IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
modified
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\1012962001\931e3b56d4.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\Documents\JDGIECGIEB.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\ProgramData\BGCAFHCA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
dropped
C:\ProgramData\CBGHCAKKFBGDHJJJKECFBKKECG
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\EGIDBFBFHJDGCAKEGHJE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\GHDAAKJE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\GHDBKFHIJKJKECAAAECA
ASCII text, with very long lines (1765), with CRLF line terminators
dropped
C:\ProgramData\IIDAAFBGDBKJJJKFIIIJ
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\KFCFBAAEHCFHJJKEHJKJDHJDGI
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0fd7f9a5-5aa5-40da-9800-03d02aca0234.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\241a70a0-a495-44f6-981f-22da2a778933.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\91627f9e-148a-4fb1-8e17-6430c14b03fe.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9ffd644f-9eb8-42c5-a2ac-0abe1863569e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67545664-1B78.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67545664-1E9C.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF277b6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF277c6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF286f9.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28708.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b3acb38a-f411-47af-9672-0b3ad9561d34.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Dec 7 13:06:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Dec 7 13:06:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Dec 7 13:06:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Dec 7 13:06:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Dec 7 13:06:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 103
ASCII text, with very long lines (2412)
downloaded
Chrome Cache Entry: 104
ASCII text, with very long lines (8561)
downloaded
Chrome Cache Entry: 105
ASCII text
downloaded
Chrome Cache Entry: 106
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 107
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 108
SVG Scalable Vector Graphics image
downloaded
There are 45 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1960,i,3989721194292092949,15909847573822481878,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2176,i,5053567703941882623,5826024289119121658,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2060,i,13102130141342141745,5107454723265991497,262144 /prefetch:3
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\JDGIECGIEB.exe"
malicious
C:\Users\user\Documents\JDGIECGIEB.exe
"C:\Users\user\Documents\JDGIECGIEB.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 3 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
http://185.215.113.206/68b591d6548ec281/nss3.dllct
unknown
http://185.215.113.2060
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
http://185.215.113.16/luma/random.exe2962001
unknown
http://185.215.113.206/c4becf79229cb002.php003
unknown
http://185.215.113.16/luma/random.exe9oX
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
http://185.215.113.16/luma/random.exehp
unknown
http://185.215.113.206/c4becf79229cb002.phpc60ab594776c83eaa9bd06ecc7f8
unknown
http://185.215.113.43/Zu7JuNko/index.phpt8
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
http://185.215.113.16/luma/random.exe450
unknown
http://185.215.113.206/c4becf79229cb002.phpUE
unknown
http://185.215.113.16/luma/random.exe
unknown
http://185.215.113.206/68b591d6548ec281/softokn3.dll:oH
unknown
http://185.215.113.16/fac00b58987e8e7e7b9ca30804042ba5ce90ui
unknown
https://www.google.com
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
http://185.215.113.206/68b591d6548ec281/nss3.dllCu
unknown
http://185.215.113.43/Zu7JuNko/index.php4
unknown
http://185.215.113.206/c4becf79229cb002.phpation
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://185.215.113.206/68b591d6548ec281/softokn3.dll)o
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
http://185.215.113.206/c4becf79229cb002.phprowser
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll
185.215.113.206
http://185.215.113.206/68b591d6548ec281/vcruntime140.dllX
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
216.58.208.228
https://apis.google.com
unknown
http://185.215.113.43/Zu7JuNko/index.php(
unknown
http://185.215.113.16/luma/random.exerlencodedU)
unknown
http://185.215.113.16/luma/random.exe))
unknown
http://185.215.113.43/Zu7JuNko/index.phpL8
unknown
http://www.sqlite.org/copyright.html.
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
http://185.215.113.206/c4becf79229cb002.php.L
unknown
https://mozilla.org0/
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dll
185.215.113.206
https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l
unknown
http://185.215.113.206BFHming
unknown
http://185.215.113.206/c4becf79229cb002.php
185.215.113.206
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://www.google.com/async/newtab_promos
216.58.208.228
http://185.215.113.16/luma/random.exe61395d
unknown
http://185.215.113.206/c4becf79229cb002.php/
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dllOt
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
unknown
https://www.ecosia.org/newtab/
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
unknown
http://185.215.113.206/c4becf79229cb002.php6
unknown
https://ac.ecosia.org/autocomplete?q=
unknown
https://www.google.com/async/ddljson?async=ntp:2
216.58.208.228
http://185.215.113.16/
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
216.58.208.228
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
unknown
http://185.215.113.206/c4becf79229cb002.phpG
unknown
http://185.215.113.206/c4becf79229cb002.phpE
unknown
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
unknown
http://185.215.113.206/c4becf79229cb002.phpO
unknown
http://185.215.113.43/Zu7JuNko/index.phpi
unknown
https://support.mozilla.org
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll-u
unknown
http://185.215.113.206
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dllwo
unknown
There are 68 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www3.l.google.com
172.217.19.206
plus.l.google.com
172.217.17.78
www.google.com
216.58.208.228
ogs.google.com
unknown
apis.google.com
unknown

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.8
unknown
unknown
malicious
185.215.113.16
unknown
Portugal
malicious
185.215.113.206
unknown
Portugal
malicious
172.217.19.206
www3.l.google.com
United States
239.255.255.250
unknown
Reserved
216.58.208.228
www.google.com
United States
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
There are 3 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
B3E000
heap
page read and write
malicious
611000
unkown
page execute and read and write
malicious
5B1000
unkown
page execute and read and write
malicious
151000
unkown
page execute and read and write
malicious
5B1000
unkown
page execute and read and write
malicious
5B1000
unkown
page execute and read and write
malicious
61B000
unkown
page execute and read and write
7A5000
unkown
page execute and read and write
4C6E000
stack
page read and write
1CE4D000
stack
page read and write
612000
unkown
page execute and write copy
44A1000
heap
page read and write
C70000
heap
page read and write
440F000
stack
page read and write
1D179000
heap
page read and write
C4C000
heap
page read and write
44A1000
heap
page read and write
32CE000
stack
page read and write
4201000
heap
page read and write
2B7F000
stack
page read and write
2A2F000
stack
page read and write
84A000
unkown
page execute and write copy
4201000
heap
page read and write
49F0000
direct allocation
page execute and read and write
