Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
o4c8AUtX1g.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\plcd-player.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Config.Msi\440bbf.rbs
|
data
|
modified
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 61157 bytes, 1 file
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\MSI76CC.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\MSI79F9.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\shi7515.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\AWSSDK.SimpleDB.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\CrashRpt
License.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Delimon.Win32.IO.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\ICSharpCode.SharpZipLib.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\License.txt
|
Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Microsoft.Azure.KeyVault.Core.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\SslCertBinding.Net.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\System.Threading.Tasks.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Templates\currencysystem4.js
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Templates\currencysystem5.js
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Templates\currencysystem5.json
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\Templates\ecb-eurofxref-daily.xml
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\adv.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {D9FF1A35-78F9-49F0-A6A0-DB3A11387835}, Number of Words: 8, Subject: JDesktop Tools, Author: JDesktop
Integration Components (JDIC) Project, Name of Creating Application: Advanced Installer 18.7 build 0a7fdead, Template: ;1033,
Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\help.chm
|
MS Windows HtmlHelp Data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\icuio58.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\lcms-5.0.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\libeay32.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\ml
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\plcd-player.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\0CE0CF4\ssleay32.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools 3.4.0.2\install\decoder.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\AWSSDK.SimpleDB.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\CrashRpt License.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Delimon.Win32.IO.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\ICSharpCode.SharpZipLib.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\License.txt
|
Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Microsoft.Azure.KeyVault.Core.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\SslCertBinding.Net.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\System.Threading.Tasks.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\currencysystem4.js
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\currencysystem5.js
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\currencysystem5.json
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\ecb-eurofxref-daily.xml
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\help.chm
|
MS Windows HtmlHelp Data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\icuio58.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\lcms-5.0.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\libeay32.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\ml
|
PDF document, version 1.5
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\ssleay32.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\440bbd.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {D9FF1A35-78F9-49F0-A6A0-DB3A11387835}, Number of Words: 8, Subject: JDesktop Tools, Author: JDesktop
Integration Components (JDIC) Project, Name of Creating Application: Advanced Installer 18.7 build 0a7fdead, Template: ;1033,
Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
|
dropped
|
|
|
|
C:\Windows\Installer\MSI11D7.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI1488.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI15F0.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI16EB.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI1815.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI193F.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI3F85.tmp
|
data
|
dropped
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
dropped
|
|
There are 46 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\o4c8AUtX1g.exe
|
'C:\Users\user\Desktop\o4c8AUtX1g.exe'
|
|
|
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\plcd-player.exe
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\plcd-player.exe
|
|
|
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding D90C408BAA115D1625882500CC5A128E C
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
'C:\Windows\system32\msiexec.exe' /i 'C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop
Tools 3.4.0.2\install\0CE0CF4\adv.msi' AI_SETUPEXEPATH=C:\Users\user\Desktop\o4c8AUtX1g.exe SETUPEXEDIR=C:\Users\user\Desktop\
EXE_CMD_LINE='/exenoupdates /forcecleanup /wintime 1635154532 ' AI_EUIMSI=''
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 97E0B76AE09D0E82CE071E7BABCE98E1
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
|
unknown
|
|
|
|
http://html4/loose.dtd
|
unknown
|
|
|
|
http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNG
|
unknown
|
|
|
|
http://ocsp.startssl.com/sub/class2/code/ca0
|
unknown
|
|
|
|
http://crl.startssl.com/sfsca.crl0C
|
unknown
|
|
|
|
https://sectigo.com/CPS0
|
unknown
|
|
|
|
http://apache.org/xml/UnknownNSUCS4UCS-4UCS_4UTF-32ISO-10646-UCS-4UCS-4
|
unknown
|
|
|
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
|
|
|
http://ocsp.sectigo.com0
|
unknown
|
|
|
|
http://www.openssl.org/V
|
unknown
|
|
|
|
http://www.unicode.org/copyright.html
|
unknown
|
|
|
|
https://currencysystem.com/gfx/pub/script-icon-16x16.gif
|
unknown
|
|
|
|
https://www.nuget.org/packages/Azure.Security.KeyVault.Keys
|
unknown
|
|
|
|
http://www.gesmes.org/xml/2002-08-01
|
unknown
|
|
|
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
|
unknown
|
|
|
|
http://ocsp.startssl.com/ca00
|
unknown
|
|
|
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
|
|
|
http://.css
|
unknown
|
|
|
|
https://aka.ms/azsdkvalueprop.
|
unknown
|
|
|
|
http://crl.startssl.com/crtc2-crl.crl0
|
unknown
|
|
|
|
http://ocsp.sectigo.com0)
|
unknown
|
|
|
|
http://www.ecb.int/vocabulary/2002-08-01/eurofxref
|
unknown
|
|
|
|
http://icu-project.org
|
unknown
|
|
|
|
http://www.MyBusinessCatalog.com
|
unknown
|
|
|
|
http://www.openssl.org/support/faq.html
|
unknown
|
|
|
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
|
|
|
https://www.nuget.org/packages/Azure.Security.KeyVault.Certificates
|
unknown
|
|
|
|
https://currencysystem.com/gfx/pub/script-button-88x31.gif
|
unknown
|
|
|
|
http://aia.startssl.com/certs/sub.class2.code.ca.crt0#
|
unknown
|
|
|
|
https://currencysystem.com/gfx/pub/script-icon-16x16.png
|
unknown
|
|
|
|
https://www.nuget.org/packages/Azure.Security.KeyVault.Secrets
|
unknown
|
|
|
|
https://www.thawte.com/cps0/
|
unknown
|
|
|
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
|
|
|
https://www.thawte.com/repository0W
|
unknown
|
|
|
|
http://mybusinesscatalog.com0
|
unknown
|
|
|
|
https://sectigo.com/CPS0D
|
unknown
|
|
|
|
http://aia.startssl.com/certs/ca.crt02
|
unknown
|
|
|
|
http://apache.org/xml/messages/XML4CErrors#FIXEDEBCDIC-CP-USIBM037IBM1047IBM-1047IBM1140IBM01140CCSI
|
unknown
|
|
|
|
http://www.startssl.com/policy.pdf0
|
unknown
|
|
|
|
https://www.advancedinstaller.com
|
unknown
|
|
|
|
https://secure.comodo.com/CPS0L
|
unknown
|
|
|
|
http://www.startssl.com/0
|
unknown
|
|
|
|
https://currencysystem.com/gfx/pub/script-button-88x31.png
|
unknown
|
|
|
|
http://.jpg
|
unknown
|
|
|
|
