Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Certificate_of_registration.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Certificate_of_registration.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vbc.exe_2825b1eb36b4aa44d96f8e1ed2caaa682b687d16_521767da_68383f5d-a4e1-485a-893e-15116e2612d2\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vbc.exe_2825b1eb36b4aa44d96f8e1ed2caaa682b687d16_521767da_6d843bd7-742d-4ce3-af3d-0d2880df641e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2493.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Jul 1 13:23:35 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2530.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2570.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3FCC.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Jul 1 13:23:42 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER403A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4079.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Phtos.exe.log
|
CSV text
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Certificate_of_registration.exe
|
"C:\Users\user\Desktop\Certificate_of_registration.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C mkdir "C:\Users\user\AppData\Local\Temp\Phtos"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe'" /f
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe'" /f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C copy "C:\Users\user\Desktop\Certificate_of_registration.exe" "C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe
|
C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C mkdir "C:\Users\user\AppData\Local\Temp\Phtos"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe'" /f
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe'" /f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C copy "C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe" "C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe
|
C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C mkdir "C:\Users\user\AppData\Local\Temp\Phtos"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe'" /f
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe'" /f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C copy "C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe" "C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe
|
C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C mkdir "C:\Users\user\AppData\Local\Temp\Phtos"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe'" /f
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe'" /f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C copy "C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe" "C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe
|
C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C mkdir "C:\Users\user\AppData\Local\Temp\Phtos"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe'" /f
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe'" /f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C copy "C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe" "C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe
|
C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C mkdir "C:\Users\user\AppData\Local\Temp\Phtos"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe'" /f
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe'" /f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C copy "C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe" "C:\Users\user\AppData\Local\Temp\Phtos\Phtos.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 516
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 528
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 46 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
morrrw.ddns.net
|
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
busbuctomorrrw.ddns.net
|
109.248.151.250
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
109.248.151.250
|
busbuctomorrrw.ddns.net
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-Q2SG61
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-Q2SG61
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-Q2SG61
|
time
|
|
|
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
ProgramId
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
FileId
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
LongPathHash
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
Name
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
OriginalFileName
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
Publisher
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
Version
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
BinFileVersion
