Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Temp\is-0LRJ5.tmp\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-VOKMN.tmp\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Windows NT\7zr.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Windows NT\file.bin (copy)
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\is-7F262.tmp
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Windows NT\is-G3Q97.tmp
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale2.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale2.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale3.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale3.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale4.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale4.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale7.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale7.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\res.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\tProtect.dll
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Windows NT\task.xml
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\trash (copy)
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Windows NT\updat4.vac
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3xlrotyl.asi.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_epzcupzj.g4d.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_usc54tp5.20u.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wwr22fqg.bme.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-0UFV8.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-0UFV8.tmp\update.vac
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-ONGLN.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-ONGLN.tmp\update.vac
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
\Device\ConDrv
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
There are 22 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exe
|
"C:\Users\user\Desktop\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exe"
|
||
C:\Users\user\AppData\Local\Temp\is-0LRJ5.tmp\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.tmp
|
"C:\Users\user\AppData\Local\Temp\is-0LRJ5.tmp\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.tmp" /SL5="$2043A,4740332,845824,C:\Users\user\Desktop\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exe"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -Command "Add-MpPreference -ExclusionPath 'C:\'"
|
||
C:\Users\user\Desktop\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exe
|
"C:\Users\user\Desktop\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exe" /VERYSILENT
|
||
C:\Users\user\AppData\Local\Temp\is-VOKMN.tmp\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.tmp
|
"C:\Users\user\AppData\Local\Temp\is-VOKMN.tmp\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.tmp" /SL5="$4043E,4740332,845824,C:\Users\user\Desktop\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exe"
/VERYSILENT
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc create CleverSoar displayname= CleverSoar binPath= "C:\Program Files (x86)\Windows NT\tProtect.dll" type=
kernel start= auto
|
||
C:\Windows\System32\sc.exe
|
sc create CleverSoar displayname= CleverSoar binPath= "C:\Program Files (x86)\Windows NT\tProtect.dll" type= kernel start=
auto
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Program Files (x86)\Windows NT\7zr.exe
|
7zr.exe x -y res.dat -pad8dtyw9eyfd9aslyd9iald
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Program Files (x86)\Windows NT\7zr.exe
|
7zr.exe x -y locale3.dat -pasfasdf79yf9layslofs
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
There are 101 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://aria2.github.io/Usage:
|
unknown
|
||
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
https://github.com/aria2/aria2/issuesReport
|
unknown
|
||
http://www.metalinker.org/
|
unknown
|
||
https://www.remobjects.com/ps
|
unknown
|
||
https://aria2.github.io/
|
unknown
|
||
https://github.com/aria2/aria2/issues
|
unknown
|
||
https://www.innosetup.com/
|
unknown
|
||
http://www.metalinker.org/basic_string::_M_construct
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
HKEY_CURRENT_USER\SOFTWARE\Magisk
|
ring3_username
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
B3C607F000
|
stack
|
page read and write
|
||
10AF000
|
stack
|
page read and write
|
||
1C187230000
|
heap
|
page read and write
|
||
24E9000
|
direct allocation
|
page read and write
|
||
14B876D0000
|
heap
|
page read and write
|
||
1810000
|
direct allocation
|
page read and write
|
||
844A3FF000
|
stack
|
page read and write
|
||
18B6000
|
direct allocation
|
page read and write
|
||
3DC2000
|
direct allocation
|
page read and write
|
||
277DAAC0000
|
heap
|
page read and write
|
||
1DB9CFE000
|
stack
|
page read and write
|
||
D27000
|
unkown
|
page readonly
|
||
252FAAD0000
|
heap
|
page read and write
|
||
22C66410000
|
heap
|
page read and write
|
||
2A60000
|
direct allocation
|
page read and write
|
||
35C0000
|
direct allocation
|
page read and write
|
||
