Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
GuChedO8gw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\PorgramFilp\Start windows.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\PorgramFilp\hGvQFPreOtyfi.vbe
|
data
|
dropped
|
|
|
|
C:\Recovery\GRTlwePDrukwlpsj.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\.ms-ad\GRTlwePDrukwlpsj.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Resources\Themes\aero\en-GB\GRTlwePDrukwlpsj.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Vss\Writers\System\dwm.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\PorgramFilp\9aZCj3sb9RsPaMjByAWr5t0Ylb5q.bat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Recovery\3f98c1a9b9dc02
|
ASCII text, with very long lines (319), with no line terminators
|
dropped
|
||
|
C:\Users\user\.ms-ad\3f98c1a9b9dc02
|
ASCII text, with very long lines (382), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\GRTlwePDrukwlpsj.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Start windows.exe.log
|
CSV text
|
dropped
|
||
|
C:\Windows\Resources\Themes\aero\en-GB\3f98c1a9b9dc02
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Vss\Writers\System\6cb0b6c459d5d3
|
ASCII text, with no line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\GuChedO8gw.exe
|
"C:\Users\user\Desktop\GuChedO8gw.exe"
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\PorgramFilp\hGvQFPreOtyfi.vbe"
|
|
|
|
C:\PorgramFilp\Start windows.exe
|
"C:\PorgramFilp\Start windows.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "GRTlwePDrukwlpsjG" /sc MINUTE /mo 13 /tr "'C:\Recovery\GRTlwePDrukwlpsj.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "GRTlwePDrukwlpsj" /sc ONLOGON /tr "'C:\Recovery\GRTlwePDrukwlpsj.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "GRTlwePDrukwlpsjG" /sc MINUTE /mo 13 /tr "'C:\Recovery\GRTlwePDrukwlpsj.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "GRTlwePDrukwlpsjG" /sc MINUTE /mo 14 /tr "'C:\Users\user\.ms-ad\GRTlwePDrukwlpsj.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "GRTlwePDrukwlpsj" /sc ONLOGON /tr "'C:\Users\user\.ms-ad\GRTlwePDrukwlpsj.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "GRTlwePDrukwlpsjG" /sc MINUTE /mo 5 /tr "'C:\Users\user\.ms-ad\GRTlwePDrukwlpsj.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "GRTlwePDrukwlpsjG" /sc MINUTE /mo 7 /tr "'C:\Windows\Resources\Themes\aero\en-GB\GRTlwePDrukwlpsj.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "GRTlwePDrukwlpsj" /sc ONLOGON /tr "'C:\Windows\Resources\Themes\aero\en-GB\GRTlwePDrukwlpsj.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "GRTlwePDrukwlpsjG" /sc MINUTE /mo 7 /tr "'C:\Windows\Resources\Themes\aero\en-GB\GRTlwePDrukwlpsj.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "dwmd" /sc MINUTE /mo 14 /tr "'C:\Windows\Vss\Writers\System\dwm.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Windows\Vss\Writers\System\dwm.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "dwmd" /sc MINUTE /mo 13 /tr "'C:\Windows\Vss\Writers\System\dwm.exe'" /rl HIGHEST /f
|
|
|
|
C:\Users\user\.ms-ad\GRTlwePDrukwlpsj.exe
|
"C:\Users\user\.ms-ad\GRTlwePDrukwlpsj.exe"
|
|
|
|
C:\Windows\Resources\Themes\aero\en-GB\GRTlwePDrukwlpsj.exe
|
C:\Windows\Resources\Themes\aero\en-GB\GRTlwePDrukwlpsj.exe
|
|
|
|
C:\Windows\Resources\Themes\aero\en-GB\GRTlwePDrukwlpsj.exe
|
C:\Windows\Resources\Themes\aero\en-GB\GRTlwePDrukwlpsj.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\PorgramFilp\9aZCj3sb9RsPaMjByAWr5t0Ylb5q.bat" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 10 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ct22043.tw1.ru/L1nc0In.php?6BbcjLogDDtPo=Fd549N3r9MQ1pYXccu7QADyCUtM&bYPJMm=AT576ePBOLrgPJ&k8RX0Bo3kQAtPl7GpD8=IhwAwvCj1mN7A&2f0632626ea5746bbfc407820d00cbdf=QZlRTO0IjZhFGNmJTM1ITNwQGO5YGZ0EzY2UzMmRGMwY2MiFmZlhzN0kjM4EDOzIDNxQjMxIDO&997ff955e676098e9264285c401e2329=gY0QmMzATYiRjZiVTM3EzN5UGMzczY3MTNyMDO4cTM3MzNwEDOhJGN&9dcf16bdacda8ca59d8884bac0eb3ad2=0VfiIiOiIGNjZDO3MDZwYjYlNTOzYjYyIGZkZmZhNzM1QzN3MzMiwiIiBDZ4MmZyAjN1ADZ4AzMhZjM2IzYzUGOhJmZjlTOwUjZ2ImN5gjYyIiOiYjM2QWO4QWN1UWMlJ2Y4ADMiRzMhNjZzUzYmRDMjFTMiwiIhFzM5EGO4UTMmRzMhRDNxETOlNWYiVTM1cjM3YDOiZTYmBTYhNjY0IiOiETZ2MWN4IGZlRTZycTOiJGO5YGOzY2NkJmYhlTZlZWMis3W