C3E000
stack
page read and write
9E6000
unkown
page execute and write copy
354000
unkown
page execute and read and write
C40000
heap
page read and write
1D14B000
heap
page read and write
A85000
unkown
page execute and write copy
350F000
stack
page read and write
AD4000
heap
page read and write
4A60000
heap
page read and write
5EB0000
heap
page read and write
C50000
direct allocation
page read and write
804000
unkown
page execute and read and write
9F2000
unkown
page execute and read and write
44A1000
heap
page read and write
84B000
unkown
page execute and read and write
286F000
stack
page read and write
1D17B000
heap
page read and write
4571000
heap
page read and write
44A1000
heap
page read and write
3F2F000
stack
page read and write
BE4000
heap
page read and write
BC0000
direct allocation
page read and write
4201000
heap
page read and write
4201000
heap
page read and write
619000
unkown
page write copy
1D149000
heap
page read and write
1D180000
heap
page read and write
7FF000
unkown
page execute and write copy
C54000
heap
page read and write
C77000
heap
page read and write
875000
unkown
page execute and read and write
1D17B000
heap
page read and write
7A5000
unkown
page execute and read and write
3EEF000
stack
page read and write
4201000
heap
page read and write
44A1000
heap
page read and write
4C4000
heap
page read and write
4201000
heap
page read and write
432E000
stack
page read and write
816000
unkown
page execute and read and write
44A1000
heap
page read and write
6FE3D000
unkown
page readonly
408E000
stack
page read and write
3F9F000
stack
page read and write
2EEE000
stack
page read and write
1D15F000
heap
page read and write
1D12D000
stack
page read and write
44A1000
heap
page read and write
8E0000
heap
page read and write
7D4000
unkown
page execute and write copy
4300000
trusted library allocation
page read and write
4201000
heap
page read and write
7B0000
unkown
page execute and write copy
A74000
unkown
page execute and read and write
4830000
direct allocation
page execute and read and write
79A000
unkown
page execute and write copy
711A000
heap
page read and write
1D180000
heap
page read and write
BC0000
direct allocation
page read and write
61B000
unkown
page execute and read and write
23346000
heap
page read and write
8BC000
unkown
page execute and write copy
44A1000
heap
page read and write
4571000
heap
page read and write
4201000
heap
page read and write
2927000
heap
page read and write
4EDF000
stack
page read and write
2577000
heap
page read and write
7F1000
unkown
page execute and write copy
328F000
stack
page read and write
4910000
direct allocation
page execute and read and write
23624000
heap
page read and write
7A3000
unkown
page execute and read and write
98A000
stack
page read and write
4840000
direct allocation
page execute and read and write
1D170000
heap
page read and write
44A1000
heap
page read and write
8B46000
heap
page read and write
821000
unkown
page execute and write copy
C54000
heap
page read and write
4411000
heap
page read and write
3F2E000
stack
page read and write
821000
unkown
page execute and write copy
1D15F000
heap
page read and write
23300000
heap
page read and write
C50000
direct allocation
page read and write
48A0000
direct allocation
page execute and read and write
C9F000
heap
page read and write
9F0000
heap
page read and write
44A1000
heap
page read and write
37C000
unkown
page execute and read and write
4571000
heap
page read and write
AD4000
heap
page read and write
CD0000
heap
page read and write
A22000
unkown
page execute and write copy
77D000
unkown
page execute and write copy
49E0000
direct allocation
page execute and read and write
44A1000
heap
page read and write
7AF000
unkown
page execute and read and write
32AE000
stack
page read and write
4201000
heap
page read and write
3B2F000
stack
page read and write
BC0000
direct allocation
page read and write
AC3000
unkown
page execute and read and write
1ED000
stack
page read and write
CFE000
stack
page read and write
7FF000
unkown
page execute and write copy
5EC5000
heap
page read and write
44A1000
heap
page read and write
A43000
unkown
page execute and write copy
44B1000
heap
page read and write
550000
direct allocation
page read and write
4BA0000
heap
page read and write
4900000
direct allocation
page execute and read and write
4C4000
heap
page read and write
2347E000
stack
page read and write
37AE000
stack
page read and write
2F9E000
stack
page read and write
C54000
heap
page read and write
1D136000
heap
page read and write
44A1000
heap
page read and write
4C4000
heap
page read and write
40BF000
stack
page read and write
44A1000
heap
page read and write
350000
unkown
page execute and write copy
4920000
direct allocation
page execute and read and write
4C4000
heap
page read and write
BC0000
direct allocation
page read and write
8A5000
unkown
page execute and write copy
48C0000
direct allocation
page execute and read and write
868000
unkown
page execute and write copy
804000
unkown
page execute and read and write
23320000
heap
page read and write
1D170000
heap
page read and write
36FE000
stack
page read and write
5B1000
unkown
page execute and write copy
78D000
unkown
page execute and read and write
E6E000
stack
page read and write
356000
unkown
page execute and read and write
44A1000
heap
page read and write
C9F000
heap
page read and write
4201000
heap
page read and write
41EE000
stack
page read and write
33CF000
stack
page read and write
333E000
stack
page read and write
AD4000
heap
page read and write
392E000
stack
page read and write
D30000
heap
page read and write
33EF000
stack
page read and write
1D165000
heap
page read and write
EAE000
stack
page read and write
B10000
direct allocation
page read and write
8A5000
unkown
page execute and write copy
1D161000
heap
page read and write
BC0000
direct allocation
page read and write
45C000
unkown
page execute and write copy
821000
unkown
page execute and write copy
32FF000
stack
page read and write
1D14B000
heap
page read and write
AD4000
heap
page read and write
281C000
stack
page read and write
3F4E000
stack
page read and write
61EB4000
direct allocation
page read and write
AD4000
heap
page read and write
600000
heap
page read and write
BC0000
direct allocation
page read and write
44A1000
heap
page read and write
CC2000
heap
page read and write
C54000
heap
page read and write
9DA000
unkown
page execute and read and write
1D15B000
heap
page read and write
3C1E000
stack
page read and write
C54000
heap
page read and write
565000
heap
page read and write
44A1000
heap
page read and write
430000
heap
page read and write
44A0000
heap
page read and write
AD4000
heap
page read and write
61B000
unkown
page execute and read and write
817000
unkown
page execute and write copy
44A1000
heap
page read and write
BE0000
heap
page read and write
537000
stack
page read and write
3ABE000
stack
page read and write
CC0000
heap
page read and write
480C000
stack
page read and write
1D170000
heap
page read and write
44A1000
heap
page read and write
352E000
stack
page read and write
619000
unkown
page write copy
8A5000
unkown
page execute and write copy
C54000
heap
page read and write
7FB000
unkown
page execute and write copy
D4C000
heap
page read and write
48C0000
direct allocation
page execute and read and write
970000
direct allocation
page read and write
44A1000
heap
page read and write
6CCAE000
unkown
page read and write
77D000
unkown
page execute and write copy
AD4000
heap
page read and write
C50000
direct allocation
page read and write
36DF000
stack
page read and write
88BE000
stack
page read and write
4C4000
heap
page read and write
A42000
unkown
page execute and read and write
4800000
direct allocation
page execute and read and write
5B0000
unkown
page readonly
839000
unkown
page execute and read and write
C60000
heap
page read and write
C50000
direct allocation
page read and write