http://apache.org/xml/messages/XMLValidityWINDOWS-1252XERCES-XMLCHhttp://apache.org/xml/messages/XML
|
unknown
|
|
|
|
https://currencysystem.com
|
unknown
|
|
There are 36 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
get.updates.avast.cn
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
Owner
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
SessionHash
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
Sequence
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\440bbf.rbs
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\440bbf.rbsLow
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\B6B1AB5FB65704B45ABC8A2AE197AD6E
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\25B5D3CF1652336458BCF6B8A8682F9F
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\537D28C8793086441BC6D31BF7A70760
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\40A865B0C963BF34894E4C731A75900E
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\7134500D701E9C54DB28707B49957706
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\3F855EC47D030174A80335FFC70A9AF7
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\190B693A04848D44DA7D96EB58838687
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\7B6FCD98048077942AFC50FC7D19D105
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\0F739F1630978C44F8C9F005FFDD6292
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\D56023AD4EAB9874E8DC2179D4889E82
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\DA66C642B153B1B4B82A44D62501F968
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\ACE6C7E24428B7E46BDEB75CB23FB730
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\6540FADD1E14D4041826B1A437DBF2AB
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\876DCC939950A7C428E54E307B42FC7A
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\4CC97D2637A61F54AAFB083B3FDFC425
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\3E270501E619D75458D5D9BBCEF6E402
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\DE30B1393AF1E8248AD3524F20C3A62A
|
159325A4F2A056D43AE1BB220DECC04F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\JDesktop Integration Components (JDIC) Project\JDesktop Tools\Templates\
|
|
|
|
HKEY_CURRENT_USER\Software\JDesktop Integration Components (JDIC) Project\JDesktop Tools
|
Version
|
|
|
|
HKEY_CURRENT_USER\Software\JDesktop Integration Components (JDIC) Project\JDesktop Tools
|
Path
|
|
|
|
HKEY_CURRENT_USER\Software\Caphyon\Advanced Installer\LZMA\{4A523951-0A2F-4D65-A31E-BB22D0CE0CF4}\3.4.0.2
|
AI_ExePath
|
|
There are 18 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3E68000
|
heap private
|
page read and write
|
|
|
|
3E68000
|
heap private
|
page read and write
|
|
|
|
3949000
|
heap private
|
page read and write
|
|
|
|
3E68000
|
heap private
|
page read and write
|
|
|
|
3E68000
|
heap private
|
page read and write
|
|
|
|
3E68000
|
heap private
|
page read and write
|
|
|
|
3E68000
|
heap private
|
page read and write
|
|
|
|
3E68000
|
heap private
|
page read and write
|
|
|
|
3E68000
|
heap private
|
page read and write
|
|
|
|
3E68000
|
heap private
|
page read and write
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
7DF5BBE20000
|
unkown image
|
page readonly
|
|
|
|
183F1060000
|
unkown image
|
page readonly
|
|
|
|
2F87000
|
unkown
|
page read and write
|
|
|
|
7FF5DB841000
|
unkown image
|
page readonly
|
|
|
|
7DF525390000
|
unkown image
|
page readonly
|
|
|
|
7DF525390000
|
unkown image
|
page readonly
|
|
|
|
20824D7F000
|
unkown
|
page read and write
|
|
|
|
3BEA000
|
unkown
|
page read and write
|
|
|
|
4480000
|
unkown
|
page read and write
|
|
|
|
5240000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
20824DA2000
|
unkown
|
page read and write
|
|
|
|
124E000
|
unkown
|
page read and write
|
|
|
|
D3D000
|
unkown image
|
page readonly
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
7FF510101000
|
unkown image
|
page readonly
|
|
|
|
7DF5F0B02000
|
unkown image
|
page readonly
|
|
|
|
1266000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
10BF2400000
|
unkown
|
page read and write
|
|
|
|
5501000
|
unkown
|
page read and write
|
|
|
|
124B000
|
unkown
|
page read and write
|
|
|
|
33C0000
|
heap private
|
page read and write
|
|
|
|
4840000
|
unkown
|
page read and write
|
|
|
|
7FF5684FE000
|
unkown image
|
page readonly
|
|
|
|
121E000
|
unkown
|
page read and write
|
|
|
|
FF7A2000
|
unkown image
|
page readonly
|
|
|
|
11D3000
|
heap default
|
page read and write
|
|
|
|
69EED78000
|
stack
|
page read and write
|
|
|
|
7FF510264000
|
unkown image
|
page readonly
|
|
|
|
6DA87000
|
unkown image
|
page write copy
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
7DF5253A2000
|
unkown image
|
page readonly
|
|
|
|
20824DB5000
|
unkown
|
page read and write
|
|
|
|
3158000
|
unkown
|
page read and write
|
|
|
|
16921202000
|
unkown
|
page read and write
|
|
|
|
20824D7E000
|
unkown
|
page read and write
|
|
|
|
10BF2980000
|
unkown image
|
page readonly
|
|
|
|
DE0000
|
unkown image
|
page readonly
|
|
|
|
183F0ED0000
|
unkown image
|
page read and write
|
|
|
|
AB877F000
|
stack
|
page read and write
|
|
|
|
7FF556C71000
|
unkown image
|
page readonly
|
|
|
|
5400000
|
unkown
|
page read and write
|
|
|
|
1240000
|
unkown
|
page read and write
|
|
|
|
7FF5DB546000
|
unkown image
|
page readonly
|
|
|
|
1142000
|
unkown
|
page read and write
|
|
|
|
20825202000
|
unkown
|
page read and write
|
|
|
|
325547E000
|
stack
|
page read and write
|
|
|
|
10BF2402000
|
unkown
|
page read and write
|
|
|
|
20824483000
|
unkown
|
page read and write
|
|
|
|
1375000
|
heap default
|
page read and write
|
|
|
|
7FF5DB9AF000
|
unkown image
|
page readonly
|
|
|
|
19A0000
|
unkown image
|
page readonly
|
|
|
|
7DF57D620000
|
unkown image
|
page readonly
|
|
|
|
12E0000
|
heap default
|
page read and write
|
|
|
|
5947000
|
unkown
|
page read and write
|
|
|
|
16920890000
|
unkown image
|
page readonly
|
|
|
|
1336000
|
unkown
|
page read and write
|
|
|
|
20824470000
|
unkown
|
page read and write
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
7FF5A6D74000
|
unkown image
|
page readonly
|
|
|
|
2082445C000
|
unkown
|
page read and write
|
|
|
|
7FF5DB730000
|
unkown image
|
page readonly
|
|
|
|
20824459000
|
unkown
|
page read and write
|
|
|
|
7FF50FA77000
|
unkown image
|
page readonly
|
|
|
|
16920A50000
|
unkown
|
page read and write
|
|
|
|
7FF5DB7C1000
|
unkown image
|
page readonly
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
3E6B000
|
heap private
|
page read and write
|
|
|
|
1341000
|
heap default
|
page read and write
|
|
|
|
20824D94000
|
unkown
|
page read and write
|
|
|
|
472F000
|
stack
|
page read and write
|
|
|
|
20824D93000
|
unkown
|
page read and write
|
|
|
|
AB7F8B000
|
unkown
|
page read and write
|
|
|
|
7FF556CDD000
|
unkown image
|
page readonly
|
|
|
|
5501000
|
unkown
|
page read and write
|
|
|
|
12D4000
|
heap default
|
page read and write
|
|
|
|
7FF5A6D81000
|
unkown image
|
page readonly
|
|
|
|
1220000
|
unkown
|
page read and write
|
|
|
|
3B31000
|
unkown
|
page read and write
|
|
|
|
11D9000
|
unkown
|
page read and write
|
|
|
|
183F1106000
|
unkown
|
page read and write
|
|
|
|
7DF5BBE10000
|
unkown image
|
page readonly
|
|
|
|
7FF510220000
|
unkown image
|
page readonly
|
|
|
|
127C000
|
unkown
|
page read and write
|
|
|
|
69EEF7F000
|
stack
|
page read and write
|
|
|
|
7FF5565ED000
|
unkown image
|
page readonly
|
|
|
|
32556FE000
|
stack
|
page read and write
|
|
|
|
7DF5F0AF2000
|
unkown image
|
page readonly
|
|
|
|
10BF243C000
|
unkown
|
page read and write
|
|
|
|
20824D95000
|
unkown
|
page read and write
|
|
|
|
2081503C000
|
unkown
|
page read and write
|
|
|
|
A74000
|
unkown image
|
page execute and read and write
|
|
|
|
CB7000
|
unkown image
|
page readonly
|
|
|
|
3BF1000
|
unkown
|
page read and write
|
|
|
|
F10000
|
unkown image
|
page readonly
|
|
|
|
10BF2513000
|
unkown