44B000
|
unkown
|
page readonly
|
||
4980000
|
trusted library allocation
|
page read and write
|
||
4986000
|
trusted library allocation
|
page read and write
|
||
2C930480000
|
heap
|
page read and write
|
||
277DA7A0000
|
heap
|
page read and write
|
||
2C930660000
|
heap
|
page read and write
|
||
35F3000
|
heap
|
page read and write
|
||
1941000
|
direct allocation
|
page read and write
|
||
1DA63770000
|
heap
|
page read and write
|
||
12EF000
|
stack
|
page read and write
|
||
1840000
|
direct allocation
|
page read and write
|
||
FB8000
|
stack
|
page read and write
|
||
216F4CA0000
|
heap
|
page read and write
|
||
E07ECFE000
|
stack
|
page read and write
|
||
131F000
|
stack
|
page read and write
|
||
3290000
|
trusted library allocation
|
page read and write
|
||
211D6DB0000
|
heap
|
page read and write
|
||
9D16BDF000
|
stack
|
page read and write
|
||
CDD000
|
heap
|
page read and write
|
||
28F78578000
|
heap
|
page read and write
|
||
3143000
|
heap
|
page read and write
|
||
28F78740000
|
heap
|
page read and write
|
||
188C0A50000
|
heap
|
page read and write
|
||
8EC000
|
stack
|
page read and write
|
||
385EBDD000
|
stack
|
page read and write
|
||
640557F000
|
stack
|
page read and write
|
||
ACE000
|
stack
|
page read and write
|
||
215515E5000
|
heap
|
page read and write
|
||
18EB000
|
direct allocation
|
page read and write
|
||
EFD567F000
|
stack
|
page read and write
|
||
6CB61000
|
unkown
|
page read and write
|
||
2B11000
|
heap
|
page read and write
|
||
21551220000
|
heap
|
page read and write
|
||
216F4CA5000
|
heap
|
page read and write
|
||
80BD97E000
|
stack
|
page read and write
|
||
2C5B000
|
direct allocation
|
page read and write
|
||
211D71B0000
|
heap
|
page read and write
|
||
121E000
|
stack
|
page read and write
|
||
381000
|
unkown
|
page execute read
|
||
1415000
|
heap
|
page read and write
|
||
29A89C00000
|
heap
|
page read and write
|
||
2BA6000
|
heap
|
page read and write
|
||
26BE000
|
heap
|
page read and write
|
||
3452C7E000
|
stack
|
page read and write
|
||
8449FBD000
|
stack
|
page read and write
|
||
CBD000
|
unkown
|
page read and write
|
||
14B876E0000
|
heap
|
page read and write
|
||
2AC9000
|
heap
|
page read and write
|
||
180F000
|
stack
|
page read and write
|
||
89CFB7D000
|
stack
|
page read and write
|
||
27278738000
|
heap
|
page read and write
|
||
B10000
|
heap
|
page read and write
|
||
250F000
|
direct allocation
|
page read and write
|
||
960000
|
heap
|
page read and write
|
||
2858FF40000
|
heap
|
page read and write
|
||
1823000
|
direct allocation
|
page read and write
|
||
2CE5A690000
|
heap
|
page read and write
|
||
E07E9EC000
|
stack
|
page read and write
|
||
27574908000
|
heap
|
page read and write
|
||
36C0000
|
direct allocation
|
page read and write
|
||
2FD1000
|
direct allocation
|
page read and write
|
||
1969000
|
heap
|
page read and write
|
||
240000
|
unkown
|
page readonly
|
||
188C0A55000
|
heap
|
page read and write
|
||
2576000
|
direct allocation
|
page read and write
|
||
3840000
|
direct allocation
|
page read and write
|
||
8FD000
|
stack
|
page read and write
|
||
381000
|
unkown
|
page execute read
|
||
193A000
|
direct allocation
|
page read and write
|
||
1F87B080000
|
heap
|
page read and write
|
||
21A124B0000
|
heap
|
page read and write
|
||
22389735000
|
heap
|
page read and write
|
||
2CE5A765000
|
heap
|
page read and write
|
||
7F630000
|
direct allocation
|
page read and write
|
||
A7E000
|
stack
|
page read and write
|
||
22C66390000
|
heap
|
page read and write
|
||
CD0000
|
heap
|
page read and write
|
||
2FB4000
|
direct allocation
|
page read and write
|
||
26946560000
|
heap
|
page read and write
|
||
2F54000
|
direct allocation
|
page read and write
|
||
247EE7D0000
|
heap
|
page read and write
|
||
380000
|
unkown
|
page readonly
|
||
F80000
|
unkown
|
page write copy
|
||
4840000
|
trusted library allocation
|
page read and write
|
||
78CD6FE000
|
stack
|
page read and write
|
||
2CEA000
|
direct allocation
|
page read and write
|
||
24A8000
|
direct allocation
|
page read and write
|
||
29A89CF8000
|
heap
|
page read and write
|
||
22C80740000
|
heap
|
page read and write
|
||
1F94AB60000
|
heap
|
page read and write
|
||
120D2510000
|
heap
|
page read and write
|
||
89CFE7E000
|
stack
|
page read and write
|
||
26946450000
|
heap
|
page read and write
|
||
188C0750000
|
heap
|
page read and write
|
||
7F64B000
|
direct allocation
|
page read and write
|
||
EBE000
|
stack
|
page read and write
|
||
2858FCC8000
|
heap
|
page read and write
|
||
4BDFE7D000
|
stack
|
page read and write
|
||
2C66000
|
direct allocation
|
page read and write
|
||
2A9B000
|
heap
|
page read and write
|
||
42D8000
|
direct allocation
|
page read and write
|
||
C80000
|
direct allocation
|
page execute and read and write
|
||
1F779B00000
|
heap
|
page read and write
|
||
2F19000
|
direct allocation
|
page read and write
|
||
2F9F000
|
direct allocation
|
page read and write
|
||
247EE7B0000
|
heap
|
page read and write
|
||
1831000
|
direct allocation
|
page read and write
|
||
ED0000
|
heap
|
page read and write
