Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
QTmGYKK6SL.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_main.exe_812666da5b2f51c4c16d2b07f719a7c78639de5_61e28721_b69b9da0-b8cd-49e8-a98d-ee4ba4c1be48\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll
|
PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
|
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe
|
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\78a0MAty
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\M3Cw7G9m
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\TMCsWjkD
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\ViiRS0bs
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\WQZiUkLe
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\gJinHgIG
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\rJnwiXXd
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\to1wcXFh
|
PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A20.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat Jul 27 11:43:17 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B4A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B8A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4BB6.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C06.tmp.txt
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ZsL2hKzmRChz.acl
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\config.ini
|
Generic INItialization configuration [cnccli]
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.conf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.su3
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\u3cozamv2napan6s563do2h7pnvzklvqd43ogmp2xjqrbfpnktra.dat
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\i2p.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\ntcp2.keys
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\router.info
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\router.keys
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\ssu2.keys
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.ini
|
Generic INItialization configuration [SLPolicy]
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\update.pkg
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\installer.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\JcfQdL0z
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\Temp\MOjhfx9e
|
Generic INItialization configuration [SLPolicy]
|
dropped
|
||
|
C:\Windows\Temp\N3xHmQBk
|
data
|
dropped
|
||
|
C:\Windows\Temp\XSGUtD97
|
Generic INItialization configuration [cnccli]
|
dropped
|
||
|
C:\Windows\Temp\xuutMjJX
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 42 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\QTmGYKK6SL.exe
|
"C:\Users\user\Desktop\QTmGYKK6SL.exe"
|
|
|
|
C:\Users\user\Desktop\QTmGYKK6SL.exe
|
C:\Users\user\Desktop\QTmGYKK6SL.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe
|
C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe
|
|
|
|
C:\Windows\System32\sc.exe
|
sc.exe stop RDP-Controller
|
|
|
|
C:\Windows\System32\sc.exe
|
sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start=
auto error= ignore
|
|
|
|
C:\Windows\System32\sc.exe
|
sc.exe failure RDP-Controller reset= 1 actions= restart/10000
|
|
|
|
C:\Windows\System32\sc.exe
|
sc.exe start RDP-Controller
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\icacls.exe
|
icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\icacls.exe
|
icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ZsL2hKzmRChz.acl
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -pss -s 432 -p 3164 -ip 3164
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 3164 -s 1156
|
There are 11 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://reseed-fr.i2pd.xyz/
|
unknown
|
|
|
|
https://i2pseed.creativecowpat.net:8443/
|
unknown
|
|
|
|
https://i2p.novg.net/
|
unknown
|
|
|
|
https://reseed.memcpy.io/
|
unknown
|
|
|
|
https://i2p.ghativega.in/
|
unknown
|
|
|
|
https://reseed.i2pgit.org/
|
unknown
|
|
|
|
https://www2.mk16.de/
|
unknown
|
|
|
|
https://reseed-pl.i2pd.xyz/
|
unknown
|
|
|
|
https://reseed.diva.exchange/
|
unknown
|
|
|
|
https://reseed.onion.im/
|
unknown
|
|
|
|
https://reseed2.i2p.net/
|
unknown
|
|
|
|
https://banana.incognet.io/
|
unknown
|
|
|
|
https://reseed.i2p-projekt.de/
|
unknown
|
||
|
http://reg.i2p/hosts.txt8x
|
unknown
|
||
|
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtf
|
unknown
|
||
|
https://netdb.i2p2.no/
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://reg.i2p/hosts.txt
|
unknown
|
||
|
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtxyz/
|
unknown
|
||
|
http://stats.i2p/cgi-bin/newhosts.txt
|
unknown
|
||
|
http://127.0.0.1:8118
|
unknown
|
||
|
http://identiguy.i2p/hosts.txt
|
unknown
|
||
|
http://127.0.0.1:8118C
|
unknown
|
||
|
https://legit-website.com/i2pseeds.su3
|
unknown
|
||
|
https://i2p.mooo.com/netDb/
|
unknown
|
||
|
https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