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
BinaryType
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
ProductName
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
ProductVersion
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
LinkDate
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
BinProductVersion
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
Size
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
Language
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
IsOsComponent
|
||
|
\REGISTRY\A\{dd0f561d-aa9d-6d24-73eb-2b66d5067cc0}\Root\InventoryApplicationFile\vbc.exe|d14eb4b34a786388
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 15 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3E51000
|
trusted library allocation
|
page read and write
|
|
|
|
C67000
|
heap
|
page read and write
|
|
|
|
627000
|
heap
|
page read and write
|
|
|
|
5337000
|
heap
|
page read and write
|
|
|
|
63B000
|
heap
|
page read and write
|
|
|
|
859000
|
remote allocation
|
page readonly
|
|
|
|
51D7000
|
heap
|
page read and write
|
|
|
|
2BEE000
|
unkown
|
page read and write
|
||
|
293D000
|
stack
|
page read and write
|
||
|
1697000
|
trusted library allocation
|
page execute and read and write
|
||
|
1663000
|
trusted library allocation
|
page execute and read and write
|
||
|
148A000
|
heap
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
C8B000
|
trusted library allocation
|
page read and write
|
||
|
26BB000
|
heap
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
3050000
|
trusted library allocation
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
309F000
|
stack
|
page read and write
|
||
|
F45000
|
heap
|
page read and write
|
||
|
57C000
|
stack
|
page read and write
|
||
|
CEE000
|
stack
|
page read and write
|
||
|
2BEB000
|
trusted library allocation
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page read and write
|
||
|
5DF000
|
remote allocation
|
page execute read
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
339E000
|
stack
|
page read and write
|
||
|
1398000
|
heap
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
3611000
|
heap
|
page read and write
|
||
|
22DD000
|
stack
|
page read and write
|
||
|
DAD000
|
heap
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
1530000
|
heap
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
104E000
|
heap
|
page read and write
|
||
|
5740000
|
heap
|
page execute and read and write
|
||
|
3CA6000
|
trusted library allocation
|
page read and write
|
||
|
2660000
|
heap
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
1068000
|
heap
|
page read and write
|
||
|
3B26000
|
trusted library allocation
|
page read and write
|
||
|
1433000
|
heap
|
page read and write
|
||
|
28BE000
|
unkown
|
page read and write
|
||
|
1450000
|
trusted library allocation
|
page read and write
|
||
|
41A1000
|
trusted library allocation
|
page read and write
|
||
|
B1E000
|
stack
|
page read and write
|
||
|
119D000
|
trusted library allocation
|
page execute and read and write
|
||
|
33C5000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
1687000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
5804000
|
trusted library allocation
|
page read and write
|
||
|
26F5000
|
heap
|
page read and write
|
||
|
B72000
|
heap
|
page read and write
|
||
|
1423000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E0F000
|
stack
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
2F9F000
|
unkown
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
35AF000
|
unkown
|
page read and write
|
||
|
50E0000
|
heap
|
page execute and read and write
|
||
|
3120000
|
trusted library allocation
|
page read and write
|
||
|
1190000
|
trusted library allocation
|
page read and write
|
||
|
3050000
|
direct allocation
|
page read and write
|
||
|
105F000
|
stack
|
page read and write
|
||
|
3AAD000
|
trusted library allocation
|
page read and write
|
||
|
2C8E000
|
unkown
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
127E000
|
stack
|
page read and write
|
||
|
2CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
29EB000
|
heap
|
page read and write
|
||
|
29BF000
|
unkown
|
page read and write
|
||
|
2E3D000
|
stack
|
page read and write
|
||
|
4B2E000
|
stack
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page execute and read and write
|
||
|
34AF000
|
stack
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
2B5E000
|
unkown
|
page read and write
|
||
|
6CE000
|
stack
|
page read and write
|
||
|
32F1000
|
heap
|
page read and write
|
||
|
51A0000
|
heap
|
page read and write
|
||
|
168A000
|
trusted library allocation
|
page execute and read and write
|
||
|
371F000
|
unkown
|
page read and write
|
