Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
#U5b89#U88c5#U52a9#U624b1.0.2.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Program Files (x86)\Windows NT\hrsw.vbc
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Windows NT\tProtect.dll
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-4RQR5.tmp\update.vac
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-HT0ET.tmp\update.vac
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-OEIE1.tmp\#U5b89#U88c5#U52a9#U624b1.0.2.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-QO799.tmp\#U5b89#U88c5#U52a9#U624b1.0.2.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Windows NT\7zr.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Windows NT\file.bin (copy)
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\is-RHS98.tmp
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\is-S9CBO.tmp
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale2.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale2.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale3.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale3.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale4.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale4.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale7.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale7.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\res.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\task.xml
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\trash
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ejvsx5uu.zef.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hgctsqwj.j2d.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t2ruqbsc.an3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uq3h13r2.wxa.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-4RQR5.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-HT0ET.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
\Device\ConDrv
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
There are 22 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.2.exe
|
"C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.2.exe"
|
||
C:\Users\user\AppData\Local\Temp\is-QO799.tmp\#U5b89#U88c5#U52a9#U624b1.0.2.tmp
|
"C:\Users\user\AppData\Local\Temp\is-QO799.tmp\#U5b89#U88c5#U52a9#U624b1.0.2.tmp" /SL5="$20466,5031707,845824,C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.2.exe"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -Command "Add-MpPreference -ExclusionPath 'C:\'"
|
||
C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.2.exe
|
"C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.2.exe" /VERYSILENT
|
||
C:\Users\user\AppData\Local\Temp\is-OEIE1.tmp\#U5b89#U88c5#U52a9#U624b1.0.2.tmp
|
"C:\Users\user\AppData\Local\Temp\is-OEIE1.tmp\#U5b89#U88c5#U52a9#U624b1.0.2.tmp" /SL5="$10488,5031707,845824,C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.2.exe"
/VERYSILENT
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc create CleverSoar displayname= CleverSoar binPath= "C:\Program Files (x86)\Windows NT\tProtect.dll" type=
kernel start= auto
|
||
C:\Windows\System32\sc.exe
|
sc create CleverSoar displayname= CleverSoar binPath= "C:\Program Files (x86)\Windows NT\tProtect.dll" type= kernel start=
auto
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Program Files (x86)\Windows NT\7zr.exe
|
7zr.exe x -y res.dat -pad8dtyw9eyfd9aslyd9iald
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Program Files (x86)\Windows NT\7zr.exe
|
7zr.exe x -y locale3.dat -pasfasdf79yf9layslofs
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
There are 101 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
https://www.remobjects.com/ps
|
unknown
|
||
https://www.innosetup.com/
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
HKEY_CURRENT_USER\SOFTWARE\Magisk
|
ring3_username
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
5B0AF7F000
|
stack
|
page read and write
|
||
4591000
|
trusted library allocation
|
page read and write
|
||
2820000
|
direct allocation
|
page read and write
|
||
680000
|
heap
|
page read and write
|
||
BF7257F000
|
stack
|
page read and write
|
||
CE3000
|
heap
|
page read and write
|
||
18B75EE000
|
stack
|
page read and write
|
||
1FE23AA0000
|
heap