|
page read and write
|
|
|
|
20824DB9000
|
unkown
|
page read and write
|
|
|
|
7FF510312000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB9C4000
|
unkown image
|
page readonly
|
|
|
|
121D000
|
unkown
|
page read and write
|
|
|
|
208244D3000
|
unkown
|
page read and write
|
|
|
|
3B29000
|
unkown
|
page read and write
|
|
|
|
69EE67E000
|
stack
|
page read and write
|
|
|
|
48BE000
|
stack
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
5341000
|
unkown
|
page read and write
|
|
|
|
898635E000
|
stack
|
page read and write
|
|
|
|
20824A80000
|
unkown image
|
page read and write
|
|
|
|
69EE8FE000
|
stack
|
page read and write
|
|
|
|
132B000
|
unkown
|
page read and write
|
|
|
|
7FF5DB8D3000
|
unkown image
|
page readonly
|
|
|
|
7DF57D630000
|
unkown image
|
page readonly
|
|
|
|
390B000
|
stack
|
page read and write
|
|
|
|
7FF568519000
|
unkown image
|
page readonly
|
|
|
|
137A000
|
unkown
|
page read and write
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
20815053000
|
unkown
|
page read and write
|
|
|
|
7FF51027F000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB9F6000
|
unkown image
|
page readonly
|
|
|
|
20824D88000
|
unkown
|
page read and write
|
|
|
|
1335000
|
unkown
|
page read and write
|
|
|
|
7FF5A6B8B000
|
unkown image
|
page readonly
|
|
|
|
2FBC000
|
unkown
|
page read and write
|
|
|
|
AB827E000
|
stack
|
page read and write
|
|
|
|
20824DA6000
|
unkown
|
page read and write
|
|
|
|
7DF5BBE10000
|
unkown image
|
page readonly
|
|
|
|
3090000
|
unkown
|
page read and write
|
|
|
|
169E000
|
stack
|
page read and write
|
|
|
|
7DF57D620000
|
unkown image
|
page readonly
|
|
|
|
31D0000
|
unkown
|
page read and write
|
|
|
|
7DF5BBE12000
|
unkown image
|
page readonly
|
|
|
|
7F6E0000
|
unkown image
|
page readonly
|
|
|
|
7FF51026A000
|
unkown image
|
page readonly
|
|
|
|
2F56000
|
heap private
|
page read and write
|
|
|
|
3B5A000
|
unkown
|
page read and write
|
|
|
|
89862DB000
|
unkown
|
page read and write
|
|
|
|
20824D81000
|
unkown
|
page read and write
|
|
|
|
20815802000
|
unkown
|
page read and write
|
|
|
|
1236000
|
unkown
|
page read and write
|
|
|
|
7DF56BF10000
|
unkown image
|
page readonly
|
|
|
|
325557C000
|
stack
|
page read and write
|
|
|
|
D50000
|
unkown image
|
page readonly
|
|
|
|
3B37000
|
unkown
|
page read and write
|
|
|
|
7FF5DB823000
|
unkown image
|
page readonly
|
|
|
|
20824D7B000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown image
|
page read and write
|
|
|
|
69EEBF8000
|
stack
|
page read and write
|
|
|
|
7DF56BF02000
|
unkown image
|
page readonly
|
|
|
|
20825202000
|
unkown
|
page read and write
|
|
|
|
20815049000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
1351000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
2082449E000
|
unkown
|
page read and write
|
|
|
|
147D000
|
unkown image
|
page readonly
|
|
|
|
113E000
|
stack
|
page read and write
|
|
|
|
7FF5DBA71000
|
unkown image
|
page readonly
|
|
|
|
11D9000
|
unkown
|
page read and write
|
|
|
|
7FF5DB94F000
|
unkown image
|
page readonly
|
|
|
|
16920A00000
|
unkown
|
page read and write
|
|
|
|
A5C000
|
unkown
|
page read and write
|
|
|
|
7FF5DB780000
|
unkown image
|
page readonly
|
|
|
|
C6B000
|
unkown image
|
page readonly
|
|
|
|
7FF556DD4000
|
unkown image
|
page readonly
|
|
|
|
20824D95000
|
unkown
|
page read and write
|
|
|
|
20824DA2000
|
unkown
|
page read and write
|
|
|
|
1208000
|
unkown
|
page read and write
|
|
|
|
7FF51021E000
|
unkown image
|
page readonly
|
|
|
|
3E90000
|
unkown
|
page read and write
|
|
|
|
3B42000
|
unkown
|
page read and write
|
|
|
|
20825202000
|
unkown
|
page read and write
|
|
|
|
325567B000
|
stack
|
page read and write
|
|
|
|
2082526A000
|
unkown
|
page read and write
|
|
|
|
2F50000
|
heap private
|
page read and write
|
|
|
|
20824D8F000
|
unkown
|
page read and write
|
|
|
|
7FF556DA7000
|
unkown image
|
page readonly
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
7FF556E09000
|
unkown image
|
page readonly
|
|
|
|
20824D85000
|
unkown
|
page read and write
|
|
|
|
137A000
|
unkown
|
page read and write
|
|
|
|
20824D87000
|
unkown
|
page read and write
|
|
|
|
317D000
|
stack
|
page read and write
|
|
|
|
6D621000
|
unkown image
|
page execute read
|
|
|
|
20824A70000
|
unkown
|
page read and write
|
|
|
|
16920A2A000
|
unkown
|
page read and write
|
|
|
|
20825202000
|
unkown
|
page read and write
|
|
|
|
20824516000
|
unkown
|
page read and write
|
|
|
|
20824DB5000
|
unkown
|
page read and write
|
|
|
|
3B3D000
|
unkown
|
page read and write
|
|
|
|
20824DB5000
|
unkown
|
page read and write
|
|
|
|
20815000000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
7FF5A6B33000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB94B000
|
unkown image
|
page readonly
|
|
|
|
7FF5A6865000
|
unkown image
|
page readonly
|
|
|
|
11F8000
|
unkown
|
page read and write
|
|
|
|
3B6B000
|
unkown
|
page read and write
|
|
|
|
3B50000
|
unkown
|
page read and write
|
|
|
|
208241E0000
|
unkown image
|
page read and write
|
|
|
|
4500000
|
unkown
|
page read and write
|
|
|
|
1218000
|
unkown
|
page read and write
|
|
|
|
7DF525392000
|
unkown image
|
page readonly
|
|
|
|
20824DB7000
|
unkown
|
page read and write
|
|
|
|
127C000
|
unkown image
|
page readonly
|
|
|
|
7DF4B9CD0000
|
unkown image
|
page readonly
|
|
|
|
7FF5A6C9B000
|
unkown image
|
page readonly
|
|
|
|
1146000
|
unkown
|
page read and write
|
|
|
|
1279000
|
unkown
|
page read and write
|
|
|
|
FF7A0000
|
unkown image
|
page readonly
|
|
|
|
7F6D2000
|
unkown image
|
page readonly
|
|
|
|
20825220000
|
unkown
|
page read and write
|
|
|
|
7FF50FF97000
|
unkown image
|
page readonly
|
|
|
|
3B4A000
|
unkown
|
page read and write
|
|
|
|
42EE000
|
stack
|
page read and write
|
|
|
|
2F9E000
|
stack
|
page read and write
|
|
|
|
7DF5BBE20000
|
unkown image
|
page readonly
|
|
|
|
C6B000
|
unkown image
|
page readonly
|
|
|
|
7FF556DDA000
|
unkown image
|
page readonly
|
|
|
|
3BC5000
|
unkown
|
page read and write
|
|
|
|
183F1000000
|
unkown
|
page read and write
|
|
|
|
7FF556CF4000
|
unkown image
|
page readonly
|
|
|
|
183F110D000
|
unkown
|
page read and write
|
|
|
|
3EA0000
|
stack
|
page read and write
|
|
|
|
20824D7C000
|
unkown
|
page read and write
|
|
|
|
1242000
|
unkown
|
page read and write
|
|
|
|
20814F80000
|
unkown
|
page read and write
|
|
|
|
7FF5DB888000
|
unkown image
|
page readonly
|
|
|
|
12FE000
|
heap default
|
page read and write
|
|
|
|
7FF5DB1DD000
|
unkown image
|
page readonly
|
|
|
|
2082443C000
|
unkown
|
page read and write
|
|
|
|
1207000
|
unkown
|
page read and write
|
|
|
|
1272000
|
unkown
|
page read and write
|
|
|
|
7FF5A6B8E000
|
unkown image
|
page readonly
|
|
|
|
DA8000
|
unkown image
|
page read and write
|
|
|
|
AB84FA000
|
stack
|
page read and write
|
|
|
|
1364000
|
unkown
|
page read and write
|
|
|
|
DA7000
|
unkown image
|
page write copy
|
|
|
|
6DDF0000
|
unkown image
|
page readonly
|
|
|
|
20824D99000
|
unkown
|
page read and write
|
|
|
|
7FF556C8B000
|
unkown image
|
page readonly
|
|
|
|
7FF556D95000
|
unkown image
|
page readonly
|
|
|
|
5501000
|
unkown
|
page read and write
|
|
|
|
10BF2429000
|
unkown
|
page read and write
|
|
|
|
3A10000
|
unkown
|
page read and write
|
|
|
|
4400000
|
unkown
|
page read and write
|
|
|
|
20824DC6000
|
unkown
|
page read and write
|
|
|
|
7FF5A6CC7000
|
unkown image
|
page readonly
|
|
|
|
7FF556E7A000
|
unkown image
|
page readonly
|
|
|
|
20825203000
|
unkown
|
page read and write
|
|
|
|
1B20000
|
unkown image
|
page readonly
|
|
|
|
7FF5A6D09000
|
unkown image
|
page readonly
|
|
|
|
16920890000
|
unkown image
|
page readonly
|
|
|
|
20824DB2000
|
unkown
|
page read and write
|
|
|
|
7FF5684CC000
|
unkown image
|
page readonly
|
|
|
|
AB857F000
|
stack
|
page read and write
|
|
|
|
7FF556DE4000
|
unkown image
|
page readonly
|
|
|
|
20824D2B000
|
unkown
|
page read and write
|
|