||
|
B9C000
|
stack
|
page read and write
|
||
|
30DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
5880000
|
trusted library allocation
|
page read and write
|
||
|
2DE0000
|
direct allocation
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
1405000
|
heap
|
page read and write
|
||
|
F47000
|
trusted library allocation
|
page execute and read and write
|
||
|
AD0000
|
heap
|
page readonly
|
||
|
47C000
|
stack
|
page read and write
|
||
|
29CE000
|
stack
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
280E000
|
stack
|
page read and write
|
||
|
290E000
|
stack
|
page read and write
|
||
|
348E000
|
unkown
|
page read and write
|
||
|
167D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A42000
|
trusted library allocation
|
page read and write
|
||
|
11C7000
|
stack
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
29CD000
|
stack
|
page read and write
|
||
|
D8B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1087000
|
heap
|
page read and write
|
||
|
DEE000
|
stack
|
page read and write
|
||
|
115E000
|
stack
|
page read and write
|
||
|
2A5E000
|
trusted library allocation
|
page read and write
|
||
|
144A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B7D000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
1265000
|
heap
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
103C000
|
stack
|
page read and write
|
||
|
2CEF000
|
stack
|
page read and write
|
||
|
35FC000
|
heap
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
2F75000
|
heap
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
2BB1000
|
trusted library allocation
|
page read and write
|
||
|
139F000
|
heap
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
B38000
|
unkown
|
page readonly
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
1440000
|
trusted library allocation
|
page read and write
|
||
|
239D000
|
stack
|
page read and write
|
||
|
CFD000
|
stack
|
page read and write
|
||
|
D23000
|
trusted library allocation
|
page execute and read and write
|
||
|
BDC000
|
heap
|
page read and write
|
||
|
2D04000
|
trusted library allocation
|
page read and write
|
||
|
33C4000
|
heap
|
page read and write
|
||
|
32DB000
|
heap
|
page read and write
|
||
|
31A1000
|
trusted library allocation
|
page read and write
|
||
|
11FC000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
D63000
|
heap
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page read and write
|
||
|
308D000
|
stack
|
page read and write
|
||
|
2BA0000
|
heap
|
page execute and read and write
|
||
|
2E87000
|
trusted library allocation
|
page read and write
|
||
|
BBC000
|
heap
|
page read and write
|
||
|
1964000
|
trusted library allocation
|
page read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
35D0000
|
heap
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
1206000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
11AB000
|
trusted library allocation
|
page read and write
|
||
|
318D000
|
stack
|
page read and write
|
||
|
5DB000
|
remote allocation
|
page execute read
|
||
|
210000
|
heap
|
page read and write
|
||
|
34D0000
|
direct allocation
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
46B000
|
remote allocation
|
page execute and read and write
|
||
|
30BE000
|
trusted library allocation
|
page read and write
|
||
|
28BF000
|
unkown
|
page read and write
|
||
|
BCC000
|
stack
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
5D0000
|
remote allocation
|
page execute read
|
||
|
2B00000
|
trusted library allocation
|
page read and write
|
||
|
1193000
|
trusted library allocation
|
page execute and read and write
|
||
|
800000
|
remote allocation
|
page execute and read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
2A01000
|
heap
|
page read and write
|
||
|
3030000
|
trusted library allocation
|
page read and write
|
||
|
2F4F000
|
unkown
|
page read and write
|
||
|
2CDB000
|
heap
|
page read and write
|
||
|
20E000
|
unkown
|
page read and write
|
||
|
142D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1251000
|
heap
|
page read and write
|
||
|
2D2E000
|
unkown
|
page read and write
|
||
|
65BF000
|
stack
|
page read and write
|
||
|
309F000
|
stack
|
page read and write
|
||
|
289A000
|
trusted library allocation
|
page read and write
|
||
|
3034000
|
trusted library allocation
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
424000
|
remote allocation
|
page execute and read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
1195000
|
heap
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
260B000
|
heap
|
page read and write
|
||
|
BAE000
|
stack
|
page read and write
|
||
|
167B000
|
trusted library allocation
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