|
page read and write
|
||
2CBE000
|
heap
|
page read and write
|
||
8CF000
|
stack
|
page read and write
|
||
274E1B60000
|
heap
|
page read and write
|
||
28B0000
|
direct allocation
|
page read and write
|
||
C42000
|
unkown
|
page write copy
|
||
4020000
|
heap
|
page read and write
|
||
3DE5BFE000
|
stack
|
page read and write
|
||
DC02CFE000
|
stack
|
page read and write
|
||
2B04000
|
direct allocation
|
page read and write
|
||
32A0000
|
direct allocation
|
page read and write
|
||
14904F70000
|
heap
|
page read and write
|
||
1FE23B58000
|
heap
|
page read and write
|
||
5B0AB5D000
|
stack
|
page read and write
|
||
2749000
|
direct allocation
|
page read and write
|
||
5B283CD000
|
stack
|
page read and write
|
||
1100000
|
heap
|
page read and write
|
||
21096F88000
|
heap
|
page read and write
|
||
37F00FD000
|
stack
|
page read and write
|
||
74E000
|
stack
|
page read and write
|
||
23076E08000
|
heap
|
page read and write
|
||
516D47E000
|
stack
|
page read and write
|
||
12FAF935000
|
heap
|
page read and write
|
||
2609F1B0000
|
heap
|
page read and write
|
||
1DF5C280000
|
heap
|
page read and write
|
||
2CC0000
|
heap
|
page read and write
|
||
1405FC70000
|
heap
|
page read and write
|
||
FC599FE000
|
stack
|
page read and write
|
||
24FF000
|
stack
|
page read and write
|
||
2FEF000
|
stack
|
page read and write
|
||
CF1000
|
unkown
|
page execute read
|
||
2DC0000
|
direct allocation
|
page read and write
|
||
EEF000
|
stack
|
page read and write
|
||
2671000
|
heap
|
page read and write
|
||
F3E000
|
stack
|
page read and write
|
||
340000
|
unkown
|
page readonly
|
||
21B247E000
|
stack
|
page read and write
|
||
4E1000
|
unkown
|
page execute read
|
||
2902000
|
direct allocation
|
page read and write
|
||
2AD6000
|
direct allocation
|
page read and write
|
||
1B91B880000
|
heap
|
page read and write
|
||
253CE370000
|
heap
|
page read and write
|
||
1FF6FDD0000
|
heap
|
page read and write
|
||
D20000
|
heap
|
page read and write
|
||
2CBB000
|
heap
|
page read and write
|
||
FC598FD000
|
stack
|
page read and write
|
||
2AFB000
|
direct allocation
|
page read and write
|
||
30A0000
|
direct allocation
|
page read and write
|
||
248C000
|
direct allocation
|
page read and write
|
||
2B28000
|
direct allocation
|
page read and write
|
||
2770000
|
direct allocation
|
page read and write
|
||
23077055000
|
heap
|
page read and write
|
||
3A7E000
|
direct allocation
|
page read and write
|
||
3A6E000
|
direct allocation
|
page read and write
|
||
283D000
|
direct allocation
|
page read and write
|
||
1D966900000
|
heap
|
page read and write
|
||
2849000
|
direct allocation
|
page read and write
|
||
CF1000
|
heap
|
page read and write
|
||
9E8000
|
heap
|
page read and write
|
||
2AED000
|
direct allocation
|
page read and write
|
||
293C000
|
direct allocation
|
page read and write
|
||
20958068000
|
heap
|
page read and write
|
||
DC029BD000
|
stack
|
page read and write
|
||
2E41000
|
heap
|
page read and write
|
||
4C52D6D000
|
stack
|
page read and write
|
||
2CBD000
|
heap
|
page read and write
|
||
253CE610000
|
heap
|
page read and write
|
||
9FE000
|
heap
|
page read and write
|
||
287B000
|
direct allocation
|
page read and write
|
||
18760DA8000
|
heap
|
page read and write
|
||
1E9236C0000
|
heap
|
page read and write
|
||
CF0000
|
heap
|
page read and write
|
||
11A8000
|
heap
|
page read and write
|
||
27C6000
|
direct allocation
|
page read and write
|
||
1E0957B0000
|
heap
|
page read and write
|
||
A7F037E000
|
stack
|
page read and write
|
||
23FF000
|
direct allocation
|
page read and write
|
||
2384A090000
|
heap
|
page read and write
|
||
3790000
|
heap
|
page read and write
|
||
27B0000
|
direct allocation
|
page read and write
|
||
274E18B0000
|
heap
|
page read and write
|
||
1432C045000
|
heap
|
page read and write
|
||
1070000
|
heap
|
page read and write
|
||
3E0000
|
heap
|
page read and write
|
||
459A000
|
trusted library allocation
|
page read and write
|
||
2768000
|
direct allocation
|
page read and write
|
||
23C5000
|
direct allocation
|
page read and write
|
||
2218BC20000
|
heap
|
page read and write
|
||
E5A9F7E000
|
stack
|
page read and write
|
||
1DF5C555000
|
heap
|
page read and write
|
||
2609F1E0000
|
heap
|
page read and write