|
||
3FD3000
|
direct allocation
|
page read and write
|
||
2E9000
|
unkown
|
page write copy
|
||
1B73A6B0000
|
heap
|
page read and write
|
||
14B87995000
|
heap
|
page read and write
|
||
B56000
|
heap
|
page read and write
|
||
9D16EFF000
|
stack
|
page read and write
|
||
CDD000
|
heap
|
page read and write
|
||
2C93000
|
direct allocation
|
page read and write
|
||
B54000
|
heap
|
page read and write
|
||
35B0000
|
heap
|
page read and write
|
||
2F0B000
|
direct allocation
|
page read and write
|
||
2C930580000
|
heap
|
page read and write
|
||
2F04000
|
direct allocation
|
page read and write
|
||
26946565000
|
heap
|
page read and write
|
||
277DA900000
|
heap
|
page read and write
|
||
2CA2000
|
direct allocation
|
page read and write
|
||
2A9C000
|
heap
|
page read and write
|
||
2F3F000
|
direct allocation
|
page read and write
|
||
2C49000
|
direct allocation
|
page read and write
|
||
CD9000
|
heap
|
page read and write
|
||
29A89CD0000
|
heap
|
page read and write
|
||
1965000
|
heap
|
page read and write
|
||
2FAD000
|
direct allocation
|
page read and write
|
||
380000
|
unkown
|
page readonly
|
||
2858FCC0000
|
heap
|
page read and write
|
||
1850BB68000
|
heap
|
page read and write
|
||
1F94AC00000
|
heap
|
page read and write
|
||
497B000
|
stack
|
page read and write
|
||
2BF7000
|
direct allocation
|
page read and write
|
||
32D8D7D000
|
stack
|
page read and write
|
||
14B87750000
|
heap
|
page read and write
|
||
1C187310000
|
heap
|
page read and write
|
||
1B73A825000
|
heap
|
page read and write
|
||
49AB000
|
trusted library allocation
|
page read and write
|
||
277DA908000
|
heap
|
page read and write
|
||
442000
|
unkown
|
page read and write
|
||
2CDC000
|
direct allocation
|
page read and write
|
||
B5F000
|
heap
|
page read and write
|
||
259A000
|
direct allocation
|
page read and write
|
||
2CE3000
|
direct allocation
|
page read and write
|
||
22C807C5000
|
heap
|
page read and write
|
||
3FC0000
|
direct allocation
|
page read and write
|
||
2F27000
|
direct allocation
|
page read and write
|
||
216F4810000
|
heap
|
page read and write
|
||
D3186FF000
|
stack
|
page read and write
|
||
F9077ED000
|
stack
|
page read and write
|
||
F786A7F000
|
stack
|
page read and write
|
||
1DA63970000
|
heap
|
page read and write
|
||
255DB7F0000
|
heap
|
page read and write
|
||
14B87700000
|
heap
|
page read and write
|
||
B74000
|
heap
|
page read and write
|
||
22C66380000
|
heap
|
page read and write
|
||
1FD0AE50000
|
heap
|
page read and write
|
||
26946578000
|
heap
|
page read and write
|
||
3FC0000
|
direct allocation
|
page read and write
|
||
2AA6000
|
heap
|
page read and write
|
||
6C8E1000
|
unkown
|
page execute read
|
||
1F94AC08000
|
heap
|
page read and write
|
||
35A0000
|
heap
|
page read and write
|
||
2CE5A598000
|
heap
|
page read and write
|
||
2BFE000
|
direct allocation
|
page read and write
|
||
2EE7000
|
direct allocation
|
page read and write
|
||
251D000
|
direct allocation
|
page read and write
|
||
1864000
|
direct allocation
|
page read and write
|
||
381000
|
unkown
|
page execute read
|
||
194AC070000
|
heap
|
page read and write
|
||
3E40000
|
direct allocation
|
page read and write
|
||
8FD000
|
stack
|
page read and write
|
||
164C000
|
heap
|
page read and write
|
||
18C5000
|
direct allocation
|
page read and write
|
||
454D2AD000
|
stack
|
page read and write
|
||
B879F7E000
|
stack
|
page read and write
|
||
1B73A6D0000
|
heap
|
page read and write
|
||
22389440000
|
heap
|
page read and write
|
||
CAE000
|
unkown
|
page read and write
|
||
18DB000
|
direct allocation
|
page read and write
|
||
1610000
|
heap
|
page read and write
|
||
257D000
|
direct allocation
|
page read and write
|
||
1916000
|
direct allocation
|
page read and write
|
||
ED6000
|
unkown
|
page execute read
|
||
4DAF000
|
stack
|
page read and write
|
||
F7E000
|
unkown
|
page read and write
|
||
2BE1000
|
direct allocation
|
page read and write
|
||
21A12925000
|
heap
|
page read and write
|
||
6CA96000
|
unkown
|
page write copy
|
||
BCD9C7F000
|
stack
|
page read and write
|
||
14C6000
|
heap
|
page read and write
|
||
2F9000
|
unkown
|
page readonly
|
||
2F98000
|
direct allocation
|
page read and write
|
||
499D000
|
trusted library allocation
|
page read and write
|
||
24CC000
|
direct allocation
|
page read and write
|
||
357E000
|
direct allocation
|
page read and write
|
||
4819000
|
direct allocation
|
page read and write
|
||
1900000
|
direct allocation
|
page read and write
|
||
4F2E000
|
stack
|
page read and write
|
||
41AE000
|
stack
|
page read and write
|
||
D99000
|
heap
|
page read and write
|
||
12B0000
|
heap
|
page read and write
|
||
1DA639A5000
|
heap
|
page read and write
|
||
1F87AC80000
|
heap
|
page read and write
|
||
24B0000
|
direct allocation
|
page read and write
|
||
CDA000
|
heap
|
page read and write
|
||
F363FFE000
|
unkown
|
page readonly
|
||
2AC9000
|
heap
|
page read and write
|
||
3460000
|
direct allocation
|
page read and write
|
||
57918FE000
|
stack
|
page read and write
|
||
1855000
|
direct allocation
|