|
5.23.50.27
|
||
|
http://ct22043.tw1.ru/L1nc0In.php?6BbcjLogDDtPo=Fd549N3r9MQ1pYXccu7QADyCUtM&bYPJMm=AT576ePBOLrgPJ&k8RX0Bo3kQAtPl7GpD8=IhwAwvCj1mN7A&2f0632626ea5746bbfc407820d00cbdf=QZlRTO0IjZhFGNmJTM1ITNwQGO5YGZ0EzY2UzMmRGMwY2MiFmZlhzN0kjM4EDOzIDNxQjMxIDO&997ff955e676098e9264285c401e2329=gY0QmMzATYiRjZiVTM3EzN5UGMzczY3MTNyMDO4cTM3MzNwEDOhJGN&9dcf16bdacda8ca59d8884bac0eb3ad2=QX9JSUNJiOiIGNjZDO3MDZwYjYlNTOzYjYyIGZkZmZhNzM1QzN3MzMiwiI0QDM3QmY2QzYmZGZ0ETMlN2MycDZmRjYiFGMkVTZ1MWN1EmN3cjNmJiOiYjM2QWO4QWN1UWMlJ2Y4ADMiRzMhNjZzUzYmRDMjFTMiwiIhFzM5EGO4UTMmRzMhRDNxETOlNWYiVTM1cjM3YDOiZTYmBTYhNjY0IiOiETZ2MWN4IGZlRTZycTOiJGO5YGOzY2NkJmYhlTZlZWMis3W
|
5.23.50.27
|
||
|
http://ct22043.tw1.ru/@==gbJBzYuFDT
|
|||
|
http://ct22043.tw1.ru/L1nc0In.php?6BbcjLogDDtPo=Fd549N3r9MQ1pYXccu7QADyCUtM&bYPJMm=AT576ePBOLrgPJ&k8RX0Bo3kQAtPl7GpD8=IhwAwvCj1mN7A&2f0632626ea5746bbfc407820d00cbdf=QZlRTO0IjZhFGNmJTM1ITNwQGO5YGZ0EzY2UzMmRGMwY2MiFmZlhzN0kjM4EDOzIDNxQjMxIDO&997ff955e676098e9264285c401e2329=gY0QmMzATYiRjZiVTM3EzN5UGMzczY3MTNyMDO4cTM3MzNwEDOhJGN&92fda40e6b16f4d34cf8dfce35a9d7c7=d1nI0QDM3QmY2QzYmZGZ0ETMlN2MycDZmRjYiFGMkVTZ1MWN1EmN3cjNmJiOiYjM2QWO4QWN1UWMlJ2Y4ADMiRzMhNjZzUzYmRDMjFTMiwiIhFzM5EGO4UTMmRzMhRDNxETOlNWYiVTM1cjM3YDOiZTYmBTYhNjY0IiOiETZ2MWN4IGZlRTZycTOiJGO5YGOzY2NkJmYhlTZlZWMis3W
|
5.23.50.27
|
||
|
http://ct22043.tw1.ru/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ct22043.tw1.ru/L1nc0In.php?6BbcjLogDDtPo=Fd549N3r9MQ1pYXccu7QADyCUtM&bYPJMm=AT576ePBOLrgPJ&k8RX0Bo3kQAtPl7GpD8=IhwAwvCj1mN7A&2f0632626ea5746bbfc407820d00cbdf=QZlRTO0IjZhFGNmJTM1ITNwQGO5YGZ0EzY2UzMmRGMwY2MiFmZlhzN0kjM4EDOzIDNxQjMxIDO&997ff955e676098e9264285c401e2329=gY0QmMzATYiRjZiVTM3EzN5UGMzczY3MTNyMDO4cTM3MzNwEDOhJGN
|
5.23.50.27
|
||
|
http://ct22043.tw1.ru
|
unknown
|
||
|
http://ct22043.tw1.ru/L1nc0In.php?6BbcjLogDDtPo=Fd549N3r9MQ1pYXccu7QADyCUtM&bYPJMm=AT576ePBOLrgPJ&k8
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ct22043.tw1.ru
|
5.23.50.27
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
5.23.50.27
|
ct22043.tw1.ru
|
Russian Federation
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\9dd4c606a4178609535b2bc445593de0d3f84732
|
811150a20f8b6c66fefb45a349545a1d3b76b566
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GRTlwePDrukwlpsj_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GRTlwePDrukwlpsj_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GRTlwePDrukwlpsj_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GRTlwePDrukwlpsj_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GRTlwePDrukwlpsj_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GRTlwePDrukwlpsj_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GRTlwePDrukwlpsj_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GRTlwePDrukwlpsj_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GRTlwePDrukwlpsj_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GRTlwePDrukwlpsj_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GRTlwePDrukwlpsj_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GRTlwePDrukwlpsj_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GRTlwePDrukwlpsj_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\GRTlwePDrukwlpsj_RASMANCS
|
FileDirectory
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
35B6000
|
trusted library allocation
|
page read and write
|
|
|
|
3011000
|
trusted library allocation
|
page read and write
|
|
|
|
3401000
|
trusted library allocation
|
page read and write
|
|
|
|
2691000
|
trusted library allocation
|
page read and write
|
|
|
|
2751000
|
trusted library allocation
|
page read and write
|
|
|
|
28DC000
|
trusted library allocation
|
page read and write
|
|
|
|
2511000
|
trusted library allocation
|
page read and write
|
|
|
|
2571000
|
trusted library allocation
|
page read and write
|
|
|
|
282A000
|
trusted library allocation
|
page read and write
|
|
|
|
2531000
|
trusted library allocation
|
page read and write
|
|
|
|
264F000
|
trusted library allocation
|
page read and write
|
|
|
|
280D000
|
trusted library allocation
|
page read and write
|
|
|
|
29B2000
|
trusted library allocation
|
page read and write
|
|
|
|
267B000
|
trusted library allocation
|
page read and write
|
|
|
|
2665000
|