|
|
124B000
|
unkown
|
page read and write
|
|
|
|
7DF5253A0000
|
unkown image
|
page readonly
|
|
|
|
208244C2000
|
unkown
|
page read and write
|
|
|
|
20824230000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB9E8000
|
unkown image
|
page readonly
|
|
|
|
12DB000
|
heap default
|
page read and write
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
3C10000
|
unkown
|
page read and write
|
|
|
|
11BB000
|
heap default
|
page read and write
|
|
|
|
11D3000
|
unkown
|
page read and write
|
|
|
|
3A0F000
|
stack
|
page read and write
|
|
|
|
10BF22A0000
|
unkown image
|
page readonly
|
|
|
|
10BF2450000
|
unkown
|
page read and write
|
|
|
|
2082444A000
|
unkown
|
page read and write
|
|
|
|
5300000
|
unkown
|
page read and write
|
|
|
|
7DF5253B0000
|
unkown image
|
page readonly
|
|
|
|
7FF5A6C90000
|
unkown image
|
page readonly
|
|
|
|
3B20000
|
unkown
|
page read and write
|
|
|
|
7FF556E06000
|
unkown image
|
page readonly
|
|
|
|
20824600000
|
unkown image
|
page readonly
|
|
|
|
183F11E0000
|
unkown image
|
page readonly
|
|
|
|
7FF51030A000
|
unkown image
|
page readonly
|
|
|
|
7F6F0000
|
unkown image
|
page readonly
|
|
|
|
3041000
|
unkown
|
page read and write
|
|
|
|
10BF2508000
|
unkown
|
page read and write
|
|
|
|
131A000
|
unkown
|
page read and write
|
|
|
|
1251000
|
unkown
|
page read and write
|
|
|
|
7DF5F0AF2000
|
unkown image
|
page readonly
|
|
|
|
11DC000
|
unkown
|
page read and write
|
|
|
|
7DF5BBE00000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB7B6000
|
unkown image
|
page readonly
|
|
|
|
16920A4A000
|
unkown
|
page read and write
|
|
|
|
16920A55000
|
unkown
|
page read and write
|
|
|
|
7DF5F0AF0000
|
unkown image
|
page readonly
|
|
|
|
1240000
|
unkown
|
page read and write
|
|
|
|
7FF5DB883000
|
unkown image
|
page readonly
|
|
|
|
2D5F3BA000
|
unkown
|
page read and write
|
|
|
|
138A000
|
unkown
|
page read and write
|
|
|
|
7DF57D630000
|
unkown image
|
page readonly
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
20815002000
|
unkown
|
page read and write
|
|
|
|
7FF5684A5000
|
unkown image
|
page readonly
|
|
|
|
1264000
|
unkown
|
page read and write
|
|
|
|
1278000
|
unkown
|
page read and write
|
|
|
|
11B8000
|
unkown
|
page read and write
|
|
|
|
5241000
|
unkown
|
page read and write
|
|
|
|
2081504E000
|
unkown
|
page read and write
|
|
|
|
20824D82000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
1372000
|
unkown
|
page read and write
|
|
|
|
53C1000
|
unkown
|
page read and write
|
|
|
|
CB7000
|
unkown image
|
page readonly
|
|
|
|
7FF510274000
|
unkown image
|
page readonly
|
|
|
|
3BCA000
|
unkown
|
page read and write
|
|
|
|
121A000
|
unkown
|
page read and write
|
|
|
|
7FF5DB8E4000
|
unkown image
|
page readonly
|
|
|
|
32558F7000
|
stack
|
page read and write
|
|
|
|
7FF5DB95F000
|
unkown image
|
page readonly
|
|
|
|
10BF2455000
|
unkown
|
page read and write
|
|
|
|
147A000
|
unkown image
|
page write copy
|
|
|
|
8986B7F000
|
stack
|
page read and write
|
|
|
|
20824D00000
|
unkown
|
page read and write
|
|
|
|
16920A87000
|
unkown
|
page read and write
|
|
|
|
11D9000
|
unkown
|
page read and write
|
|
|
|
3B10000
|
unkown
|
page read and write
|
|
|
|
2D5F8FD000
|
stack
|
page read and write
|
|
|
|
183F1030000
|
unkown
|
page read and write
|
|
|
|
20815029000
|
unkown
|
page read and write
|
|
|
|
3B20000
|
unkown
|
page read and write
|
|
|
|
7FF5A6CD4000
|
unkown image
|
page readonly
|
|
|
|
1205000
|
unkown
|
page read and write
|
|
|
|
7FF5DB980000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB4F2000
|
unkown image
|
page readonly
|
|
|
|
16920C00000
|
unkown image
|
page readonly
|
|
|
|
2D5F87F000
|
stack
|
page read and write
|
|
|
|
1327000
|
unkown
|
page read and write
|
|
|
|
20824DC6000
|
unkown
|
page read and write
|
|
|
|
DB0000
|
heap default
|
page read and write
|
|
|
|
7FF5A6C95000
|
unkown image
|
page readonly
|
|
|
|
131C000
|
heap default
|
page read and write
|
|
|
|
10BF2290000
|
heap private
|
page read and write
|
|
|
|
10BF2800000
|
unkown image
|
page readonly
|
|
|
|
7DF56BF10000
|
unkown image
|
page readonly
|
|
|
|
16920B13000
|
unkown
|
page read and write
|
|
|
|
7FF556D8E000
|
unkown image
|
page readonly
|
|
|
|
7DF47B4E0000
|
unkown image
|
page readonly
|
|
|
|
A60000
|
unkown image
|
page readonly
|
|
|
|
20824980000
|
unkown image
|
page readonly
|
|
|
|
7DF469DD0000
|
unkown image
|
page readonly
|
|
|
|
7FF5A6D0D000
|
unkown image
|
page readonly
|
|
|
|
CE0000
|
unkown image
|
page readonly
|
|
|
|
7FF5100E1000
|
unkown image
|
page readonly
|
|
|
|
7DF5253B0000
|
unkown image
|
page readonly
|
|
|
|
12B6000
|
heap default
|
page read and write
|
|
|
|
7DF56BF12000
|
unkown image
|
page readonly
|
|
|
|
20824456000
|
unkown
|
page read and write
|
|
|
|
5501000
|
unkown
|
page read and write
|
|
|
|
7DF5BBE00000
|
unkown image
|
page readonly
|
|
|
|
89863DE000
|
stack
|
page read and write
|
|
|
|
1322000
|
heap default
|
page read and write
|
|
|
|
10BF2280000
|
unkown image
|
page read and write
|
|
|
|
476E000
|
stack
|
page read and write
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
477E000
|
stack
|
page read and write
|
|
|
|
7FF5DB45E000
|
unkown image
|
page readonly
|
|
|
|
20825202000
|
unkown
|
page read and write
|
|
|
|
183F1110000
|
unkown
|
page read and write
|
|
|
|
20824DA2000
|
unkown
|
page read and write
|
|
|
|
69EF07F000
|
stack
|
page read and write
|
|
|
|
11EF000
|
unkown
|
page read and write
|
|
|
|
183F1110000
|
unkown
|
page read and write
|
|
|
|
20824453000
|
unkown
|
page read and write
|
|
|
|
1190000
|
heap default
|
page read and write
|
|
|
|
7FF5DB9D4000
|
unkown image
|
page readonly
|
|
|
|
3B25000
|
unkown
|
page read and write
|
|
|
|
1381000
|
unkown
|
page read and write
|
|
|
|
2081504A000
|
unkown
|
page read and write
|
|
|
|
20824450000
|
unkown
|
page read and write
|
|
|
|
FF7C0000
|
unkown image
|
page readonly
|
|
|
|
DA7000
|
unkown image
|
page write copy
|
|
|
|
20825202000
|
unkown
|
page read and write
|
|
|
|
1256000
|
unkown
|
page read and write
|
|
|
|
20824D8F000
|
unkown
|
page read and write
|
|
|
|
1226000
|
unkown
|
page read and write
|
|
|
|
7FF51016D000
|
unkown image
|
page readonly
|
|
|
|
7F6D0000
|
unkown image
|
page readonly
|
|
|
|
3B4B000
|
unkown
|
page read and write
|
|
|
|
F70000
|
heap default
|
page read and write
|
|
|
|
7FF556DEF000
|
unkown image
|
page readonly
|
|
|
|
4401000
|
unkown
|
page read and write
|
|
|
|
11CF000
|
unkown
|
page read and write
|
|
|
|
20824D7B000
|
unkown
|
page read and write
|
|
|
|
20824429000
|
unkown
|
page read and write
|
|
|
|
20814E30000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB2D7000
|
unkown image
|
page readonly
|
|
|
|
F60000
|
unkown
|
page read and write
|
|
|
|
1242000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
20814F60000
|
unkown image
|
page readonly
|
|
|
|
11E2000
|
unkown
|
page read and write
|
|
|
|
7DF5BBE02000
|
unkown image
|
page readonly
|
|
|
|
169209C0000
|
unkown image
|
page readonly
|
|
|
|
20824D77000
|
unkown
|
page read and write
|
|
|
|
8986977000
|
stack
|
page read and write
|
|
|
|
208244E4000
|
unkown
|
page read and write
|
|
|
|
20824D8F000
|
unkown
|
page read and write
|
|
|
|
325515C000
|
unkown
|
page read and write
|
|
|
|
20824D8F000
|
unkown
|
page read and write
|
|
|
|
10BF22C0000
|
unkown image
|
page readonly
|
|
|
|
11DD000
|
unkown
|
page read and write
|
|
|
|
4481000
|
unkown
|
page read and write
|
|
|
|
183F13E0000
|
unkown image
|
page readonly
|
|
|
|
208244D0000
|
unkown
|
page read and write
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
7FF510257000
|
unkown image
|
page readonly
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
179E000
|
stack
|
page read and write
|
|
|
|
3B33000
|
unkown
|
page read and write
|
|
|
|
6D620000
|
unkown image
|
page readonly
|
|
|
|
30E0000
|
unkown
|
page read and write
|
|