page read and write
|
||
DB7A9BC000
|
stack
|
page read and write
|
||
3FEF000
|
direct allocation
|
page read and write
|
||
2BE9000
|
direct allocation
|
page read and write
|
||
2990000
|
heap
|
page read and write
|
||
3D69000
|
direct allocation
|
page read and write
|
||
27574BC5000
|
heap
|
page read and write
|
||
385EFFE000
|
stack
|
page read and write
|
||
B18000
|
heap
|
page read and write
|
||
1899000
|
direct allocation
|
page read and write
|
||
2CE5A6B0000
|
heap
|
page read and write
|
||
26BD000
|
heap
|
page read and write
|
||
1908000
|
direct allocation
|
page read and write
|
||
3452B7E000
|
stack
|
page read and write
|
||
4980000
|
trusted library allocation
|
page read and write
|
||
2499000
|
direct allocation
|
page read and write
|
||
380000
|
unkown
|
page readonly
|
||
9D16ADD000
|
stack
|
page read and write
|
||
44B000
|
unkown
|
page readonly
|
||
254A000
|
direct allocation
|
page read and write
|
||
502F000
|
stack
|
page read and write
|
||
CE0000
|
heap
|
page read and write
|
||
EFD577F000
|
stack
|
page read and write
|
||
208B9800000
|
heap
|
page read and write
|
||
140CBEE000
|
stack
|
page read and write
|
||
2AB9000
|
heap
|
page read and write
|
||
2858FDE0000
|
heap
|
page read and write
|
||
2541000
|
direct allocation
|
page read and write
|
||
2490000
|
direct allocation
|
page read and write
|
||
AE0000
|
heap
|
page read and write
|
||
1F94AA60000
|
heap
|
page read and write
|
||
120D2200000
|
heap
|
page read and write
|
||
B13F5BC000
|
stack
|
page read and write
|
||
487D000
|
stack
|
page read and write
|
||
42C000
|
unkown
|
page readonly
|
||
2FD8000
|
direct allocation
|
page read and write
|
||
2F37000
|
direct allocation
|
page read and write
|
||
F78671C000
|
stack
|
page read and write
|
||
1850BD30000
|
heap
|
page read and write
|
||
3452A7D000
|
stack
|
page read and write
|
||
2593000
|
direct allocation
|
page read and write
|
||
2C930560000
|
heap
|
page read and write
|
||
CC0000
|
heap
|
page read and write
|
||
27278730000
|
heap
|
page read and write
|
||
2A90000
|
heap
|
page read and write
|
||
1850BD50000
|
heap
|
page read and write
|
||
1FD0ABF0000
|
heap
|
page read and write
|
||
4EEF000
|
stack
|
page read and write
|
||
B879E7D000
|
stack
|
page read and write
|
||
28F78760000
|
heap
|
page read and write
|
||
120D2120000
|
heap
|
page read and write
|
||
255DB810000
|
heap
|
page read and write
|
||
A9946DC000
|
stack
|
page read and write
|
||
5947A7E000
|
stack
|
page read and write
|
||
2C38000
|
direct allocation
|
page read and write
|
||
215511F0000
|
heap
|
page read and write
|
||
3DC0000
|
direct allocation
|
page read and write
|
||
6CC4D000
|
unkown
|
page readonly
|
||
194AC050000
|
heap
|
page read and write
|
||
D70000
|
heap
|
page read and write
|
||
211D6ED8000
|
heap
|
page read and write
|
||
2C05000
|
direct allocation
|
page read and write
|
||
2CE5A760000
|
heap
|
page read and write
|
||
930000
|
heap
|
page read and write
|
||
2C9305E0000
|
heap
|
page read and write
|
||
188C07A0000
|
heap
|
page read and write
|
||
256F000
|
direct allocation
|
page read and write
|
||
1DA63780000
|
heap
|
page read and write
|
||
A9947DF000
|
stack
|
page read and write
|
||
499D000
|
trusted library allocation
|
page read and write
|
||
1F87AD20000
|
heap
|
page read and write
|
||
15F0000
|
heap
|
page read and write
|
||
2AB9000
|
heap
|
page read and write
|
||
1FD0AB10000
|
heap
|
page read and write
|
||
B53000
|
heap
|
page read and write
|
||
A80000
|
heap
|
page read and write
|
||
208B9400000
|
heap
|
page read and write
|
||
3D8E000
|
direct allocation
|
page read and write
|
||
44B000
|
unkown
|
page readonly
|
||
442000
|
unkown
|
page write copy
|
||
2489000
|
direct allocation
|
page read and write
|
||
454D3AE000
|
stack
|
page read and write
|
||
2C28000
|
direct allocation
|
page read and write
|
||
2C1B000
|
direct allocation
|
page read and write
|
||
3880000
|
direct allocation
|
page read and write
|
||
21A12570000
|
heap
|
page read and write
|
||
1850BEC0000
|
heap
|
page read and write
|
||
A994AFE000
|
stack
|
page read and write
|
||
DB7ACFF000
|
stack
|
page read and write
|
||
2F250FF000
|
stack
|
page read and write
|
||
211D6EB0000
|
heap
|
page read and write
|
||
6CB67000
|
unkown
|
page execute read
|
||
1F779CD8000
|
heap
|
page read and write
|
||
CD1000
|
unkown
|
page execute read
|
||
2F6A000
|
direct allocation
|
page read and write
|
||
29A89CD5000
|
heap
|
page read and write
|
||
247EEB50000
|
heap
|
page read and write
|
||
22C66448000
|
heap
|
page read and write
|
||
247EEB55000
|
heap
|
page read and write
|
||
1180000
|
heap
|
page read and write
|
||
2AC9000
|
heap
|
page read and write
|
||
111F000
|
stack
|
page read and write
|
||
1DA639A0000
|
heap
|
page read and write
|
||
FD29FE000
|
stack
|
page read and write
|
||
1F87AC90000
|
heap
|
page read and write
|
||
3AF5000
|
heap
|
page read and write
|
||
2560000
|
direct allocation
|
page read and write
|
||
F786B7F000
|
stack
|
page read and write
|
||
2552000
|
direct allocation
|
page read and write
|
||
2C14000