|
||
6C631000
|
unkown
|
page execute read
|
||
1FD81028000
|
heap
|
page read and write
|
||
1EB58480000
|
heap
|
page read and write
|
||
5C0000
|
heap
|
page read and write
|
||
126E000
|
stack
|
page read and write
|
||
7A7000
|
unkown
|
page readonly
|
||
516D11D000
|
stack
|
page read and write
|
||
2CBE000
|
heap
|
page read and write
|
||
23076DF0000
|
heap
|
page read and write
|
||
1410000
|
heap
|
page read and write
|
||
209583F0000
|
heap
|
page read and write
|
||
29907AF0000
|
heap
|
page read and write
|
||
5BD000
|
unkown
|
page execute read
|
||
2882000
|
direct allocation
|
page read and write
|
||
4580000
|
trusted library allocation
|
page read and write
|
||
2836000
|
direct allocation
|
page read and write
|
||
24A2DE25000
|
heap
|
page read and write
|
||
2820000
|
direct allocation
|
page read and write
|
||
1E095790000
|
heap
|
page read and write
|
||
1E923790000
|
heap
|
page read and write
|
||
5B286FE000
|
stack
|
page read and write
|
||
1B91B788000
|
heap
|
page read and write
|
||
22E697E000
|
stack
|
page read and write
|
||
8FC000
|
stack
|
page read and write
|
||
7F74A000
|
direct allocation
|
page read and write
|
||
2958000
|
direct allocation
|
page read and write
|
||
3A92000
|
direct allocation
|
page read and write
|
||
6A15EFE000
|
stack
|
page read and write
|
||
700000
|
heap
|
page read and write
|
||
C4B000
|
unkown
|
page readonly
|
||
1969DD40000
|
heap
|
page read and write
|
||
1C704AA5000
|
heap
|
page read and write
|
||
249A000
|
direct allocation
|
page read and write
|
||
2459000
|
direct allocation
|
page read and write
|
||
C42000
|
unkown
|
page read and write
|
||
341000
|
unkown
|
page execute read
|
||
28DF8CF0000
|
heap
|
page read and write
|
||
2943000
|
direct allocation
|
page read and write
|
||
1E923A70000
|
heap
|
page read and write
|
||
CDA000
|
heap
|
page read and write
|
||
B81000
|
unkown
|
page execute read
|
||
2A84000
|
direct allocation
|
page read and write
|
||
D04000
|
heap
|
page read and write
|
||
23F0000
|
direct allocation
|
page read and write
|
||
B862DFE000
|
stack
|
page read and write
|
||
2DC6000
|
heap
|
page read and write
|
||
E4A5B7F000
|
stack
|
page read and write
|
||
2B68000
|
direct allocation
|
page read and write
|
||
4440000
|
trusted library allocation
|
page read and write
|
||
23849DF0000
|
heap
|
page read and write
|
||
2857000
|
direct allocation
|
page read and write
|
||
2E0E000
|
direct allocation
|
page read and write
|
||
2B53000
|
direct allocation
|
page read and write
|
||
B3E000
|
stack
|
page read and write
|
||
447D000
|
stack
|
page read and write
|
||
2218B938000
|
heap
|
page read and write
|
||
4580000
|
trusted library allocation
|
page read and write
|
||
25FD000
|
heap
|
page read and write
|
||
6C7D8000
|
unkown
|
page readonly
|
||
2629000
|
heap
|
page read and write
|
||
23849D90000
|
heap
|
page read and write
|
||
27B7000
|
direct allocation
|
page read and write
|
||
28DF8D10000
|
heap
|
page read and write
|
||
286D000
|
direct allocation
|
page read and write
|
||
20958030000
|
heap
|
page read and write
|
||
139F000
|
stack
|
page read and write
|
||
3A5E000
|
direct allocation
|
page read and write
|
||
29907C10000
|
heap
|
page read and write
|
||
2794000
|
direct allocation
|
page read and write
|
||
F9F000
|
stack
|
page read and write
|
||
262A000
|
heap
|
page read and write
|
||
1EB58290000
|
heap
|
page read and write
|
||
2600000
|
heap
|
page read and write
|
||
8A7BAFE000
|
stack
|
page read and write
|
||
1FF6FF98000
|
heap
|
page read and write
|
||
CFA000
|
heap
|
page read and write
|
||
ADF9C7E000
|
stack
|
page read and write
|
||
2868000
|
direct allocation
|
page read and write
|
||
1400000
|
heap
|
page read and write
|
||
27DD000
|
direct allocation
|
page read and write
|
||
2812000
|
direct allocation
|
page read and write
|
||
3DE5AFE000
|
stack
|
page read and write
|
||
284C000
|
direct allocation
|
page read and write
|
||
2FD0000
|
direct allocation
|
page read and write
|
||
1E923A75000
|
heap
|
page read and write
|
||
6FD000
|
stack
|
page read and write
|
||
A80000
|
heap
|
page read and write
|
||
1671CAA5000
|
heap
|
page read and write
|
||
2671000
|
heap
|
page read and write
|
||
6C7E8000
|
unkown
|
page write copy
|
||