2CCF000
|
unkown
|
page read and write
|
||
|
D2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
303A000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
143D000
|
heap
|
page read and write
|
||
|
532E000
|
stack
|
page read and write
|
||
|
16B0000
|
trusted library allocation
|
page read and write
|
||
|
2FBB000
|
stack
|
page read and write
|
||
|
23DD000
|
stack
|
page read and write
|
||
|
3123000
|
heap
|
page read and write
|
||
|
2C20000
|
trusted library allocation
|
page read and write
|
||
|
1403000
|
heap
|
page read and write
|
||
|
2DFB000
|
heap
|
page read and write
|
||
|
10CE000
|
stack
|
page read and write
|
||
|
298D000
|
stack
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
30C2000
|
trusted library allocation
|
page read and write
|
||
|
15A0000
|
heap
|
page read and write
|
||
|
2DCC000
|
heap
|
page read and write
|
||
|
2F2E000
|
stack
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
A9C000
|
stack
|
page read and write
|
||
|
1674000
|
trusted library allocation
|
page read and write
|
||
|
32F7000
|
trusted library allocation
|
page read and write
|
||
|
2A62000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
10BE000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
26FD000
|
stack
|
page read and write
|
||
|
7C6000
|
stack
|
page read and write
|
||
|
65BF000
|
stack
|
page read and write
|
||
|
6CC000
|
stack
|
page read and write
|
||
|
2AFF000
|
stack
|
page read and write
|
||
|
3061000
|
trusted library allocation
|
page read and write
|
||
|
5180000
|
heap
|
page read and write
|
||
|
32EE000
|
trusted library allocation
|
page read and write
|
||
|
F5E000
|
stack
|
page read and write
|
||
|
3170000
|
trusted library allocation
|
page execute and read and write
|
||
|
263E000
|
stack
|
page read and write
|
||
|
13FF000
|
stack
|
page read and write
|
||
|
145B000
|
trusted library allocation
|
page execute and read and write
|
||
|
72C000
|
stack
|
page read and write
|
||
|
32FD000
|
stack
|
page read and write
|
||
|
30F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
28CD000
|
stack
|
page read and write
|
||
|
96C000
|
stack
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
33A0000
|
direct allocation
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
51D0000
|
heap
|
page read and write
|
||
|
3107000
|
trusted library allocation
|
page execute and read and write
|
||
|
12FE000
|
stack
|
page read and write
|
||
|
148E000
|
heap
|
page read and write
|
||
|
57F0000
|
heap
|
page execute and read and write
|
||
|
128C000
|
heap
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
318E000
|
stack
|
page read and write
|
||
|
33BC000
|
heap
|
page read and write
|
||
|
166D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
621000
|
remote allocation
|
page execute and read and write
|
||
|
D10000
|
trusted library allocation
|
page read and write
|
||
|
12AD000
|
stack
|
page read and write
|
||
|
339E000
|
unkown
|
page read and write
|
||
|
42F000
|
remote allocation
|
page execute and read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
3520000
|
heap
|
page read and write
|
||
|
30E4000
|
trusted library allocation
|
page read and write
|
||
|
32FD000
|
stack
|
page read and write
|
||
|
310B000
|
trusted library allocation
|
page execute and read and write
|
||
|
467000
|
remote allocation
|
page execute and read and write
|
||
|
2ADE000
|
stack
|
page read and write
|
||
|
BCC000
|
heap
|
page read and write
|
||
|
10CC000
|
stack
|
page read and write
|
||
|
2A3D000
|
stack
|
page read and write
|
||
|
3C2D000
|
trusted library allocation
|
page read and write
|
||
|
143B000
|
trusted library allocation
|
page read and write
|
||
|
5170000
|
heap
|
page read and write
|
||
|
2ECC000
|
heap
|
page read and write
|
||
|
2D0A000
|
trusted library allocation
|
page read and write
|
||
|
17CE000
|
stack
|
page read and write
|
||
|
CAE000
|
stack
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
14AC000
|
heap
|
page read and write
|
||
|
1010000
|
trusted library allocation
|
page read and write
|
||
|
C8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
6EB0000
|
heap
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
29CD000
|
stack
|
page read and write
|
||
|
13E0000
|
trusted library allocation
|
page read and write
|
||
|
1920000
|
trusted library allocation
|
page execute and read and write
|
||
|
D34000
|
trusted library allocation
|
page read and write
|
||
|
51AE000
|
stack
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
23DE000
|
unkown
|
page read and write
|
||
|
310C000
|
heap
|
page read and write
|
||
|
2F9F000
|
unkown
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
