BBEF000
|
heap
|
page read and write
|
||
|
7FFB4AEE0000
|
trusted library allocation
|
page read and write
|
||
|
AC6000
|
stack
|
page read and write
|
||
|
512E000
|
stack
|
page read and write
|
||
|
1C55E000
|
stack
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
2BE1000
|
heap
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
5F0000
|
unkown
|
page readonly
|
||
|
1AEEC000
|
stack
|
page read and write
|
||
|
7FFB4AEA0000
|
trusted library allocation
|
page read and write
|
||
|
1B9E5000
|
heap
|
page read and write
|
||
|
6C2000
|
unkown
|
page readonly
|
||
|
1BDAC000
|
heap
|
page read and write
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
1BC5B000
|
heap
|
page read and write
|
||
|
2C18000
|
heap
|
page read and write
|
||
|
1B962000
|
heap
|
page read and write
|
||
|
2C51000
|
heap
|
page read and write
|
||
|
7FFB4AD23000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B2F0000
|
heap
|
page execute and read and write
|
||
|
7FFB4AD17000
|
trusted library allocation
|
page read and write
|
||
|
2BF5000
|
heap
|
page read and write
|
||
|
D78000
|
heap
|
page read and write
|
||
|
1AD4D000
|
stack
|
page read and write
|
||
|
7FFB4AEE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AECB000
|
trusted library allocation
|
page read and write
|
||
|
2D3C000
|
trusted library allocation
|
page read and write
|
||
|
580B000
|
stack
|
page read and write
|
||
|
EE1000
|
unkown
|
page read and write
|
||
|
7FFB4AD24000
|
trusted library allocation
|
page read and write
|
||
|
2C38000
|
heap
|
page read and write
|
||
|
7FFB4ADE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B9B6000
|
heap
|
page read and write
|
||
|
2BEE000
|
heap
|
page read and write
|
||
|
568F000
|
stack
|
page read and write
|
||
|
7FFB4AEAC000
|
trusted library allocation
|
page read and write
|
||
|
AE9000
|
stack
|
page read and write
|
||
|
2BF3000
|
heap
|
page read and write
|
||
|
2BF4000
|
heap
|
page read and write
|
||
|
53AC000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
D50000
|
heap
|
page execute and read and write
|
||
|
7FFB4AEA3000
|
trusted library allocation
|
page read and write
|
||
|
2C02000
|
heap
|
page read and write
|
||
|
C8F000
|
stack
|
page read and write
|
||
|
2BFD000
|
heap
|
page read and write
|
||
|
1B64A000
|
stack
|
page read and write
|
||
|
1AE5D000
|
stack
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page readonly
|
||
|
26AB000
|
stack
|
page read and write
|
||
|
277F000
|
stack
|
page read and write
|
||
|
4C00000
|
heap
|
page read and write
|
||
|
7FFB4AD33000
|
trusted library allocation
|
page read and write
|
||
|
29A2000
|
trusted library allocation
|
page read and write
|
||
|
D59000
|
heap
|
page read and write
|
||
|
AD0000
|
stack
|
page read and write
|
||
|
7FFB4ADE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BC9F000
|
heap
|
page read and write
|
||
|
AF1000
|
heap
|
page read and write
|
||
|
7FFB4ADB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AD13000
|
trusted library allocation
|
page read and write
|
||
|
4900000
|
heap
|
page read and write
|
||
|
AED000
|
heap
|
page read and write
|
||
|
2AAE000
|
stack
|
page read and write
|
||
|
7FFB4AE27000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BFC000
|
heap
|
page read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
7FFB4AEAE000
|
trusted library allocation
|
page read and write
|
||
|
29CB000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AD7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BAEC000
|
heap
|
page read and write
|
||
|
2BFE000
|
heap
|
page read and write
|
||
|
950000
|
trusted library allocation
|
page read and write
|
||
|
1BC1E000
|
heap
|
page read and write
|
||
|
1BB4A000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
6662000
|
heap
|
page read and write
|
||
|
1B340000
|
heap
|
page execute and read and write
|
||
|
786000
|
stack
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
2C38000
|
heap
|
page read and write
|
||
|
6662000
|
heap
|
page read and write
|
||
|
1296D000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AD20000
|
trusted library allocation
|
page read and write
|
||
|
29B5000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
2C21000
|
heap
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
7FFB4AD03000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD0D000
|
heap
|
page read and write
|
||
|
DDF000
|
stack
|
page read and write
|
||
|
1A7F0000
|
trusted library allocation
|
page read and write
|
||
|
1BCBE000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
7FFB4AD20000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEF0000
|
trusted library allocation
|
page read and write
|
||
|