trusted library allocation
|
page read and write
|
|
|
|
25B9000
|
trusted library allocation
|
page read and write
|
|
|
|
305A000
|
trusted library allocation
|
page read and write
|
|
|
|
25DB000
|
trusted library allocation
|
page read and write
|
|
|
|
283F000
|
trusted library allocation
|
page read and write
|
|
|
|
2B9B000
|
heap
|
page read and write
|
||
|
716A000
|
heap
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E17000
|
trusted library allocation
|
page read and write
|
||
|
1BF7E000
|
stack
|
page read and write
|
||
|
781B000
|
stack
|
page read and write
|
||
|
BCE000
|
heap
|
page read and write
|
||
|
2B95000
|
heap
|
page read and write
|
||
|
12582000
|
trusted library allocation
|
page read and write
|
||
|
84E000
|
heap
|
page read and write
|
||
|
1B07E000
|
stack
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
7FF848FAC000
|
trusted library allocation
|
page read and write
|
||
|
C51000
|
heap
|
page read and write
|
||
|
1C39C000
|
heap
|
page read and write
|
||
|
246E000
|
stack
|
page read and write
|
||
|
BCF000
|
heap
|
page read and write
|
||
|
1C365000
|
heap
|
page read and write
|
||
|
85B000
|
heap
|
page read and write
|
||
|
10F6000
|
stack
|
page read and write
|
||
|
4E70000
|
heap
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FC7000
|
trusted library allocation
|
page read and write
|
||
|
BB5000
|
heap
|
page read and write
|
||
|
178E000
|
stack
|
page read and write
|
||
|
1C3A4000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
79A000
|
heap
|
page read and write
|
||
|
1C2B7000
|
heap
|
page read and write
|
||
|
E7E000
|
stack
|
page read and write
|
||
|
2B91000
|
heap
|
page read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
755E000
|
stack
|
page read and write
|
||
|
C51000
|
heap
|
page read and write
|
||
|
1B5C0000
|
heap
|
page read and write
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
3187000
|
heap
|
page read and write
|
||
|
BBF000
|
heap
|
page read and write
|
||
|
1C34B000
|
heap
|
page read and write
|
||
|
1BDCE000
|
stack
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
4DB0000
|
heap
|
page read and write
|
||
|
C6F000
|
heap
|
page read and write
|
||
|
7FF848E2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E04000
|
trusted library allocation
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B9DF000
|
stack
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
2749000
|
trusted library allocation
|
page read and write
|
||
|
C5B000
|
heap
|
page read and write
|
||
|
1C3F0000
|
heap
|
page read and write
|
||
|
2A69000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
EB3000
|
unkown
|
page readonly
|
||
|
12511000
|
trusted library allocation
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
7FF848F15000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1301D000
|
trusted library allocation
|
page read and write
|
||
|
2BA8000
|
heap
|
page read and write
|
||
|
4DB4000
|
heap
|
page read and write
|
||
|
47A0000
|
heap
|
page read and write
|
||
|
1C355000
|
heap
|
page read and write
|
||
|
1B98C000
|
stack
|
page read and write
|
||
|
BCA000
|
heap
|
page read and write
|
||
|
24E0000
|
heap
|
page execute and read and write
|
||
|
7FF848E12000
|
trusted library allocation
|
page read and write
|
||
|
B32000
|
stack
|
page read and write
|
||
|
721000
|
heap
|
page read and write
|
||
|
EB3000
|
unkown
|
page readonly
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
2B11000
|
trusted library allocation
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
1AE90000
|
heap
|
page read and write
|
||
|
2B78000
|
heap
|
page read and write
|
||
|
3456000
|
trusted library allocation
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
EE2000
|
unkown
|
page readonly
|
||
|
1BBDA000
|
stack
|
page read and write
|
||
|
E80000
|
unkown
|
page readonly
|
||
|
3459000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
25CF000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page read and write
|
||
|
148F000
|
stack
|
page read and write
|
||
|
1C332000
|
heap
|
page read and write
|
||
|
14E0000
|
heap
|
page execute and read and write
|
||
|
7FF848FBC000
|
trusted library allocation
|