|
direct allocation
|
page read and write
|
||
27278830000
|
heap
|
page read and write
|
||
2680000
|
heap
|
page read and write
|
||
21A12578000
|
heap
|
page read and write
|
||
12B8000
|
heap
|
page read and write
|
||
FD25FD000
|
stack
|
page read and write
|
||
1872000
|
direct allocation
|
page read and write
|
||
380000
|
unkown
|
page readonly
|
||
42C000
|
unkown
|
page readonly
|
||
489D000
|
direct allocation
|
page read and write
|
||
194AC090000
|
heap
|
page read and write
|
||
CD0000
|
unkown
|
page readonly
|
||
4740000
|
heap
|
page read and write
|
||
C60000
|
heap
|
page read and write
|
||
2F24D8D000
|
stack
|
page read and write
|
||
32D907F000
|
stack
|
page read and write
|
||
26946530000
|
heap
|
page read and write
|
||
2ACA000
|
heap
|
page read and write
|
||
640567E000
|
stack
|
page read and write
|
||
192C000
|
direct allocation
|
page read and write
|
||
1960000
|
heap
|
page read and write
|
||
1FD0AE55000
|
heap
|
page read and write
|
||
4C6E000
|
stack
|
page read and write
|
||
BCD9A7D000
|
stack
|
page read and write
|
||
2880000
|
direct allocation
|
page read and write
|
||
2CE5A590000
|
heap
|
page read and write
|
||
103B000
|
stack
|
page read and write
|
||
4CAE000
|
stack
|
page read and write
|
||
2F7A000
|
direct allocation
|
page read and write
|
||
F907BFE000
|
stack
|
page read and write
|
||
241000
|
unkown
|
page execute read
|
||
3A90000
|
direct allocation
|
page read and write
|
||
211D6ED0000
|
heap
|
page read and write
|
||
CC0000
|
unkown
|
page write copy
|
||
2E9000
|
unkown
|
page read and write
|
||
6C8E0000
|
unkown
|
page readonly
|
||
277DA8A0000
|
heap
|
page read and write
|
||
DB7ADFE000
|
stack
|
page read and write
|
||
2CE5A4A0000
|
heap
|
page read and write
|
||
B49000
|
heap
|
page read and write
|
||
21551200000
|
heap
|
page read and write
|
||
35F0000
|
heap
|
page read and write
|
||
1F779BE0000
|
heap
|
page read and write
|
||
120D22C0000
|
heap
|
page read and write
|
||
89CFF7F000
|
stack
|
page read and write
|
||
26BE000
|
heap
|
page read and write
|
||
4986000
|
trusted library allocation
|
page read and write
|
||
261DA940000
|
heap
|
page read and write
|
||
2C50000
|
direct allocation
|
page read and write
|
||
18D4000
|
direct allocation
|
page read and write
|
||
124E000
|
stack
|
page read and write
|
||
2AB9000
|
heap
|
page read and write
|
||
C50000
|
heap
|
page read and write
|
||
29A89C20000
|
heap
|
page read and write
|
||
190F000
|
direct allocation
|
page read and write
|
||
C2E000
|
stack
|
page read and write
|
||
18F9000
|
direct allocation
|
page read and write
|
||
2B11000
|
heap
|
page read and write
|
||
208B93F0000
|
heap
|
page read and write
|
||
4440000
|
heap
|
page read and write
|
||
24E2000
|
direct allocation
|
page read and write
|
||
2858FBD0000
|
heap
|
page read and write
|
||
CC7000
|
unkown
|
page readonly
|
||
11EF000
|
stack
|
page read and write
|
||
120D2220000
|
heap
|
page read and write
|
||
594787D000
|
stack
|
page read and write
|
||
1B73A5B0000
|
heap
|
page read and write
|
||
FD28FF000
|
stack
|
page read and write
|
||
208B9805000
|
heap
|
page read and write
|
||
26946570000
|
heap
|
page read and write
|
||
B13F8FE000
|
stack
|
page read and write
|
||
49A8000
|
trusted library allocation
|
page read and write
|
||
24FF000
|
direct allocation
|
page read and write
|
||
1320000
|
heap
|
page read and write
|
||
2EEE000
|
direct allocation
|
page read and write
|
||
F907AFE000
|
stack
|
page read and write
|
||
252FAB50000
|
heap
|
page read and write
|
||
15CE000
|
stack
|
page read and write
|
||
22C807D0000
|
heap
|
page read and write
|
||
78CD3DF000
|
stack
|
page read and write
|
||
22C66415000
|
heap
|
page read and write
|
||
216F49C0000
|
heap
|
page read and write
|
||
C878B7E000
|
stack
|
page read and write
|
||
EDF000
|
stack
|
page read and write
|
||
5D6000
|
stack
|
page read and write
|
||
1410000
|
heap
|
page read and write
|
||
1F779FB0000
|
heap
|
page read and write
|
||
2CF1000
|
direct allocation
|
page read and write
|
||
499D000
|
trusted library allocation
|
page read and write
|
||
27574880000
|
heap
|
page read and write
|
||
2C6D000
|
direct allocation
|
page read and write
|
||
18A0000
|
direct allocation
|
page read and write
|
||
1850BB40000
|
heap
|
page read and write
|
||
24BE000
|
direct allocation
|
page read and write
|
||
44B000
|
unkown
|
page readonly
|
||
2F89000
|
direct allocation
|
page read and write
|
||
4980000
|
trusted library allocation
|
page read and write
|
||
2E90000
|
heap
|
page read and write
|
||
F7E000
|
unkown
|
page write copy
|
||
2C9305E5000
|
heap
|
page read and write
|
||
10EE000
|
stack
|
page read and write
|
||
24F7000
|
direct allocation
|
page read and write
|
||
1419000
|
heap
|
page read and write
|
||
BCD9B7E000
|
stack
|
page read and write
|
||
261DA758000
|
heap
|
page read and write
|
||
24C5000
|
direct allocation
|
page read and write
|
||
1850BEC5000
|
heap
|
page read and write
|
||
454D6FE000
|
stack
|
page read and write
|
||
2FBC000
|
direct allocation
|
page read and write
|
||