930000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AD5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AD40000
|
trusted library allocation
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
D23000
|
heap
|
page read and write
|
||
|
7FFB4AE20000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C38000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
2BF3000
|
heap
|
page read and write
|
||
|
1BD31000
|
heap
|
page read and write
|
||
|
2C02000
|
heap
|
page read and write
|
||
|
1BA7C000
|
heap
|
page read and write
|
||
|
D33000
|
heap
|
page read and write
|
||
|
1B743000
|
stack
|
page read and write
|
||
|
1BBD7000
|
heap
|
page read and write
|
||
|
EEE000
|
stack
|
page read and write
|
||
|
7D6000
|
stack
|
page read and write
|
||
|
1B26E000
|
stack
|
page read and write
|
||
|
2C51000
|
heap
|
page read and write
|
||
|
7FFB4AEE1000
|
trusted library allocation
|
page read and write
|
||
|
2BF3000
|
heap
|
page read and write
|
||
|
2C05000
|
heap
|
page read and write
|
||
|
1BA20000
|
heap
|
page read and write
|
||
|
7FFB4AD1C000
|
trusted library allocation
|
page read and write
|
||
|
EBE000
|
unkown
|
page write copy
|
||
|
12971000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AD2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C1E000
|
heap
|
page read and write
|
||
|
1B950000
|
heap
|
page read and write
|
||
|
2DC3000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEC7000
|
trusted library allocation
|
page read and write
|
||
|
1B26F000
|
stack
|
page read and write
|
||
|
D5F000
|
heap
|
page read and write
|
||
|
7FFB4AD0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
516E000
|
stack
|
page read and write
|
||
|
1BB21000
|
heap
|
page read and write
|
||
|
7FFB4AD2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
2C32000
|
heap
|
page read and write
|
||
|
2EAE000
|
stack
|
page read and write
|
||
|
D61000
|
heap
|
page read and write
|
||
|
1BD97000
|
heap
|
page read and write
|
||
|
E81000
|
unkown
|
page execute read
|
||
|
7FFB4AED0000
|
trusted library allocation
|
page read and write
|
||
|
C2E000
|
stack
|
page read and write
|
||
|
7FFB4AD1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B9CB000
|
heap
|
page read and write
|
||
|
6E70000
|
heap
|
page read and write
|
||
|
1BA19000
|
heap
|
page read and write
|
||
|
D65000
|
heap
|
page read and write
|
||
|
1BB11000
|
heap
|
page read and write
|
||
|
1B94E000
|
stack
|
page read and write
|
||
|
D66000
|
heap
|
page read and write
|
||
|
D69000
|
heap
|
page read and write
|
||
|
D69000
|
heap
|
page read and write
|
||
|
1B930000
|
heap
|
page read and write
|
||
|
526F000
|
stack
|
page read and write
|
||
|
1B36E000
|
stack
|
page read and write
|
||
|
5F0000
|
unkown
|
page readonly
|
||
|
1BDFD000
|
heap
|
page read and write
|
||
|
EC4000
|
unkown
|
page read and write
|
||
|
7FFB4AE06000
|
trusted library allocation
|
page execute and read and write
|
||
|
D7F000
|
heap
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
2BF3000
|
heap
|
page read and write
|
||
|
D93000
|
heap
|
page read and write
|
||
|
D55000
|
heap
|
page read and write
|
||
|
27AB000
|
stack
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
48AE000
|
stack
|
page read and write
|
||
|
128D3000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AD4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
9C8000
|
heap
|
page read and write
|
||
|
1BA75000
|
heap
|
page read and write
|
||
|
1B563000
|
stack
|
page read and write
|
||
|
31AB000
|
heap
|
page read and write
|
||
|
127C3000
|
trusted library allocation
|
page read and write
|
||
|
2930000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEDB000
|
trusted library allocation
|
page read and write
|
||
|
6BE000
|
unkown
|
page readonly
|
||
|
A40000
|
heap
|
page read and write
|
||
|
1BD7C000
|
heap
|
page read and write
|
||
|
6F71000
|
heap
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
2C32000
|
heap
|
page read and write
|
||
|
5F2000
|
unkown
|
page readonly
|
||
|
7FFB4ADD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AED0000
|
trusted library allocation
|
page read and write
|
||
|
2B75000
|
trusted library allocation
|
page read and write
|
||
|
127C8000
|
trusted library allocation
|
page read and write
|
||
|
D59000
|
heap
|
page read and write
|
||
|
1A990000
|
trusted library allocation
|
page read and write
|
||
|
53E0000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
1BDD7000
|
heap
|
page read and write
|
||
|
D75000
|
heap
|
page read and write
|
||
|
1BCE6000
|
heap
|
page read and write
|
||
|
7FFB4ADB0000
|
trusted library allocation
|
page read and write
|
||
|
299C000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AD2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