page read and write
|
||
|
2BEB000
|
heap
|
page read and write
|
||
|
7FF848FD8000
|
trusted library allocation
|
page read and write
|
||
|
15D5000
|
heap
|
page read and write
|
||
|
13013000
|
trusted library allocation
|
page read and write
|
||
|
12578000
|
trusted library allocation
|
page read and write
|
||
|
1B430000
|
trusted library allocation
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
1C97B000
|
stack
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
7FF848EB6000
|
trusted library allocation
|
page read and write
|
||
|
1C3BF000
|
heap
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
857000
|
heap
|
page read and write
|
||
|
1B17E000
|
stack
|
page read and write
|
||
|
1AF70000
|
heap
|
page execute and read and write
|
||
|
7FF848FB3000
|
trusted library allocation
|
page read and write
|
||
|
71C000
|
heap
|
page read and write
|
||
|
2AE6000
|
trusted library allocation
|
page read and write
|
||
|
7166000
|
heap
|
page read and write
|
||
|
7166000
|
heap
|
page read and write
|
||
|
1C372000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
C52000
|
heap
|
page read and write
|
||
|
2BD8000
|
heap
|
page read and write
|
||
|
2BB6000
|
heap
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
C6F000
|
heap
|
page read and write
|
||
|
4DAA000
|
trusted library allocation
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
2BD8000
|
heap
|
page read and write
|
||
|
B3A000
|
stack
|
page read and write
|
||
|
10A4000
|
unkown
|
page readonly
|
||
|
17E0000
|
heap
|
page read and write
|
||
|
C52000
|
heap
|
page read and write
|
||
|
9B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
346D000
|
trusted library allocation
|
page read and write
|
||
|
6DC000
|
heap
|
page read and write
|
||
|
57AC000
|
stack
|
page read and write
|
||
|
1C380000
|
heap
|
page read and write
|
||
|
7FF848EB6000
|
trusted library allocation
|
page read and write
|
||
|
B10000
|
stack
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
1A5A0000
|
trusted library allocation
|
page read and write
|
||
|
BCA000
|
heap
|
page read and write
|
||
|
2BD8000
|
heap
|
page read and write
|
||
|
C6F000
|
heap
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
7FF848E08000
|
trusted library allocation
|
page read and write
|
||
|
2F8E000
|
stack
|
page read and write
|
||
|
2BB2000
|
heap
|
page read and write
|
||
|
4F0F000
|
stack
|
page read and write
|
||
|
7FF848EE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
6851000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
759E000
|
stack
|
page read and write
|
||
|
7FF848FAC000
|
trusted library allocation
|
page read and write
|
||
|
2360000
|
trusted library allocation
|
page read and write
|
||
|
1C2DC000
|
heap
|
page read and write
|
||
|
52CF000
|
stack
|
page read and write
|
||
|
7FF848FE8000
|
trusted library allocation
|
page read and write
|
||
|
1605000
|
heap
|
page read and write
|
||
|
354F000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
1B395000
|
stack
|
page read and write
|
||
|
52E0000
|
heap
|
page read and write
|
||
|
2B97000
|
heap
|
page read and write
|
||
|
1251D000
|
trusted library allocation
|
page read and write
|
||
|
B2A000
|
stack
|
page read and write
|
||
|
12AB000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
2AC2000
|
trusted library allocation
|
page read and write
|
||
|
EC4000
|
unkown
|
page read and write
|
||
|
1B5BD000
|
heap
|
page read and write
|
||
|
7FF848F25000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FB3000
|
trusted library allocation
|
page read and write
|
||
|
2AD9000
|
trusted library allocation
|
page read and write
|
||
|
16E5000
|
heap
|
page read and write
|
||
|
473E000
|
stack
|
page read and write
|
||
|
C5B000
|
heap
|
page read and write
|
||
|
1C3AD000
|
heap
|
page read and write
|
||
|
2BAA000
|
heap
|
page read and write
|
||
|
2B1E000
|
stack
|
page read and write
|
||
|
7FF848E03000
|
trusted library allocation
|
page read and write
|
||
|
1B10000
|
heap
|
page read and write
|
||
|
1BF73000
|
stack
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AA7000
|
trusted library allocation
|
page read and write
|
||
|
2BAC000
|
heap
|
page read and write
|
||