2ACB000
|
direct allocation
|
page read and write
|
||
3B60000
|
direct allocation
|
page read and write
|
||
5D0000
|
heap
|
page read and write
|
||
977000
|
heap
|
page read and write
|
||
253CE310000
|
heap
|
page read and write
|
||
2850000
|
direct allocation
|
page read and write
|
||
1D558500000
|
heap
|
page read and write
|
||
CBE000
|
stack
|
page read and write
|
||
1405FC50000
|
heap
|
page read and write
|
||
E4A5C7E000
|
stack
|
page read and write
|
||
A7F047F000
|
stack
|
page read and write
|
||
3A54000
|
direct allocation
|
page read and write
|
||
14904DB0000
|
heap
|
page read and write
|
||
58881FF000
|
stack
|
page read and write
|
||
1FF70250000
|
heap
|
page read and write
|
||
1969D9E0000
|
heap
|
page read and write
|
||
14487495000
|
heap
|
page read and write
|
||
2218B930000
|
heap
|
page read and write
|
||
21B257E000
|
stack
|
page read and write
|
||
2441000
|
direct allocation
|
page read and write
|
||
2116CA65000
|
heap
|
page read and write
|
||
1E9235C0000
|
heap
|
page read and write
|
||
1FF6FEB0000
|
heap
|
page read and write
|
||
31A0000
|
direct allocation
|
page read and write
|
||
4341000
|
heap
|
page read and write
|
||
1671C870000
|
heap
|
page read and write
|
||
18761015000
|
heap
|
page read and write
|
||
6A15FFF000
|
stack
|
page read and write
|
||
1B91B8B0000
|
heap
|
page read and write
|
||
2606000
|
heap
|
page read and write
|
||
2619000
|
heap
|
page read and write
|
||
1432C020000
|
heap
|
page read and write
|
||
1D5584E0000
|
heap
|
page read and write
|
||
2218B810000
|
heap
|
page read and write
|
||
459C000
|
trusted library allocation
|
page read and write
|
||
1405FEE5000
|
heap
|
page read and write
|
||
23A1000
|
direct allocation
|
page read and write
|
||
78E000
|
unkown
|
page write copy
|
||
2D01000
|
heap
|
page read and write
|
||
3B7B000
|
direct allocation
|
page read and write
|
||
2874000
|
direct allocation
|
page read and write
|
||
459C000
|
trusted library allocation
|
page read and write
|
||
663DF7F000
|
stack
|
page read and write
|
||
3A49000
|
direct allocation
|
page read and write
|
||
941D08C000
|
stack
|
page read and write
|
||
68C88FE000
|
stack
|
page read and write
|
||
D9B000
|
unkown
|
page read and write
|
||
2424000
|
direct allocation
|
page read and write
|
||
1405FC40000
|
heap
|
page read and write
|
||
37D7000
|
heap
|
page read and write
|
||
1419000
|
heap
|
page read and write
|
||
B80000
|
unkown
|
page readonly
|
||
1969DD45000
|
heap
|
page read and write
|
||
28DBDC45000
|
heap
|
page read and write
|
||
2A8B000
|
direct allocation
|
page read and write
|
||
941D4FE000
|
stack
|
page read and write
|
||
24A2DEC0000
|
heap
|
page read and write
|
||
282F000
|
direct allocation
|
page read and write
|
||
4B0E000
|
stack
|
page read and write
|
||
58884FF000
|
stack
|
page read and write
|
||
2468000
|
direct allocation
|
page read and write
|
||
BF0000
|
heap
|
page read and write
|
||
7F430000
|
direct allocation
|
page read and write
|
||
247D000
|
direct allocation
|
page read and write
|
||
3DE57CC000
|
stack
|
page read and write
|
||
2EA0000
|
heap
|
page read and write
|
||
604000
|
unkown
|
page write copy
|
||
25FD000
|
heap
|
page read and write
|
||
1A9AFAD000
|
stack
|
page read and write
|
||
6E9000
|
heap
|
page read and write
|
||
144874C0000
|
heap
|
page read and write
|
||
27FA000
|
direct allocation
|
page read and write
|
||
25F5000
|
heap
|
page read and write
|
||
1DF5C1A0000
|
heap
|
page read and write
|
||
28DBDB70000
|
heap
|
page read and write
|
||
45AB000
|
trusted library allocation
|
page read and write
|
||
4580000
|
trusted library allocation
|
page read and write
|
||
1BA72A30000
|
heap
|
page read and write
|
||
4C4B000
|
stack
|
page read and write
|
||
2609F150000
|
heap
|
page read and write
|
||
457B000
|
stack
|
page read and write
|
||
241D000
|
direct allocation
|
page read and write
|
||
1DF5C2E0000
|
heap
|
page read and write
|
||
6749D7D000
|
stack
|
page read and write
|
||
1D9668E0000
|
heap
|
page read and write
|
||
4C5317E000
|
stack
|
page read and write
|
||
2B12000
|
direct allocation
|
page read and write
|
||
1969D9E8000
|
heap
|
page read and write
|
||
CA0000
|
heap
|
page read and write
|
||
292D000
|
direct allocation
|