|
unknown
|
||
|
http://reg.i2p/hosts.txtV
|
unknown
|
||
|
http://reg.i2p/hosts.txtXn
|
unknown
|
||
|
http://rus.i2p/hosts.txt
|
unknown
|
||
|
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
|
unknown
|
There are 20 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.8.98.78
|
unknown
|
Russian Federation
|
|
|
|
204.8.84.94
|
unknown
|
United States
|
|
|
|
82.165.57.155
|
unknown
|
Germany
|
|
|
|
68.148.96.106
|
unknown
|
Canada
|
|
|
|
119.13.124.67
|
unknown
|
Australia
|
|
|
|
24.177.113.51
|
unknown
|
United States
|
|
|
|
73.62.1.179
|
unknown
|
United States
|
|
|
|
186.28.6.171
|
unknown
|
Colombia
|
|
|
|
184.185.247.130
|
unknown
|
United States
|
||
|
216.9.179.60
|
unknown
|
United States
|
||
|
73.38.186.219
|
unknown
|
United States
|
||
|
217.76.54.24
|
unknown
|
Sweden
|
||
|
173.230.128.232
|
unknown
|
United States
|
||
|
51.15.242.96
|
unknown
|
France
|
||
|
2.177.225.52
|
unknown
|
Iran (ISLAMIC Republic Of)
|
||
|
220.240.88.104
|
unknown
|
Australia
|
||
|
91.149.237.69
|
unknown
|
Poland
|
||
|
91.92.250.213
|
unknown
|
Bulgaria
|
||
|
86.5.235.24
|
unknown
|
United Kingdom
|
||
|
81.6.45.56
|
unknown
|
Switzerland
|
||
|
74.80.57.188
|
unknown
|
United States
|
||
|
94.103.188.190
|
unknown
|
Russian Federation
|
||
|
194.87.219.156
|
unknown
|
Russian Federation
|
||
|
91.194.11.174
|
unknown
|
Russian Federation
|
||
|
79.228.26.155
|
unknown
|
Germany
|
||
|
67.166.47.100
|
unknown
|
United States
|
||
|
23.241.223.162
|
unknown
|
United States
|
||
|
70.18.38.5
|
unknown
|
United States
|
||
|
5.64.137.68
|
unknown
|
United Kingdom
|
||
|
139.59.159.178
|
unknown
|
Singapore
|
||
|
45.89.55.34
|
unknown
|
Russian Federation
|
||
|
91.224.234.189
|
unknown
|
Russian Federation
|
||
|
46.151.24.133
|
unknown
|
Russian Federation
|
||
|
99.252.52.199
|
unknown
|
Canada
|
||
|
93.95.229.134
|
unknown
|
Iceland
|
||
|
77.238.224.125
|
unknown
|
Russian Federation
|
||
|
127.0.0.1
|
unknown
|
unknown
|
There are 27 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
ProgramId
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
FileId
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
LowerCaseLongPath
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
LongPathHash
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
Name
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
OriginalFileName
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
Publisher
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
Version
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
BinFileVersion
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
BinaryType
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
ProductName
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
ProductVersion
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
LinkDate
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
BinProductVersion
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
AppxPackageFullName
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
AppxPackageRelativeId
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
Size
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
Language
|
|
|
|
\REGISTRY\A\{ccbe289c-7d13-e007-477f-749f34de355e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
Usn
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\3164
|
Terminator
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\3164
|
Reason
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\3164
|
CreationTime
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
CE5000
|
unkown
|
page read and write
|
||
|
2BAD3A3C000
|
heap
|
page read and write
|
||
|
7FFE13234000
|
unkown
|
page readonly
|
||
|
D21000
|
unkown
|
page read and write
|
||
|
165D4690000
|
heap
|
page read and write
|
||
|
7FFDFB201000
|
unkown
|
page execute read
|
||
|
156D4C7C000
|
heap
|
page read and write
|
||
|
D94000
|
unkown
|
page read and write
|
||
|
2D61000
|
direct allocation
|
page read and write
|
||
|
2D88000
|
direct allocation
|
page read and write
|
||
|
D10DFE000
|
stack
|
page read and write
|
||
|
156D51B1000
|
heap
|
page read and write
|
||
|
3420000
|
direct allocation
|
page execute and read and write
|
||
|
ECFBBFF000
|
stack
|
page read and write
|
||
|
ECFD5FF000
|
stack
|
page read and write
|
||
|
23071650000
|
heap
|
page read and write
|
||
|
2B7D4AF0000
|
heap
|
page read and write
|
||
|
4466000
|
heap
|
page read and write
|
||
|
ECFB1FF000
|
stack
|
page read and write
|
||
|
E4A9FD000
|
stack
|
page read and write
|
||
|
7FF7BACEA000
|
unkown
|
page read and write
|
||
|
D115FF000
|
stack
|
page read and write
|
||
|
165D48A0000
|
heap
|
page read and write
|
||
|
D0F9FD000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2BAD3A5A000
|
heap
|
page read and write
|
||
|
ECFC5FB000
|
stack
|
page read and write
|
||
|
1E252AC0000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
7FFE11EC1000
|
unkown
|
