Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
5U9CuGu1ru.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Windows Multimedia Platform\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows Portable Devices\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Google\Chrome\Application\SetupMetrics\sihost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Defender Advanced Threat Protection\Memory Compression.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Mail\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows NT\TableTextService\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\ShellExperienceHost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\Documents\WmiPrvSE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Desktop\spoolsv.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Intodhcp\containerdll.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Intodhcp\k6u1xEDPWjfrPQve79LV.vbe
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\kVQjSoqMfO.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Windows\Downloaded Program Files\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Logs\SettingSync\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\Crashpad\reports\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows Multimedia Platform\b7ad5a7a0bb6c8
|
ASCII text, with very long lines (335), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows Portable Devices\b7ad5a7a0bb6c8
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\Google\Chrome\Application\SetupMetrics\66fc9ff0ee96c2
|
ASCII text, with very long lines (659), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Defender Advanced Threat Protection\1a5d5b8dcee3d8
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Mail\b7ad5a7a0bb6c8
|
ASCII text, with very long lines (864), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows NT\TableTextService\b7ad5a7a0bb6c8
|
ASCII text, with very long lines (784), with no line terminators
|
dropped
|
||
|
C:\Recovery\9e8d7a4ca61bd9
|
ASCII text, with very long lines (539), with no line terminators
|
dropped
|
||
|
C:\Recovery\b7ad5a7a0bb6c8
|
ASCII text, with very long lines (332), with no line terminators
|
dropped
|
||
|
C:\Recovery\f8c8f1285d826b
|
ASCII text, with very long lines (722), with no line terminators
|
dropped
|
||
|
C:\Users\Default\Documents\24dbde2999530e
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\Public\Desktop\f3b6ecef712a24
|
ASCII text, with very long lines (657), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\containerdll.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\spoolsv.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Intodhcp\file.vbs
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Intodhcp\zSeea0nqF8D7gTEAJAxS8lBZw.bat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\kUv3Ev2rOr
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Downloaded Program Files\b7ad5a7a0bb6c8
|
ASCII text, with very long lines (825), with no line terminators
|
dropped
|
||
|
C:\Windows\Logs\SettingSync\b7ad5a7a0bb6c8
|
ASCII text, with very long lines (561), with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\Crashpad\reports\b7ad5a7a0bb6c8
|
ASCII text, with very long lines (490), with no line terminators
|
dropped
|
There are 28 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\5U9CuGu1ru.exe
|
"C:\Users\user\Desktop\5U9CuGu1ru.exe"
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\Intodhcp\k6u1xEDPWjfrPQve79LV.vbe"
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\Intodhcp\file.vbs"
|
|
|
|
C:\Users\user\AppData\Local\Temp\Intodhcp\containerdll.exe
|
"C:\Users\user\AppData\Local\Temp\Intodhcp\containerdll.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WHqeodkmYpJedFVKZpNEincEtJvAcDW" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\windows multimedia
platform\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WHqeodkmYpJedFVKZpNEincEtJvAcD" /sc ONLOGON /tr "'C:\Program Files (x86)\windows multimedia platform\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WHqeodkmYpJedFVKZpNEincEtJvAcDW" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\windows multimedia
platform\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 6 /tr "'C:\Users\Public\Desktop\spoolsv.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Users\Public\Desktop\spoolsv.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 5 /tr "'C:\Users\Public\Desktop\spoolsv.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WHqeodkmYpJedFVKZpNEincEtJvAcDW" /sc MINUTE /mo 5 /tr "'C:\Recovery\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WHqeodkmYpJedFVKZpNEincEtJvAcD" /sc ONLOGON /tr "'C:\Recovery\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WHqeodkmYpJedFVKZpNEincEtJvAcDW" /sc MINUTE /mo 10 /tr "'C:\Recovery\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "Memory CompressionM" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows Defender Advanced Threat Protection\Memory
Compression.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "Memory Compression" /sc ONLOGON /tr "'C:\Program Files\Windows Defender Advanced Threat Protection\Memory
Compression.exe'" /rl HIGHEST /f
|
|
|
|
C:\Users\Public\Desktop\spoolsv.exe
|
C:\Users\Public\Desktop\spoolsv.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "Memory CompressionM" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Defender Advanced Threat Protection\Memory
Compression.exe'" /rl HIGHEST /f
|
|
|
|
C:\Users\Public\Desktop\spoolsv.exe
|
C:\Users\Public\Desktop\spoolsv.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "ShellExperienceHostS" /sc MINUTE /mo 8 /tr "'C:\Recovery\ShellExperienceHost.exe'" /f
|
|
|
|
C:\Recovery\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe
|
C:\Recovery\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "ShellExperienceHost" /sc ONLOGON /tr "'C:\Recovery\ShellExperienceHost.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "ShellExperienceHostS" /sc MINUTE /mo 13 /tr "'C:\Recovery\ShellExperienceHost.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Recovery\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe
|
C:\Recovery\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WHqeodkmYpJedFVKZpNEincEtJvAcDW" /sc MINUTE /mo 6 /tr "'C:\Windows\Downloaded Program Files\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WHqeodkmYpJedFVKZpNEincEtJvAcD" /sc ONLOGON /tr "'C:\Windows\Downloaded Program Files\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WHqeodkmYpJedFVKZpNEincEtJvAcDW" /sc MINUTE /mo 11 /tr "'C:\Windows\Downloaded Program Files\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WHqeodkmYpJedFVKZpNEincEtJvAcDW" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\windows portable
devices\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WHqeodkmYpJedFVKZpNEincEtJvAcD" /sc ONLOGON /tr "'C:\Program Files (x86)\windows portable devices\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WHqeodkmYpJedFVKZpNEincEtJvAcDW" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\windows portable
devices\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\Documents\WmiPrvSE.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Users\Default User\Documents\WmiPrvSE.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\Documents\WmiPrvSE.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 5 /tr "'C:\Recovery\RuntimeBroker.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Recovery\RuntimeBroker.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\Recovery\RuntimeBroker.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WHqeodkmYpJedFVKZpNEincEtJvAcDW" /sc MINUTE /mo 9 /tr "'C:\Windows\Logs\SettingSync\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WHqeodkmYpJedFVKZpNEincEtJvAcD" /sc ONLOGON /tr "'C:\Windows\Logs\SettingSync\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WHqeodkmYpJedFVKZpNEincEtJvAcDW" /sc MINUTE /mo 13 /tr "'C:\Windows\Logs\SettingSync\WHqeodkmYpJedFVKZpNEincEtJvAcD.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Intodhcp\zSeea0nqF8D7gTEAJAxS8lBZw.bat" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 30 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
WHqeodkmYpJedFVKZpNEincEtJvAcD
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
WHqeodkmYpJedFVKZpNEincEtJvAcD
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
spoolsv
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Memory Compression
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
ShellExperienceHost
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
ShellExperienceHost
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
WmiPrvSE
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
WmiPrvSE
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RuntimeBroker
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RuntimeBroker
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
sihost
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
sihost
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
WHqeodkmYpJedFVKZpNEincEtJvAcD
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
WHqeodkmYpJedFVKZpNEincEtJvAcD
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
WHqeodkmYpJedFVKZpNEincEtJvAcD
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
WHqeodkmYpJedFVKZpNEincEtJvAcD
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
WHqeodkmYpJedFVKZpNEincEtJvAcD
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
WHqeodkmYpJedFVKZpNEincEtJvAcD
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
WHqeodkmYpJedFVKZpNEincEtJvAcD
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
WHqeodkmYpJedFVKZpNEincEtJvAcD
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
WHqeodkmYpJedFVKZpNEincEtJvAcD
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
WHqeodkmYpJedFVKZpNEincEtJvAcD
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Shell
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\c293fae7f52249afa53696cd8851f1f51c82dc9b
|
5f54f6130dcea261e85fc7bc178403ce2ce953d4
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.ApplicationCompany
|
There are 32 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2701000
|
trusted library allocation
|
page read and write
|
|
|
|
26D1000
|
trusted library allocation
|
page read and write
|
|
|
|
27D1000
|
trusted library allocation
|
page read and write
|
|
|
|
27D9000
|
trusted library allocation
|
page read and write
|
|
|
|
126DF000
|
trusted library allocation
|
page read and write
|
|
|
|
2B11000
|
trusted library allocation
|
page read and write
|
|
|
|
3451000
|
trusted library allocation
|
page read and write
|
|
|
|
7FF848FBC000
|
trusted library allocation
|
page read and write
|
||
|
2EB4000
|
heap
|
page read and write
|
||
|
2AB3000
|
trusted library allocation
|
page read and write
|
||
|
2840000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E16000
|
trusted library allocation
|
page read and write
|
||
|
2EA2000
|
heap
|
page read and write
|
||
|
7FF848E17000
|
trusted library allocation
|
page read and write
|
||
|
293A000
|
trusted library allocation
|
page read and write
|
||
|
1B798000
|
heap
|
page read and write
|
||
|
2E9F000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC3000
|
trusted library allocation
|
page read and write
|
||
|
282A000
|
trusted library allocation
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
7FF848F36000
|
trusted library allocation
|
page execute and read and write
|
||
|
294B000
|
stack
|
page read and write
|
||
|
1568000
|
heap
|
page read and write
|
||
|
1B64E000
|
stack
|
page read and write
|
||
|
1B614000
|
heap
|
page read and write
|
||
|
1B5E0000
|
heap
|
page read and write
|
||
|
1AC8D000
|
stack
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
D5F000
|
stack
|
page read and write
|
||
|
C6E000
|
stack
|
page read and write
|
||
|
282E000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
7FF848FBE000
|
trusted library allocation
|
page read and write
|
||
|
1B590000
|
heap
|
page read and write
|
||
|
1B9E2000
|
heap
|
page read and write
|
||
|
13461000
|
trusted library allocation
|
page read and write
|
||