page read and write
|
||
BA6000
|
heap
|
page read and write
|
||
E4A5A7C000
|
stack
|
page read and write
|
||
14487490000
|
heap
|
page read and write
|
||
BF7216D000
|
stack
|
page read and write
|
||
1079000
|
heap
|
page read and write
|
||
FD0000
|
direct allocation
|
page execute and read and write
|
||
29907A00000
|
heap
|
page read and write
|
||
20958230000
|
heap
|
page read and write
|
||
CE0000
|
heap
|
page read and write
|
||
5F5000
|
unkown
|
page read and write
|
||
1BCFCBD000
|
stack
|
page read and write
|
||
1F0000
|
heap
|
page read and write
|
||
58880FD000
|
stack
|
page read and write
|
||
BA0000
|
heap
|
page read and write
|
||
1075000
|
heap
|
page read and write
|
||
1DF5C2A0000
|
heap
|
page read and write
|
||
279B000
|
direct allocation
|
page read and write
|
||
2A51000
|
direct allocation
|
page read and write
|
||
1671CAA0000
|
heap
|
page read and write
|
||
8A7B7DF000
|
stack
|
page read and write
|
||
14904EE0000
|
heap
|
page read and write
|
||
B2D000
|
stack
|
page read and write
|
||
1C704860000
|
heap
|
page read and write
|
||
3B60000
|
direct allocation
|
page read and write
|
||
27A2000
|
direct allocation
|
page read and write
|
||
28DBDB50000
|
heap
|
page read and write
|
||
B81000
|
unkown
|
page execute read
|
||
2116C6B0000
|
heap
|
page read and write
|
||
E89FA7C000
|
stack
|
page read and write
|
||
37F04FE000
|
stack
|
page read and write
|
||
1FE23AC0000
|
heap
|
page read and write
|
||
3B60000
|
direct allocation
|
page read and write
|
||
459C000
|
trusted library allocation
|
page read and write
|
||
2A92000
|
direct allocation
|
page read and write
|
||
1432C010000
|
heap
|
page read and write
|
||
390F000
|
stack
|
page read and write
|
||
4340000
|
heap
|
page read and write
|
||
255C6FF000
|
stack
|
page read and write
|
||
3043000
|
heap
|
page read and write
|
||
FDD000
|
heap
|
page read and write
|
||
4591000
|
trusted library allocation
|
page read and write
|
||
E9F000
|
stack
|
page read and write
|
||
5F0000
|
unkown
|
page write copy
|
||
1EB58170000
|
heap
|
page read and write
|
||
2384A095000
|
heap
|
page read and write
|
||
28C6000
|
direct allocation
|
page read and write
|
||
87A017E000
|
stack
|
page read and write
|
||
24A2DE20000
|
heap
|
page read and write
|
||
516D57E000
|
stack
|
page read and write
|
||
28DBDA50000
|
heap
|
page read and write
|
||
3360000
|
trusted library allocation
|
page read and write
|
||
BA7000
|
heap
|
page read and write
|
||
2D41000
|
heap
|
page read and write
|
||
3EB3000
|
direct allocation
|
page read and write
|
||
1969D990000
|
heap
|
page read and write
|
||
459A000
|
trusted library allocation
|
page read and write
|
||
570000
|
heap
|
page read and write
|
||
1D558840000
|
heap
|
page read and write
|
||
3420000
|
direct allocation
|
page read and write
|
||
253CE2F0000
|
heap
|
page read and write
|
||
DA6000
|
unkown
|
page read and write
|
||
2A67000
|
direct allocation
|
page read and write
|
||
29907CF0000
|
heap
|
page read and write
|
||
274E17B0000
|
heap
|
page read and write
|
||
6C8B3000
|
unkown
|
page read and write
|
||
28DF8C10000
|
heap
|
page read and write
|
||
144874A0000
|
heap
|
page read and write
|
||
274E1890000
|
heap
|
page read and write
|
||
2FF0000
|
heap
|
page read and write
|
||
1FD80FA5000
|
heap
|
page read and write
|
||
1EE000
|
stack
|
page read and write
|
||
2865000
|
direct allocation
|
page read and write
|
||
1415000
|
heap
|
page read and write
|
||
24A2DE50000
|
heap
|
page read and write
|
||
2609F1E8000
|
heap
|
page read and write
|
||
BF7247E000
|
stack
|
page read and write
|
||
F56000
|
heap
|
page read and write
|
||
CE4000
|
heap
|
page read and write
|
||
390000
|
heap
|
page read and write
|
||
2E40000
|
heap
|
page read and write
|
||
24A2DE10000
|
heap
|
page read and write
|
||
2A7D000
|
direct allocation
|
page read and write
|
||
244A000
|
direct allocation
|
page read and write
|
||
960000
|
heap
|
page read and write
|
||
3E98000
|
direct allocation
|
page read and write
|
||
6D8000
|
heap
|
page read and write
|
||
1405FEE0000
|
heap
|
page read and write
|
||
2817000
|
heap
|
page read and write
|
||
C90000
|
heap
|
page read and write
|
||
498E000
|
stack
|
page read and write
|
||
1671C860000
|
heap
|
page read and write