page execute read
|
||
|
1EBA7560000
|
heap
|
page read and write
|
||
|
ECFB7FE000
|
stack
|
page read and write
|
||
|
1EBA7590000
|
heap
|
page read and write
|
||
|
CBE000
|
unkown
|
page write copy
|
||
|
2BAD4B8C000
|
heap
|
page read and write
|
||
|
10E8000
|
heap
|
page read and write
|
||
|
D3B000
|
unkown
|
page read and write
|
||
|
7FFE126D0000
|
unkown
|
page readonly
|
||
|
ECFD7FF000
|
stack
|
page read and write
|
||
|
351F000
|
stack
|
page read and write
|
||
|
E9E0EFE000
|
stack
|
page read and write
|
||
|
D7F000
|
unkown
|
page read and write
|
||
|
7FFDFBAB7000
|
unkown
|
page readonly
|
||
|
ECFA1FF000
|
stack
|
page read and write
|
||
|
2D2B000
|
direct allocation
|
page read and write
|
||
|
2BAD3A30000
|
heap
|
page read and write
|
||
|
7FF665040000
|
unkown
|
page readonly
|
||
|
7FF665A6B000
|
unkown
|
page readonly
|
||
|
7FFE11EDE000
|
unkown
|
page read and write
|
||
|
156D50A2000
|
heap
|
page read and write
|
||
|
1E252DA5000
|
heap
|
page read and write
|
||
|
7FFE126D0000
|
unkown
|
page readonly
|
||
|
ECF97F9000
|
stack
|
page read and write
|
||
|
7FFE11EDF000
|
unkown
|
page read and write
|
||
|
ECFCBFD000
|
stack
|
page read and write
|
||
|
2D1D000
|
direct allocation
|
page read and write
|
||
|
156D4C6C000
|
heap
|
page read and write
|
||
|
31EDBFF000
|
stack
|
page read and write
|
||
|
D98000
|
unkown
|
page read and write
|
||
|
2D53000
|
direct allocation
|
page read and write
|
||
|
23071915000
|
heap
|
page read and write
|
||
|
7FFDFB9AA000
|
unkown
|
page readonly
|
||
|
19CB4BF0000
|
heap
|
page read and write
|
||
|
2D33000
|
direct allocation
|
page read and write
|
||
|
3E29000
|
heap
|
page read and write
|
||
|
2BAD4B36000
|
heap
|
page read and write
|
||
|
19CB4A46000
|
heap
|
page read and write
|
||
|
ECF99FF000
|
stack
|
page read and write
|
||
|
1E252DA0000
|
heap
|
page read and write
|
||
|
D9C000
|
unkown
|
page read and write
|
||
|
CC1000
|
unkown
|
page read and write
|
||
|
CD4000
|
unkown
|
page read and write
|
||
|
2C0D3D15000
|
trusted library allocation
|
page read and write
|
||
|
E4ACFE000
|
unkown
|
page readonly
|
||
|
7FF66564E000
|
unkown
|
page write copy
|
||
|
CF9000
|
unkown
|
page read and write
|
||
|
ECFD5FD000
|
stack
|
page read and write
|
||
|
2BAD4B86000
|
heap
|
page read and write
|
||
|
7FF665A5D000
|
unkown
|
page readonly
|
||
|
160000
|
heap
|
page read and write
|
||
|
D131FF000
|
stack
|
page read and write
|
||
|
20A0B6B0000
|
heap
|
page read and write
|
||
|
7FFE13220000
|
unkown
|
page readonly
|
||
|
2BAD3A67000
|
heap
|
page read and write
|
||
|
2DA4000
|
direct allocation
|
page read and write
|
||
|
D121FA000
|
stack
|
page read and write
|
||
|
CD3D27F000
|
stack
|
page read and write
|
||
|
D121FF000
|
stack
|
page read and write
|
||
|
CD4000
|
unkown
|
page read and write
|
||
|
156D47AB000
|
heap
|
page read and write
|
||
|
2B7D4B62000
|
heap
|
page read and write
|
||
|
ECFB3FF000
|
stack
|
page read and write
|
||
|
7FF7BACEA000
|
unkown
|
page read and write
|
||
|
7FF665041000
|
unkown
|
page execute read
|
||
|
338D000
|
stack
|
page read and write
|
||
|
7FF7BACEE000
|
unkown
|
page readonly
|
||
|
7FFDFB7DD000
|
unkown
|
page read and write
|
||
|
2C7A000
|
direct allocation
|
page read and write
|
||
|
2BAD50EA000
|
heap
|
page read and write
|
||
|
ECFC7FB000
|
stack
|
page read and write
|
||
|
2BAD3A67000
|
heap
|
page read and write
|
||
|
D3B000
|
unkown
|
page read and write
|
||
|
1EBA7580000
|
heap
|
page read and write
|
||
|
7FF7BACEE000
|
unkown
|
page readonly
|
||
|
2C0D4113000
|
heap
|
page read and write
|
||
|
ECFABFE000
|
stack
|
page read and write
|
||
|
E9E11FF000
|
stack
|
page read and write
|
||
|
2BAD50E8000
|
heap
|
page read and write
|
||
|
156D46F0000
|
heap
|
page read and write
|
||
|
E9E107F000
|
stack
|
page read and write
|
||
|
7FF665A68000
|
unkown
|
page write copy
|
||
|
D101FE000
|
stack
|
page read and write
|
||
|
ECFC1FF000
|
stack
|
page read and write
|
||
|
2BAD4BFF000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
D123F9000
|
stack
|
page read and write
|
||
|
10007C000
|
stack
|
page read and write
|
||
|
7FFE11EDC000
|
unkown
|
page read and write
|
||
|
2DB3000
|
direct allocation
|
page read and write
|
||
|
7FF66564C000
|
unkown
|
page write copy
|
||
|
7FFE1321B000
|
unkown
|
page read and write
|
||
|
CBE000
|
unkown
|
page read and write
|
||
|
19CB4990000
|
heap
|
page read and write
|
||
|
7FF7BACE0000
|
unkown
|
page readonly
|
||
|
7FFE10261000
|
unkown
|
page write copy
|
||
|
E4B0FE000
|
unkown
|
page readonly
|
||
|
ECFC9F9000
|
stack
|
page read and write
|
||
|
2BAD4726000
|
heap
|
page read and write
|
||
|
2BAD4B5D000
|
heap
|
page read and write
|
||
|
D127F9000
|
stack
|
page read and write
|
||
|
156D47A5000
|
heap
|
page read and write
|
||
|
7FFE1A46C000
|
unkown
|
page write copy
|
||
|
2BAD3A5B000
|
heap
|
page read and write
|
||
|
D73000
|
unkown
|