|
940000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FF4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD3000
|
trusted library allocation
|
page read and write
|
||
|
2F08000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
33E9000
|
heap
|
page read and write
|
||
|
33F1000
|
heap
|
page read and write
|
||
|
E34000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
1B6F8000
|
heap
|
page read and write
|
||
|
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
28EB000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
345E000
|
heap
|
page read and write
|
||
|
1B38F000
|
stack
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
1B7C5000
|
heap
|
page read and write
|
||
|
503F000
|
stack
|
page read and write
|
||
|
157E000
|
heap
|
page read and write
|
||
|
1B6C5000
|
heap
|
page read and write
|
||
|
2AD9000
|
heap
|
page read and write
|
||
|
2838000
|
trusted library allocation
|
page read and write
|
||
|
B44000
|
heap
|
page read and write
|
||
|
2E99000
|
heap
|
page read and write
|
||
|
155B000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
2E93000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
558A000
|
heap
|
page read and write
|
||
|
543E000
|
stack
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
F6F000
|
stack
|
page read and write
|
||
|
247E000
|
stack
|
page read and write
|
||
|
B30000
|
trusted library section
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
3470000
|
heap
|
page read and write
|
||
|
28D5000
|
heap
|
page read and write
|
||
|
2826000
|
trusted library allocation
|
page read and write
|
||
|
83E000
|
unkown
|
page write copy
|
||
|
12ABA000
|
trusted library allocation
|
page read and write
|
||
|
283E000
|
trusted library allocation
|
page read and write
|
||
|
51A0000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
2908000
|
trusted library allocation
|
page read and write
|
||
|
1358F000
|
trusted library allocation
|
page read and write
|
||
|
1B140000
|
heap
|
page execute and read and write
|
||
|
D7C000
|
heap
|
page read and write
|
||
|
6D5A000
|
heap
|
page read and write
|
||
|
130DF000
|
trusted library allocation
|
page read and write
|
||
|
12C1F000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B543000
|
stack
|
page read and write
|
||
|
1B58D000
|
stack
|
page read and write
|
||
|
8F6000
|
stack
|
page read and write
|
||
|
3A9000
|
stack
|
page read and write
|
||
|
2B01000
|
trusted library allocation
|
page read and write
|
||
|
131DD000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
27B4000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
12C45000
|
trusted library allocation
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
127DD000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
1B8CD000
|
stack
|
page read and write
|
||
|
1B751000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
2AB1000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
7FF848ECC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2882000
|
trusted library allocation
|
page read and write
|
||
|
571E000
|
stack
|
page read and write
|
||
|
1875000
|
heap
|
page read and write
|
||
|
1B604000
|
heap
|
page read and write
|
||
|
12807000
|
trusted library allocation
|
page read and write
|
||
|
2EB8000
|
heap
|
page read and write
|
||
|
49DE000
|
stack
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
7560000
|
heap
|
page read and write
|
||
|
12B13000
|
trusted library allocation
|
page read and write
|
||
|
33DF000
|
heap
|
page read and write
|
||
|
1B4DF000
|
stack
|
page read and write
|
||
|
1B48F000
|
stack
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
2F08000
|
heap
|
page read and write
|
||
|
7FF848FF1000
|
trusted library allocation
|
page read and write
|
||
|
284000
|
unkown
|
page readonly
|
||
|
12C52000
|
trusted library allocation
|
page read and write
|
||
|
13597000
|
trusted library allocation
|
page read and write
|
||
|
1B78E000
|
heap
|
page read and write
|
||
|
2809000
|
trusted library allocation
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
4F3E000
|
stack
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
13451000
|
trusted library allocation
|
page read and write
|
||
|
1B9F6000
|
heap
|
page read and write
|
||
|
293E000
|
trusted library allocation
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
2480000
|
trusted library section
|
page read and write
|
||
|
1BA63000
|
heap
|
page read and write
|
||
|
378B000
|
heap
|
page read and write
|
||
|
766E000
|
heap
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
2E93000
|
heap
|
page read and write
|
||
|
331E000
|
stack
|
page read and write
|
||
|
9DC000
|
heap
|
page read and write
|
||
|
1B7B8000
|
heap
|
page read and write
|
||
|
2EE4000
|
heap
|
page read and write
|
||
|
2EE4000
|
heap
|
page read and write
|
||
|
2904000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
2EBE000
|
heap
|
page read and write
|
||
|
2844000
|
trusted library allocation
|
page read and write
|
||
|
1B5FA000
|
heap
|
page read and write
|
||
|
2EDD000
|
heap
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
1135000
|
heap
|
page read and write
|
||
|
1C3CE000
|
stack
|
page read and write
|
||
|
27C1000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
128E4000
|
trusted library allocation
|
page read and write
|
||
|
801000
|
unkown
|
page execute read
|
||
|
29DE000
|
stack
|
page read and write
|
||
|
1970000
|
heap
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3472000
|
heap
|
page read and write
|
||
|
28ED000
|
trusted library allocation
|
page read and write
|
||
|
2CFB000
|
stack
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD3000
|
trusted library allocation
|
page read and write
|
||
|
2AF5000
|
heap
|
page read and write
|
||
|
7FF848E07000
|
trusted library allocation
|
page read and write
|
||
|
862000
|
unkown
|
page write copy
|
||
|
1BA69000
|
heap
|
page read and write
|
||
|
127D8000
|
trusted library allocation
|
page read and write
|
||
|
13587000
|
trusted library allocation
|
page read and write