|
|
208244EC000
|
unkown
|
page read and write
|
|
|
|
1207000
|
unkown
|
page read and write
|
|
|
|
2FBC000
|
unkown
|
page read and write
|
|
|
|
20824DA2000
|
unkown
|
page read and write
|
|
|
|
A00000
|
unkown image
|
page readonly
|
|
|
|
1262000
|
unkown
|
page read and write
|
|
|
|
32551DE000
|
stack
|
page read and write
|
|
|
|
20824449000
|
unkown
|
page read and write
|
|
|
|
7F5D0000
|
unkown image
|
page readonly
|
|
|
|
16920880000
|
heap private
|
page read and write
|
|
|
|
D87000
|
unkown image
|
page write copy
|
|
|
|
10BF2600000
|
unkown image
|
page readonly
|
|
|
|
3B5A000
|
unkown
|
page read and write
|
|
|
|
10BF244D000
|
unkown
|
page read and write
|
|
|
|
183F1070000
|
unkown image
|
page readonly
|
|
|
|
1240000
|
unkown
|
page read and write
|
|
|
|
20824D8F000
|
unkown
|
page read and write
|
|
|
|
7DF5BBE02000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB97A000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB2D3000
|
unkown image
|
page readonly
|
|
|
|
10BF247D000
|
unkown
|
page read and write
|
|
|
|
7FF5DB985000
|
unkown image
|
page readonly
|
|
|
|
CE0000
|
unkown image
|
page readonly
|
|
|
|
3158000
|
unkown
|
page read and write
|
|
|
|
7FF556C8E000
|
unkown image
|
page readonly
|
|
|
|
9F0000
|
unkown image
|
page read and write
|
|
|
|
183F1120000
|
unkown
|
page read and write
|
|
|
|
7DF525392000
|
unkown image
|
page readonly
|
|
|
|
20824D8B000
|
unkown
|
page read and write
|
|
|
|
20824D73000
|
unkown
|
page read and write
|
|
|
|
7FF510288000
|
unkown image
|
page readonly
|
|
|
|
44C0000
|
unkown
|
page read and write
|
|
|
|
20815200000
|
unkown image
|
page readonly
|
|
|
|
3FF0000
|
heap private
|
page read and write
|
|
|
|
7FF556950000
|
unkown image
|
page readonly
|
|
|
|
7FF568250000
|
unkown image
|
page readonly
|
|
|
|
7FF568592000
|
unkown image
|
page readonly
|
|
|
|
7FF556965000
|
unkown image
|
page readonly
|
|
|
|
10BF22A0000
|
unkown image
|
page readonly
|
|
|
|
183F10EB000
|
heap default
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
7FF5A6A07000
|
unkown image
|
page readonly
|
|
|
|
FF7B0000
|
unkown image
|
page readonly
|
|
|
|
1210000
|
unkown
|
page read and write
|
|
|
|
1260000
|
heap private
|
page read and write
|
|
|
|
1415000
|
unkown image
|
page readonly
|
|
|
|
3B34000
|
unkown
|
page read and write
|
|
|
|
DBB000
|
unkown image
|
page readonly
|
|
|
|
20824D9A000
|
unkown
|
page read and write
|
|
|
|
20824D89000
|
unkown
|
page read and write
|
|
|
|
20824800000
|
unkown image
|
page readonly
|
|
|
|
3B3E000
|
unkown
|
page read and write
|
|
|
|
31D0000
|
unkown
|
page read and write
|
|
|
|
20814E20000
|
heap private
|
page read and write
|
|
|
|
7FF556D9B000
|
unkown image
|
page readonly
|
|
|
|
CDA000
|
unkown image
|
page readonly
|
|
|
|
1225000
|
unkown
|
page read and write
|
|
|
|
20824DA2000
|
unkown
|
page read and write
|
|
|
|
124C000
|
unkown
|
page read and write
|
|
|
|
7FF51024C000
|
unkown image
|
page readonly
|
|
|
|
121D000
|
unkown
|
page read and write
|
|
|
|
183F0EF0000
|
unkown image
|
page readonly
|
|
|
|
1327000
|
unkown
|
page read and write
|
|
|
|
358E000
|
stack
|
page read and write
|
|
|
|
7FF5A6856000
|
unkown image
|
page readonly
|
|
|
|
7FF556BE1000
|
unkown image
|
page readonly
|
|
|
|
10BF246F000
|
unkown
|
page read and write
|
|
|
|
3A6E000
|
stack
|
page read and write
|
|
|
|
1379000
|
heap default
|
page read and write
|
|
|
|
3091000
|
unkown
|
page read and write
|
|
|
|
183F0F10000
|
unkown image
|
page readonly
|
|
|
|
CC7000
|
unkown image
|
page readonly
|
|
|
|
20824D89000
|
unkown
|
page read and write
|
|
|
|
7FF5DB282000
|
unkown image
|
page readonly
|
|
|
|
20824200000
|
unkown image
|
page readonly
|
|
|
|
7FF510225000
|
unkown image
|
page readonly
|
|
|
|
20815080000
|
unkown
|
page read and write
|
|
|
|
7FF556DBF000
|
unkown image
|
page readonly
|
|
|
|
A70000
|
unkown image
|
page readonly
|
|
|
|
7FF5DBA64000
|
unkown image
|
page readonly
|
|
|
|
3040000
|
unkown
|
page read and write
|
|
|
|
208244A5000
|
unkown
|
page read and write
|
|
|
|
7FF567DF3000
|
unkown image
|
page readonly
|
|
|
|
DF0000
|
unkown image
|
page readonly
|
|
|
|
183F1110000
|
unkown
|
page read and write
|
|
|
|
7FF5DB9EE000
|
unkown image
|
page readonly
|
|
|
|
463D000
|
stack
|
page read and write
|
|
|
|
6DA83000
|
unkown image
|
page read and write
|
|
|
|
16920B02000
|
unkown
|
page read and write
|
|
|
|
7FF568508000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB540000
|
unkown image
|
page readonly
|
|
|
|
16920A13000
|
unkown
|
page read and write
|
|
|
|
2F41000
|
unkown
|
page read and write
|
|
|
|
20814E60000
|
unkown image
|
page readonly
|
|
|
|
3158000
|
unkown
|
page read and write
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
3A1E000
|
stack
|
page read and write
|
|
|
|
11DD000
|
unkown
|
page read and write
|
|
|
|
7DF56BF20000
|
unkown image
|
page readonly
|
|
|
|
7FF568591000
|
unkown image
|
page readonly
|
|
|
|
20824DA2000
|
unkown
|
page read and write
|
|
|
|
16920E00000
|
unkown image
|
page readonly
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
7DF57D610000
|
unkown image
|
page readonly
|
|
|
|
D3C000
|
unkown
|
page read and write
|
|
|
|
453F000
|
stack
|
page read and write
|
|
|
|
7FF5DB9AC000
|
unkown image
|
page readonly
|
|
|
|
1251000
|
unkown
|
page read and write
|
|
|
|
7F6D0000
|
unkown image
|
page readonly
|
|
|
|
7FF5A6BFC000
|
unkown image
|
page readonly
|
|
|
|
1251000
|
unkown
|
page read and write
|
|
|
|
138B000
|
unkown
|
page read and write
|
|
|
|
C6A000
|
unkown image
|
page execute and read and write
|
|
|
|
20824330000
|
unkown image
|
page readonly
|
|
|
|
69EEAFE000
|
stack
|
page read and write
|
|
|
|
16920B00000
|
unkown
|
page read and write
|
|
|
|
69EE37C000
|
unkown
|
page read and write
|
|
|
|
16920F80000
|
unkown image
|
page readonly
|
|
|
|
5440000
|
unkown
|
page read and write
|
|
|
|
7DF5F0B00000
|
unkown image
|
page readonly
|
|
|
|
32557FE000
|
stack
|
page read and write
|
|
|
|
11E7000
|
unkown
|
page read and write
|
|
|
|
3247000
|
unkown
|
page read and write
|
|
|
|
6DDF0000
|
unkown image
|
page readonly
|
|
|
|
20815052000
|
unkown
|
page read and write
|
|
|
|
11E8000
|
unkown
|
page read and write
|
|
|
|
121A000
|
unkown
|
page read and write
|
|
|
|
126C000
|
unkown
|
page read and write
|
|
|
|
7FF5DB595000
|
unkown image
|
page readonly
|
|
|
|
7FF556C33000
|
unkown image
|
page readonly
|
|
|
|
5501000
|
unkown
|
page read and write
|
|
|
|
7F6D2000
|
unkown image
|
page readonly
|
|
|
|
20824457000
|
unkown
|
page read and write
|
|
|
|
117E000
|
stack
|
page read and write
|
|
|
|
11D9000
|
unkown
|
page read and write
|
|
|
|
69EEC7F000
|
stack
|
page read and write
|
|
|
|
7FF5A6CBC000
|
unkown image
|
page readonly
|
|
|
|
3BDB000
|
unkown
|
page read and write
|
|
|
|
5A36000
|
unkown
|
page read and write
|
|
|
|
7FF5DB9B7000
|
unkown image
|
page readonly
|
|
|
|
D40000
|
unkown image
|
page readonly
|
|
|
|
7FF5100C3000
|
unkown image
|
page readonly
|
|
|
|
1240000
|
unkown
|
page read and write
|
|
|
|
6D620000
|
unkown image
|
page readonly
|
|
|
|
20824D98000
|
unkown
|
page read and write
|
|
|
|
3BB9000
|
unkown
|
page read and write
|
|
|
|
2082445D000
|
unkown
|
page read and write
|
|
|
|
1280000
|
unkown image
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
169209E0000
|
unkown
|
page read and write
|
|
|
|
1290000
|
unkown image
|
page readonly
|
|
|
|
20824A70000
|
unkown
|
page read and write
|
|
|
|
2FD0000
|
unkown
|
page read and write
|
|
|
|
FF6A0000
|
unkown image
|
page readonly
|
|
|
|
20824D8C000
|
unkown
|
page read and write
|
|
|
|
3D73000
|
unkown
|
page read and write
|
|
|
|
7FF5684EA000
|
unkown image
|
page readonly
|
|
|
|
35CE000
|
stack
|
page read and write
|
|
|
|
7FF5A6BDD000
|
unkown image
|
page readonly
|
|
|
|
7FF556E0D000
|
unkown image
|
page readonly