EB3000
|
unkown
|
page readonly
|
||
|
28C0000
|
heap
|
page execute and read and write
|
||
|
2C0F000
|
heap
|
page read and write
|
||
|
2BFA000
|
heap
|
page read and write
|
||
|
7FFB4ADC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BBCD000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
52AC000
|
stack
|
page read and write
|
||
|
D98000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
9EE000
|
heap
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
7FFB4AEF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
1BBBC000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
7FFB4AD44000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AECC000
|
trusted library allocation
|
page read and write
|
||
|
1BABC000
|
heap
|
page read and write
|
||
|
2C51000
|
heap
|
page read and write
|
||
|
1BDD1000
|
heap
|
page read and write
|
||
|
1B964000
|
heap
|
page read and write
|
||
|
127CD000
|
trusted library allocation
|
page read and write
|
||
|
1B7F3000
|
stack
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
1B66E000
|
stack
|
page read and write
|
||
|
D5F000
|
heap
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEAC000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEAA000
|
trusted library allocation
|
page read and write
|
||
|
2BFF000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
D69000
|
heap
|
page read and write
|
||
|
1B44F000
|
stack
|
page read and write
|
||
|
1BA50000
|
heap
|
page read and write
|
||
|
7FFB4ADB6000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEE3000
|
trusted library allocation
|
page read and write
|
||
|
1B3FF000
|
stack
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
CFD000
|
heap
|
page read and write
|
||
|
2CE3000
|
trusted library allocation
|
page read and write
|
||
|
9FC000
|
heap
|
page read and write
|
||
|
B22000
|
heap
|
page read and write
|
||
|
2C11000
|
heap
|
page read and write
|
||
|
2DA5000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AD00000
|
trusted library allocation
|
page read and write
|
||
|
1B9D1000
|
heap
|
page read and write
|
||
|
2C0D000
|
heap
|
page read and write
|
||
|
1BDC0000
|
heap
|
page read and write
|
||
|
7FFB4ADC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BD5000
|
trusted library allocation
|
page read and write
|
||
|
1BA54000
|
heap
|
page read and write
|
||
|
2C16000
|
trusted library allocation
|
page read and write
|
||
|
2C48000
|
trusted library allocation
|
page read and write
|
||
|
ABC000
|
stack
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
A27000
|
heap
|
page read and write
|
||
|
2BD7000
|
heap
|
page read and write
|
||
|
4BE0000
|
heap
|
page read and write
|
||
|
ED5000
|
heap
|
page read and write
|
||
|
1BA90000
|
heap
|
page read and write
|
||
|
7FFB4AD03000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
2C98000
|
trusted library allocation
|
page read and write
|
||
|
1BB38000
|
heap
|
page read and write
|
||
|
2C15000
|
heap
|
page read and write
|
||
|
1BD63000
|
heap
|
page read and write
|
||
|
D69000
|
heap
|
page read and write
|
||
|
EE2000
|
unkown
|
page readonly
|
||
|
7FFB4ADD6000
|
trusted library allocation
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
7FFB4AF00000
|
trusted library allocation
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
12961000
|
trusted library allocation
|
page read and write
|
||
|
128D8000
|
trusted library allocation
|
page read and write
|
||
|
BD5000
|
heap
|
page read and write
|
||
|
2C04000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
7FFB4AECA000
|
trusted library allocation
|
page read and write
|
||
|
50BE000
|
stack
|
page read and write
|
||
|
D1E000
|
heap
|
page read and write
|
||
|
1B900000
|
heap
|
page read and write
|
||
|
57CF000
|
stack
|
page read and write
|
||
|
1BDCD000
|
heap
|
page read and write
|
||
|
E80000
|
unkown
|
page readonly
|
||
|
56CE000
|
stack
|
page read and write
|
||
|
48C0000
|
heap
|
page read and write
|
||
|
7FFB4AD24000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
1BAB1000
|
heap
|
page read and write
|
||
|
7FFB4AD06000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
7FFB4AD2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A7D000
|
trusted library allocation
|
page read and write
|
||
|
A29000
|
heap
|
page read and write
|
||
|
1B978000
|
heap
|
page read and write
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEE4000
|
trusted library allocation
|
page read and write
|
||
|
1B4FE000
|
stack
|
page read and write
|
||
|
D11000
|
heap
|
page read and write
|
||
|
29A6000
|
trusted library allocation
|
page read and write
|
||
|
2C1E000
|
heap
|
page read and write