|
||
|
9DF000
|
heap
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
1B18F000
|
stack
|
page read and write
|
||
|
2E9E000
|
heap
|
page read and write
|
||
|
30F2000
|
stack
|
page read and write
|
||
|
5F0000
|
trusted library allocation
|
page read and write
|
||
|
DB2000
|
heap
|
page read and write
|
||
|
347C000
|
heap
|
page read and write
|
||
|
1BA9F000
|
stack
|
page read and write
|
||
|
7FF848F36000
|
trusted library allocation
|
page execute and read and write
|
||
|
DDB000
|
heap
|
page read and write
|
||
|
2A55000
|
trusted library allocation
|
page read and write
|
||
|
1B679000
|
heap
|
page read and write
|
||
|
2834000
|
trusted library allocation
|
page read and write
|
||
|
508E000
|
stack
|
page read and write
|
||
|
10F0000
|
trusted library allocation
|
page read and write
|
||
|
30E3000
|
stack
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
32A5000
|
heap
|
page read and write
|
||
|
12C8E000
|
trusted library allocation
|
page read and write
|
||
|
33EA000
|
heap
|
page read and write
|
||
|
3472000
|
heap
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
861000
|
unkown
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
557E000
|
stack
|
page read and write
|
||
|
7FF84900D000
|
trusted library allocation
|
page read and write
|
||
|
13575000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
1B09D000
|
stack
|
page read and write
|
||
|
12711000
|
trusted library allocation
|
page read and write
|
||
|
800000
|
unkown
|
page readonly
|
||
|
2AA8000
|
heap
|
page read and write
|
||
|
1880000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
3329000
|
heap
|
page read and write
|
||
|
1B0CF000
|
stack
|
page read and write
|
||
|
52000
|
unkown
|
page readonly
|
||
|
2B0E000
|
stack
|
page read and write
|
||
|
1B78F000
|
stack
|
page read and write
|
||
|
2850000
|
trusted library allocation
|
page read and write
|
||
|
4ADF000
|
stack
|
page read and write
|
||
|
12810000
|
trusted library allocation
|
page read and write
|
||
|
2E98000
|
heap
|
page read and write
|
||
|
28F1000
|
trusted library allocation
|
page read and write
|
||
|
2832000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E34000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
29BC000
|
trusted library allocation
|
page read and write
|
||
|
3440000
|
heap
|
page execute and read and write
|
||
|
7FF848E27000
|
trusted library allocation
|
page read and write
|
||
|
2EA4000
|
heap
|
page read and write
|
||
|
18B0000
|
trusted library allocation
|
page read and write
|
||
|
1BA5F000
|
heap
|
page read and write
|
||
|
293C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B99E000
|
stack
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B6E3000
|
heap
|
page read and write
|
||
|
795C000
|
stack
|
page read and write
|
||
|
4A80000
|
heap
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
1B480000
|
trusted library allocation
|
page read and write
|
||
|
33D9000
|
heap
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
33E9000
|
heap
|
page read and write
|
||
|
581F000
|
stack
|
page read and write
|
||
|
12701000
|
trusted library allocation
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
7FF848FF4000
|
trusted library allocation
|
page read and write
|
||
|
254A000
|
stack
|
page read and write
|
||
|
970000
|
heap
|
page execute and read and write
|
||
|
D76000
|
heap
|
page read and write
|
||
|
33D9000
|
heap
|
page read and write
|
||
|
1B6A6000
|
heap
|
page read and write
|
||
|
2E93000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
CB5000
|
heap
|
page read and write
|
||
|
33D5000
|
heap
|
page read and write
|
||
|
126D8000
|
trusted library allocation
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
1810000
|
heap
|
page read and write
|
||
|
12C79000
|
trusted library allocation
|
page read and write
|
||
|
785F000
|
stack
|
page read and write
|
||
|
1B24E000
|
stack
|
page read and write
|
||
|
1B5E2000
|
heap
|
page read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
A0F000
|
heap
|
page read and write
|
||
|
7FF849079000
|
trusted library allocation
|
page read and write
|
||
|
518F000
|
stack
|
page read and write
|
||
|
2E9F000
|
heap
|
page read and write
|
||
|
1B386000
|
stack
|
page read and write
|
||
|
3470000
|
heap
|
page read and write
|
||
|
1B777000
|
heap
|
page read and write
|
||
|
F25000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
1B893000
|
stack
|
page read and write
|
||
|
135B7000
|
trusted library allocation
|
page read and write
|
||
|
30E7000
|
stack
|
page read and write
|
||
|
1B5DD000
|
heap
|
page read and write
|
||
|
7FF848E2C000
|
trusted library allocation
|
page read and write
|
||
|
A0C000
|
heap
|
page read and write
|
||
|
2830000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4ED0000
|
heap
|
page read and write
|
||
|
1870000
|
heap
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page execute and read and write
|
||
|
34A3000
|
trusted library allocation
|
page read and write
|
||
|
26C0000
|
heap
|
page execute and read and write
|
||
|
1B71F000
|
heap
|
page read and write
|
||
|
12826000
|
trusted library allocation
|
page read and write
|
||
|
1B61F000
|
stack
|
page read and write
|
||
|
2EB7000
|
heap
|
page read and write
|
||
|
910000
|
trusted library allocation
|
page read and write
|
||
|
2AB6000
|
heap
|
page read and write
|
||
|
7FF4BAB90000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A3B000
|
stack
|
page read and write
|
||
|
1BA9B000
|
heap
|
page read and write
|
||
|
280B000
|
trusted library allocation
|
page read and write
|
||
|
A06000
|
heap
|
page read and write
|
||
|
2EB9000
|
heap
|
page read and write
|
||
|
7FF849021000
|
trusted library allocation
|
page read and write
|
||
|
128F7000
|
trusted library allocation
|
page read and write
|
||
|
2E9F000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
1B690000
|
heap
|
page execute and read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E12000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC1000
|
trusted library allocation