5B0000
heap
page read and write
5B1000
unkown
page execute and write copy
1D180000
heap
page read and write
4571000
heap
page read and write
2357F000
stack
page read and write
8AD000
unkown
page execute and write copy
44A1000
heap
page read and write
29EE000
stack
page read and write
84A000
unkown
page execute and write copy
4201000
heap
page read and write
1D180000
heap
page read and write
CD0000
heap
page read and write
406F000
stack
page read and write
B10000
direct allocation
page read and write
3B9000
unkown
page execute and read and write
C54000
heap
page read and write
37CE000
stack
page read and write
2CFE000
stack
page read and write
44A1000
heap
page read and write
8BD000
unkown
page execute and write copy
4201000
heap
page read and write
4201000
heap
page read and write
30DE000
stack
page read and write
23399000
heap
page read and write
2EAF000
stack
page read and write
23300000
trusted library allocation
page read and write
1D170000
heap
page read and write
288F000
stack
page read and write
3E0E000
stack
page read and write
381F000
stack
page read and write
4C4000
heap
page read and write
516C000
stack
page read and write
6CCAF000
unkown
page write copy
1D15D000
heap
page read and write
1D130000
heap
page read and write
2F5F000
stack
page read and write
4800000
direct allocation
page execute and read and write
49D0000
heap
page read and write
5EC6000
heap
page read and write
AEE000
unkown
page execute and write copy
AD4000
heap
page read and write
342E000
stack
page read and write
44A1000
heap
page read and write
AD4000
heap
page read and write
1D165000
heap
page read and write
1D152000
heap
page read and write
44A1000
heap
page read and write
4201000
heap
page read and write
AD4000
heap
page read and write
34E000
unkown
page execute and write copy
4201000
heap
page read and write
376F000
stack
page read and write
1BB000
unkown
page execute and write copy
1D165000
heap
page read and write
4571000
heap
page read and write
4201000
heap
page read and write
C28000
heap
page read and write
44A1000
heap
page read and write
970000
direct allocation
page read and write
4201000
heap
page read and write
44A1000
heap
page read and write
44A1000
heap
page read and write
C50000
heap
page read and write
AED000
unkown
page execute and read and write
4201000
heap
page read and write
33EE000
stack
page read and write
3E9E000
stack
page read and write
823000
unkown
page execute and write copy
4571000
heap
page read and write
44A1000
heap
page read and write
41AF000
stack
page read and write
2A3F000
stack
page read and write
44A1000
heap
page read and write
435F000
stack
page read and write
3F7F000
stack
page read and write
4201000
heap
page read and write
A2C000
unkown
page execute and read and write
44A1000
heap
page read and write
4571000
heap
page read and write
4571000
heap
page read and write
CC9000
heap
page read and write
AD4000
heap
page read and write
1C6000
unkown
page execute and read and write
4201000
heap
page read and write
44A1000
heap
page read and write
35BE000
stack
page read and write
37FF000
stack
page read and write
4810000
direct allocation
page execute and read and write
321E000
stack
page read and write
4F2D000
stack
page read and write
3C1000
unkown
page execute and write copy
1D149000
heap
page read and write
395F000
stack
page read and write
1D13F000
heap
page read and write
819000
unkown
page execute and read and write
C50000
direct allocation
page read and write
293E000
stack
page read and write
4800000
direct allocation
page execute and read and write
61ECC000
direct allocation
page read and write
4201000
heap
page read and write
C54000
heap
page read and write
7110000
heap
page read and write
4B30000
direct allocation
page execute and read and write
8A7000
unkown
page execute and read and write
7B0000
unkown
page execute and write copy
49E0000
direct allocation
page execute and read and write
AD4000
heap
page read and write
46BC000
stack
page read and write
44A1000
heap
page read and write
399E000
stack
page read and write
4870000
direct allocation
page execute and read and write
4BD000
stack
page read and write
7B6000
unkown
page execute and read and write
44A1000
heap
page read and write
44A1000
heap
page read and write
1D165000
heap
page read and write
CC1000
heap
page read and write
4571000
heap
page read and write
340E000
stack
page read and write
4571000
heap
page read and write
29CF000
stack
page read and write
450000
heap
page read and write
4C4000
heap
page read and write
814000
unkown
page execute and write copy
4570000
heap
page read and write
9C4000
unkown
page execute and read and write
1D141000
heap
page read and write
C54000
heap
page read and write
262E000
stack
page read and write
4640000
heap
page read and write
4950000
direct allocation
page execute and read and write
817000
unkown
page execute and write copy
1D168000
heap
page read and write
4C4000
heap
page read and write
7B4000
unkown
page execute and read and write
4201000
heap
page read and write
316F000
stack
page read and write
7DC000
unkown
page execute and read and write
61ED3000
direct allocation
page read and write
4201000
heap
page read and write
4880000
direct allocation
page execute and read and write
694000
unkown
page execute and read and write
9BF000
stack
page read and write
4BA4000
heap
page read and write
4201000
heap
page read and write
4201000
heap
page read and write
31D000
unkown
page execute and write copy
1D168000
heap
page read and write
3DEE000
stack
page read and write
2D8F000
stack
page read and write
4C4000
heap
page read and write
4940000
direct allocation
page execute and read and write
7AE000
unkown
page execute and write copy
7B6000
unkown
page execute and read and write
7FF000
unkown
page execute and write copy
D6E000
stack
page read and write
5B0000
unkown
page read and write
814000
unkown
page execute and write copy
C54000
heap
page read and write
4201000
heap
page read and write
B03000
unkown
page execute and write copy
B7F000
stack
page read and write
79B000
unkown
page execute and read and write
AD4000
heap
page read and write
45C000
unkown
page execute and read and write
C54000
heap
page read and write
877C000
stack
page read and write
4A70000
direct allocation
page execute and read and write
4201000
heap
page read and write
27FE000
stack
page read and write
3E2E000
stack
page read and write
4571000
heap
page read and write
2A2F0000
heap
page read and write
9C6000
unkown
page execute and write copy
1D170000
heap
page read and write
4C4000
heap
page read and write
2D1E000
stack
page read and write
4C4000
heap
page read and write
1BB000
unkown
page execute and write copy
4C4000
heap
page read and write
3B4000
unkown
page execute and write copy
1D180000
heap
page read and write
4510000
trusted library allocation
page read and write
4A10000
direct allocation
page execute and read and write
4B00000
direct allocation
page execute and read and write
3D1F000
stack
page read and write
A6A000
unkown
page execute and write copy
4C4000
heap
page read and write
3BBF000
stack
page read and write
32AF000
stack
page read and write
4930000
direct allocation
page execute and read and write
619000
unkown
page write copy
4411000
heap
page read and write
EFE000
stack
page read and write
2E3E000
stack
page read and write
4C4000
heap
page read and write
3DAF000
stack
page read and write
875000
unkown
page execute and read and write
1D159000
heap
page read and write
23400000
trusted library allocation
page read and write
BEE000
heap
page read and write
44A1000
heap
page read and write
1D15C000
heap
page read and write
980000
heap
page read and write
1D15B000
heap
page read and write
C00000
heap
page read and write
BC0000
direct allocation
page read and write
550000
direct allocation
page read and write
4201000
heap
page read and write
C54000
heap
page read and write
4201000
heap
page read and write
4C4000
heap