|
|
|
|
CC0000
|
unkown image
|
page read and write
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
7FF510071000
|
unkown image
|
page readonly
|
|
|
|
5640000
|
unkown
|
page read and write
|
|
|
|
10BF2413000
|
unkown
|
page read and write
|
|
|
|
32559FE000
|
stack
|
page read and write
|
|
|
|
3BEE000
|
unkown
|
page read and write
|
|
|
|
20825202000
|
unkown
|
page read and write
|
|
|
|
7FF5A6BF4000
|
unkown image
|
page readonly
|
|
|
|
1354000
|
unkown
|
page read and write
|
|
|
|
FF7A2000
|
unkown image
|
page readonly
|
|
|
|
7FF5684F4000
|
unkown image
|
page readonly
|
|
|
|
7FF510173000
|
unkown image
|
page readonly
|
|
|
|
7F6E0000
|
unkown image
|
page readonly
|
|
|
|
169208B0000
|
unkown image
|
page readonly
|
|
|
|
1251000
|
unkown
|
page read and write
|
|
|
|
20824D99000
|
unkown
|
page read and write
|
|
|
|
1320000
|
heap default
|
page read and write
|
|
|
|
7FF5A6D82000
|
unkown image
|
page readonly
|
|
|
|
20825202000
|
unkown
|
page read and write
|
|
|
|
7FF5DB775000
|
unkown image
|
page readonly
|
|
|
|
7FF5684CF000
|
unkown image
|
page readonly
|
|
|
|
7DF56BF02000
|
unkown image
|
page readonly
|
|
|
|
20824D1E000
|
unkown
|
page read and write
|
|
|
|
5480000
|
unkown
|
page read and write
|
|
|
|
3B3F000
|
unkown
|
page read and write
|
|
|
|
7FF5A6CBF000
|
unkown image
|
page readonly
|
|
|
|
3F7E000
|
stack
|
page read and write
|
|
|
|
20824D8D000
|
unkown
|
page read and write
|
|
|
|
7DF4EE9C0000
|
unkown image
|
page readonly
|
|
|
|
129A000
|
heap default
|
page read and write
|
|
|
|
7FF51029D000
|
unkown image
|
page readonly
|
|
|
|
69EE9F7000
|
stack
|
page read and write
|
|
|
|
5441000
|
unkown
|
page read and write
|
|
|
|
20824451000
|
unkown
|
page read and write
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
125A000
|
unkown
|
page read and write
|
|
|
|
20824508000
|
unkown
|
page read and write
|
|
|
|
1415000
|
unkown image
|
page readonly
|
|
|
|
3B64000
|
unkown
|
page read and write
|
|
|
|
7FF5DB87E000
|
unkown image
|
page readonly
|
|
|
|
7FF5684D8000
|
unkown image
|
page readonly
|
|
|
|
7FF556DC7000
|
unkown image
|
page readonly
|
|
|
|
7FF51020A000
|
unkown image
|
page readonly
|
|
|
|
1476000
|
unkown image
|
page read and write
|
|
|
|
1270000
|
unkown image
|
page read and write
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
F0C000
|
unkown
|
page read and write
|
|
|
|
F75000
|
heap default
|
page read and write
|
|
|
|
1251000
|
unkown
|
page read and write
|
|
|
|
127E000
|
unkown
|
page read and write
|
|
|
|
7FF56850E000
|
unkown image
|
page readonly
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
10BF248A000
|
unkown
|
page read and write
|
|
|
|
1351000
|
unkown
|
page read and write
|
|
|
|
7FF510296000
|
unkown image
|
page readonly
|
|
|
|
1291000
|
unkown image
|
page execute read
|
|
|
|
20825202000
|
unkown
|
page read and write
|
|
|
|
3B4B000
|
unkown
|
page read and write
|
|
|
|
2082444B000
|
unkown
|
page read and write
|
|
|
|
898687F000
|
stack
|
page read and write
|
|
|
|
10BF2500000
|
unkown
|
page read and write
|
|
|
|
20824D89000
|
unkown
|
page read and write
|
|
|
|
7DF5F0B00000
|
unkown image
|
page readonly
|
|
|
|
1240000
|
unkown
|
page read and write
|
|
|
|
31BD000
|
stack
|
page read and write
|
|
|
|
20824D7B000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
7FF5DB861000
|
unkown image
|
page readonly
|
|
|
|
20824D8F000
|
unkown
|
page read and write
|
|
|
|
7FF510304000
|
unkown image
|
page readonly
|
|
|
|
1290000
|
unkown image
|
page readonly
|
|
|
|
7FF5A6C8A000
|
unkown image
|
page readonly
|
|
|
|
3B4A000
|
unkown
|
page read and write
|
|
|
|
183F10F6000
|
heap default
|
page read and write
|
|
|
|
CC7000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB9DF000
|
unkown image
|
page readonly
|
|
|
|
7FF568584000
|
unkown image
|
page readonly
|
|
|
|
7FF556CFC000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB997000
|
unkown image
|
page readonly
|
|
|
|
121E000
|
unkown
|
page read and write
|
|
|
|
7DF5F0B10000
|
unkown image
|
page readonly
|
|
|
|
FF7B2000
|
unkown image
|
page readonly
|
|
|
|
380D000
|
stack
|
page read and write
|
|
|
|
20824370000
|
unkown image
|
page readonly
|
|
|
|
443F000
|
stack
|
page read and write
|
|
|
|
30E0000
|
unkown
|
page read and write
|
|
|
|
7FF556956000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB97E000
|
unkown image
|
page readonly
|
|
|
|
4840000
|
unkown
|
page read and write
|
|
|
|
35D0000
|
heap private
|
page read and write
|
|
|
|
20824D9D000
|
unkown
|
page read and write
|
|
|
|
31C0000
|
heap private
|
page read and write
|
|
|
|
1354000
|
unkown
|
page read and write
|
|
|
|
7FF556DFE000
|
unkown image
|
page readonly
|
|
|
|
69EE877000
|
stack
|
page read and write
|
|
|
|
20824D8F000
|
unkown
|
page read and write
|
|
|
|
A71000
|
unkown image
|
page execute and read and write
|
|
|
|
7FF5DB7B4000
|
unkown image
|
page readonly
|
|
|
|
1200000
|
unkown image
|
page readonly
|
|
|
|
20814E50000
|
unkown image
|
page readonly
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
7FF5684E4000
|
unkown image
|
page readonly
|
|
|
|
7FF556D90000
|
unkown image
|
page readonly
|
|
|
|
1349000
|
heap default
|
page read and write
|
|
|
|
6DA9B000
|
unkown image
|
page readonly
|
|
|
|
A71000
|
unkown image
|
page execute and write copy
|
|
|
|
3B27000
|
unkown
|
page read and write
|
|
|
|
20824DB9000
|
unkown
|
page read and write
|
|
|
|
183F1020000
|
heap private
|
page read and write
|
|
|
|
473A000
|
stack
|
page read and write
|
|
|
|
20824D79000
|
unkown
|
page read and write
|
|
|
|
3B4D000
|
unkown
|
page read and write
|
|
|
|
183F111F000
|
unkown
|
page read and write
|
|
|
|
8986A7F000
|
stack
|
page read and write
|
|
|
|
20824DB2000
|
unkown
|
page read and write
|
|
|
|
2D5F67F000
|
stack
|
page read and write
|
|
|
|
20824D83000
|
unkown
|
page read and write
|
|
|
|
7FF510311000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB82A000
|
unkown image
|
page readonly
|
|
|
|
7FF5A6850000
|
unkown image
|
page readonly
|
|
|
|
20824D77000
|
unkown
|
page read and write
|
|
|
|
1363000
|
unkown
|
page read and write
|
|
|
|
7DF5253A2000
|
unkown image
|
page readonly
|
|
|
|
3B63000
|
unkown
|
page read and write
|
|
|
|
7DF57D610000
|
unkown image
|
page readonly
|
|
|
|
20824400000
|
unkown
|
page read and write
|
|
|
|
20824D77000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
20824D8F000
|
unkown
|
page read and write
|
|
|
|
7FF5A6AE1000
|
unkown image
|
page readonly
|
|
|
|
7FF51022B000
|
unkown image
|
page readonly
|
|
|
|
D87000
|
unkown image
|
page write copy
|
|
|
|
183F110D000
|
unkown
|
page read and write
|
|
|
|
7DF5253A0000
|
unkown image
|
page readonly
|
|
|
|
20824DC3000
|
unkown
|
page read and write
|
|
|
|
3B61000
|
unkown
|
page read and write
|
|
|
|
1363000
|
unkown
|
page read and write
|
|
|
|
183F10F1000
|
unkown
|
page read and write
|
|
|
|
A70000
|
unkown image
|
page readonly
|
|
|
|
11FF000
|
unkown
|
page read and write
|
|
|
|
5501000
|
unkown
|
page read and write
|
|
|
|
7FF5A6B71000
|
unkown image
|
page readonly
|
|
|
|
10BF2C02000
|
unkown
|
page read and write
|
|
|
|
7FF510237000
|
unkown image
|
page readonly
|
|
|
|
1279000
|
unkown
|
page read and write
|
|
|
|
127F000
|
unkown image
|
page readonly
|
|
|
|
1373000
|
heap default
|
page read and write
|
|
|
|
FF7C0000
|
unkown image
|
page readonly
|
|
|
|
1230000
|
unkown image
|
page readonly
|
|
|
|
7FF5A6CA7000
|
unkown image
|
page readonly
|
|
|
|
7FF5DBA72000
|
unkown image
|
page readonly
|
|
|
|
2FF0000
|
heap private
|
page read and write
|
|
|
|
FF7B2000
|
unkown image
|
page readonly
|
|
|
|
147D000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB920000
|
unkown image
|
page readonly
|
|
|
|
2D5F7FA000
|
stack
|
page read and write
|
|
|
|
7FF56858A000
|
unkown image
|
page readonly
|
|
|
|
F12000
|
unkown
|
page read and write