|
BAF000
|
stack
|
page read and write
|
||
|
2640000
|
trusted library allocation
|
page read and write
|
||
|
76DE000
|
stack
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F31000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B5DF000
|
heap
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
2BEB000
|
heap
|
page read and write
|
||
|
EBE000
|
unkown
|
page write copy
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1525000
|
heap
|
page read and write
|
||
|
1B8DE000
|
stack
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
77DF000
|
stack
|
page read and write
|
||
|
7FF848FBA000
|
trusted library allocation
|
page read and write
|
||
|
197E000
|
stack
|
page read and write
|
||
|
1870000
|
heap
|
page read and write
|
||
|
1C87E000
|
stack
|
page read and write
|
||
|
1C319000
|
heap
|
page read and write
|
||
|
12571000
|
trusted library allocation
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page execute and read and write
|
||
|
11E6000
|
stack
|
page read and write
|
||
|
7FF848F9E000
|
trusted library allocation
|
page read and write
|
||
|
1C308000
|
heap
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
7167000
|
heap
|
page read and write
|
||
|
1874000
|
heap
|
page read and write
|
||
|
7FF848E5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
9C0000
|
trusted library allocation
|
page read and write
|
||
|
316E000
|
stack
|
page read and write
|
||
|
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
1C33F000
|
heap
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
1C3B9000
|
heap
|
page read and write
|
||
|
2BAE000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
13408000
|
trusted library allocation
|
page read and write
|
||
|
1C0EC000
|
heap
|
page read and write
|
||
|
7FF848FAA000
|
trusted library allocation
|
page read and write
|
||
|
1A89E000
|
heap
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page read and write
|
||
|
2BD8000
|
heap
|
page read and write
|
||
|
7FF849004000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E03000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B9D000
|
heap
|
page read and write
|
||
|
6BC000
|
heap
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
A90000
|
trusted library allocation
|
page read and write
|
||
|
1C322000
|
heap
|
page read and write
|
||
|
7FF848F2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
unkown
|
page readonly
|
||
|
2646000
|
trusted library allocation
|
page read and write
|
||
|
776000
|
heap
|
page read and write
|
||
|
2BD8000
|
heap
|
page read and write
|
||
|
1C392000
|
heap
|
page read and write
|
||
|
A36000
|
stack
|
page read and write
|
||
|
1C336000
|
heap
|
page read and write
|
||
|
ADF000
|
stack
|
page read and write
|
||
|
1650000
|
heap
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
B28000
|
stack
|
page read and write
|
||
|
765000
|
heap
|
page read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
1340D000
|
trusted library allocation
|
page read and write
|
||
|
28D6000
|
trusted library allocation
|
page read and write
|
||
|
4D6E000
|
stack
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
2400000
|
heap
|
page read and write
|
||
|
33FE000
|
stack
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
12573000
|
trusted library allocation
|
page read and write
|
||
|
1B5FF000
|
heap
|
page read and write
|
||
|
160C000
|
heap
|
page read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
125C3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B593000
|
stack
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
1B274000
|
stack
|
page read and write
|
||
|
7FF848FC3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E24000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
E1D000
|
stack
|
page read and write
|
||
|
7FF848E03000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AF2000
|
trusted library allocation
|
page read and write
|
||
|
1C312000
|
heap
|
page read and write
|
||
|
7FF848F21000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B96000
|
heap
|
page read and write
|
||
|
C5B000
|
heap
|
page read and write
|
||
|
25CD000
|
trusted library allocation
|
page read and write
|
||
|
25AC000
|
trusted library allocation