page read and write
1D153000
heap
page read and write
23610000
heap
page read and write
2B2E000
stack
page read and write
7B5000
unkown
page execute and write copy
4201000
heap
page read and write
822000
unkown
page execute and read and write
1B2000
unkown
page execute and read and write
44A1000
heap
page read and write
8B9E000
heap
page read and write
1D172000
heap
page read and write
611000
unkown
page execute and write copy
898000
unkown
page execute and write copy
4201000
heap
page read and write
4571000
heap
page read and write
550000
direct allocation
page read and write
402F000
stack
page read and write
A41000
unkown
page execute and write copy
627000
unkown
page execute and write copy
AD4000
heap
page read and write
8A5000
unkown
page execute and write copy
4201000
heap
page read and write
8B2C000
stack
page read and write
4571000
heap
page read and write
436000
unkown
page execute and write copy
7DC000
unkown
page execute and read and write
349E000
stack
page read and write
4AB0000
direct allocation
page execute and read and write
4890000
direct allocation
page execute and read and write
38EF000
stack
page read and write
9EA000
unkown
page execute and write copy
612000
unkown
page execute and read and write
345000
unkown
page execute and read and write
C61000
heap
page read and write
4C4000
heap
page read and write
49AB000
stack
page read and write
AD4000
heap
page read and write
CC9000
heap
page read and write
359F000
stack
page read and write
49EE000
stack
page read and write
C54000
heap
page read and write
626000
unkown
page execute and read and write
4201000
heap
page read and write
FAE000
stack
page read and write
1D14D000
heap
page read and write
AD4000
heap
page read and write
31FE000
stack
page read and write
4411000
heap
page read and write
1D15A000
heap
page read and write
8AB000
unkown
page execute and read and write
78D000
unkown
page execute and read and write
4890000
direct allocation
page execute and read and write
2B9F000
stack
page read and write
4201000
heap
page read and write
72A0000
heap
page read and write
34F000
unkown
page execute and read and write
1D153000
heap
page read and write
1D172000
heap
page read and write
7FA000
unkown
page execute and read and write
BB6000
heap
page read and write
6CC6F000
unkown
page readonly
4201000
heap
page read and write
4B60000
direct allocation
page execute and read and write
4A00000
direct allocation
page execute and read and write
1D161000
heap
page read and write
300F000
stack
page read and write
777000
unkown
page execute and read and write
292B000
heap
page read and write
500000
heap
page read and write
C54000
heap
page read and write
1D15F000
heap
page read and write
1CA7F000
stack
page read and write
357F000
stack
page read and write
1D163000
heap
page read and write
8BA1000
heap
page read and write
1D157000
heap
page read and write
1D180000
heap
page read and write
AD4000
heap
page read and write
3A2F000
stack
page read and write
CC9000
heap
page read and write
875000
unkown
page execute and read and write
C54000
heap
page read and write
318E000
stack
page read and write
415000
unkown
page execute and read and write
B10000
direct allocation
page read and write
AEC000
unkown
page execute and write copy
48B0000
direct allocation
page execute and read and write
44A1000
heap
page read and write
4201000
heap
page read and write
3E5F000
stack
page read and write
366F000
stack
page read and write
4C4000
heap
page read and write
532000
stack
page read and write
1D15E000
heap
page read and write
98B000
heap
page read and write
BD0000
heap
page read and write
4C4000
heap
page read and write
2910000
direct allocation
page execute and read and write
307F000
stack
page read and write
42B9000
heap
page read and write
BC0000
direct allocation
page read and write
4A90000
direct allocation
page execute and read and write
C81000
heap
page read and write
72B0000
heap
page read and write
4201000
heap
page read and write
8BB7000
heap
page read and write
C54000
heap
page read and write
BC0000
direct allocation
page read and write
79B000
unkown
page execute and read and write
3CCE000
stack
page read and write
233AF000
heap
page read and write
4A90000
direct allocation
page execute and read and write
4201000
heap
page read and write
7B0000
unkown
page execute and write copy
1D02E000
stack
page read and write
4B10000
direct allocation
page execute and read and write
4A90000
direct allocation
page execute and read and write
4C4000
heap
page read and write
C54000
heap
page read and write
4A50000
direct allocation
page execute and read and write
1C97E000
stack
page read and write
4571000
heap
page read and write
4571000
heap
page read and write
4C4000
heap
page read and write
624F000
stack
page read and write
C54000
heap
page read and write
C54000
heap
page read and write
61E01000
direct allocation
page execute read
446E000
stack
page read and write
39A000
unkown
page execute and read and write
1CF8C000
stack
page read and write
84A000
unkown
page execute and write copy
18C000
stack
page read and write
AD0000
heap
page read and write
44A1000
heap
page read and write
626000
unkown
page execute and read and write
3CAE000
stack
page read and write
1D17D000
heap
page read and write
44A1000
heap
page read and write
970000
direct allocation
page read and write
C54000
heap
page read and write
33A000
unkown
page execute and write copy
43B0000
trusted library allocation
page read and write
4B2E000
stack
page read and write
44A1000
heap
page read and write
839000
unkown
page execute and read and write
1D259000
heap
page read and write
4A90000
direct allocation
page execute and read and write
44A1000
heap
page read and write
4C4000
heap
page read and write
9FE000
stack
page read and write
8A5000
unkown
page execute and write copy
2920000
heap
page read and write
233A1000
heap
page read and write
2B6E000
stack
page read and write
2335E000
heap
page read and write
77B000
unkown
page execute and read and write
4A80000
direct allocation
page execute and read and write
A4D000
unkown
page execute and read and write
42C1000
heap
page read and write
4201000
heap
page read and write
5A0000
heap
page read and write
837000
unkown
page execute and write copy
9FC000
unkown
page execute and write copy
AD4000
heap
page read and write
1D164000
heap
page read and write
342000
unkown
page execute and write copy
502D000
stack
page read and write
4B50000
direct allocation
page execute and read and write
49E0000
direct allocation
page execute and read and write
8BD000
unkown
page execute and write copy
4850000
direct allocation
page execute and read and write
4AA0000
direct allocation
page execute and read and write
C0E000
heap
page read and write
C54000
heap
page read and write
44A1000
heap
page read and write
4201000
heap
page read and write
4571000
heap
page read and write
44A1000
heap
page read and write
1D15D000
heap
page read and write
4C4000
heap
page read and write
612000
unkown
page execute and read and write
3C2000
unkown
page execute and read and write
2362C000
heap
page read and write
44A1000
heap
page read and write
27CF000
stack
page read and write
4201000
heap
page read and write
44D000
unkown
page execute and write copy
79B000
unkown
page execute and read and write
42B4000
heap
page read and write
2C6E000
stack
page read and write
4C4000
heap
page read and write
44A1000
heap
page read and write
38CF000
stack
page read and write
2C2F000
stack
page read and write
231C8000
heap
page read and write
4571000
heap
page read and write
72A1000
heap
page read and write
4201000
heap
page read and write
A87000
unkown
page execute and read and write
1D180000
heap
page read and write
9E6000
unkown
page execute and read and write
4B40000
direct allocation
page execute and read and write
49E000
stack
page read and write
393F000
stack
page read and write
4571000
heap
page read and write
8E7000
heap
page read and write