|
||
|
2BF8000
|
heap
|
page read and write
|
||
|
AF6000
|
stack
|
page read and write
|
||
|
7FFB4AEB0000
|
trusted library allocation
|
page read and write
|
||
|
DFA000
|
heap
|
page read and write
|
||
|
28E0000
|
trusted library allocation
|
page read and write
|
||
|
1B54E000
|
stack
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
2C78000
|
trusted library allocation
|
page read and write
|
||
|
D35000
|
heap
|
page read and write
|
||
|
2BFD000
|
heap
|
page read and write
|
||
|
558E000
|
stack
|
page read and write
|
||
|
7FFB4AD3C000
|
trusted library allocation
|
page read and write
|
||
|
4E3F000
|
stack
|
page read and write
|
||
|
7FFB4AD04000
|
trusted library allocation
|
page read and write
|
||
|
1B160000
|
heap
|
page execute and read and write
|
||
|
1BD02000
|
heap
|
page read and write
|
||
|
4F3F000
|
stack
|
page read and write
|
||
|
1BDEC000
|
heap
|
page read and write
|
||
|
DFA000
|
heap
|
page read and write
|
||
|
6F7A000
|
heap
|
page read and write
|
||
|
7FFB4AEB6000
|
trusted library allocation
|
page read and write
|
||
|
1BD0A000
|
heap
|
page read and write
|
||
|
AD6000
|
stack
|
page read and write
|
||
|
2C51000
|
heap
|
page read and write
|
||
|
1B92D000
|
heap
|
page read and write
|
||
|
CD5000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
7FFB4AD13000
|
trusted library allocation
|
page read and write
|
||
|
1B998000
|
heap
|
page read and write
|
||
|
D7F000
|
heap
|
page read and write
|
||
|
2C0D000
|
heap
|
page read and write
|
||
|
1B932000
|
heap
|
page read and write
|
||
|
51BE000
|
stack
|
page read and write
|
||
|
2BD1000
|
heap
|
page read and write
|
||
|
7FFB4AD24000
|
trusted library allocation
|
page read and write
|
||
|
1BC98000
|
heap
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
1BBF2000
|
heap
|
page read and write
|
||
|
2B12000
|
trusted library allocation
|
page read and write
|
||
|
2C1F000
|
heap
|
page read and write
|
||
|
7FFB4AE2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
E80000
|
unkown
|
page readonly
|
||
|
7FFB4AD02000
|
trusted library allocation
|
page read and write
|
||
|
4C30000
|
heap
|
page read and write
|
||
|
5310000
|
heap
|
page read and write
|
||
|
2E17000
|
trusted library allocation
|
page read and write
|
||
|
CE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AED0000
|
trusted library allocation
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
1B46E000
|
stack
|
page read and write
|
||
|
1B5FE000
|
stack
|
page read and write
|
||
|
6F76000
|
heap
|
page read and write
|
||
|
B15000
|
heap
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
1BD83000
|
heap
|
page read and write
|
||
|
D7F000
|
heap
|
page read and write
|
||
|
2C01000
|
heap
|
page read and write
|
||
|
2BA3000
|
trusted library allocation
|
page read and write
|
||
|
8F6000
|
stack
|
page read and write
|
||
|
7FFB4AD1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AD0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C02000
|
heap
|
page read and write
|
||
|
590C000
|
stack
|
page read and write
|
||
|
7FFB4AD04000
|
trusted library allocation
|
page read and write
|
||
|
1C45E000
|
stack
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
1BCFF000
|
heap
|
page read and write
|
||
|
FEE000
|
stack
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
DFA000
|
heap
|
page read and write
|
||
|
2BEF000
|
heap
|
page read and write
|
||
|
4B91000
|
trusted library allocation
|
page read and write
|
||
|
31A7000
|
heap
|
page read and write
|
||
|
1A900000
|
trusted library allocation
|
page read and write
|
||
|
2C38000
|
heap
|
page read and write
|
||
|
7FFB4AEC0000
|
trusted library allocation
|
page read and write
|
||
|
288F000
|
trusted library allocation
|
page read and write
|
||
|
D98000
|
heap
|
page read and write
|
||
|
6670000
|
trusted library allocation
|
page read and write
|
||
|
1BA3A000
|
heap
|
page read and write
|
||
|
7F0000
|
trusted library allocation
|
page read and write
|
||
|
1BBA0000
|
heap
|
page read and write
|
||
|
1B86E000
|
stack
|
page read and write
|
||
|
7FFB4AD20000
|
trusted library allocation
|
page read and write
|
||
|
DBB000
|
heap
|
page read and write
|
||
|
1BC69000
|
heap
|
page read and write
|
||
|
7FFB4AEC3000
|
trusted library allocation
|
page read and write
|
||
|
1B76E000
|
stack
|
page read and write
|
||
|
7FFB4AD5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
5300000
|
heap
|
page read and write
|
||
|
6F7A000
|
heap
|
page read and write
|
||
|
D6D000
|
heap
|
page read and write
|
||
|
2C32000
|
heap
|
page read and write
|
||
|
7FFB4AEC3000
|
trusted library allocation
|
page read and write
|
There are 510 hidden memdumps, click here to show them.