1259000
|
heap
|
page read and write
|
||
|
31B2000
|
trusted library allocation
|
page read and write
|
||
|
26D0000
|
heap
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
2890000
|
trusted library allocation
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
2B04000
|
trusted library allocation
|
page read and write
|
||
|
2B9F000
|
stack
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
C7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
335E000
|
unkown
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
28A0000
|
trusted library allocation
|
page read and write
|
||
|
D24000
|
trusted library allocation
|
page read and write
|
||
|
1970000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page readonly
|
||
|
98C000
|
stack
|
page read and write
|
||
|
138A000
|
heap
|
page read and write
|
||
|
22FD000
|
stack
|
page read and write
|
||
|
AF6000
|
stack
|
page read and write
|
||
|
11A4000
|
trusted library allocation
|
page read and write
|
||
|
333E000
|
stack
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
30E0000
|
trusted library allocation
|
page read and write
|
||
|
F57000
|
trusted library allocation
|
page execute and read and write
|
||
|
5891000
|
trusted library allocation
|
page read and write
|
||
|
10E3000
|
heap
|
page read and write
|
||
|
11BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
433D000
|
trusted library allocation
|
page read and write
|
||
|
2F5C000
|
heap
|
page read and write
|
||
|
4A0000
|
heap
|
page readonly
|
||
|
196A000
|
trusted library allocation
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
2E1E000
|
unkown
|
page read and write
|
||
|
29DE000
|
unkown
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
26DC000
|
heap
|
page read and write
|
||
|
1194000
|
trusted library allocation
|
page read and write
|
||
|
4EE000
|
stack
|
page read and write
|
||
|
30D0000
|
trusted library allocation
|
page read and write
|
||
|
3040000
|
heap
|
page execute and read and write
|
||
|
31DB000
|
trusted library allocation
|
page read and write
|
||
|
E3C000
|
stack
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
1434000
|
trusted library allocation
|
page read and write
|
||
|
3BB1000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
2CAE000
|
stack
|
page read and write
|
||
|
2F3D000
|
stack
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
1420000
|
trusted library allocation
|
page read and write
|
||
|
2D10000
|
trusted library allocation
|
page read and write
|
||
|
609000
|
remote allocation
|
page readonly
|
||
|
DEE000
|
stack
|
page read and write
|
||
|
57E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
FFE000
|
stack
|
page read and write
|
||
|
299F000
|
unkown
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
F5B000
|
trusted library allocation
|
page execute and read and write
|
||
|
E40000
|
trusted library allocation
|
page read and write
|
||
|
1115000
|
heap
|
page read and write
|
||
|
30D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
D78000
|
heap
|
page read and write
|
||
|
42B000
|
remote allocation
|
page execute and read and write
|
||
|
283D000
|
stack
|
page read and write
|
||
|
31BF000
|
stack
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
28AB000
|
heap
|
page read and write
|
||
|
DDF000
|
stack
|
page read and write
|
||
|
8EE000
|
stack
|
page read and write
|
||
|
11DE000
|
heap
|
page read and write
|
||
|
144B000
|
heap
|
page read and write
|
||
|
328E000
|
stack
|
page read and write
|
||
|
1457000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
27DD000
|
stack
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
2B6D000
|
stack
|
page read and write
|
||
|
B87000
|
heap
|
page read and write
|
||
|
30CB000
|
trusted library allocation
|
page read and write
|
||
|
801000
|
remote allocation
|
page execute read
|
||
|
52EE000
|
stack
|
page read and write
|
||
|
2BDE000
|
trusted library allocation
|
page read and write
|
||
|
E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
11D8000
|
heap
|
page read and write
|
||
|
552E000
|
stack
|
page read and write
|
||
|
A1F000
|
stack
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
14D000
|
stack
|
page read and write
|
||
|
1670000
|
trusted library allocation
|
page read and write
|
||
|
2A67000
|
trusted library allocation
|
page read and write
|
||
|
10D9000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
88C000
|
stack
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
53CE000
|
stack
|
page read and write
|
||
|
1430000
|
trusted library allocation
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
440D000
|
trusted library allocation
|
page read and write
|
||
|
53B0000
|