404F000
stack
page read and write
896000
unkown
page execute and write copy
4B40000
direct allocation
page execute and read and write
1D180000
heap
page read and write
4C4000
heap
page read and write
347E000
stack
page read and write
7A5000
unkown
page execute and read and write
44A1000
heap
page read and write
C9F000
heap
page read and write
44A1000
heap
page read and write
36BF000
stack
page read and write
366E000
stack
page read and write
C54000
heap
page read and write
626000
unkown
page execute and read and write
27DF000
stack
page read and write
28CC000
stack
page read and write
2A0E000
stack
page read and write
23344000
heap
page read and write
7FE000
unkown
page execute and read and write
4571000
heap
page read and write
4C4000
heap
page read and write
7B4000
unkown
page execute and read and write
8A8000
unkown
page execute and write copy
44A1000
heap
page read and write
2CDF000
stack
page read and write
4201000
heap
page read and write
1D165000
heap
page read and write
4218000
heap
page read and write
1D165000
heap
page read and write
1B9000
unkown
page write copy
47F0000
direct allocation
page execute and read and write
4201000
heap
page read and write
B10000
direct allocation
page read and write
150000
unkown
page readonly
2F2E000
stack
page read and write
383D000
stack
page read and write
BD9000
heap
page read and write
C54000
heap
page read and write
4571000
heap
page read and write
4A0000
heap
page read and write
AD4000
heap
page read and write
4C4000
heap
page read and write
1D170000
heap
page read and write
335E000
stack
page read and write
C54000
heap
page read and write
C50000
direct allocation
page read and write
23300000
trusted library allocation
page read and write
7D4000
unkown
page execute and write copy
B10000
direct allocation
page read and write
7D4000
unkown
page execute and write copy
8BD000
unkown
page execute and write copy
2DAE000
stack
page read and write
1C5000
unkown
page execute and write copy
823000
unkown
page execute and write copy
44A1000
heap
page read and write
4571000
heap
page read and write
819000
unkown
page execute and read and write
4AC0000
direct allocation
page execute and read and write
2DCE000
stack
page read and write
C51000
heap
page read and write
4C4000
heap
page read and write
CEC000
heap
page read and write
B10000
direct allocation
page read and write
C50000
direct allocation
page read and write
AD4000
heap
page read and write
7A3000
unkown
page execute and read and write
AD4000
heap
page read and write
C54000
heap
page read and write
4D6E000
stack
page read and write
6FE4E000
unkown
page read and write
1BB000
unkown
page execute and read and write
1C93F000
stack
page read and write
4571000
heap
page read and write
7FA000
unkown
page execute and read and write
CC9000
heap
page read and write
1D17B000
heap
page read and write
6FDC1000
unkown
page execute read
4571000
heap
page read and write
C54000
heap
page read and write
960000
heap
page read and write
D3B000
heap
page read and write
1D14B000
heap
page read and write
A7C000
unkown
page execute and read and write
7A2000
unkown
page execute and write copy
4201000
heap
page read and write
4C4000
heap
page read and write
7A2000
unkown
page execute and write copy
43C000
stack
page read and write
560000
heap
page read and write
4410000
heap
page read and write
378F000
stack
page read and write
4C4000
heap
page read and write
4C4000
heap
page read and write
28CF000
stack
page read and write
970000
direct allocation
page read and write
39F000
unkown
page execute and write copy
4C4000
heap
page read and write
7B5000
unkown
page execute and write copy
5AE000
stack
page read and write
CD4000
heap
page read and write
B8E000
stack
page read and write
47E0000
direct allocation
page execute and read and write
1D161000
heap
page read and write
1D250000
trusted library allocation
page read and write
37EE000
stack
page read and write
1C83E000
stack
page read and write
1D169000
heap
page read and write
44A1000
heap
page read and write
610000
unkown
page readonly
88B000
stack
page read and write
44A1000
heap
page read and write
3F0F000
stack
page read and write
2A1E0000
heap
page read and write
4201000
heap
page read and write
445000
unkown
page execute and write copy
44A1000
heap
page read and write
4571000
heap
page read and write
4201000
heap
page read and write
292E000
heap
page read and write
4C4000
heap
page read and write
44A1000
heap
page read and write
28AE000
stack
page read and write
41CE000
stack
page read and write
4B20000
direct allocation
page execute and read and write
44A1000
heap
page read and write
1D15B000
heap
page read and write
6FE52000
unkown
page readonly
4C0000
heap
page read and write
362F000
stack
page read and write
894000
unkown
page execute and write copy
32EE000
stack
page read and write
4571000
heap
page read and write
2C6F000
stack
page read and write
970000
direct allocation
page read and write
2CC000
stack
page read and write
4201000
heap
page read and write
48D0000
direct allocation
page execute and read and write
418F000
stack
page read and write
44A1000
heap
page read and write
C54000
heap
page read and write
306E000
stack
page read and write
3C3000
unkown
page execute and write copy
4590000
heap
page read and write
4201000
heap
page read and write
C47000
heap
page read and write
AD4000
heap
page read and write
3D7000
unkown
page execute and write copy
31BF000
stack
page read and write
87BE000
stack
page read and write
898000
unkown
page execute and write copy
1D165000
heap
page read and write
4571000
heap
page read and write
61B000
unkown
page execute and write copy
4C4000
heap
page read and write
371E000
stack
page read and write
150000
unkown
page read and write
44B000
unkown
page execute and read and write
894000
unkown
page execute and write copy
550000
direct allocation
page read and write
4C4000
heap
page read and write
7F1000
unkown
page execute and write copy
550000
direct allocation
page read and write
C50000
direct allocation
page read and write
C30000
direct allocation
page read and write
2361E000
heap
page read and write
B10000
direct allocation
page read and write
4201000
heap
page read and write
1D180000
heap
page read and write
6CCB5000
unkown
page readonly
4201000
heap
page read and write
C50000
direct allocation
page read and write
8BC000
unkown
page execute and read and write
4201000
heap
page read and write
B03000
unkown
page execute and read and write
610F000
stack
page read and write
23618000
heap
page read and write
8BC000
unkown
page execute and write copy
4201000
heap
page read and write
506D000
stack
page read and write
495E000
stack
page read and write
7F1000
unkown
page execute and write copy
4571000
heap
page read and write
44A1000
heap
page read and write
7FE000
unkown
page execute and read and write
AD4000
heap
page read and write
EC000
stack
page read and write
AE1000
unkown
page execute and write copy
445000
unkown
page execute and write copy
26CF000
stack
page read and write
CD0000
heap
page read and write
B10000
direct allocation
page read and write
C9F000
heap
page read and write
7DC000
unkown
page execute and read and write
4820000
direct allocation
page execute and read and write
1B2000
unkown
page execute and write copy
896000
unkown
page execute and write copy
4A80000
direct allocation
page execute and read and write
1D15F000
heap
page read and write
980000
heap
page read and write
4C4000
heap
page read and write
4A90000
direct allocation
page execute and read and write
1D15F000
heap
page read and write
4571000
heap
page read and write
4201000
heap
page read and write
837000
unkown
page execute and write copy
82B000
unkown
page execute and read and write
44A1000
heap
page read and write
4201000
heap
page read and write
4571000
heap
page read and write
2E5E000
stack
page read and write
DFE000
stack
page read and write
233C3000
heap
page read and write
85A000
unkown