|
page read and write
|
||
|
12C7E000
|
trusted library allocation
|
page read and write
|
||
|
1B660000
|
heap
|
page read and write
|
||
|
7FF848E2C000
|
trusted library allocation
|
page read and write
|
||
|
12B11000
|
trusted library allocation
|
page read and write
|
||
|
2DB6000
|
stack
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
2E9D000
|
heap
|
page read and write
|
||
|
9C9000
|
heap
|
page read and write
|
||
|
258E000
|
stack
|
page read and write
|
||
|
1B28E000
|
stack
|
page read and write
|
||
|
1A700000
|
trusted library allocation
|
page read and write
|
||
|
1284C000
|
trusted library allocation
|
page read and write
|
||
|
12C4E000
|
trusted library allocation
|
page read and write
|
||
|
2EA5000
|
heap
|
page read and write
|
||
|
12868000
|
trusted library allocation
|
page read and write
|
||
|
12934000
|
trusted library allocation
|
page read and write
|
||
|
28E2000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FF7000
|
trusted library allocation
|
page read and write
|
||
|
2881000
|
trusted library allocation
|
page read and write
|
||
|
1B64A000
|
heap
|
page read and write
|
||
|
28FA000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
2E9C000
|
heap
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
2A98000
|
heap
|
page read and write
|
||
|
2ABA000
|
heap
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
1A730000
|
trusted library allocation
|
page read and write
|
||
|
126D1000
|
trusted library allocation
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
1BA37000
|
heap
|
page read and write
|
||
|
2BCE000
|
trusted library allocation
|
page read and write
|
||
|
28BC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB3000
|
trusted library allocation
|
page read and write
|
||
|
9AE000
|
stack
|
page read and write
|
||
|
A0A000
|
heap
|
page read and write
|
||
|
7FF848E27000
|
trusted library allocation
|
page read and write
|
||
|
15A7000
|
heap
|
page read and write
|
||
|
126DD000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
1293F000
|
trusted library allocation
|
page read and write
|
||
|
2E77000
|
heap
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
1B735000
|
heap
|
page read and write
|
||
|
7FF848FB1000
|
trusted library allocation
|
page read and write
|
||
|
3472000
|
heap
|
page read and write
|
||
|
2DE6000
|
heap
|
page read and write
|
||
|
7FF848FB4000
|
trusted library allocation
|
page read and write
|
||
|
33E6000
|
heap
|
page read and write
|
||
|
681000
|
heap
|
page read and write
|
||
|
1358C000
|
trusted library allocation
|
page read and write
|
||
|
B20000
|
heap
|
page execute and read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
7FF848E2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2902000
|
trusted library allocation
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
9CF000
|
heap
|
page read and write
|
||
|
2B33000
|
trusted library allocation
|
page read and write
|
||
|
1AD5D000
|
stack
|
page read and write
|
||
|
1A800000
|
trusted library allocation
|
page read and write
|
||
|
14F6000
|
stack
|
page read and write
|
||
|
12C1D000
|
trusted library allocation
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
5580000
|
heap
|
page read and write
|
||
|
5164000
|
heap
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EBC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
12911000
|
trusted library allocation
|
page read and write
|
||
|
33AE000
|
stack
|
page read and write
|
||
|
12C5A000
|
trusted library allocation
|
page read and write
|
||
|
595C000
|
stack
|
page read and write
|
||
|
1B7DE000
|
heap
|
page read and write
|
||
|
7FF848EB6000
|
trusted library allocation
|
page read and write
|
||
|
1280C000
|
trusted library allocation
|
page read and write
|
||
|
2EAF000
|
heap
|
page read and write
|
||
|
23EE000
|
stack
|
page read and write
|
||
|
12840000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E0C000
|
trusted library allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
30E9000
|
stack
|
page read and write
|
||
|
3780000
|
heap
|
page read and write
|
||
|
7FF848FBA000
|
trusted library allocation
|
page read and write
|
||
|
28FC000
|
trusted library allocation
|
page read and write
|
||
|
30D6000
|
stack
|
page read and write
|
||
|
2EBE000
|
heap
|
page read and write
|
||
|
7FF848FDB000
|
trusted library allocation
|
page read and write
|
||
|
12708000
|
trusted library allocation
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
290E000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF4000
|
trusted library allocation
|
page read and write
|
||
|
2EA6000
|
heap
|
page read and write
|
||
|
12848000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
135B3000
|
trusted library allocation
|
page read and write
|
||
|
50000
|
unkown
|
page readonly
|
||
|
600000
|
heap
|
page read and write
|
||
|
161A000
|
heap
|
page read and write
|
||
|
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F08000
|
heap
|
page read and write
|
||
|
6B2000
|
heap
|
page read and write
|
||
|
1284F000
|
trusted library allocation
|
page read and write
|
||
|
2F08000
|
heap
|
page read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
C55000
|
heap
|
page read and write
|
||
|
7FF848E02000
|
trusted library allocation
|
page read and write
|
||
|
9A6000
|
heap
|
page read and write
|
||
|
E5F000
|
stack
|
page read and write
|
||
|
3472000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
347C000
|
heap
|
page read and write
|
||
|
1A7F000
|
stack
|
page read and write
|
||
|
7FF848FC6000
|
trusted library allocation
|
page read and write
|
||
|
12860000
|
trusted library allocation
|
page read and write
|
||
|
2E94000
|
heap
|
page read and write
|
||
|
8F6000
|
stack
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page read and write
|
||
|
2EA2000
|
heap
|
page read and write
|
||
|
1B583000
|
stack
|
page read and write
|
||
|
30BC000
|
stack
|
page read and write
|
||
|
135F7000
|
trusted library allocation
|
page read and write
|
||
|
283A000
|