|
page read and write
|
||
|
769F000
|
stack
|
page read and write
|
||
|
1BE7E000
|
stack
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
2B99000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
B98000
|
heap
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page execute and read and write
|
||
|
EE3000
|
unkown
|
page readonly
|
||
|
2560000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
EE1000
|
unkown
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
6860000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB6000
|
trusted library allocation
|
page read and write
|
||
|
3588000
|
trusted library allocation
|
page read and write
|
||
|
16A0000
|
heap
|
page execute and read and write
|
||
|
55D0000
|
heap
|
page read and write
|
||
|
2BEB000
|
heap
|
page read and write
|
||
|
32F0000
|
heap
|
page execute and read and write
|
||
|
2D4E000
|
stack
|
page read and write
|
||
|
C5B000
|
heap
|
page read and write
|
||
|
7FF848FA5000
|
trusted library allocation
|
page read and write
|
||
|
7DD000
|
heap
|
page read and write
|
||
|
12CB000
|
heap
|
page read and write
|
||
|
1C38D000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
1C2C1000
|
heap
|
page read and write
|
||
|
7FF848F1F000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FA3000
|
trusted library allocation
|
page read and write
|
||
|
2B71000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
12F8000
|
heap
|
page read and write
|
||
|
1C2AA000
|
heap
|
page read and write
|
||
|
BCA000
|
heap
|
page read and write
|
||
|
7FF848E27000
|
trusted library allocation
|
page read and write
|
||
|
1C29C000
|
heap
|
page read and write
|
||
|
13401000
|
trusted library allocation
|
page read and write
|
||
|
7DB000
|
heap
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
EBE000
|
unkown
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
13011000
|
trusted library allocation
|
page read and write
|
||
|
17B0000
|
trusted library allocation
|
page read and write
|
||
|
4E0F000
|
stack
|
page read and write
|
||
|
2AB0000
|
trusted library allocation
|
page read and write
|
||
|
B06000
|
stack
|
page read and write
|
||
|
7FF848E02000
|
trusted library allocation
|
page read and write
|
||
|
C22000
|
heap
|
page read and write
|
||
|
2A41000
|
trusted library allocation
|
page read and write
|
||
|
745D000
|
stack
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
566F000
|
stack
|
page read and write
|
||
|
1BE70000
|
heap
|
page execute and read and write
|
||
|
1BB7F000
|
stack
|
page read and write
|
||
|
BE8000
|
heap
|
page read and write
|
||
|
2B58000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
2B3B000
|
trusted library allocation
|
page read and write
|
||
|
125A2000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E18000
|
trusted library allocation
|
page read and write
|
||
|
508D000
|
stack
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
1790000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
2BEB000
|
heap
|
page read and write
|
||
|
17F0000
|
trusted library allocation
|
page read and write
|
||
|
2BB7000
|
heap
|
page read and write
|
||
|
1C174000
|
stack
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
2A81000
|
trusted library allocation
|
page read and write
|
||
|
BFA000
|
heap
|
page read and write
|
||
|
C6F000
|
heap
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
7FF848E06000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FCB000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BB5000
|
heap
|
page read and write
|
||
|
85B000
|
stack
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
1B294000
|
stack
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
1257D000
|
trusted library allocation
|
page read and write
|
||
|
28B6000
|
trusted library allocation
|
page read and write
|
||
|
2B97000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
BE8000
|
heap
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
BE8000
|
heap
|
page read and write
|
||
|
2B91000
|
heap
|
page read and write
|
||
|
2B92000
|
heap
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
1C2F1000
|
heap
|
page read and write
|
||
|