page write copy
4B30000
direct allocation
page execute and read and write
23580000
trusted library allocation
page read and write
4C4000
heap
page read and write
28FF000
stack
page read and write
442F000
stack
page read and write
627000
unkown
page execute and write copy
804000
unkown
page execute and read and write
1D15F000
heap
page read and write
98E000
heap
page read and write
356E000
stack
page read and write
40DF000
stack
page read and write
C54000
heap
page read and write
4201000
heap
page read and write
61EB7000
direct allocation
page readonly
33AF000
stack
page read and write
364F000
stack
page read and write
4800000
direct allocation
page execute and read and write
61B000
unkown
page execute and write copy
4201000
heap
page read and write
1CE8D000
stack
page read and write
343000
unkown
page execute and read and write
2F0E000
stack
page read and write
39EF000
stack
page read and write
4AE0000
direct allocation
page execute and read and write
8AB000
unkown
page execute and read and write
49E0000
direct allocation
page execute and read and write
C40000
direct allocation
page execute and read and write
B98000
heap
page read and write
44A1000
heap
page read and write
4571000
heap
page read and write
4C4000
heap
page read and write
9C8000
heap
page read and write
3A6E000
stack
page read and write
3D5E000
stack
page read and write
AD4000
heap
page read and write
44A1000
heap
page read and write
814000
unkown
page execute and write copy
267F000
stack
page read and write
CC0000
heap
page read and write
4220000
heap
page read and write
44A1000
heap
page read and write
42EF000
stack
page read and write
1D172000
heap
page read and write
4A60000
direct allocation
page execute and read and write
4C4000
heap
page read and write
4C4000
heap
page read and write
4201000
heap
page read and write
2F3F000
stack
page read and write
276E000
stack
page read and write
2DEE000
stack
page read and write
1D170000
heap
page read and write
295E000
stack
page read and write
522E000
stack
page read and write
612000
unkown
page execute and write copy
95E000
stack
page read and write
6FDC0000
unkown
page readonly
391000
unkown
page execute and write copy
4571000
heap
page read and write
8AD000
unkown
page execute and write copy
449F000
stack
page read and write
447000
unkown
page execute and read and write
77D000
unkown
page execute and write copy
CBE000
stack
page read and write
C50000
direct allocation
page read and write
4C4000
heap
page read and write
45A0000
trusted library allocation
page read and write
385E000
stack
page read and write
44A1000
heap
page read and write
2A5F000
stack
page read and write
1D180000
heap
page read and write
251F000
stack
page read and write
98A000
heap
page read and write
44A1000
heap
page read and write
5B1000
unkown
page execute and write copy
A73000
unkown
page execute and write copy
44A1000
heap
page read and write
816000
unkown
page execute and read and write
BC0000
direct allocation
page read and write
354E000
stack
page read and write
31B000
unkown
page execute and read and write
44A1000
heap
page read and write
C50000
direct allocation
page read and write
C7C000
heap
page read and write
368E000
stack
page read and write
1CC0E000
stack
page read and write
82B000
unkown
page execute and read and write
C54000
heap
page read and write
29AF000
stack
page read and write
4C4000
heap
page read and write
2E1F000
stack
page read and write
898000
unkown
page execute and write copy
5B0000
unkown
page readonly
BD0000
heap
page read and write
255B000
stack
page read and write
1CD0F000
stack
page read and write
278E000
stack
page read and write
4DDE000
stack
page read and write
1D142000
heap
page read and write
2BDE000
stack
page read and write
78D000
unkown
page execute and read and write
3C6F000
stack
page read and write
8AD000
unkown
page execute and write copy
9F9000
heap
page read and write
B7F000
heap
page read and write
8B3C000
heap
page read and write
4C4000
heap
page read and write
822000
unkown
page execute and read and write
4C4000
heap
page read and write
7B4000
unkown
page execute and read and write
4C4000
heap
page read and write
619000
unkown
page write copy
1D180000
heap
page read and write
82B000
unkown
page execute and read and write
B98000
heap
page read and write
C54000
heap
page read and write
4580000
heap
page read and write
416F000
stack
page read and write
309F000
stack
page read and write
D00000
direct allocation
page read and write
1D165000
heap
page read and write
3EB000
unkown
page execute and read and write
1D15B000
heap
page read and write
7A4000
unkown
page execute and write copy
291F000
stack
page read and write
4C4000
heap
page read and write
4FD000
stack
page read and write
4201000
heap
page read and write
894000
unkown
page execute and write copy
BC0000
direct allocation
page read and write
625000
unkown
page execute and write copy
48CE000
stack
page read and write
4A70000
direct allocation
page execute and read and write
612000
unkown
page execute and read and write
4740000
direct allocation
page read and write
302F000
stack
page read and write
970000
heap
page read and write
2ECF000
stack
page read and write
3A2E000
stack
page read and write
2D6F000
stack
page read and write
BE7000
heap
page read and write
B04000
unkown
page execute and write copy
D10000
direct allocation
page execute and read and write
8FE000
stack
page read and write
550000
direct allocation
page read and write
C30000
direct allocation
page read and write
C7E000
stack
page read and write
839000
unkown
page execute and read and write
2B2F000
stack
page read and write
C9F000
heap
page read and write
314E000
stack
page read and write
4201000
heap
page read and write
3A4000
unkown
page execute and read and write
1D172000
heap
page read and write
1D172000
heap
page read and write
49CF000
stack
page read and write
4C0000
heap
page read and write
44A1000
heap
page read and write
1D180000
heap
page read and write
4571000
heap
page read and write
4800000
direct allocation
page execute and read and write
44A1000
heap
page read and write
AD4000
heap
page read and write
2A15C000
stack
page read and write
C7A000
heap
page read and write
1D157000
heap
page read and write
1CD4D000
stack
page read and write
7A4000
unkown
page execute and write copy
AD4000
heap
page read and write
AD4000
heap
page read and write
970000
direct allocation
page read and write
1D15F000
heap
page read and write
3BDF000
stack
page read and write
44A1000
heap
page read and write
3C8F000
stack
page read and write
4200000
heap
page read and write
4571000
heap
page read and write
4201000
heap
page read and write
4C2F000
stack
page read and write
7A3000
unkown
page execute and read and write
B10000
direct allocation
page read and write
79A000
unkown
page execute and write copy
48C0000
direct allocation
page execute and read and write
5FCF000
stack
page read and write
4C4000
heap
page read and write
3B7000
unkown
page execute and write copy
4201000
heap
page read and write
1D172000
heap
page read and write
1D180000
heap
page read and write
9F0000
unkown
page execute and write copy
C54000
heap
page read and write
4740000
direct allocation
page read and write
AD4000
heap
page read and write
421F000
stack
page read and write
4571000
heap
page read and write
34EF000
stack
page read and write
44A1000
heap
page read and write
23381000
heap
page read and write
BF0000
direct allocation
page read and write
688E000
stack
page read and write
72B0000
heap
page read and write
30BE000
stack
page read and write
4AEF000
stack
page read and write
48A0000
direct allocation
page execute and read and write
1D143000
heap
page read and write
4571000
heap
page read and write
9DD000
heap
page read and write
678E000
stack
page read and write
40FE000
stack
page read and write
4C4000
heap
page read and write
4C4000
heap
page read and write
4C4000
heap
page read and write
1D14B000
heap