trusted library allocation
|
page read and write
|
||
|
2EDD000
|
heap
|
page read and write
|
||
|
4C30000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
290A000
|
trusted library allocation
|
page read and write
|
||
|
6D60000
|
trusted library allocation
|
page read and write
|
||
|
35AF000
|
stack
|
page read and write
|
||
|
9E6000
|
stack
|
page read and write
|
||
|
2DAE000
|
heap
|
page read and write
|
||
|
12B18000
|
trusted library allocation
|
page read and write
|
||
|
511E000
|
stack
|
page read and write
|
||
|
1B800000
|
heap
|
page read and write
|
||
|
15AB000
|
heap
|
page read and write
|
||
|
2900000
|
trusted library allocation
|
page read and write
|
||
|
6FD000
|
heap
|
page read and write
|
||
|
C45000
|
heap
|
page read and write
|
||
|
157A000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
12865000
|
trusted library allocation
|
page read and write
|
||
|
3436000
|
heap
|
page read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
DBF000
|
stack
|
page read and write
|
||
|
65E000
|
heap
|
page read and write
|
||
|
6D5E000
|
heap
|
page read and write
|
||
|
350D000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E2C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1293A000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB3000
|
trusted library allocation
|
page read and write
|
||
|
833000
|
unkown
|
page readonly
|
||
|
1B7FE000
|
heap
|
page read and write
|
||
|
543A000
|
trusted library allocation
|
page read and write
|
||
|
1BBA0000
|
heap
|
page read and write
|
||
|
862000
|
unkown
|
page readonly
|
||
|
1B61B000
|
heap
|
page read and write
|
||
|
940000
|
trusted library allocation
|
page read and write
|
||
|
2BC8000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
1345D000
|
trusted library allocation
|
page read and write
|
||
|
328E000
|
stack
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E03000
|
trusted library allocation
|
page read and write
|
||
|
1BA0A000
|
heap
|
page read and write
|
||
|
801000
|
unkown
|
page execute read
|
||
|
F20000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
1B283000
|
stack
|
page read and write
|
||
|
4980000
|
heap
|
page read and write
|
||
|
2EBD000
|
heap
|
page read and write
|
||
|
833000
|
unkown
|
page readonly
|
||
|
580000
|
heap
|
page read and write
|
||
|
24D0000
|
heap
|
page read and write
|
||
|
9DA000
|
heap
|
page read and write
|
||
|
1B71A000
|
heap
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
1B690000
|
heap
|
page read and write
|
||
|
2C8F000
|
stack
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6AC000
|
heap
|
page read and write
|
||
|
597E000
|
stack
|
page read and write
|
||
|
2EDD000
|
heap
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
135A0000
|
trusted library allocation
|
page read and write
|
||
|
1C1C3000
|
stack
|
page read and write
|
||
|
D35000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
12C56000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FBE000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB3000
|
trusted library allocation
|
page read and write
|
||
|
2E99000
|
heap
|
page read and write
|
||
|
12C18000
|
trusted library allocation
|
page read and write
|
||
|
33E9000
|
heap
|
page read and write
|
||
|
7FF848E27000
|
trusted library allocation
|
page read and write
|
||
|
1BA91000
|
heap
|
page read and write
|
||
|
1B6D6000
|
heap
|
page read and write
|
||
|
282C000
|
trusted library allocation
|
page read and write
|
||
|
800000
|
unkown
|
page readonly
|
||
|
AAE000
|
stack
|
page read and write
|
||
|
844000
|
unkown
|
page read and write
|
||
|
12C21000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B510000
|
heap
|
page read and write
|
||
|
1270D000
|
trusted library allocation
|
page read and write
|
||
|
1B6FF000
|
heap
|
page read and write
|
||
|
7FF848F3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page read and write
|
||
|
1BA1C000
|
heap
|
page read and write
|
||
|
280000
|
unkown
|
page readonly
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
890000
|
trusted library allocation
|
page read and write
|
||
|
A52000
|
heap
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
7FF848E1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2803000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5421000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1C000
|
trusted library allocation
|
page read and write
|
||
|
2E9D000
|
heap
|
page read and write
|
||
|
7FF848E4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
1B811000
|
heap
|
page read and write
|
||
|
342C000
|
heap
|
page read and write
|
||
|
7FF848DF2000
|
trusted library allocation
|
page read and write
|
||
|
1C2CE000
|
stack
|
page read and write
|
||
|
1B658000
|
heap
|
page read and write
|
||
|
2A03000
|
trusted library allocation
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
9A8000
|
heap
|
page read and write
|
||
|
7FF848F9C000
|
trusted library allocation
|
page read and write
|
||
|
127D1000
|
trusted library allocation
|
page read and write
|
||
|
5AD0000
|
heap
|
page read and write
|
||
|
7FF848FAB000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FBC000
|
trusted library allocation
|
page read and write
|
||
|
5160000
|
heap
|
page read and write
|
||
|
6470000
|
trusted library allocation
|
page read and write
|
||
|
1BAC0000
|
heap
|
page read and write
|
||
|
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F41000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EE4000
|
heap
|
page read and write
|
||
|
3472000
|
heap
|
page read and write
|
||
|
347C000
|
heap
|
page read and write
|
||
|
18E0000
|
heap
|
page execute and read and write
|
||
|
347C000
|
heap
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
1BA75000
|
heap
|
page read and write
|
||
|
12C4B000
|
trusted library allocation
|
page read and write
|
||
|
A08000
|
heap
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
108F000
|
stack
|
page read and write
|
||
|
50000
|
unkown
|
page readonly
|
||
|
7FF849090000
|
trusted library allocation
|