|
||
2CBE000
|
heap
|
page read and write
|
||
674A07F000
|
stack
|
page read and write
|
||
2CB0000
|
heap
|
page read and write
|
||
C2C000
|
unkown
|
page readonly
|
||
1671C8A0000
|
heap
|
page read and write
|
||
2951000
|
direct allocation
|
page read and write
|
||
B862CFE000
|
stack
|
page read and write
|
||
1C704AA0000
|
heap
|
page read and write
|
||
1969D970000
|
heap
|
page read and write
|
||
2785000
|
direct allocation
|
page read and write
|
||
1BA72DE5000
|
heap
|
page read and write
|
||
3EB0000
|
direct allocation
|
page read and write
|
||
28E4000
|
direct allocation
|
page read and write
|
||
1EB58298000
|
heap
|
page read and write
|
||
1432C0D8000
|
heap
|
page read and write
|
||
2484000
|
direct allocation
|
page read and write
|
||
27A9000
|
direct allocation
|
page read and write
|
||
28DBDA58000
|
heap
|
page read and write
|
||
243A000
|
direct allocation
|
page read and write
|
||
D99000
|
unkown
|
page read and write
|
||
2B36000
|
direct allocation
|
page read and write
|
||
2619000
|
heap
|
page read and write
|
||
1FD81020000
|
heap
|
page read and write
|
||
607000
|
unkown
|
page readonly
|
||
23CC000
|
direct allocation
|
page read and write
|
||
2AF4000
|
direct allocation
|
page read and write
|
||
14904EE5000
|
heap
|
page read and write
|
||
795000
|
unkown
|
page read and write
|
||
AED000
|
stack
|
page read and write
|
||
1432C040000
|
heap
|
page read and write
|
||
144872A0000
|
heap
|
page read and write
|
||
100A000
|
heap
|
page read and write
|
||
D0C000
|
heap
|
page read and write
|
||
C4B000
|
unkown
|
page readonly
|
||
3040000
|
heap
|
page read and write
|
||
278C000
|
direct allocation
|
page read and write
|
||
28F3000
|
direct allocation
|
page read and write
|
||
E5A9E7F000
|
stack
|
page read and write
|
||
274E18F8000
|
heap
|
page read and write
|
||
2898000
|
direct allocation
|
page read and write
|
||
2609000
|
heap
|
page read and write
|
||
894C7F000
|
stack
|
page read and write
|
||
D00000
|
heap
|
page read and write
|
||
1BCFDBF000
|
stack
|
page read and write
|
||
3B70000
|
direct allocation
|
page read and write
|
||
49CE000
|
stack
|
page read and write
|
||
29907BF0000
|
heap
|
page read and write
|
||
27E4000
|
direct allocation
|
page read and write
|
||
50B000
|
stack
|
page read and write
|
||
23077050000
|
heap
|
page read and write
|
||
24A1000
|
direct allocation
|
page read and write
|
||
87A007F000
|
stack
|
page read and write
|
||
3DE000
|
stack
|
page read and write
|
||
2493000
|
direct allocation
|
page read and write
|
||
2CB5000
|
heap
|
page read and write
|
||
23076FD0000
|
heap
|
page read and write
|
||
CEA000
|
heap
|
page read and write
|
||
2918000
|
direct allocation
|
page read and write
|
||
2AA8000
|
direct allocation
|
page read and write
|
||
23E2000
|
direct allocation
|
page read and write
|
||
6C8B9000
|
unkown
|
page execute read
|
||
5B287FE000
|
stack
|
page read and write
|
||
2619000
|
heap
|
page read and write
|
||
1B91B6A0000
|
heap
|
page read and write
|
||
674A17E000
|
stack
|
page read and write
|
||
B81000
|
unkown
|
page execute read
|
||
D02000
|
heap
|
page read and write
|
||
23B0000
|
direct allocation
|
page read and write
|
||
DA5000
|
unkown
|
page write copy
|
||
380E000
|
stack
|
page read and write
|
||
5EE000
|
unkown
|
page write copy
|
||
5D5000
|
heap
|
page read and write
|
||
1432C050000
|
heap
|
page read and write
|
||
1969D960000
|
heap
|
page read and write
|
||
12FAF930000
|
heap
|
page read and write
|
||
144872A8000
|
heap
|
page read and write
|
||
546000
|
unkown
|
page execute read
|
||
1BA72A98000
|
heap
|
page read and write
|
||
CE3000
|
heap
|
page read and write
|
||
5F5000
|
unkown
|
page write copy
|
||
2801000
|
direct allocation
|
page read and write
|
||
274E1B65000
|
heap
|
page read and write
|
||
43315FF000
|
stack
|
page read and write
|
||
12FAF580000
|
heap
|
page read and write
|
||
2888000
|
direct allocation
|
page read and write
|
||
3020000
|
direct allocation
|
page read and write
|
||
28DF9020000
|
heap
|
page read and write
|
||
ADF9A7C000
|
stack
|
page read and write
|
||
2844000
|
direct allocation
|
page read and write
|
||
FC59CFF000
|
stack
|
page read and write
|
||
23076FF0000
|
heap
|
page read and write
|
||