|
|
|
|
120B000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
7FF50FDE6000
|
unkown image
|
page readonly
|
|
|
|
19F0000
|
unkown image
|
page readonly
|
|
|
|
20824D92000
|
unkown
|
page read and write
|
|
|
|
7FF556C51000
|
unkown image
|
page readonly
|
|
|
|
FF7B0000
|
unkown image
|
page readonly
|
|
|
|
124E000
|
unkown
|
page read and write
|
|
|
|
16920870000
|
unkown image
|
page read and write
|
|
|
|
5A26000
|
unkown
|
page read and write
|
|
|
|
7FF5DB1D7000
|
unkown image
|
page readonly
|
|
|
|
7FF50FFD0000
|
unkown image
|
page readonly
|
|
|
|
20815108000
|
unkown
|
page read and write
|
|
|
|
7FF5684AB000
|
unkown image
|
page readonly
|
|
|
|
7FF50FDE0000
|
unkown image
|
page readonly
|
|
|
|
20824200000
|
unkown image
|
page readonly
|
|
|
|
7FF5565E7000
|
unkown image
|
page readonly
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
7DF57D612000
|
unkown image
|
page readonly
|
|
|
|
6DA80000
|
unkown image
|
page write copy
|
|
|
|
7F6F0000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB87B000
|
unkown image
|
page readonly
|
|
|
|
7FF556E82000
|
unkown image
|
page readonly
|
|
|
|
1321000
|
unkown
|
page read and write
|
|
|
|
20824D72000
|
unkown
|
page read and write
|
|
|
|
31D4000
|
unkown
|
page read and write
|
|
|
|
89867FB000
|
stack
|
page read and write
|
|
|
|
7FF5DB9F9000
|
unkown image
|
page readonly
|
|
|
|
20824D95000
|
unkown
|
page read and write
|
|
|
|
208244CA000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
7FF5A6C7A000
|
unkown image
|
page readonly
|
|
|
|
20815070000
|
unkown
|
page read and write
|
|
|
|
20824A70000
|
unkown
|
page read and write
|
|
|
|
3FBD000
|
stack
|
page read and write
|
|
|
|
5501000
|
unkown
|
page read and write
|
|
|
|
31D0000
|
unkown
|
page read and write
|
|
|
|
131F000
|
unkown
|
page read and write
|
|
|
|
5957000
|
unkown
|
page read and write
|
|
|
|
4A5F000
|
stack
|
page read and write
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
7FF5A6CE4000
|
unkown image
|
page readonly
|
|
|
|
3A70000
|
heap private
|
page read and write
|
|
|
|
7FF5DB96A000
|
unkown image
|
page readonly
|
|
|
|
2D5F6FF000
|
stack
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
7FF51021A000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB6F7000
|
unkown image
|
page readonly
|
|
|
|
20824D7D000
|
unkown
|
page read and write
|
|
|
|
7FF5684A0000
|
unkown image
|
page readonly
|
|
|
|
7DF56BF00000
|
unkown image
|
page readonly
|
|
|
|
A00000
|
unkown image
|
page readonly
|
|
|
|
10FA000
|
unkown
|
page read and write
|
|
|
|
342C000
|
stack
|
page read and write
|
|
|
|
7FF556D7A000
|
unkown image
|
page readonly
|
|
|
|
49BE000
|
stack
|
page read and write
|
|
|
|
6DA9A000
|
unkown image
|
page read and write
|
|
|
|
20814E80000
|
heap default
|
page read and write
|
|
|
|
1222000
|
unkown
|
page read and write
|
|
|
|
3BE9000
|
unkown
|
page read and write
|
|
|
|
5230000
|
heap private
|
page read and write
|
|
|
|
7FF556CE3000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB4E2000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB933000
|
unkown image
|
page readonly
|
|
|
|
20815100000
|
unkown
|
page read and write
|
|
|
|
DAA000
|
unkown image
|
page write copy
|
|
|
|
20825202000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
127D000
|
unkown image
|
page read and write
|
|
|
|
3BDB000
|
unkown
|
page read and write
|
|
|
|
3BCA000
|
unkown
|
page read and write
|
|
|
|
183F1025000
|
heap private
|
page read and write
|
|
|
|
16920A4D000
|
unkown
|
page read and write
|
|
|
|
20825263000
|
unkown
|
page read and write
|
|
|
|
20824D98000
|
unkown
|
page read and write
|
|
|
|
5501000
|
unkown
|
page read and write
|
|
|
|
2FBC000
|
unkown
|
page read and write
|
|
|
|
1284000
|
unkown
|
page read and write
|
|
|
|
1207000
|
unkown
|
page read and write
|
|
|
|
20824D98000
|
unkown
|
page read and write
|
|
|
|
2F40000
|
unkown
|
page read and write
|
|
|
|
3B11000
|
unkown
|
page read and write
|
|
|
|
20824D94000
|
unkown
|
page read and write
|
|
|
|
AB82FE000
|
stack
|
page read and write
|
|
|
|
3BED000
|
unkown
|
page read and write
|
|
|
|
3BE9000
|
unkown
|
page read and write
|
|
|
|
3B2E000
|
unkown
|
page read and write
|
|
|
|
1476000
|
unkown image
|
page write copy
|
|
|
|
20815113000
|
unkown
|
page read and write
|
|
|
|
54C0000
|
unkown
|
page read and write
|
|
|
|
1351000
|
unkown
|
page read and write
|
|
|
|
10BF23F0000
|
unkown
|
page read and write
|
|
|
|
137D000
|
heap default
|
page read and write
|
|
|
|
20824D8B000
|
unkown
|
page read and write
|
|
|
|
183F0EF0000
|
unkown image
|
page readonly
|
|
|
|
1240000
|
unkown
|
page read and write
|
|
|
|
208244BA000
|
unkown
|
page read and write
|
|
|
|
7FF50FDF5000
|
unkown image
|
page readonly
|
|
|
|
20824220000
|
unkown image
|
page readonly
|
|
|
|
1241000
|
unkown
|
page read and write
|
|
|
|
7FF5A6B51000
|
unkown image
|
page readonly
|
|
|
|
10BF244A000
|
unkown
|
page read and write
|
|
|
|
7FF51024F000
|
unkown image
|
page readonly
|
|
|
|
2082444C000
|
unkown
|
page read and write
|
|
|
|
7FF5DB746000
|
unkown image
|
page readonly
|
|
|
|
20824413000
|
unkown
|
page read and write
|
|
|
|
1348000
|
unkown
|
page read and write
|
|
|
|
59CA000
|
unkown
|
page read and write
|
|
|
|
D97000
|
unkown image
|
page write copy
|
|
|
|
487F000
|
stack
|
page read and write
|
|
|
|
1200000
|
unkown
|
page read and write
|
|
|
|
1336000
|
unkown
|
page read and write
|
|
|
|
2F63000
|
unkown
|
page read and write
|
|
|
|
20824D9A000
|
unkown
|
page read and write
|
|
|
|
7FF5A6D7A000
|
unkown image
|
page readonly
|
|
|
|
20824D77000
|
unkown
|
page read and write
|
|
|
|
7F6E2000
|
unkown image
|
page readonly
|
|
|
|
7FF51011E000
|
unkown image
|
page readonly
|
|
|
|
1351000
|
unkown
|
page read and write
|
|
|
|
3B22000
|
unkown
|
page read and write
|
|
|
|
7DF56BF00000
|
unkown image
|
page readonly
|
|
|
|
53C0000
|
unkown
|
page read and write
|
|
|
|
20815102000
|
unkown
|
page read and write
|
|
|
|
7FF5A6CDA000
|
unkown image
|
page readonly
|
|
|
|
CDA000
|
unkown image
|
page readonly
|
|
|
|
3B51000
|
unkown
|
page read and write
|
|
|
|
3B1F000
|
unkown
|
page read and write
|
|
|
|
69EE3FE000
|
stack
|
page read and write
|
|
|
|
432E000
|
stack
|
page read and write
|
|
|
|
7FF5A6CF8000
|
unkown image
|
page readonly
|
|
|
|
19E0000
|
unkown image
|
page readonly
|
|
|
|
10BF23D0000
|
unkown image
|
page readonly
|
|
|
|
4540000
|
unkown
|
page read and write
|
|
|
|
2081508B000
|
unkown
|
page read and write
|
|
|
|
7DF423260000
|
unkown image
|
page readonly
|
|
|
|
7F6E2000
|
unkown image
|
page readonly
|
|
|
|
20824D7B000
|
unkown
|
page read and write
|
|
|
|
7FF5DB4EE000
|
unkown image
|
page readonly
|
|
|
|
2F64000
|
unkown
|
page read and write
|
|
|
|
7FF556E74000
|
unkown image
|
page readonly
|
|
|
|
3BC4000
|
unkown
|
page read and write
|
|
|
|
2D5F779000
|
stack
|
page read and write
|
|
|
|
7FF556B40000
|
unkown image
|
page readonly
|
|
|
|
5BBE000
|
unkown
|
page read and write
|
|
|
|
1227000
|
unkown
|
page read and write
|
|
|
|
494F000
|
stack
|
page read and write
|
|
|
|
1271000
|
unkown image
|
page execute read
|
|
|
|
7FF5A6BE3000
|
unkown image
|
page readonly
|
|
|
|
2082448C000
|
unkown
|
page read and write
|
|
|
|
7FF51020C000
|
unkown image
|
page readonly
|
|
|
|
5501000
|
unkown
|
page read and write
|
|
|
|
169208C0000
|
unkown image
|
page readonly
|
|
|
|
20815013000
|
unkown
|
page read and write
|
|
|
|
7FF5DB8CD000
|
unkown image
|
page readonly
|
|
|
|
134E000
|
heap default
|
page read and write
|
|
|
|
1388000
|
heap default
|
page read and write
|
|
|
|
20824D91000
|
unkown
|
page read and write
|
|
|
|
7FF5DBA6A000
|
unkown image
|
page readonly
|
|
|
|
20824D7E000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
7FF556DBC000
|
unkown image
|
page readonly
|
|
|
|
54C1000
|
unkown
|
page read and write