heap
|
page execute and read and write
|
||
|
505000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
155E000
|
stack
|
page read and write
|
||
|
1680000
|
trusted library allocation
|
page read and write
|
||
|
2A9F000
|
stack
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
AB2000
|
unkown
|
page readonly
|
||
|
5330000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
2BE2000
|
trusted library allocation
|
page read and write
|
||
|
DB9000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
358F000
|
unkown
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
2E70000
|
direct allocation
|
page read and write
|
||
|
142E000
|
stack
|
page read and write
|
||
|
2DDF000
|
unkown
|
page read and write
|
||
|
B58000
|
heap
|
page read and write
|
||
|
106C000
|
heap
|
page read and write
|
||
|
2E8B000
|
trusted library allocation
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
2BB0000
|
direct allocation
|
page read and write
|
||
|
2BE7000
|
trusted library allocation
|
page read and write
|
||
|
2A31000
|
trusted library allocation
|
page read and write
|
||
|
49C000
|
stack
|
page read and write
|
||
|
32D2000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
5B1000
|
remote allocation
|
page execute read
|
||
|
3A31000
|
trusted library allocation
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
359F000
|
unkown
|
page read and write
|
||
|
11B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
10EA000
|
heap
|
page read and write
|
||
|
2C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
BDE000
|
heap
|
page read and write
|
||
|
1664000
|
trusted library allocation
|
page read and write
|
||
|
316E000
|
stack
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
12EE000
|
stack
|
page read and write
|
||
|
277E000
|
stack
|
page read and write
|
||
|
13D6000
|
heap
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
D77000
|
trusted library allocation
|
page execute and read and write
|
||
|
420000
|
remote allocation
|
page execute and read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
3091000
|
trusted library allocation
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
421D000
|
trusted library allocation
|
page read and write
|
||
|
FBE000
|
stack
|
page read and write
|
||
|
2B3D000
|
stack
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
11C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1780000
|
heap
|
page read and write
|
||
|
1180000
|
trusted library allocation
|
page read and write
|
||
|
30C7000
|
trusted library allocation
|
page read and write
|
||
|
272E000
|
unkown
|
page read and write
|
||
|
1030000
|
trusted library allocation
|
page execute and read and write
|
||
|
14AA000
|
heap
|
page read and write
|
||
|
18EF000
|
stack
|
page read and write
|
||
|
30ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
1424000
|
trusted library allocation
|
page read and write
|
||
|
180E000
|
stack
|
page read and write
|
||
|
2B0A000
|
trusted library allocation
|
page read and write
|
||
|
D3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
CFD000
|
stack
|
page read and write
|
||
|
30F0000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
11AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
30FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A6B000
|
trusted library allocation
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
2BFB000
|
heap
|
page read and write
|
||
|
1750000
|
trusted library allocation
|
page read and write
|
||
|
33DE000
|
stack
|
page read and write
|
||
|
2C7E000
|
unkown
|
page read and write
|
||
|
2660000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
CDF000
|
stack
|
page read and write
|
||
|
1B2D000
|
stack
|
page read and write
|
||
|
1213000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page readonly
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
E2E000
|
stack
|
page read and write
|
||
|
871000
|
remote allocation
|
page execute and read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
469000
|
remote allocation
|
page execute and read and write
|
||
|
43B6000
|
trusted library allocation
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
178E000
|
stack
|
page read and write
|
||
|
1D8F000
|
stack
|
page read and write
|
||
|
23FD000
|
stack
|
page read and write
|
||
|
15B5000
|
heap
|
page read and write
|
||
|
BEE000
|
heap
|
page read and write
|
||
|
352B000
|
heap
|
page read and write
|
||
|
1447000
|
trusted library allocation
|
page execute and read and write
|
||
|
DDA000
|
heap
|
page read and write
|
||
|
DDF000
|
heap
|
page read and write
|
||
|
C74000
|
trusted library allocation
|
page read and write
|
||
|
2CED000
|
stack
|
page read and write