page read and write
|
||
|
156D4C66000
|
heap
|
page read and write
|
||
|
7FFE11EC0000
|
unkown
|
page readonly
|
||
|
2BAD3A85000
|
heap
|
page read and write
|
||
|
CDA000
|
unkown
|
page read and write
|
||
|
D127FD000
|
stack
|
page read and write
|
||
|
ECFCFFF000
|
stack
|
page read and write
|
||
|
D63000
|
unkown
|
page read and write
|
||
|
D0EDFE000
|
stack
|
page read and write
|
||
|
7FFE1A468000
|
unkown
|
page read and write
|
||
|
12DF000
|
stack
|
page read and write
|
||
|
7FFDFB7DF000
|
unkown
|
page read and write
|
||
|
2BAD3D80000
|
heap
|
page read and write
|
||
|
156D5134000
|
heap
|
page read and write
|
||
|
7FFDFB7DA000
|
unkown
|
page write copy
|
||
|
2B7D4B20000
|
heap
|
page read and write
|
||
|
D0EFFE000
|
stack
|
page read and write
|
||
|
2BAD5070000
|
heap
|
page read and write
|
||
|
156D44F0000
|
heap
|
page read and write
|
||
|
7FFE1025D000
|
unkown
|
page read and write
|
||
|
7FFE11710000
|
unkown
|
page readonly
|
||
|
14B000
|
stack
|
page read and write
|
||
|
2B7D4B58000
|
heap
|
page read and write
|
||
|
7FFE126E2000
|
unkown
|
page readonly
|
||
|
2D2C000
|
direct allocation
|
page read and write
|
||
|
D6D000
|
unkown
|
page read and write
|
||
|
7FF7BACD0000
|
unkown
|
page readonly
|
||
|
2BAD4B46000
|
heap
|
page read and write
|
||
|
7FFDFB7D9000
|
unkown
|
page read and write
|
||
|
7FFE11ED3000
|
unkown
|
page readonly
|
||
|
2C0D4102000
|
heap
|
page read and write
|
||
|
D119FF000
|
stack
|
page read and write
|
||
|
2C98000
|
direct allocation
|
page read and write
|
||
|
2BAD3A5D000
|
heap
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
1EBA7480000
|
heap
|
page read and write
|
||
|
2BAD5017000
|
heap
|
page read and write
|
||
|
2C0D4100000
|
heap
|
page read and write
|
||
|
7FFDFB201000
|
unkown
|
page execute read
|
||
|
ECFC7F9000
|
stack
|
page read and write
|
||
|
7FFDFB7E4000
|
unkown
|
page readonly
|
||
|
156D51C3000
|
heap
|
page read and write
|
||
|
7FFDFB7DF000
|
unkown
|
page read and write
|
||
|
7FFE11520000
|
unkown
|
page read and write
|
||
|
1B638740000
|
heap
|
page read and write
|
||
|
7FF7BACE0000
|
unkown
|
page readonly
|
||
|
2BAD4B8E000
|
heap
|
page read and write
|
||
|
A711D7E000
|
stack
|
page read and write
|
||
|
7FFE11763000
|
unkown
|
page read and write
|
||
|
1BD010B000
|
stack
|
page read and write
|
||
|
126E000
|
stack
|
page read and write
|
||
|
7FFE1A46B000
|
unkown
|
page read and write
|
||
|
ECFDBFF000
|
stack
|
page read and write
|
||
|
2BAD5059000
|
heap
|
page read and write
|
||
|
D7A000
|
unkown
|
page read and write
|
||
|
ECF93FE000
|
stack
|
page read and write
|
||
|
2BAD4BA2000
|
heap
|
page read and write
|
||
|
146E000
|
stack
|
page read and write
|
||
|
D0F3FC000
|
stack
|
page read and write
|
||
|
7FF665A65000
|
unkown
|
page read and write
|
||
|
ECFB5FF000
|
stack
|
page read and write
|
||
|
7FFDFB7DE000
|
unkown
|
page write copy
|
||
|
2CD3000
|
direct allocation
|
page read and write
|
||
|
7FFDFB7E4000
|
unkown
|
page readonly
|
||
|
D76000
|
unkown
|
page read and write
|
||
|
FAC000
|
heap
|
page read and write
|
||
|
2CE8000
|
direct allocation
|
page read and write
|
||
|
1000FE000
|
stack
|
page read and write
|
||
|
7FFE10254000
|
unkown
|
page readonly
|
||
|
165D46B8000
|
heap
|
page read and write
|
||
|
E9E0E7D000
|
stack
|
page read and write
|
||
|
156D508C000
|
heap
|
page read and write
|
||
|
7FFE13200000
|
unkown
|
page readonly
|
||
|
1B638828000
|
heap
|
page read and write
|
||
|
ECFD9FF000
|
stack
|
page read and write
|
||
|
23071658000
|
heap
|
page read and write
|
||
|
156D4C62000
|
heap
|
page read and write
|
||
|
7FF7BACD1000
|
unkown
|
page execute read
|
||
|
156D4571000
|
heap
|
page read and write
|
||
|
7FF7BACE0000
|
unkown
|
page readonly
|
||
|
2BAD5015000
|
heap
|
page read and write
|
||
|
2D68000
|
direct allocation
|
page read and write
|
||
|
ECF95FE000
|
stack
|
page read and write
|
||
|
7FFE126EB000
|
unkown
|
page read and write
|
||
|
D0F1FE000
|
stack
|
page read and write
|
||
|
3B54000
|
heap
|
page read and write
|
||
|
156D4C6E000
|
heap
|
page read and write
|
||
|
D10FFE000
|
stack
|
page read and write
|
||
|
D0F7FD000
|
stack
|
page read and write
|
||
|
2CE1000
|
direct allocation
|
page read and write
|
||
|
ECFC1F7000
|
stack
|
page read and write
|
||
|
7FFE11524000
|
unkown
|
page write copy
|
||
|
D97000
|
unkown
|
page read and write
|
||
|
7FFE126ED000
|
unkown
|
page read and write
|
||
|
7FFDFB9A4000
|
unkown
|
page read and write
|
||
|
7FFE11ED2000
|
unkown
|
page readonly
|
||
|
ECFCDFD000
|
stack
|
page read and write
|
||
|
2C0D3B30000
|
heap
|
page read and write
|
||
|
1B638840000
|
heap
|
page read and write
|
||
|
ECFCDF9000
|
stack
|
page read and write
|
||
|
E4B1FE000
|
stack
|
page read and write
|
||
|
2C0D3C02000
|
unkown
|
page read and write
|
||
|
136E000
|
stack
|
page read and write
|
||
|
33A0000
|
direct allocation
|