2AA7000
|
heap
|
page read and write
|
||
2C84000
|
direct allocation
|
page read and write
|
||
1290000
|
heap
|
page read and write
|
||
B20000
|
heap
|
page read and write
|
||
B3C617E000
|
stack
|
page read and write
|
||
184E000
|
direct allocation
|
page read and write
|
||
3D70000
|
direct allocation
|
page read and write
|
||
2BA0000
|
direct allocation
|
page read and write
|
||
1F779FB5000
|
heap
|
page read and write
|
||
2559000
|
direct allocation
|
page read and write
|
||
2B0A000
|
heap
|
page read and write
|
||
261DA920000
|
heap
|
page read and write
|
||
2568000
|
direct allocation
|
page read and write
|
||
4741000
|
heap
|
page read and write
|
||
275748B0000
|
heap
|
page read and write
|
||
1C1873A0000
|
heap
|
page read and write
|
||
2F12000
|
direct allocation
|
page read and write
|
||
CDB85FE000
|
stack
|
page read and write
|
||
CC5000
|
unkown
|
page readonly
|
||
1DA63788000
|
heap
|
page read and write
|
||
F363E7D000
|
stack
|
page read and write
|
||
D3187FE000
|
stack
|
page read and write
|
||
9FC000
|
stack
|
page read and write
|
||
188C07A8000
|
heap
|
page read and write
|
||
52BF000
|
stack
|
page read and write
|
||
216F48F0000
|
heap
|
page read and write
|
||
140CEFF000
|
stack
|
page read and write
|
||
499A000
|
trusted library allocation
|
page read and write
|
||
640547C000
|
stack
|
page read and write
|
||
1839000
|
direct allocation
|
page read and write
|
||
2F90000
|
direct allocation
|
page read and write
|
||
CB5000
|
unkown
|
page read and write
|
||
CB0000
|
unkown
|
page read and write
|
||
F363F7E000
|
stack
|
page read and write
|
||
CFD000
|
stack
|
page read and write
|
||
29A89CF0000
|
heap
|
page read and write
|
||
22C663B0000
|
heap
|
page read and write
|
||
11D0000
|
heap
|
page read and write
|
||
CDD000
|
heap
|
page read and write
|
||
18AB000
|
direct allocation
|
page read and write
|
||
216F4910000
|
heap
|
page read and write
|
||
1C187330000
|
heap
|
page read and write
|
||
1F87B085000
|
heap
|
page read and write
|
||
937000
|
heap
|
page read and write
|
||
F85000
|
unkown
|
page read and write
|
||
18BD000
|
direct allocation
|
page read and write
|
||
21A124E0000
|
heap
|
page read and write
|
||
147E000
|
stack
|
page read and write
|
||
252FAAB0000
|
heap
|
page read and write
|
||
CEC000
|
unkown
|
page execute read
|
||
261DA945000
|
heap
|
page read and write
|
||
3FD0000
|
heap
|
page read and write
|
||
516C000
|
stack
|
page read and write
|
||
255DBBB0000
|
heap
|
page read and write
|
||
C8C89FF000
|
stack
|
page read and write
|
||
2B11000
|
heap
|
page read and write
|
||
E07EDFF000
|
stack
|
page read and write
|
||
2EB000
|
unkown
|
page read and write
|
||
AB0000
|
heap
|
page read and write
|
||
1200000
|
heap
|
page read and write
|
||
2BC0000
|
direct allocation
|
page read and write
|
||
57919FF000
|
stack
|
page read and write
|
||
442000
|
unkown
|
page write copy
|
||
49AB000
|
trusted library allocation
|
page read and write
|
||
CE8000
|
heap
|
page read and write
|
||
1618000
|
heap
|
page read and write
|
||
579159D000
|
stack
|
page read and write
|
||
252FA9D0000
|
heap
|
page read and write
|
||
22389580000
|
heap
|
page read and write
|
||
2FC3000
|
direct allocation
|
page read and write
|
||
2F20000
|
direct allocation
|
page read and write
|
||
B53000
|
heap
|
page read and write
|
||
252FAE40000
|
heap
|
page read and write
|
||
18F2000
|
direct allocation
|
page read and write
|
||
2C8B000
|
direct allocation
|
page read and write
|
||
D3183AC000
|
stack
|
page read and write
|
||
1F94AE75000
|
heap
|
page read and write
|
||
F80000
|
unkown
|
page read and write
|
||
D60000
|
heap
|
page read and write
|
||
25A1000
|
direct allocation
|
page read and write
|
||
3FBF3CF000
|
stack
|
page read and write
|
||
14C0000
|
heap
|
page read and write
|
||
F8D000
|
unkown
|
page read and write
|
||
194AC140000
|
heap
|
page read and write
|
||
1948000
|
direct allocation
|
page read and write
|
||
506C000
|
stack
|
page read and write
|
||
2584000
|
direct allocation
|
page read and write
|
||
3D9E000
|
direct allocation
|
page read and write
|
||
2FA6000
|
direct allocation
|
page read and write
|
||
24D4000
|
direct allocation
|
page read and write
|
||
2EFC000
|
direct allocation
|
page read and write
|
||
28F78550000
|
heap
|
page read and write
|
||
EFD531C000
|
stack
|
page read and write
|
||
C8C85BD000
|
stack
|
page read and write
|
||
3FDD000
|
direct allocation
|
page read and write
|
||
594797F000
|
stack
|
page read and write
|
||
1924000
|
direct allocation
|
page read and write
|
||
381000
|
unkown
|
page execute read
|
||
3C6C000
|
stack
|
page read and write
|
||
28F787F5000
|
heap
|
page read and write
|
||
21A124C0000
|
heap
|
page read and write
|
||
F97000
|
unkown
|
page readonly
|
||
185D000
|
direct allocation
|
page read and write
|
||
1C187408000
|
heap
|
page read and write
|
||
4980000
|
trusted library allocation
|
page read and write
|
||
2AA1000
|
heap
|
page read and write
|
||
6CA86000
|
unkown
|
page readonly
|
||
191D000
|
direct allocation
|
page read and write
|