|
|
|
|
10BF22D0000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB8EC000
|
unkown image
|
page readonly
|
|
|
|
20824D8C000
|
unkown
|
page read and write
|
|
|
|
5340000
|
unkown
|
page read and write
|
|
|
|
3A10000
|
unkown
|
page read and write
|
|
|
|
7DF5F0AF0000
|
unkown image
|
page readonly
|
|
|
|
183F10E0000
|
heap default
|
page read and write
|
|
|
|
20824513000
|
unkown
|
page read and write
|
|
|
|
7DF57D612000
|
unkown image
|
page readonly
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
183F1560000
|
unkown image
|
page readonly
|
|
|
|
124B000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
7FF510184000
|
unkown image
|
page readonly
|
|
|
|
20824D8F000
|
unkown
|
page read and write
|
|
|
|
7FF51028E000
|
unkown image
|
page readonly
|
|
|
|
137E000
|
unkown
|
page read and write
|
|
|
|
7FF5DB98B000
|
unkown image
|
page readonly
|
|
|
|
20824250000
|
heap default
|
page read and write
|
|
|
|
7FF51018C000
|
unkown image
|
page readonly
|
|
|
|
7FF50FA7D000
|
unkown image
|
page readonly
|
|
|
|
20824DA2000
|
unkown
|
page read and write
|
|
|
|
2082444E000
|
unkown
|
page read and write
|
|
|
|
20824350000
|
unkown
|
page read and write
|
|
|
|
4580000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
89866FB000
|
stack
|
page read and write
|
|
|
|
DB9000
|
unkown image
|
page read and write
|
|
|
|
A70000
|
unkown image
|
page readonly
|
|
|
|
2082444F000
|
unkown
|
page read and write
|
|
|
|
7DF5F0B10000
|
unkown image
|
page readonly
|
|
|
|
7FF556E81000
|
unkown image
|
page readonly
|
|
|
|
125A000
|
unkown
|
page read and write
|
|
|
|
7FF5A6A40000
|
unkown image
|
page readonly
|
|
|
|
20825203000
|
unkown
|
page read and write
|
|
|
|
183F110D000
|
unkown
|
page read and write
|
|
|
|
7FF5A6D06000
|
unkown image
|
page readonly
|
|
|
|
4501000
|
unkown
|
page read and write
|
|
|
|
16920A3C000
|
unkown
|
page read and write
|
|
|
|
3BEF000
|
unkown
|
page read and write
|
|
|
|
6D995000
|
unkown image
|
page readonly
|
|
|
|
208241F0000
|
heap private
|
page read and write
|
|
|
|
20824D87000
|
unkown
|
page read and write
|
|
|
|
16920A7A000
|
unkown
|
page read and write
|
|
|
|
7FF5DB73B000
|
unkown image
|
page readonly
|
|
|
|
11EE000
|
unkown
|
page read and write
|
|
|
|
20824DA3000
|
unkown
|
page read and write
|
|
|
|
F0E000
|
unkown
|
page read and write
|
|
|
|
3BA9000
|
unkown
|
page read and write
|
|
|
|
6FA20000
|
unkown image
|
page readonly
|
|
|
|
7FF5A6CFE000
|
unkown image
|
page readonly
|
|
|
|
169208E0000
|
heap default
|
page read and write
|
|
|
|
1240000
|
unkown
|
page read and write
|
|
|
|
39C8000
|
heap private
|
page read and write
|
|
|
|
AB8677000
|
stack
|
page read and write
|
|
|
|
69EEE7C000
|
stack
|
page read and write
|
|
|
|
5501000
|
unkown
|
page read and write
|
|
|
|
4380000
|
unkown
|
page read and write
|
|
|
|
20824454000
|
unkown
|
page read and write
|
|
|
|
2F41000
|
unkown
|
page read and write
|
|
|
|
20824D5E000
|
unkown
|
page read and write
|
|
|
|
4840000
|
unkown
|
page read and write
|
|
|
|
3B26000
|
unkown
|
page read and write
|
|
|
|
10BF22F0000
|
heap default
|
page read and write
|
|
|
|
DBB000
|
unkown image
|
page readonly
|
|
|
|
7FF51011B000
|
unkown image
|
page readonly
|
|
|
|
1334000
|
heap default
|
page read and write
|
|
|
|
6DA96000
|
unkown image
|
page read and write
|
|
|
|
20815057000
|
unkown
|
page read and write
|
|
|
|
138B000
|
unkown
|
page read and write
|
|
|
|
11FA000
|
unkown
|
page read and write
|
|
|
|
7FF556B07000
|
unkown image
|
page readonly
|
|
|
|
5380000
|
unkown
|
page read and write
|
|
|
|
20814E10000
|
unkown image
|
page read and write
|
|
|
|
20824DA2000
|
unkown
|
page read and write
|
|
|
|
7FF56851D000
|
unkown image
|
page readonly
|
|
|
|
127A000
|
unkown
|
page read and write
|
|
|
|
7FF5DB9CA000
|
unkown image
|
page readonly
|
|
|
|
7FF5A6CEF000
|
unkown image
|
page readonly
|
|
|
|
3B4D000
|
unkown
|
page read and write
|
|
|
|
7DF56BF20000
|
unkown image
|
page readonly
|
|
|
|
7DF5F0B02000
|
unkown image
|
page readonly
|
|
|
|
20824D84000
|
unkown
|
page read and write
|
|
|
|
7FF5DB555000
|
unkown image
|
page readonly
|
|
|
|
1290000
|
heap default
|
page read and write
|
|
|
|
20824D9D000
|
unkown
|
page read and write
|
|
|
|
D3D000
|
unkown image
|
page readonly
|
|
|
|
7FF556DF8000
|
unkown image
|
page readonly
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
1250000
|
unkown
|
page read and write
|
|
|
|
7FF5DB922000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB96C000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB954000
|
unkown image
|
page readonly
|
|
|
|
1222000
|
unkown
|
page read and write
|
|
|
|
A7F000
|
unkown image
|
page execute and write copy
|
|
|
|
1275000
|
unkown
|
page read and write
|
|
|
|
183F1107000
|
unkown
|
page read and write
|
|
|
|
7FF510299000
|
unkown image
|
page readonly
|
|
|
|
138B000
|
unkown
|
page read and write
|
|
|
|
20825200000
|
unkown
|
page read and write
|
|
|
|
3041000
|
unkown
|
page read and write
|
|
|
|
30FE000
|
stack
|
page read and write
|
|
|
|
7DF56BF12000
|
unkown image
|
page readonly
|
|
|
|
7FF5A6C8E000
|
unkown image
|
page readonly
|
|
|
|
20814E30000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB7D1000
|
unkown image
|
page readonly
|
|
|
|
1860000
|
unkown image
|
page readonly
|
|
|
|
5969000
|
unkown
|
page read and write
|
|
|
|
208244FB000
|
unkown
|
page read and write
|
|
|
|
20824502000
|
unkown
|
page read and write
|
|
|
|
1291000
|
unkown image
|
page execute read
|
|
|
|
352B000
|
stack
|
page read and write
|
|
|
|
20824D93000
|
unkown
|
page read and write
|
|
|
|
10BF2502000
|
unkown
|
page read and write
|
|
|
|
1290000
|
unkown image
|
page readonly
|
|
|
|
7FF556D8A000
|
unkown image
|
page readonly
|
|
|
|
124E000
|
unkown
|
page read and write
|
|
|
|
20824C02000
|
unkown
|
page read and write
|
|
|
|
D97000
|
unkown image
|
page write copy
|
|
|
|
5501000
|
unkown
|
page read and write
|
|
|
|
7FF5A63AE000
|
unkown image
|
page readonly
|
|
|
|
138E000
|
unkown
|
page read and write
|
|
|
|
20815580000
|
unkown image
|
page readonly
|
|
|
|
52C0000
|
unkown
|
page read and write
|
|
|
|
59CC000
|
unkown
|
page read and write
|
|
|
|
7DF57D622000
|
unkown image
|
page readonly
|
|
|
|
2FA0000
|
unkown
|
page read and write
|
|
|
|
7FF556D7C000
|
unkown image
|
page readonly
|
|
|
|
3B50000
|
unkown
|
page read and write
|
|
|
|
AB887F000
|
stack
|
page read and write
|
|
|
|
20815400000
|
unkown image
|
page readonly
|
|
|
|
A76000
|
unkown image
|
page execute and read and write
|
|
|
|
20824D84000
|
unkown
|
page read and write
|
|
|
|
1251000
|
unkown
|
page read and write
|
|
|
|
7DF57D622000
|
unkown image
|
page readonly
|
|
|
|
1264000
|
unkown
|
page read and write
|
|
|
|
11E1000
|
unkown
|
page read and write
|
|
|
|
1251000
|
unkown
|
page read and write
|
|
|
|
7FF567DF7000
|
unkown image
|
page readonly
|
|
|
|
1660000
|
unkown image
|
page readonly
|
|
|
|
2FB0000
|
unkown image
|
page readonly
|
|
|
|
17A0000
|
unkown image
|
page readonly
|
|
|
|
7FF5DB597000
|
unkown image
|
page readonly
|
|
|
|
FF7A0000
|
unkown image
|
page readonly
|
|
|
|
2082521D000
|
unkown
|
page read and write
|
|
|
|
208243A0000
|
unkown image
|
page write copy
|
|
|
|
16920B08000
|
unkown
|
page read and write
|
|
|
|
7FF5A6C7C000
|
unkown image
|
page readonly
|
|
|
|
4581000
|
unkown
|
page read and write
|
|
|
|
20824D9A000
|
unkown
|
page read and write
|
|
|
|
12C8000
|
heap default
|
page read and write
|
|
|
|
16920A70000
|
unkown
|
page read and write
|
|
|
|
7DF5BBE12000
|
unkown image
|
page readonly
|
|
|
|
124E000
|
unkown
|
page read and write
|
|
|
|
3BF1000
|
unkown
|
page read and write
|
|
|
|
336E000
|
stack
|
page read and write
|
|
|
|
52C1000
|
unkown
|
page read and write
|
|
|
|
3BDC000
|
unkown
|
page read and write
|
|
There are 1061 hidden memdumps, click here to show them.