page execute and read and write
|
||
|
CC5000
|
unkown
|
page read and write
|
||
|
19CB4A30000
|
heap
|
page read and write
|
||
|
7FF66564C000
|
unkown
|
page write copy
|
||
|
165D49B0000
|
heap
|
page read and write
|
||
|
CE8000
|
unkown
|
page read and write
|
||
|
3424000
|
heap
|
page read and write
|
||
|
ECFC3FE000
|
stack
|
page read and write
|
||
|
E9E0F7E000
|
stack
|
page read and write
|
||
|
20A0B660000
|
heap
|
page read and write
|
||
|
7FFE126F2000
|
unkown
|
page readonly
|
||
|
D125FD000
|
stack
|
page read and write
|
||
|
ECFD3FF000
|
stack
|
page read and write
|
||
|
7FFE1323D000
|
unkown
|
page read and write
|
||
|
7FFE126E3000
|
unkown
|
page read and write
|
||
|
2BAD4F70000
|
heap
|
page read and write
|
||
|
2CAB000
|
direct allocation
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
2BAD3D85000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
ECF91FC000
|
stack
|
page read and write
|
||
|
31ED9FF000
|
stack
|
page read and write
|
||
|
D0FFFE000
|
stack
|
page read and write
|
||
|
3429000
|
heap
|
page read and write
|
||
|
7FFE11790000
|
unkown
|
page write copy
|
||
|
D12BFD000
|
stack
|
page read and write
|
||
|
2C89000
|
direct allocation
|
page read and write
|
||
|
7FFE11741000
|
unkown
|
page execute read
|
||
|
7FFE13201000
|
unkown
|
page execute read
|
||
|
7FFE11EDF000
|
unkown
|
page write copy
|
||
|
2B7D4B50000
|
heap
|
page read and write
|
||
|
344F000
|
direct allocation
|
page execute and read and write
|
||
|
14002D000
|
direct allocation
|
page read and write
|
||
|
ECF99F7000
|
stack
|
page read and write
|
||
|
2C0D3C72000
|
heap
|
page read and write
|
||
|
1BD047F000
|
stack
|
page read and write
|
||
|
32FD000
|
stack
|
page read and write
|
||
|
156D44E0000
|
heap
|
page read and write
|
||
|
D21000
|
unkown
|
page read and write
|
||
|
165D49B5000
|
heap
|
page read and write
|
||
|
1F0000
|
direct allocation
|
page execute and read and write
|
||
|
E9E13F9000
|
stack
|
page read and write
|
||
|
156D4C3D000
|
heap
|
page read and write
|
||
|
D64000
|
unkown
|
page read and write
|
||
|
D10BFF000
|
stack
|
page read and write
|
||
|
1EBA7585000
|
heap
|
page read and write
|
||
|
ECFCBFF000
|
stack
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
ECF99FC000
|
stack
|
page read and write
|
||
|
2CFA000
|
direct allocation
|
page read and write
|
||
|
D107FD000
|
stack
|
page read and write
|
||
|
2C0D3D24000
|
heap
|
page read and write
|
||
|
D133FF000
|
stack
|
page read and write
|
||
|
ECFC9FD000
|
stack
|
page read and write
|
||
|
156D50E4000
|
heap
|
page read and write
|
||
|
E4A67C000
|
stack
|
page read and write
|
||
|
D7A000
|
unkown
|
page read and write
|
||
|
165D4880000
|
heap
|
page read and write
|
||
|
7FFDFBAB2000
|
unkown
|
page read and write
|
||
|
D12DFF000
|
stack
|
page read and write
|
||
|
23071910000
|
heap
|
page read and write
|
||
|
D94000
|
unkown
|
page read and write
|
||
|
33F0000
|
direct allocation
|
page execute and read and write
|
||
|
7FFDFB9AA000
|
unkown
|
page readonly
|
||
|
7FFE11516000
|
unkown
|
page readonly
|
||
|
10017F000
|
stack
|
page read and write
|
||
|
7FFE126D1000
|
unkown
|
page execute read
|
||
|
7FFE126EE000
|
unkown
|
page read and write
|
||
|
156D4C79000
|
heap
|
page read and write
|
||
|
D12DFD000
|
stack
|
page read and write
|
||
|
7FFDFB7DA000
|
unkown
|
page write copy
|
||
|
2D18000
|
direct allocation
|
page read and write
|
||
|
7FFDFB200000
|
unkown
|
page readonly
|
||
|
2B7D4E15000
|
heap
|
page read and write
|
||
|
ECFA3FE000
|
stack
|
page read and write
|
||
|
7FFE11770000
|
unkown
|
page readonly
|
||
|
D11FFB000
|
stack
|
page read and write
|
||
|
7FFE10241000
|
unkown
|
page execute read
|
||
|
2CC2000
|
direct allocation
|
page read and write
|
||
|
2CBA000
|
direct allocation
|
page read and write
|
||
|
2BAD4B88000
|
heap
|
page read and write
|
||
|
7FF7BACD1000
|
unkown
|
page execute read
|
||
|
2D16000
|
direct allocation
|
page read and write
|
||
|
ECF9FFD000
|
stack
|
page read and write
|
||
|
20A0B650000
|
heap
|
page read and write
|
||
|
2BAD4FCE000
|
heap
|
page read and write
|
||
|
7FFE13218000
|
unkown
|
page read and write
|
||
|
2BAD3A5A000
|
heap
|
page read and write
|
||
|
2C0D3D00000
|
trusted library allocation
|
page read and write
|
||
|
D105FE000
|
stack
|
page read and write
|
||
|
7FFE11731000
|
unkown
|
page write copy
|
||
|
2BAD3A5A000
|
heap
|
page read and write
|
||
|
ECFA9FE000
|
stack
|
page read and write
|
||
|
D123FD000
|
stack
|
page read and write
|
||
|
DA6000
|
unkown
|
page readonly
|
||
|
2BAD3A61000
|
heap
|
page read and write
|
||
|
31ED7F7000
|
stack
|
page read and write
|
||
|
2DAC000
|
direct allocation
|
page read and write
|
||
|
2C0D3C13000
|
unkown
|
page read and write
|
||
|
2BAD39F0000
|
heap
|
page read and write
|
||
|
1BD018F000
|
stack
|
page read and write
|
||
|
7FFE1A450000
|
unkown
|
page readonly
|
||
|
2BAD5061000
|
heap
|
page read and write