|
||
|
1770000
|
trusted library allocation
|
page execute and read and write
|
||
|
1980000
|
heap
|
page execute and read and write
|
||
|
BE9000
|
heap
|
page read and write
|
||
|
1950000
|
trusted library allocation
|
page execute and read and write
|
||
|
143A000
|
heap
|
page read and write
|
||
|
1498000
|
heap
|
page read and write
|
||
|
2F71000
|
heap
|
page read and write
|
||
|
1137000
|
stack
|
page read and write
|
||
|
328F000
|
stack
|
page read and write
|
||
|
C60000
|
trusted library allocation
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
2D21000
|
trusted library allocation
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
39A0000
|
heap
|
page read and write
|
||
|
2690000
|
heap
|
page read and write
|
||
|
1660000
|
trusted library allocation
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
1930000
|
trusted library allocation
|
page read and write
|
||
|
2B9D000
|
stack
|
page read and write
|
||
|
26F1000
|
heap
|
page read and write
|
||
|
B65000
|
heap
|
page read and write
|
||
|
42ED000
|
trusted library allocation
|
page read and write
|
||
|
1810000
|
heap
|
page read and write
|
||
|
878000
|
remote allocation
|
page readonly
|
||
|
D7A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
2610000
|
heap
|
page read and write
|
||
|
4186000
|
trusted library allocation
|
page read and write
|
||
|
35F0000
|
heap
|
page read and write
|
||
|
2CDB000
|
heap
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
3100000
|
trusted library allocation
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
30A2000
|
trusted library allocation
|
page read and write
|
||
|
29FE000
|
stack
|
page read and write
|
||
|
4091000
|
trusted library allocation
|
page read and write
|
||
|
2EBD000
|
stack
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
17E0000
|
heap
|
page read and write
|
||
|
165E000
|
stack
|
page read and write
|
||
|
35CE000
|
stack
|
page read and write
|
||
|
1AD000
|
stack
|
page read and write
|
||
|
37EF000
|
stack
|
page read and write
|
||
|
104A000
|
heap
|
page read and write
|
||
|
3640000
|
heap
|
page read and write
|
||
|
10CE000
|
heap
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
1368000
|
heap
|
page read and write
|
||
|
D87000
|
trusted library allocation
|
page execute and read and write
|
||
|
30EB000
|
trusted library allocation
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
3CFD000
|
trusted library allocation
|
page read and write
|
||
|
2F2E000
|
unkown
|
page read and write
|
||
|
143D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FFD000
|
stack
|
page read and write
|
||
|
D3B000
|
trusted library allocation
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
13F1000
|
heap
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
137F000
|
heap
|
page read and write
|
||
|
13FE000
|
heap
|
page read and write
|
||
|
410D000
|
trusted library allocation
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
294B000
|
heap
|
page read and write
|
||
|
C84000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A9F000
|
unkown
|
page read and write
|
||
|
314F000
|
unkown
|
page read and write
|
||
|
2894000
|
trusted library allocation
|
page read and write
|
||
|
2C60000
|
heap
|
page execute and read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
61B000
|
remote allocation
|
page readonly
|
||
|
1418000
|
heap
|
page read and write
|
||
|
2FED000
|
stack
|
page read and write
|
||
|
13CF000
|
stack
|
page read and write
|
||
|
232D000
|
stack
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
239D000
|
stack
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
157E000
|
stack
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
28CF000
|
unkown
|
page read and write
|
||
|
1282000
|
heap
|
page read and write
|
||
|
1410000
|
trusted library allocation
|
page read and write
|
||
|
549E000
|
stack
|
page read and write
|
||
|
2A9D000
|
stack
|
page read and write
|
||
|
11F8000
|
heap
|
page read and write
|
||
|
2A6D000
|
stack
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
302E000
|
stack
|
page read and write
|
||
|
169B000
|
trusted library allocation
|
page execute and read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
2B91000
|
trusted library allocation
|
page read and write
|
||
|
8A0000
|
heap
|
page readonly
|
||
|
B40000
|
heap
|
page read and write
|
||
|
13DA000
|
heap
|
page read and write
|
||
|
C73000
|
trusted library allocation
|
page execute and read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
2D00000
|
trusted library allocation
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
3615000
|
heap
|
page read and write
|
||
|
42C1000
|