7FF848E3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AEE000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF6000
|
trusted library allocation
|
page read and write
|
||
|
C52000
|
heap
|
page read and write
|
||
|
2AE2000
|
trusted library allocation
|
page read and write
|
||
|
56AC000
|
stack
|
page read and write
|
||
|
C52000
|
heap
|
page read and write
|
||
|
7FF848EAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
C51000
|
heap
|
page read and write
|
||
|
2B78000
|
heap
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
13411000
|
trusted library allocation
|
page read and write
|
||
|
1C2D8000
|
heap
|
page read and write
|
||
|
2B52000
|
trusted library allocation
|
page read and write
|
||
|
1B49B000
|
stack
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
1C386000
|
heap
|
page read and write
|
||
|
BF9000
|
heap
|
page read and write
|
||
|
51CE000
|
stack
|
page read and write
|
||
|
7FF848EA6000
|
trusted library allocation
|
page read and write
|
||
|
1C30E000
|
heap
|
page read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page read and write
|
||
|
1C2F4000
|
heap
|
page read and write
|
||
|
2B99000
|
heap
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BB5000
|
heap
|
page read and write
|
||
|
BCA000
|
heap
|
page read and write
|
||
|
1BD74000
|
stack
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
1C31E000
|
heap
|
page read and write
|
||
|
1C2DD000
|
stack
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
2B92000
|
heap
|
page read and write
|
||
|
1AA9D000
|
stack
|
page read and write
|
||
|
50A0000
|
trusted library allocation
|
page read and write
|
||
|
6F3000
|
heap
|
page read and write
|
||
|
30FE000
|
stack
|
page read and write
|
||
|
2490000
|
trusted library allocation
|
page read and write
|
||
|
2E5A000
|
heap
|
page read and write
|
||
|
1C3F5000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
A70000
|
heap
|
page execute and read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
1B5BE000
|
stack
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
1C280000
|
heap
|
page read and write
|
||
|
1C273000
|
stack
|
page read and write
|
||
|
1BDDC000
|
stack
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C6F000
|
heap
|
page read and write
|
||
|
7FF848E1C000
|
trusted library allocation
|
page read and write
|
||
|
1B14000
|
heap
|
page read and write
|
||
|
1AE20000
|
trusted library section
|
page read and write
|
||
|
1C07E000
|
stack
|
page read and write
|
||
|
B04000
|
heap
|
page read and write
|
||
|
9C3000
|
trusted library allocation
|
page read and write
|
||
|
1B5A0000
|
heap
|
page read and write
|
||
|
B23000
|
stack
|
page read and write
|
||
|
1B040000
|
trusted library allocation
|
page read and write
|
||
|
1CD10000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
6F6000
|
stack
|
page read and write
|
||
|
478E000
|
stack
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
15D2000
|
heap
|
page read and write
|
||
|
318B000
|
heap
|
page read and write
|
||
|
1B3B3000
|
stack
|
page read and write
|
||
|
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
1B4BE000
|
stack
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
2BAE000
|
heap
|
page read and write
|
||
|
1C347000
|
heap
|
page read and write
|
||
|
14A0000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
unkown
|
page readonly
|
||
|
7FF47F600000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
13018000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
518E000
|
stack
|
page read and write
|
||
|
C52000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
2B8D000
|
heap
|
page read and write
|
||
|
7FF848EBC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A540000
|
trusted library allocation
|
page read and write
|
||
|
E80000
|
unkown
|
page readonly
|
||
|
12F6000
|
heap
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
79F000
|
heap
|
page read and write
|
||
|
159C000
|
heap
|
page read and write
|
||
|
E81000
|
unkown
|
page execute read
|
||
|
BB9000
|
heap
|
page read and write
|
||
|
12B5000
|
heap
|
page read and write
|
||
|
7FF848F2F000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
2B9C000
|
heap
|
page read and write
|
||
|
3E6000
|
stack
|