page read and write
26DE000
stack
page read and write
6CAD0000
unkown
page readonly
7B6000
unkown
page execute and read and write
23262000
heap
page read and write
C85000
heap
page read and write
23342000
heap
page read and write
4201000
heap
page read and write
4C4000
heap
page read and write
84B000
unkown
page execute and read and write
BD6000
heap
page read and write
4571000
heap
page read and write
B10000
direct allocation
page read and write
4571000
heap
page read and write
7FE000
unkown
page execute and read and write
7A4000
unkown
page execute and write copy
4860000
direct allocation
page execute and read and write
C50000
direct allocation
page read and write
4C4000
heap
page read and write
40AE000
stack
page read and write
1D165000
heap
page read and write
3B6F000
stack
page read and write
AD4000
heap
page read and write
2BBE000
stack
page read and write
53B000
stack
page read and write
44A1000
heap
page read and write
4571000
heap
page read and write
1D142000
heap
page read and write
44A1000
heap
page read and write
3A4D000
stack
page read and write
B10000
direct allocation
page read and write
61E00000
direct allocation
page execute and read and write
1D17C000
heap
page read and write
5E8E000
stack
page read and write
85C000
unkown
page execute and read and write
AD4000
heap
page read and write
2B4E000
stack
page read and write
816000
unkown
page execute and read and write
477E000
stack
page read and write
7AE000
unkown
page execute and write copy
4AD0000
direct allocation
page execute and read and write
4571000
heap
page read and write
AEC000
unkown
page execute and write copy
1D180000
heap
page read and write
B10000
direct allocation
page read and write
4C4000
heap
page read and write
44A1000
heap
page read and write
AD4000
heap
page read and write
344000
unkown
page execute and write copy
1D180000
heap
page read and write
3B8E000
stack
page read and write
38EE000
stack
page read and write
CD0000
heap
page read and write
1D15B000
heap
page read and write
4C4000
heap
page read and write
456F000
stack
page read and write
4201000
heap
page read and write
42AF000
stack
page read and write
A5B000
unkown
page execute and write copy
4571000
heap
page read and write
44A1000
heap
page read and write
425E000
stack
page read and write
2CBF000
stack
page read and write
4571000
heap
page read and write
C54000
heap
page read and write
48C0000
direct allocation
page execute and read and write
1B9000
unkown
page write copy
3D9000
unkown
page execute and read and write
1D165000
heap
page read and write
31AE000
stack
page read and write
550000
direct allocation
page read and write
4C4000
heap
page read and write
3CAF000
stack
page read and write
1D14B000
heap
page read and write
B10000
direct allocation
page read and write
970000
direct allocation
page read and write
C54000
heap
page read and write
4960000
direct allocation
page execute and read and write
42B1000
heap
page read and write
5B0000
unkown
page readonly
AD4000
heap
page read and write
1D180000
heap
page read and write
C54000
heap
page read and write
42B0000
heap
page read and write
619000
unkown
page write copy
23361000
heap
page read and write
9FF000
unkown
page execute and read and write
2570000
heap
page read and write
352F000
stack
page read and write
600E000
stack
page read and write
487F000
stack
page read and write
C50000
direct allocation
page read and write
4C4000
heap
page read and write
3D3E000
stack
page read and write
4571000
heap
page read and write
41AE000
stack
page read and write
44A1000
heap
page read and write
3CEE000
stack
page read and write
61ECD000
direct allocation
page readonly
4411000
heap
page read and write
AD4000
heap
page read and write
3CD000
stack
page read and write
619000
unkown
page write copy
6250000
heap
page read and write
C54000
heap
page read and write
C54000
heap
page read and write
B10000
direct allocation
page read and write
44A1000
heap
page read and write
1D180000
heap
page read and write
48C0000
direct allocation
page execute and read and write
3BFE000
stack
page read and write
1C7000
unkown
page execute and write copy
614E000
stack
page read and write
CC0000
heap
page read and write
4201000
heap
page read and write
47D0000
direct allocation
page execute and read and write
1D15B000
heap
page read and write
B3A000
heap
page read and write
8A5000
unkown
page execute and write copy
AF3000
unkown
page execute and write copy
3A9F000
stack
page read and write
39E000
unkown
page execute and read and write
44A1000
heap
page read and write
4201000
heap
page read and write
8BC000
unkown
page execute and read and write
1D141000
heap
page read and write
2DAF000
stack
page read and write
272F000
stack
page read and write
4A5F000
stack
page read and write
44A1000
heap
page read and write
61ED0000
direct allocation
page read and write
8A8000
unkown
page execute and write copy
92E000
stack
page read and write
1D170000
heap
page read and write
AE0000
heap
page read and write
848000
unkown
page execute and read and write
7FA000
unkown
page execute and read and write
C7B000
heap
page read and write
970000
direct allocation
page read and write
4571000
heap
page read and write
257D000
heap
page read and write
4C4000
heap
page read and write
AD4000
heap
page read and write
8BC000
unkown
page execute and read and write
AF3000
unkown
page execute and write copy
BC0000
direct allocation
page read and write
326F000
stack
page read and write
532F000
stack
page read and write
4A40000
direct allocation
page execute and read and write
36AE000
stack
page read and write
AD4000
heap
page read and write
1D17B000
heap
page read and write
4571000
heap
page read and write
44A1000
heap
page read and write
4A20000
direct allocation
page execute and read and write
3FDE000
stack
page read and write
4201000
heap
page read and write
1D142000
heap
page read and write
C54000
heap
page read and write
44A1000
heap
page read and write
151000
unkown
page execute and write copy
345F000
stack
page read and write
4571000
heap
page read and write
4AF0000
direct allocation
page execute and read and write
970000
direct allocation
page read and write
4A2B000
stack
page read and write
2EEF000
stack
page read and write
8A7000
unkown
page execute and read and write
84B000
unkown
page execute and read and write
4A60000
direct allocation
page execute and read and write
2C8E000
stack
page read and write
4571000
heap
page read and write
32D000
unkown
page execute and read and write
C54000
heap
page read and write
4A90000
direct allocation
page execute and read and write
4588000
heap
page read and write
374000
unkown
page execute and write copy
61ED4000
direct allocation
page readonly
5B0000
unkown
page read and write
B30000
heap
page read and write
8A2B000
stack
page read and write
48F0000
direct allocation
page execute and read and write
4C4000
heap
page read and write
625000
unkown
page execute and write copy
C54000
heap
page read and write
1D157000
heap
page read and write
25EF000
stack
page read and write
BEB000
heap
page read and write
896000
unkown
page execute and write copy
397E000
stack
page read and write
4201000
heap
page read and write
2B0F000
stack
page read and write
26BE000
stack
page read and write
612000
unkown
page execute and write copy
7A2000
unkown
page execute and write copy
1CBBE000
stack
page read and write
C54000
heap
page read and write
AD4000
heap
page read and write
2AEF000
stack
page read and write
316E000
stack
page read and write
6910000
trusted library allocation
page read and write
8AD000
unkown
page execute and write copy
23358000
heap
page read and write
4680000
direct allocation
page read and write
5B0000
unkown
page read and write
355000
unkown
page execute and write copy
302E000
stack
page read and write
D20000
direct allocation
page execute and read and write
CEA000
heap
page read and write
3CB000
unkown
page execute and read and write
3E3F000
stack
page read and write