|
||
|
156D4C67000
|
heap
|
page read and write
|
||
|
D0FDFE000
|
stack
|
page read and write
|
||
|
2C0D4013000
|
heap
|
page read and write
|
||
|
2BAD4B9C000
|
heap
|
page read and write
|
||
|
CE3000
|
unkown
|
page read and write
|
||
|
7FFE11500000
|
unkown
|
page readonly
|
||
|
7FFE11783000
|
unkown
|
page readonly
|
||
|
ECFD1F9000
|
stack
|
page read and write
|
||
|
19CB4A4E000
|
heap
|
page read and write
|
||
|
7FF665040000
|
unkown
|
page readonly
|
||
|
7FF7BACEA000
|
unkown
|
page write copy
|
||
|
2CE3000
|
direct allocation
|
page read and write
|
||
|
ECFAFFF000
|
stack
|
page read and write
|
||
|
156D4C26000
|
heap
|
page read and write
|
||
|
7FFDFBAB2000
|
unkown
|
page read and write
|
||
|
D129FF000
|
stack
|
page read and write
|
||
|
2BAD3D8B000
|
heap
|
page read and write
|
||
|
D70000
|
unkown
|
page read and write
|
||
|
156D51C0000
|
heap
|
page read and write
|
||
|
2BAD4FD4000
|
heap
|
page read and write
|
||
|
2DC1000
|
direct allocation
|
page read and write
|
||
|
2BAD4F8F000
|
heap
|
page read and write
|
||
|
2C0D4100000
|
heap
|
page read and write
|
||
|
7FF7BACD0000
|
unkown
|
page readonly
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
7FFDFB7DD000
|
unkown
|
page read and write
|
||
|
7FF7BACE0000
|
unkown
|
page readonly
|
||
|
7FFE1A460000
|
unkown
|
page readonly
|
||
|
2C0D3C71000
|
heap
|
page read and write
|
||
|
CD3D17E000
|
stack
|
page read and write
|
||
|
19CB4C00000
|
heap
|
page read and write
|
||
|
D125F9000
|
stack
|
page read and write
|
||
|
D11FFF000
|
stack
|
page read and write
|
||
|
CE8000
|
unkown
|
page read and write
|
||
|
E4AAFE000
|
unkown
|
page readonly
|
||
|
1B638856000
|
heap
|
page read and write
|
||
|
7FF7BACEE000
|
unkown
|
page readonly
|
||
|
156D4C9E000
|
heap
|
page read and write
|
||
|
1B638720000
|
heap
|
page read and write
|
||
|
2BAD50F4000
|
heap
|
page read and write
|
||
|
2B7D4E10000
|
heap
|
page read and write
|
||
|
ECFC5F9000
|
stack
|
page read and write
|
||
|
CC5000
|
unkown
|
page read and write
|
||
|
7FFE126F4000
|
unkown
|
page readonly
|
||
|
2C0D3B10000
|
heap
|
page read and write
|
||
|
D111FE000
|
stack
|
page read and write
|
||
|
2B7D4B00000
|
heap
|
page read and write
|
||
|
ECFCFFD000
|
stack
|
page read and write
|
||
|
20A0B8F5000
|
heap
|
page read and write
|
||
|
2C85000
|
heap
|
page read and write
|
||
|
2C0D4002000
|
heap
|
page read and write
|
||
|
CEE000
|
unkown
|
page read and write
|
||
|
156D513D000
|
heap
|
page read and write
|
||
|
156D51AD000
|
heap
|
page read and write
|
||
|
156D4C68000
|
heap
|
page read and write
|
||
|
D06000
|
unkown
|
page write copy
|
||
|
2D1F000
|
direct allocation
|
page read and write
|
||
|
CEE000
|
unkown
|
page read and write
|
||
|
7FFE126F1000
|
unkown
|
page write copy
|
||
|
2D3A000
|
direct allocation
|
page read and write
|
||
|
A711C7C000
|
stack
|
page read and write
|
||
|
2C0D4102000
|
heap
|
page read and write
|
||
|
1E252CC0000
|
heap
|
page read and write
|
||
|
D11BFD000
|
stack
|
page read and write
|
||
|
7FFDFBAB4000
|
unkown
|
page write copy
|
||
|
2C0D3D02000
|
trusted library allocation
|
page read and write
|
||
|
2BAD4BF0000
|
heap
|
page read and write
|
||
|
2C0D3B40000
|
trusted library allocation
|
page read and write
|
||
|
2BAD3A53000
|
heap
|
page read and write
|
||
|
156D5184000
|
heap
|
page read and write
|
||
|
7FFE11EC0000
|
unkown
|
page readonly
|
||
|
1B638780000
|
trusted library allocation
|
page read and write
|
||
|
2BAD4B99000
|
heap
|
page read and write
|
||
|
ECFB9FE000
|
stack
|
page read and write
|
||
|
156D5128000
|
heap
|
page read and write
|
||
|
7FF7BACD1000
|
unkown
|
page execute read
|
||
|
2BAD4B9C000
|
heap
|
page read and write
|
||
|
2C63000
|
direct allocation
|
page read and write
|
||
|
FDD000
|
heap
|
page read and write
|
||
|
7FFE11740000
|
unkown
|
page readonly
|
||
|
ECFBFFE000
|
stack
|
page read and write
|
||
|
14002D000
|
direct allocation
|
page read and write
|
||
|
156D5050000
|
heap
|
page read and write
|
||
|
DA0000
|
unkown
|
page write copy
|
||
|
7FFE126EF000
|
unkown
|
page write copy
|
||
|
156D457B000
|
heap
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
E4ABFE000
|
stack
|
page read and write
|
||
|
7FF665A6B000
|
unkown
|
page readonly
|
||
|
23071600000
|
heap
|
page read and write
|
||
|
D9C000
|
unkown
|
page write copy
|
||
|
7FFE1178C000
|
unkown
|
page read and write
|
||
|
7FFE11EC1000
|
unkown
|
page execute read
|
||
|
156D4520000
|
heap
|
page read and write
|
||
|
D11BF9000
|
stack
|
page read and write
|
||
|
7FFDFB200000
|
unkown
|
page readonly
|
||
|
19CB4BF5000
|
heap
|
page read and write
|
||
|
7FF665050000
|
unkown
|
page read and write
|
||
|
7FFE11760000
|
unkown
|
page read and write
|
||
|
2BAD5075000
|
heap
|
page read and write
|
||
|
156D4C77000
|
heap
|
page read and write
|
||
|
2D5A000
|
direct allocation
|
page read and write
|
||
|
7FFE13244000
|