page read and write
|
||
|
7FF848DF4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
2B8C000
|
heap
|
page read and write
|
||
|
1BFD4000
|
stack
|
page read and write
|
||
|
15BE000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page execute and read and write
|
||
|
EE2000
|
unkown
|
page write copy
|
||
|
1C35E000
|
heap
|
page read and write
|
||
|
95B000
|
stack
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
1C07E000
|
stack
|
page read and write
|
||
|
2BD8000
|
heap
|
page read and write
|
||
|
162F000
|
stack
|
page read and write
|
||
|
7FF848FD3000
|
trusted library allocation
|
page read and write
|
||
|
1C77D000
|
stack
|
page read and write
|
||
|
2BEB000
|
heap
|
page read and write
|
||
|
791C000
|
stack
|
page read and write
|
||
|
1250000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ECC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BEB000
|
heap
|
page read and write
|
||
|
E81000
|
unkown
|
page execute read
|
||
|
47D0000
|
heap
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BA70000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
2B9D000
|
heap
|
page read and write
|
||
|
7FF848FAE000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
1AF3E000
|
stack
|
page read and write
|
||
|
1BC7E000
|
stack
|
page read and write
|
||
|
7FF848EBC000
|
trusted library allocation
|
page execute and read and write
|
||
|
556E000
|
stack
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F1000
|
heap
|
page read and write
|
||
|
23AF000
|
stack
|
page read and write
|
||
|
7FF848DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
10A0000
|
unkown
|
page readonly
|
||
|
C5B000
|
heap
|
page read and write
|
||
|
2AF7000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
46FF000
|
stack
|
page read and write
|
||
|
BC7000
|
heap
|
page read and write
|
||
|
7FF848E24000
|
trusted library allocation
|
page read and write
|
||
|
1335000
|
heap
|
page read and write
|
||
|
1B59E000
|
stack
|
page read and write
|
||
|
2AD3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
D05000
|
heap
|
page read and write
|
||
|
7FF848FC3000
|
trusted library allocation
|
page read and write
|
||
|
2B93000
|
heap
|
page read and write
|
||
|
6DF000
|
heap
|
page read and write
|
||
|
7FF848E1C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
BBC000
|
heap
|
page read and write
|
||
|
4D91000
|
trusted library allocation
|
page read and write
|
||
|
2BB1000
|
heap
|
page read and write
|
||
|
4EA0000
|
heap
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
1C300000
|
heap
|
page read and write
|
||
|
2BFE000
|
heap
|
page read and write
|
||
|
1C305000
|
heap
|
page read and write
|
||
|
B17000
|
stack
|
page read and write
|
||
|
6850000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
1AF9E000
|
stack
|
page read and write
|
||
|
2B9B000
|
heap
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
7060000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
7FF848FCB000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
heap
|
page readonly
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
1C3A8000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FBB000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB7000
|
trusted library allocation
|
page read and write
|
||
|
685B000
|
heap
|
page read and write
|
||
|
7B2000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
71E000
|
heap
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AAFD000
|
stack
|
page read and write
|
||
|
1AE1E000
|
stack
|
page read and write
|
||
|
FD2000
|
unkown
|
page readonly
|
||
|
7FF848E2C000
|
trusted library allocation
|
page read and write
|
||
|
2B9F000
|
heap
|
page read and write
|
||
|
2B99000
|
heap
|
page read and write
|
||
|
1C0E0000
|
heap
|
page read and write
|
||
|
7FF848E04000
|
trusted library allocation
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E34000
|
trusted library allocation
|
page read and write
|
||
|
2BAF000
|
heap
|
page read and write
|
||
|
7FF848F93000
|
trusted library allocation
|
page read and write
|
||
|
2742000
|
trusted library allocation
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
There are 593 hidden memdumps, click here to show them.