trusted library allocation
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
512E000
|
stack
|
page read and write
|
||
|
580A000
|
trusted library allocation
|
page read and write
|
||
|
173D000
|
stack
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
2E62000
|
trusted library allocation
|
page read and write
|
||
|
DCE000
|
heap
|
page read and write
|
||
|
30DF000
|
stack
|
page read and write
|
||
|
16FE000
|
stack
|
page read and write
|
||
|
C95000
|
heap
|
page read and write
|
||
|
51EE000
|
stack
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
D6A000
|
heap
|
page read and write
|
||
|
3125000
|
heap
|
page read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
401000
|
remote allocation
|
page execute and read and write
|
||
|
26DD000
|
stack
|
page read and write
|
||
|
28CD000
|
stack
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
191E000
|
stack
|
page read and write
|
||
|
32FF000
|
unkown
|
page read and write
|
||
|
1B31000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
3122000
|
heap
|
page read and write
|
||
|
14CA000
|
heap
|
page read and write
|
||
|
2BC2000
|
trusted library allocation
|
page read and write
|
||
|
DF7000
|
heap
|
page read and write
|
||
|
14AE000
|
heap
|
page read and write
|
||
|
304F000
|
stack
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
1960000
|
trusted library allocation
|
page read and write
|
||
|
31D7000
|
trusted library allocation
|
page read and write
|
||
|
E10000
|
heap
|
page readonly
|
||
|
50ED000
|
stack
|
page read and write
|
||
|
F36000
|
stack
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
36AF000
|
stack
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
C2E000
|
stack
|
page read and write
|
||
|
EF7000
|
stack
|
page read and write
|
||
|
3B8F000
|
stack
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
2E51000
|
trusted library allocation
|
page read and write
|
||
|
1350000
|
trusted library allocation
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
F3F000
|
stack
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
28A0000
|
heap
|
page read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
3740000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
F4A000
|
trusted library allocation
|
page execute and read and write
|
||
|
28B1000
|
trusted library allocation
|
page read and write
|
||
|
6B00000
|
heap
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
B79000
|
heap
|
page read and write
|
||
|
32B0000
|
heap
|
page execute and read and write
|
||
|
5050000
|
heap
|
page execute and read and write
|
||
|
30BE000
|
unkown
|
page read and write
|
||
|
32AE000
|
stack
|
page read and write
|
||
|
617000
|
remote allocation
|
page readonly
|
||
|
2AF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
11CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
619000
|
remote allocation
|
page readonly
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
13F5000
|
heap
|
page read and write
|
||
|
32F2000
|
trusted library allocation
|
page read and write
|
||
|
32FB000
|
trusted library allocation
|
page read and write
|
||
|
26B0000
|
heap
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
AE7000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
2CFD000
|
stack
|
page read and write
|
||
|
381F000
|
stack
|
page read and write
|
||
|
D48000
|
heap
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
1B70000
|
heap
|
page execute and read and write
|
||
|
1690000
|
trusted library allocation
|
page read and write
|
||
|
5D4000
|
remote allocation
|
page execute read
|
||
|
3880000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
522E000
|
stack
|
page read and write
|
||
|
2B80000
|
trusted library allocation
|
page read and write
|
||
|
91F000
|
stack
|
page read and write
|
||
|
59C000
|
stack
|
page read and write
|
||
|
4296000
|
trusted library allocation
|
page read and write
|
||
|
1740000
|
trusted library allocation
|
page execute and read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
23DE000
|
unkown
|
page read and write
|
||
|
2FBF000
|
stack
|
page read and write
|
||
|
32C1000
|
trusted library allocation
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
323E000
|
unkown
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
30D4000
|
trusted library allocation
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
54CE000
|
stack
|
page read and write
|
||
|
2FDE000
|
unkown
|
page read and write
|
||
|
2CAF000
|
unkown
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
41DD000
|
trusted library allocation
|
page read and write
|
||
|
30C0000
|
trusted library allocation
|
page read and write
|
There are 725 hidden memdumps, click here to show them.