page execute and read and write
|
||
|
775E000
|
stack
|
page read and write
|
||
|
12C72000
|
trusted library allocation
|
page read and write
|
||
|
8A4000
|
heap
|
page read and write
|
||
|
2842000
|
trusted library allocation
|
page read and write
|
||
|
9CA000
|
heap
|
page read and write
|
||
|
135CE000
|
trusted library allocation
|
page read and write
|
||
|
12915000
|
trusted library allocation
|
page read and write
|
||
|
12B1D000
|
trusted library allocation
|
page read and write
|
||
|
347C000
|
heap
|
page read and write
|
||
|
12C16000
|
trusted library allocation
|
page read and write
|
||
|
1AB4D000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
2EC8000
|
heap
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
157C000
|
heap
|
page read and write
|
||
|
26FE000
|
stack
|
page read and write
|
||
|
558D000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
1637000
|
heap
|
page read and write
|
||
|
59BE000
|
stack
|
page read and write
|
||
|
1565000
|
heap
|
page read and write
|
||
|
7FF848F3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B44B000
|
stack
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
2AA5000
|
heap
|
page read and write
|
||
|
1B7B3000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
1C31B000
|
stack
|
page read and write
|
||
|
1294E000
|
trusted library allocation
|
page read and write
|
||
|
34FE000
|
trusted library allocation
|
page read and write
|
||
|
547E000
|
stack
|
page read and write
|
||
|
3472000
|
heap
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
7FF848E5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FC6000
|
trusted library allocation
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
12931000
|
trusted library allocation
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
1B610000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
2990000
|
heap
|
page execute and read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
1BFCE000
|
stack
|
page read and write
|
||
|
127D3000
|
trusted library allocation
|
page read and write
|
||
|
2E77000
|
heap
|
page read and write
|
||
|
12908000
|
trusted library allocation
|
page read and write
|
||
|
3471000
|
heap
|
page read and write
|
||
|
15DF000
|
heap
|
page read and write
|
||
|
283C000
|
trusted library allocation
|
page read and write
|
||
|
2822000
|
trusted library allocation
|
page read and write
|
||
|
9AC000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
2DA7000
|
heap
|
page read and write
|
||
|
83E000
|
unkown
|
page read and write
|
||
|
1BA3F000
|
heap
|
page read and write
|
||
|
12703000
|
trusted library allocation
|
page read and write
|
||
|
3472000
|
heap
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
2828000
|
trusted library allocation
|
page read and write
|
||
|
12836000
|
trusted library allocation
|
page read and write
|
||
|
3471000
|
heap
|
page read and write
|
||
|
1548000
|
heap
|
page read and write
|
||
|
3454000
|
heap
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
28E9000
|
trusted library allocation
|
page read and write
|
||
|
1283A000
|
trusted library allocation
|
page read and write
|
||
|
12C5E000
|
trusted library allocation
|
page read and write
|
||
|
1B88E000
|
stack
|
page read and write
|
||
|
2AB7000
|
heap
|
page read and write
|
||
|
28F8000
|
trusted library allocation
|
page read and write
|
||
|
30D0000
|
stack
|
page read and write
|
||
|
12C34000
|
trusted library allocation
|
page read and write
|
||
|
2EA1000
|
heap
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B6B5000
|
heap
|
page read and write
|
||
|
2EBE000
|
heap
|
page read and write
|
||
|
7FF848E04000
|
trusted library allocation
|
page read and write
|
||
|
3472000
|
heap
|
page read and write
|
||
|
3501000
|
trusted library allocation
|
page read and write
|
||
|
27B1000
|
trusted library allocation
|
page read and write
|
||
|
1B805000
|
heap
|
page read and write
|
||
|
2ABB000
|
heap
|
page read and write
|
||
|
135BC000
|
trusted library allocation
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
1359B000
|
trusted library allocation
|
page read and write
|
||
|
296E000
|
trusted library allocation
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
1BFCD000
|
stack
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
13593000
|
trusted library allocation
|
page read and write
|
||
|
1B653000
|
heap
|
page read and write
|
||
|
863000
|
unkown
|
page readonly
|
||
|
7FF848FD7000
|
trusted library allocation
|
page read and write
|
||
|
1B749000
|
heap
|
page read and write
|
||
|
7FF848E3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
33E7000
|
heap
|
page read and write
|
||
|
24E2000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
2EC7000
|
heap
|
page read and write
|
||
|
3C6000
|
stack
|
page read and write
|
||
|
1B78A000
|
heap
|
page read and write
|
||
|
7FF848F41000
|
trusted library allocation
|
page execute and read and write
|
||
|
24A0000
|
trusted library section
|
page read and write
|
||
|
1B9D0000
|
heap
|
page read and write
|
||
|
12813000
|
trusted library allocation
|
page read and write
|
||
|
12844000
|
trusted library allocation
|
page read and write
|
||
|
1BD0F000
|
stack
|
page read and write
|
||
|
1B48E000
|
stack
|
page read and write
|
||
|
2E9F000
|
heap
|
page read and write
|
||
|
1C0CA000
|
stack
|
page read and write
|
||
|
1280E000
|
trusted library allocation
|
page read and write
|
||
|
1C0CE000
|
stack
|
page read and write
|
||
|
1291D000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
2EAF000
|
heap
|
page read and write
|
||
|
533D000
|
stack
|
page read and write
|
||
|
347C000
|
heap
|
page read and write
|
||
|
B10000
|
trusted library section
|
page read and write
|
||
|
1B180000
|
heap
|
page execute and read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
12919000
|
trusted library allocation
|
page read and write
|
||
|
2824000
|
trusted library allocation
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
4B1E000
|
stack
|
page read and write
|
||
|
7FF848E34000
|
trusted library allocation