||
B7D000
|
heap
|
page read and write
|
||
2CD4000
|
direct allocation
|
page read and write
|
||
C878A7D000
|
stack
|
page read and write
|
||
3740000
|
direct allocation
|
page read and write
|
||
255DBBB5000
|
heap
|
page read and write
|
||
37C0000
|
trusted library allocation
|
page read and write
|
||
255DB898000
|
heap
|
page read and write
|
||
22389520000
|
heap
|
page read and write
|
||
208B9420000
|
heap
|
page read and write
|
||
CAE000
|
unkown
|
page write copy
|
||
42C000
|
unkown
|
page readonly
|
||
255DB890000
|
heap
|
page read and write
|
||
1F779CD0000
|
heap
|
page read and write
|
||
1F87AD28000
|
heap
|
page read and write
|
||
35B0000
|
direct allocation
|
page read and write
|
||
215515E0000
|
heap
|
page read and write
|
||
3D79000
|
direct allocation
|
page read and write
|
||
B13F9FE000
|
stack
|
page read and write
|
||
3FBF2CC000
|
stack
|
page read and write
|
||
2ED1000
|
direct allocation
|
page read and write
|
||
28F787F0000
|
heap
|
page read and write
|
||
A01000
|
unkown
|
page execute read
|
||
253A000
|
direct allocation
|
page read and write
|
||
2C9B000
|
direct allocation
|
page read and write
|
||
211D6E90000
|
heap
|
page read and write
|
||
215512A0000
|
heap
|
page read and write
|
||
2F251FF000
|
stack
|
page read and write
|
||
2A9D000
|
heap
|
page read and write
|
||
5FC000
|
stack
|
page read and write
|
||
1C1873A5000
|
heap
|
page read and write
|
||
27574890000
|
heap
|
page read and write
|
||
2FCA000
|
direct allocation
|
page read and write
|
||
3140000
|
heap
|
page read and write
|
||
24A1000
|
direct allocation
|
page read and write
|
||
2EB9000
|
direct allocation
|
page read and write
|
||
3C2F000
|
stack
|
page read and write
|
||
F4D000
|
unkown
|
page execute read
|
||
936000
|
heap
|
page read and write
|
||
442000
|
unkown
|
page read and write
|
||
844A2FE000
|
stack
|
page read and write
|
||
208B9468000
|
heap
|
page read and write
|
||
3D84000
|
direct allocation
|
page read and write
|
||
24B7000
|
direct allocation
|
page read and write
|
||
2CB8000
|
direct allocation
|
page read and write
|
||
473F000
|
stack
|
page read and write
|
||
C8C88FE000
|
stack
|
page read and write
|
||
216F49C8000
|
heap
|
page read and write
|
||
26BF000
|
heap
|
page read and write
|
||
21A12920000
|
heap
|
page read and write
|
||
B61000
|
heap
|
page read and write
|
||
2A95000
|
heap
|
page read and write
|
||
F7B000
|
unkown
|
page execute read
|
||
42CE000
|
direct allocation
|
page read and write
|
||
120D2515000
|
heap
|
page read and write
|
||
49AB000
|
trusted library allocation
|
page read and write
|
||
1600000
|
direct allocation
|
page execute and read and write
|
||
261DA950000
|
heap
|
page read and write
|
||
1B73A5B8000
|
heap
|
page read and write
|
||
1FD0AC10000
|
heap
|
page read and write
|
||
1F94AE70000
|
heap
|
page read and write
|
||
194ABF70000
|
heap
|
page read and write
|
||
22C66440000
|
heap
|
page read and write
|
||
4BDFF7E000
|
stack
|
page read and write
|
||
2F46000
|
direct allocation
|
page read and write
|
||
F94000
|
unkown
|
page read and write
|
||
A6E000
|
stack
|
page read and write
|
||
499A000
|
trusted library allocation
|
page read and write
|
||
2CC6000
|
direct allocation
|
page read and write
|
||
1888000
|
direct allocation
|
page read and write
|
||
80BD87F000
|
stack
|
page read and write
|
||
1F94AB40000
|
heap
|
page read and write
|
||
22389540000
|
heap
|
page read and write
|
||
12CB000
|
heap
|
page read and write
|
||
78CD2DC000
|
stack
|
page read and write
|
||
2AA9000
|
heap
|
page read and write
|
||
188C0650000
|
heap
|
page read and write
|
||
28F78570000
|
heap
|
page read and write
|
||
2C22000
|
direct allocation
|
page read and write
|
||
261DA750000
|
heap
|
page read and write
|
||
2AA7000
|
heap
|
page read and write
|
||
950000
|
heap
|
page read and write
|
||
277DA880000
|
heap
|
page read and write
|
||
2CBB000
|
heap
|
page read and write
|
||
4DEE000
|
stack
|
page read and write
|
||
167F000
|
stack
|
page read and write
|
||
3B2E000
|
stack
|
page read and write
|
||
2A9D000
|
heap
|
page read and write
|
||
D80000
|
heap
|
page read and write
|
||
27574BC0000
|
heap
|
page read and write
|
||
120D22C8000
|
heap
|
page read and write
|
||
1F87ACB0000
|
heap
|
page read and write
|
||
2BF0000
|
direct allocation
|
page read and write
|
||
AAE000
|
stack
|
page read and write
|
||
22C80710000
|
heap
|
page read and write
|
||
2C930667000
|
heap
|
page read and write
|
||
2CBF000
|
direct allocation
|
page read and write
|
||
2789000
|
heap
|
page read and write
|
||
143E000
|
stack
|
page read and write
|
||
7F94A000
|
direct allocation
|
page read and write
|
||
18E4000
|
direct allocation
|
page read and write
|
||
252A000
|
direct allocation
|
page read and write
|
||
F94000
|
unkown
|
page write copy
|
||
2990000
|
direct allocation
|
page read and write
|
||
2CF8000
|
direct allocation
|
page read and write
|
||
211D71B5000
|
heap
|
page read and write
|
||
499A000
|
trusted library allocation
|
page read and write
|
||
1B73A4D0000
|
heap
|
page read and write