45CE000
heap
page read and write
4571000
heap
page read and write
1D164000
heap
page read and write
49D0000
direct allocation
page execute and read and write
2FEF000
stack
page read and write
96E000
stack
page read and write
BF0000
direct allocation
page read and write
C4F000
stack
page read and write
B4E000
stack
page read and write
23355000
heap
page read and write
4571000
heap
page read and write
44A1000
heap
page read and write
6CCB0000
unkown
page read and write
8AD000
unkown
page execute and write copy
390E000
stack
page read and write
4571000
heap
page read and write
44D000
unkown
page execute and write copy
3CFF000
stack
page read and write
7FB000
unkown
page execute and write copy
4C4000
heap
page read and write
448000
unkown
page execute and write copy
C0A000
heap
page read and write
817000
unkown
page execute and write copy
1D165000
heap
page read and write
1D172000
heap
page read and write
4201000
heap
page read and write
2CAE000
stack
page read and write
BC6000
heap
page read and write
1D15F000
heap
page read and write
44A1000
heap
page read and write
4201000
heap
page read and write
85A000
unkown
page write copy
438000
unkown
page execute and write copy
85C000
unkown
page execute and write copy
27BF000
stack
page read and write
312F000
stack
page read and write
647000
unkown
page execute and read and write
AD4000
heap
page read and write
44A1000
heap
page read and write
44A1000
heap
page read and write
33B000
unkown
page execute and read and write
44A1000
heap
page read and write
4670000
trusted library allocation
page read and write
343F000
stack
page read and write
77B000
unkown
page execute and read and write
4201000
heap
page read and write
4571000
heap
page read and write
BB6000
heap
page read and write
49E0000
direct allocation
page execute and read and write
970000
direct allocation
page read and write
2A2EC000
stack
page read and write
4C4000
heap
page read and write
3EA000
unkown
page execute and write copy
1F0000
heap
page read and write
72AE000
heap
page read and write
8AB000
unkown
page execute and read and write
1D17D000
heap
page read and write
4571000
heap
page read and write
A49000
unkown
page execute and write copy
6C5000
unkown
page execute and read and write
2A7E000
stack
page read and write
3F6E000
stack
page read and write
550000
direct allocation
page read and write
23340000
heap
page read and write
CC0000
heap
page read and write
CD3000
heap
page read and write
AD4000
heap
page read and write
550000
direct allocation
page read and write
4201000
heap
page read and write
3FBE000
stack
page read and write
A75000
unkown
page execute and write copy
5A0000
heap
page read and write
AD4000
heap
page read and write
1D172000
heap
page read and write
3B4F000
stack
page read and write
A6C000
unkown
page execute and read and write
837000
unkown
page execute and write copy
434000
unkown
page execute and write copy
D00000
direct allocation
page read and write
550000
direct allocation
page read and write
4C4000
heap
page read and write
C54000
heap
page read and write
970000
direct allocation
page read and write
44A1000
heap
page read and write
BB0000
heap
page read and write
1D14B000
heap
page read and write
A48000
unkown
page execute and read and write
8C0000
heap
page read and write
B84000
heap
page read and write
44A1000
heap
page read and write
411E000
stack
page read and write
44A1000
heap
page read and write
31DF000
stack
page read and write
304E000
stack
page read and write
38AF000
stack
page read and write
44A1000
heap
page read and write
406E000
stack
page read and write
2334C000
heap
page read and write
7AF000
unkown
page execute and read and write
3B6E000
stack
page read and write
4A90000
direct allocation
page execute and read and write
C54000
heap
page read and write
4571000
heap
page read and write
550000
direct allocation
page read and write
44A1000
heap
page read and write
BF0000
heap
page read and write
1D180000
heap
page read and write
BDE000
heap
page read and write
4C4000
heap
page read and write
79A000
unkown
page execute and write copy
1D15A000
heap
page read and write
1CABE000
stack
page read and write
550000
direct allocation
page read and write
C50000
direct allocation
page read and write
3ADD000
stack
page read and write
4571000
heap
page read and write
35DE000
stack
page read and write
439E000
stack
page read and write
45D000
unkown
page execute and write copy
49E0000
direct allocation
page execute and read and write
430E000
stack
page read and write
1D132000
heap
page read and write
6264000
heap
page read and write
4571000
heap
page read and write
44A1000
heap
page read and write
7B5000
unkown
page execute and write copy
44A1000
heap
page read and write
48C0000
direct allocation
page execute and read and write
3BAE000
stack
page read and write
BD0000
heap
page read and write
4571000
heap
page read and write
4201000
heap
page read and write
550000
direct allocation
page read and write
8A7000
unkown
page execute and read and write
AD4000
heap
page read and write
39B000
unkown
page execute and write copy
1D152000
heap
page read and write
1D165000
heap
page read and write
550000
direct allocation
page read and write
4680000
direct allocation
page read and write
C54000
heap
page read and write
4201000
heap
page read and write
4C4000
heap
page read and write
7AF000
unkown
page execute and read and write
6DC000
unkown
page execute and read and write
970000
direct allocation
page read and write
8AD000
unkown
page execute and write copy
77B000
unkown
page execute and read and write
331F000
stack
page read and write
627000
unkown
page execute and write copy
4800000
direct allocation
page execute and read and write
37AF000
stack
page read and write
1D141000
heap
page read and write
3E7E000
stack
page read and write
CEA000
heap
page read and write
2C4F000
stack
page read and write
4B2F000
stack
page read and write
44A1000
heap
page read and write
44A1000
heap
page read and write
822000
unkown
page execute and read and write
9EB000
unkown
page execute and read and write
867B000
stack
page read and write
3A7F000
stack
page read and write
3DCF000
stack
page read and write
44A1000
heap
page read and write
5EC0000
heap
page read and write
4C4000
heap
page read and write
4571000
heap
page read and write
3B6000
unkown
page execute and read and write
1D17B000
heap
page read and write
47BF000
stack
page read and write
24EF000
stack
page read and write
610000
unkown
page read and write
AD4000
heap
page read and write
42CF000
stack
page read and write
2DFF000
stack
page read and write
8A8000
unkown
page execute and write copy
BC0000
direct allocation
page read and write
4201000
heap
page read and write
44A1000
heap
page read and write
A5C000
unkown
page execute and read and write
44A1000
heap
page read and write
4A30000
direct allocation
page execute and read and write
8BAF000
heap
page read and write
CD4000
heap
page read and write
970000
direct allocation
page read and write
2F7E000
stack
page read and write
61B000
unkown
page execute and write copy
48E0000
direct allocation
page execute and read and write
8BC000
unkown
page execute and write copy
44A1000
heap
page read and write
C87000
heap
page read and write
625000
unkown
page execute and write copy
823000
unkown
page execute and write copy
7FB000
unkown
page execute and write copy
3A0F000
stack
page read and write
44A1000
heap
page read and write
1D165000
heap
page read and write
819000
unkown
page execute and read and write
2A9E000
stack
page read and write
6CAD1000
unkown
page execute read
BC0000
direct allocation
page read and write
970000
direct allocation
page read and write
290E000
stack
page read and write
3DEE000
stack
page read and write
41FF000
stack
page read and write
7AE000
unkown
page execute and write copy
6263000
heap
page read and write
AD4000
heap
page read and write
There are 1486 hidden memdumps, click here to show them.