1FE23B50000
|
heap
|
page read and write
|
||
2A43000
|
direct allocation
|
page read and write
|
||
21097170000
|
heap
|
page read and write
|
||
22E6A7E000
|
stack
|
page read and write
|
||
13B000
|
stack
|
page read and write
|
||
1D966C20000
|
heap
|
page read and write
|
||
CA0000
|
heap
|
page read and write
|
||
18B78FE000
|
stack
|
page read and write
|
||
68C89FE000
|
stack
|
page read and write
|
||
2B61000
|
direct allocation
|
page read and write
|
||
2ADD000
|
direct allocation
|
page read and write
|
||
18760DA0000
|
heap
|
page read and write
|
||
1B91B8A5000
|
heap
|
page read and write
|
||
21097290000
|
heap
|
page read and write
|
||
7F0000
|
heap
|
page read and write
|
||
18761010000
|
heap
|
page read and write
|
||
28D4000
|
direct allocation
|
page read and write
|
||
12FAF530000
|
heap
|
page read and write
|
||
3220000
|
direct allocation
|
page read and write
|
||
4FC000
|
stack
|
page read and write
|
||
FA8000
|
heap
|
page read and write
|
||
B78000
|
stack
|
page read and write
|
||
255C3FE000
|
stack
|
page read and write
|
||
4591000
|
trusted library allocation
|
page read and write
|
||
2F50000
|
trusted library allocation
|
page read and write
|
||
23849DB0000
|
heap
|
page read and write
|
||
D99000
|
unkown
|
page read and write
|
||
3D4E000
|
stack
|
page read and write
|
||
2452000
|
direct allocation
|
page read and write
|
||
2218B910000
|
heap
|
page read and write
|
||
968000
|
heap
|
page read and write
|
||
2629000
|
heap
|
page read and write
|
||
14904EB0000
|
heap
|
page read and write
|
||
27CF000
|
direct allocation
|
page read and write
|
||
7A0000
|
unkown
|
page write copy
|
||
28DF8D70000
|
heap
|
page read and write
|
||
9CF000
|
stack
|
page read and write
|
||
3F50000
|
direct allocation
|
page read and write
|
||
2AE4000
|
direct allocation
|
page read and write
|
||
25FC000
|
heap
|
page read and write
|
||
3B83000
|
direct allocation
|
page read and write
|
||
10FF000
|
stack
|
page read and write
|
||
163D38D000
|
stack
|
page read and write
|
||
23BE000
|
direct allocation
|
page read and write
|
||
3320000
|
direct allocation
|
page read and write
|
||
28DBDC40000
|
heap
|
page read and write
|
||
2819000
|
direct allocation
|
page read and write
|
||
1BA72A90000
|
heap
|
page read and write
|
||
28DF8D78000
|
heap
|
page read and write
|
||
1EB58270000
|
heap
|
page read and write
|
||
253CE615000
|
heap
|
page read and write
|
||
1671C8A8000
|
heap
|
page read and write
|
||
4580000
|
trusted library allocation
|
page read and write
|
||
5B8F000
|
stack
|
page read and write
|
||
D09000
|
heap
|
page read and write
|
||
2828000
|
direct allocation
|
page read and write
|
||
CFE000
|
stack
|
page read and write
|
||
21097190000
|
heap
|
page read and write
|
||
A7F027D000
|
stack
|
page read and write
|
||
6C630000
|
unkown
|
page readonly
|
||
4D4C000
|
stack
|
page read and write
|
||
DA7000
|
unkown
|
page readonly
|
||
144873A0000
|
heap
|
page read and write
|
||
2CC2000
|
heap
|
page read and write
|
||
291F000
|
direct allocation
|
page read and write
|
||
2B3D000
|
direct allocation
|
page read and write
|
||
2AC0000
|
direct allocation
|
page read and write
|
||
2116C8B0000
|
heap
|
page read and write
|
||
2861000
|
direct allocation
|
page read and write
|
||
45A9000
|
trusted library allocation
|
page read and write
|
||
2601000
|
heap
|
page read and write
|
||
1E923798000
|
heap
|
page read and write
|
||
1E095780000
|
heap
|
page read and write
|
||
2416000
|
direct allocation
|
page read and write
|
||
E5A9B7D000
|
stack
|
page read and write
|
||
79D000
|
unkown
|
page read and write
|
||
D00000
|
heap
|
page read and write
|
||
35C000
|
unkown
|
page execute read
|
||
1A0000
|
heap
|
page read and write
|
||
1D558400000
|
heap
|
page read and write
|
||
776000
|
stack
|
page read and write
|
||
3B8D000
|
direct allocation
|
page read and write
|
||
1050000
|
heap
|
page read and write
|
||
2671000
|
heap
|
page read and write
|
||
3010000
|
direct allocation
|
page execute and read and write
|
||
5F0000
|
unkown
|
page read and write
|
||
28DBD960000
|
heap
|
page read and write
|
||
209583F5000
|
heap
|
page read and write
|
||
280A000
|
direct allocation
|
page read and write
|
||
21B214C000
|
stack
|