|
||
3640000
|
direct allocation
|
page read and write
|
||
42F0000
|
direct allocation
|
page read and write
|
||
2F71000
|
direct allocation
|
page read and write
|
||
2F2F000
|
direct allocation
|
page read and write
|
||
27278975000
|
heap
|
page read and write
|
||
27574900000
|
heap
|
page read and write
|
||
385EEFE000
|
stack
|
page read and write
|
||
2EF5000
|
direct allocation
|
page read and write
|
||
2C5E000
|
direct allocation
|
page read and write
|
||
2BD3000
|
direct allocation
|
page read and write
|
||
194AC095000
|
heap
|
page read and write
|
||
247EE9C0000
|
heap
|
page read and write
|
||
252FAE45000
|
heap
|
page read and write
|
||
18AE000
|
direct allocation
|
page read and write
|
||
D92000
|
heap
|
page read and write
|
||
2CCD000
|
direct allocation
|
page read and write
|
||
3980000
|
direct allocation
|
page read and write
|
||
2C0D000
|
direct allocation
|
page read and write
|
||
22C807C0000
|
heap
|
page read and write
|
||
215512A8000
|
heap
|
page read and write
|
||
CD5000
|
heap
|
page read and write
|
||
1DA63950000
|
heap
|
page read and write
|
||
CDB84FF000
|
stack
|
page read and write
|
||
22389730000
|
heap
|
page read and write
|
||
27278850000
|
heap
|
page read and write
|
||
2858FDC0000
|
heap
|
page read and write
|
||
42C000
|
unkown
|
page readonly
|
||
2858FF45000
|
heap
|
page read and write
|
||
4986000
|
trusted library allocation
|
page read and write
|
||
A00000
|
unkown
|
page readonly
|
||
26946670000
|
heap
|
page read and write
|
||
C878C7F000
|
stack
|
page read and write
|
||
25A8000
|
direct allocation
|
page read and write
|
||
255DB7E0000
|
heap
|
page read and write
|
||
35B0000
|
direct allocation
|
page read and write
|
||
35B0000
|
direct allocation
|
page read and write
|
||
157E000
|
stack
|
page read and write
|
||
1850BB60000
|
heap
|
page read and write
|
||
32D917E000
|
stack
|
page read and write
|
||
D97000
|
heap
|
page read and write
|
||
1DB9DFF000
|
stack
|
page read and write
|
||
247EE9A0000
|
heap
|
page read and write
|
||
D88000
|
heap
|
page read and write
|
||
14B87990000
|
heap
|
page read and write
|
||
B3C5D2D000
|
stack
|
page read and write
|
||
2F82000
|
direct allocation
|
page read and write
|
||
1FD0AC58000
|
heap
|
page read and write
|
||
3DAE000
|
direct allocation
|
page read and write
|
||
3FCB000
|
direct allocation
|
page read and write
|
||
42F3000
|
direct allocation
|
page read and write
|
||
1F779C00000
|
heap
|
page read and write
|
||
1B73A820000
|
heap
|
page read and write
|
||
1933000
|
direct allocation
|
page read and write
|
||
261DA730000
|
heap
|
page read and write
|
||
1DB99DD000
|
stack
|
page read and write
|
||
2F2000
|
unkown
|
page read and write
|
||
2AA0000
|
heap
|
page read and write
|
||
24DB000
|
direct allocation
|
page read and write
|
||
113C000
|
stack
|
page read and write
|
||
1C187400000
|
heap
|
page read and write
|
||
1FD0AC50000
|
heap
|
page read and write
|
||
1480000
|
heap
|
page read and write
|
||
2681000
|
heap
|
page read and write
|
||
27278970000
|
heap
|
page read and write
|
||
24F0000
|
direct allocation
|
page read and write
|
||
247EE7D8000
|
heap
|
page read and write
|
||
CDB81ED000
|
stack
|
page read and write
|
||
3FBF6FE000
|
stack
|
page read and write
|
||
186B000
|
direct allocation
|
page read and write
|
||
29A89B20000
|
heap
|
page read and write
|
||
80BD53D000
|
stack
|
page read and write
|
||
2516000
|
direct allocation
|
page read and write
|
||
2F4D000
|
direct allocation
|
page read and write
|
||
2F5000
|
unkown
|
page write copy
|
||
208B9460000
|
heap
|
page read and write
|
||
3460000
|
direct allocation
|
page read and write
|
||
51BE000
|
stack
|
page read and write
|
||
2C7D000
|
direct allocation
|
page read and write
|
||
27278650000
|
heap
|
page read and write
|
||
14B87758000
|
heap
|
page read and write
|
||
B32000
|
heap
|
page read and write
|
||
188C0730000
|
heap
|
page read and write
|
||
4BE007F000
|
stack
|
page read and write
|
||
194AC148000
|
heap
|
page read and write
|
||
2EE0000
|
direct allocation
|
page read and write
|
||
4370000
|
direct allocation
|
page read and write
|
||
2F7000
|
unkown
|
page readonly
|
||
2507000
|
direct allocation
|
page read and write
|
||
B50000
|
heap
|
page read and write
|
||
22C80720000
|
heap
|
page read and write
|
||
22C807D8000
|
heap
|
page read and write
|
||
277DAAC5000
|
heap
|
page read and write
|
||
258C000
|
direct allocation
|
page read and write
|
||
2AC9000
|
heap
|
page read and write
|
||
18CD000
|
direct allocation
|
page read and write
|
||
AFD000
|
stack
|
page read and write
|
||
1847000
|
direct allocation
|
page read and write
|
||
F85000
|
unkown
|
page write copy
|
||
252FAB58000
|
heap
|
page read and write
|
||
140CAEC000
|
stack
|
page read and write
|
||
B73000
|
heap
|
page read and write
|
||
C70000
|
direct allocation
|
page read and write
|
||
2ED8000
|
direct allocation
|
page read and write
|
||
22389588000
|
heap
|
page read and write
|
||
11CE000
|
stack
|
page read and write
|
There are 758 hidden memdumps, click here to show them.