|
page read and write
|
||
|
3200000
|
heap
|
page readonly
|
||
|
1570000
|
heap
|
page read and write
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E34000
|
trusted library allocation
|
page read and write
|
||
|
1975000
|
heap
|
page read and write
|
||
|
1B70D000
|
heap
|
page read and write
|
||
|
25F0000
|
trusted library section
|
page read and write
|
||
|
1B626000
|
heap
|
page read and write
|
||
|
7FF848E3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B62A000
|
heap
|
page read and write
|
||
|
27FF000
|
trusted library allocation
|
page read and write
|
||
|
1850000
|
trusted library allocation
|
page read and write
|
||
|
33B8000
|
heap
|
page read and write
|
||
|
7FF848FBC000
|
trusted library allocation
|
page read and write
|
||
|
1B76C000
|
heap
|
page read and write
|
||
|
9E2000
|
heap
|
page read and write
|
||
|
585B000
|
stack
|
page read and write
|
||
|
7FF848E03000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
1290D000
|
trusted library allocation
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
2942000
|
trusted library allocation
|
page read and write
|
||
|
290C000
|
trusted library allocation
|
page read and write
|
||
|
1B66B000
|
heap
|
page read and write
|
||
|
7FF848FD3000
|
trusted library allocation
|
page read and write
|
||
|
67F000
|
heap
|
page read and write
|
||
|
3471000
|
heap
|
page read and write
|
||
|
25CE000
|
stack
|
page read and write
|
||
|
7FF848E24000
|
trusted library allocation
|
page read and write
|
||
|
2998000
|
trusted library allocation
|
page read and write
|
||
|
1B79E000
|
stack
|
page read and write
|
||
|
2940000
|
trusted library allocation
|
page read and write
|
||
|
960000
|
trusted library allocation
|
page read and write
|
||
|
2EE4000
|
heap
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FAC000
|
trusted library allocation
|
page read and write
|
||
|
1BB9E000
|
stack
|
page read and write
|
||
|
1B74F000
|
stack
|
page read and write
|
||
|
180F000
|
stack
|
page read and write
|
||
|
28E5000
|
trusted library allocation
|
page read and write
|
||
|
2DAA000
|
heap
|
page read and write
|
||
|
2EDD000
|
heap
|
page read and write
|
||
|
13453000
|
trusted library allocation
|
page read and write
|
||
|
2E94000
|
heap
|
page read and write
|
||
|
870000
|
trusted library allocation
|
page read and write
|
||
|
1B680000
|
heap
|
page read and write
|
||
|
287E000
|
trusted library allocation
|
page read and write
|
||
|
28FE000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
29FE000
|
stack
|
page read and write
|
||
|
1B631000
|
heap
|
page read and write
|
||
|
D9B000
|
heap
|
page read and write
|
||
|
1B5C7000
|
heap
|
page read and write
|
||
|
3406000
|
heap
|
page read and write
|
||
|
1B75E000
|
heap
|
page read and write
|
||
|
12C76000
|
trusted library allocation
|
page read and write
|
||
|
30FA000
|
stack
|
page read and write
|
||
|
1B5AD000
|
heap
|
page read and write
|
||
|
2AFD000
|
heap
|
page read and write
|
||
|
6AA000
|
heap
|
page read and write
|
||
|
2AFD000
|
heap
|
page read and write
|
||
|
7FF848ECC000
|
trusted library allocation
|
page execute and read and write
|
||
|
33E9000
|
heap
|
page read and write
|
||
|
347C000
|
heap
|
page read and write
|
||
|
12B21000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
1286D000
|
trusted library allocation
|
page read and write
|
||
|
13458000
|
trusted library allocation
|
page read and write
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
2906000
|
trusted library allocation
|
page read and write
|
||
|
1287E000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
28F4000
|
trusted library allocation
|
page read and write
|
||
|
128E2000
|
trusted library allocation
|
page read and write
|
||
|
28F6000
|
trusted library allocation
|
page read and write
|
||
|
1B34F000
|
stack
|
page read and write
|
||
|
28E7000
|
trusted library allocation
|
page read and write
|
||
|
1618000
|
heap
|
page read and write
|
||
|
2EA1000
|
heap
|
page read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
4C1F000
|
stack
|
page read and write
|
||
|
2836000
|
trusted library allocation
|
page read and write
|
||
|
1B68E000
|
stack
|
page read and write
|
||
|
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AF8E000
|
stack
|
page read and write
|
||
|
9BA000
|
heap
|
page read and write
|
||
|
526E000
|
stack
|
page read and write
|
||
|
347C000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page execute and read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
2F1B000
|
heap
|
page read and write
|
||
|
E27000
|
heap
|
page read and write
|
||
|
304E000
|
stack
|
page read and write
|
||
|
127E1000
|
trusted library allocation
|
page read and write
|
||
|
1B592000
|
heap
|
page read and write
|
||
|
5580000
|
trusted library allocation
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
59FE000
|
stack
|
page read and write
|
||
|
7FF848FBA000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FBB000
|
trusted library allocation
|
page read and write
|
||
|
587E000
|
stack
|
page read and write
|
||
|
1B63D000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EA6000
|
trusted library allocation
|
page read and write
|
||
|
1B5F6000
|
heap
|
page read and write
|
||
|
1B730000
|
heap
|
page read and write
|
||
|
28EF000
|
trusted library allocation
|
page read and write
|
||
|
1BDC0000
|
heap
|
page read and write
|
||
|
33E9000
|
heap
|
page read and write
|
||
|
1BECE000
|
stack
|
page read and write
|
||
|
3787000
|
heap
|
page read and write
|
||
|
2E58000
|
heap
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
DDD000
|
heap
|
page read and write
|
||
|
30C6000
|
stack
|
page read and write
|
||
|
1AB40000
|
trusted library allocation
|
page read and write
|
||
|
1B08E000
|
stack
|
page read and write
|
||
|
63B0000
|
heap
|
page read and write
|
||
|
7FF848DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E71000
|
heap
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
There are 826 hidden memdumps, click here to show them.