unkown
|
page readonly
|
||
|
230715E0000
|
heap
|
page read and write
|
||
|
7FFE126E4000
|
unkown
|
page readonly
|
||
|
D96000
|
unkown
|
page write copy
|
||
|
20A0B8F0000
|
heap
|
page read and write
|
||
|
D11FF9000
|
stack
|
page read and write
|
||
|
2BAD4724000
|
heap
|
page read and write
|
||
|
2BAD50F7000
|
heap
|
page read and write
|
||
|
7FF7BACEE000
|
unkown
|
page readonly
|
||
|
2D08000
|
direct allocation
|
page read and write
|
||
|
D125F7000
|
stack
|
page read and write
|
||
|
7FF665041000
|
unkown
|
page execute read
|
||
|
D125FF000
|
stack
|
page read and write
|
||
|
7FFE13240000
|
unkown
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
D117FAE000
|
stack
|
page read and write
|
||
|
ECFC1F9000
|
stack
|
page read and write
|
||
|
ECFC5FF000
|
stack
|
page read and write
|
||
|
D109FF000
|
stack
|
page read and write
|
||
|
7FFE1321C000
|
unkown
|
page write copy
|
||
|
2BAD3A68000
|
heap
|
page read and write
|
||
|
D0EBFC000
|
stack
|
page read and write
|
||
|
7FFE13210000
|
unkown
|
page readonly
|
||
|
2D3A000
|
direct allocation
|
page read and write
|
||
|
20A0B680000
|
heap
|
page read and write
|
||
|
1B638813000
|
heap
|
page read and write
|
||
|
7FFDFB7D9000
|
unkown
|
page read and write
|
||
|
2C0D3C2B000
|
heap
|
page read and write
|
||
|
7FFDFB9A4000
|
unkown
|
page read and write
|
||
|
14A000
|
stack
|
page read and write
|
||
|
2BAD4B91000
|
heap
|
page read and write
|
||
|
D135FF000
|
stack
|
page read and write
|
||
|
2BAD4B97000
|
heap
|
page read and write
|
||
|
1B63882B000
|
heap
|
page read and write
|
||
|
7FFE126F0000
|
unkown
|
page read and write
|
||
|
7FFE11EDB000
|
unkown
|
page read and write
|
||
|
7FFE1A451000
|
unkown
|
page execute read
|
||
|
458B000
|
heap
|
page read and write
|
||
|
E9E10FE000
|
stack
|
page read and write
|
||
|
2BAD5065000
|
heap
|
page read and write
|
||
|
DA8000
|
unkown
|
page readonly
|
||
|
7FF665A67000
|
unkown
|
page write copy
|
||
|
7FFE11523000
|
unkown
|
page read and write
|
||
|
2F43000
|
heap
|
page read and write
|
||
|
D9C000
|
unkown
|
page read and write
|
||
|
156D51A0000
|
heap
|
page read and write
|
||
|
E9E12FE000
|
stack
|
page read and write
|
||
|
ECFC7FF000
|
stack
|
page read and write
|
||
|
19CB4A41000
|
heap
|
page read and write
|
||
|
D117FB000
|
stack
|
page read and write
|
||
|
1EBA7600000
|
heap
|
page read and write
|
||
|
19CB4A39000
|
heap
|
page read and write
|
||
|
CBE000
|
unkown
|
page read and write
|
||
|
7FFDFBAB4000
|
unkown
|
page write copy
|
||
|
7FF7BACE8000
|
unkown
|
page read and write
|
||
|
2C0D4000000
|
heap
|
page read and write
|
||
|
1E252BC0000
|
heap
|
page read and write
|
||
|
D11BF7000
|
stack
|
page read and write
|
||
|
7FF665050000
|
unkown
|
page write copy
|
||
|
156D4C77000
|
heap
|
page read and write
|
||
|
2EA0000
|
direct allocation
|
page execute and read and write
|
||
|
FA6000
|
heap
|
page read and write
|
||
|
D76000
|
unkown
|
page read and write
|
||
|
7FFE11764000
|
unkown
|
page write copy
|
||
|
29C067E000
|
stack
|
page read and write
|
||
|
2D24000
|
direct allocation
|
page read and write
|
||
|
7FF7BACE8000
|
unkown
|
page read and write
|
||
|
1B638800000
|
heap
|
page read and write
|
||
|
156D4CE1000
|
heap
|
page read and write
|
||
|
7FF7BACD0000
|
unkown
|
page readonly
|
||
|
7FFE11730000
|
unkown
|
page read and write
|
||
|
1B638750000
|
heap
|
page read and write
|
||
|
156D4527000
|
heap
|
page read and write
|
||
|
D1182FE000
|
stack
|
page read and write
|
||
|
ECFCDFF000
|
stack
|
page read and write
|
||
|
7FFDFB7DE000
|
unkown
|
page write copy
|
||
|
156D51A2000
|
heap
|
page read and write
|
||
|
ECF97FE000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7FFE1178F000
|
unkown
|
page read and write
|
||
|
156D4C82000
|
heap
|
page read and write
|
||
|
2D77000
|
direct allocation
|
page read and write
|
||
|
ECFD1FF000
|
stack
|
page read and write
|
||
|
2D41000
|
direct allocation
|
page read and write
|
||
|
ECFA7FF000
|
stack
|
page read and write
|
||
|
7FF665051000
|
unkown
|
page write copy
|
||
|
ECFD1FD000
|
stack
|
page read and write
|
||
|
D0F1F9000
|
stack
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
7FFDFBAB7000
|
unkown
|
page readonly
|
||
|
7FFE126D1000
|
unkown
|
page execute read
|
||
|
D131FD000
|
stack
|
page read and write
|
||
|
1B638839000
|
heap
|
page read and write
|
||
|
165D46B0000
|
heap
|
page read and write
|
||
|
7FFE11711000
|
unkown
|
page execute read
|
||
|
ECFADFC000
|
stack
|
page read and write
|
||
|
3E5E000
|
heap
|
page read and write
|
||
|
7FFE13241000
|
unkown
|
page write copy
|
||
|
2DBA000
|
direct allocation
|
page read and write
|
||
|
156D4C7C000
|
heap
|
page read and write
|
||
|
1E252BA0000
|
heap
|
page read and write
|
||
|
2D85000
|
heap
|
page read and write
|
||
|
2BAD50B6000
|
heap
|
page read and write
|
||
|
D11DFE000
|
stack
|
page read and write
|
||
|
2BAD3A5A000
|
heap
|
page read and write
|
||
|
2BAD3A10000
|
heap
|
page read and write
|
||
|
1B638802000
|
heap
|
page read and write
|
||
|
156D51C7000
|
heap
|
page read and write
|
||
|
D7F000
|
unkown
|
page read and write
|
||
|
7FF66564E000
|
unkown
|
page write copy
|
||
|
ECF9BFE000
|
stack
|
page read and write
|
||
|
1B639002000
|
trusted library allocation
|
page read and write
|
||
|
2D9D000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2BAD3A36000
|
heap
|
page read and write
|
||
|
2BAD4BE7000
|
heap
|
page read and write
|
||
|
ECFBDFB000
|
stack
|
page read and write
|
||
|
7FF665A67000
|
unkown
|
page read and write
|
||
|
ECFC1FD000
|
stack
|
page read and write
|
||
|
2BAD5068000
|
heap
|
page read and write
|
||
|
20A0B6B8000
|
heap
|
page read and write
|
||
|
ECFC9F7000
|
stack
|
page read and write
|
||
|
7FF7BACD1000
|
unkown
|
page execute read
|
||
|
CEB000
|
unkown
|
page read and write
|
||
|
1F3000
|
heap
|
page read and write
|
||
|
1EBA7609000
|
heap
|
page read and write
|
||
|
2C0D4113000
|
heap
|
page read and write
|
||
|
A711E7F000
|
stack
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
7FFE1172D000
|
unkown
|
page read and write
|
||
|
7FFE13233000
|
unkown
|
page read and write
|
||
|
D0FBFE000
|
stack
|
page read and write
|
||
|
29C031C000
|
stack
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
D123F7000
|
stack
|
page read and write
|
||
|
E4AEFE000
|
unkown
|
page readonly
|
||
|
2CDA000
|
direct allocation
|
page read and write
|
||
|
489D000
|
heap
|
page read and write
|
||
|
19CB4890000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
7FFE13221000
|
unkown
|
page execute read
|
||
|
7FFE10240000
|
unkown
|
page readonly
|
||
|
156D5081000
|
heap
|
page read and write
|
||
|
CE3000
|
unkown
|
page read and write
|
||
|
2CF7000
|
direct allocation
|
page read and write
|
||
|
1B638902000
|
heap
|
page read and write
|
||
|
ECFD1F7000
|
stack
|
page read and write
|
||
|
CE6000
|
unkown
|
page read and write
|
||
|
2BAD3A5A000
|
heap
|
page read and write
|
||
|
ECFCDF7000
|
stack
|
page read and write
|
||
|
7FFE11724000
|
unkown
|
page readonly
|
||
|
2C9F000
|
direct allocation
|
page read and write
|
||
|
E4AFFC000
|
stack
|
page read and write
|
||
|
29C077E000
|
stack
|
page read and write
|
||
|
7FF665A5D000
|
unkown
|
page readonly
|
||
|
D12FFD000
|
stack
|
page read and write
|
||
|
1EBA7700000
|
heap
|
page read and write
|
||
|
2BAD39E0000
|
heap
|
page read and write
|
||
|
D117EAD000
|
stack
|
page read and write
|
||
|
7FFE11771000
|
unkown
|
page execute read
|
||
|
D103FF000
|
stack
|
page read and write
|
||
|
3E5B000
|
heap
|
page read and write
|
||
|
7FFE11756000
|
unkown
|
page readonly
|
||
|
ECFA5FE000
|
stack
|
page read and write
|
||
|
7FFE11EE2000
|
unkown
|
page readonly
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
7FF7BACEA000
|
unkown
|
page write copy
|
||
|
ECF9DFD000
|
stack
|
page read and write
|
||
|
CF9000
|
unkown
|
page read and write
|
||
|
19CB4970000
|
heap
|
page read and write
|
||
|
D127F7000
|
stack
|
page read and write
|
||
|
31ED7FE000
|
stack
|
page read and write
|
||
|
D129FD000
|
stack
|
page read and write
|
||
|
105B000
|
heap
|
page read and write
|
||
|
E4B2FE000
|
unkown
|
page readonly
|
||
|
1070000
|
heap
|
page read and write
|
||
|
2C0D3C38000
|
heap
|
page read and write
|
||
|
2C0D3C00000
|
unkown
|
page read and write
|
||
|
E4ADFE000
|
stack
|
page read and write
|
||
|
2D81000
|
direct allocation
|
page read and write
|
||
|
7FF7BACD0000
|
unkown
|
page readonly
|
||
|
2BAD3A95000
|
heap
|
page read and write
|
||
|
3340000
|
direct allocation
|
page execute and read and write
|
||
|
2D0A000
|
direct allocation
|
page read and write
|
||
|
156D4C67000
|
heap
|
page read and write
|
||
|
2BAD3A88000
|
heap
|
page read and write
|
||
|
3A2F000
|
heap
|
page read and write
|
||
|
D0F5FE000
|
stack
|
page read and write
|
||
|
7FFE11501000
|
unkown
|
page execute read
|
||
|
2D01000
|
direct allocation
|
page read and write
|
||
|
D12FFF000
|
stack
|
page read and write
|
||
|
23071500000
|
heap
|
page read and write
|
||
|
D12BFF000
|
stack
|
page read and write
|
||
|
156D47A0000
|
heap
|
page read and write
|
||
|
D113FE000
|
stack
|
page read and write
|
||
|
7FFE10260000
|
unkown
|
page read and write
|
||
|
CC2000
|
unkown
|
page read and write
|
||
|
156D5130000
|
heap
|
page read and write
|
||
|
2D42000
|
direct allocation
|
page read and write
|
||
|
CD3D07D000
|
stack
|
page read and write
|
||
|
156D4C71000
|
heap
|
page read and write
|
||
|
ECFD3FD000
|
stack
|
page read and write
|
||
|
2D96000
|
direct allocation
|
page read and write
|
||
|
7FFE11EE0000
|
unkown
|
page write copy
|
||
|
D0F3F6000
|
stack
|
page read and write
|
||
|
1E252BC9000
|
heap
|
page read and write
|
||
|
2BAD4128000
|
heap
|
page read and write
|
||
|
ECFD7FD000
|
stack
|
page read and write
|
There are 640 hidden memdumps, click here to show them.