page read and write
|
||
24A2DEC8000
|
heap
|
page read and write
|
||
3A40000
|
direct allocation
|
page read and write
|
||
242A000
|
direct allocation
|
page read and write
|
||
394C000
|
stack
|
page read and write
|
||
23849CB0000
|
heap
|
page read and write
|
||
1D966C25000
|
heap
|
page read and write
|
||
18760D40000
|
heap
|
page read and write
|
||
294A000
|
direct allocation
|
page read and write
|
||
2833000
|
direct allocation
|
page read and write
|
||
894B7E000
|
stack
|
page read and write
|
||
2671000
|
heap
|
page read and write
|
||
1FE239C0000
|
heap
|
page read and write
|
||
459A000
|
trusted library allocation
|
page read and write
|
||
1BD00FF000
|
stack
|
page read and write
|
||
C2C000
|
unkown
|
page readonly
|
||
23F8000
|
direct allocation
|
page read and write
|
||
A2C000
|
stack
|
page read and write
|
||
2B19000
|
direct allocation
|
page read and write
|
||
1FF6FED0000
|
heap
|
page read and write
|
||
1EB58250000
|
heap
|
page read and write
|
||
25FB000
|
heap
|
page read and write
|
||
29907AF8000
|
heap
|
page read and write
|
||
B81000
|
unkown
|
page execute read
|
||
DC02DFF000
|
stack
|
page read and write
|
||
1BA72A10000
|
heap
|
page read and write
|
||
C93000
|
heap
|
page read and write
|
||
5EB000
|
unkown
|
page execute read
|
||
2CF0000
|
direct allocation
|
page read and write
|
||
790000
|
direct allocation
|
page read and write
|
||
23D4000
|
direct allocation
|
page read and write
|
||
2629000
|
heap
|
page read and write
|
||
1DF5C550000
|
heap
|
page read and write
|
||
2629000
|
heap
|
page read and write
|
||
45AB000
|
trusted library allocation
|
page read and write
|
||
B8629CD000
|
stack
|
page read and write
|
||
1D966980000
|
heap
|
page read and write
|
||
4C5307F000
|
stack
|
page read and write
|
||
28EB000
|
direct allocation
|
page read and write
|
||
FC0000
|
heap
|
page read and write
|
||
9E0000
|
heap
|
page read and write
|
||
2116C6E8000
|
heap
|
page read and write
|
||
2476000
|
direct allocation
|
page read and write
|
||
2B4C000
|
direct allocation
|
page read and write
|
||
B5F000
|
stack
|
page read and write
|
||
24A8000
|
direct allocation
|
page read and write
|
||
1BA72DE0000
|
heap
|
page read and write
|
||
43311FD000
|
stack
|
page read and write
|
||
2AB9000
|
direct allocation
|
page read and write
|
||
610000
|
heap
|
page read and write
|
||
18760D60000
|
heap
|
page read and write
|
||
C70000
|
heap
|
page read and write
|
||
2609F120000
|
heap
|
page read and write
|
||
23DB000
|
direct allocation
|
page read and write
|
||
2777000
|
direct allocation
|
page read and write
|
||
20958060000
|
heap
|
page read and write
|
||
4C0F000
|
stack
|
page read and write
|
||
5EE000
|
unkown
|
page read and write
|
||
1E095B10000
|
heap
|
page read and write
|
||
1FF6FF90000
|
heap
|
page read and write
|
||
C1E000
|
stack
|
page read and write
|
||
2460000
|
direct allocation
|
page read and write
|
||
690000
|
heap
|
page read and write
|
||
24A2DE30000
|
heap
|
page read and write
|
||
253CE378000
|
heap
|
page read and write
|
||
2ACE000
|
direct allocation
|
page read and write
|
||
1E9236A0000
|
heap
|
page read and write
|
||
2609F1B5000
|
heap
|
page read and write
|
||
1FF70255000
|
heap
|
page read and write
|
||
2399000
|
direct allocation
|
page read and write
|
||
12FAF540000
|
heap
|
page read and write
|
||
DA2000
|
unkown
|
page read and write
|
||
32C000
|
stack
|
page read and write
|
||
23849DF8000
|
heap
|
page read and write
|
||
12FAF588000
|
heap
|
page read and write
|
||
B80000
|
unkown
|
page readonly
|
||
941D18F000
|
stack
|
page read and write
|
||
28BE000
|
direct allocation
|
page read and write
|
||
1D966988000
|
heap
|
page read and write
|
||
2B40000
|
heap
|
page read and write
|
||
E89FC7E000
|
stack
|
page read and write
|
||
65E000
|
stack
|
page read and write
|
||
25FD000
|
heap
|
page read and write
|
||
7C0000
|
heap
|
page read and write
|
||
AFD000
|
stack
|
page read and write
|
||
2720000
|
heap
|
page read and write
|
||
1C704A60000
|
heap
|
page read and write
|
||
2702000
|
heap
|
page read and write
|
||
2A75000
|
direct allocation
|
page read and write
|
||
6D0000
|
heap
|
page read and write
|
||
B80000
|
unkown
|
page readonly
|
||
2116C6E0000
|
heap
|
page read and write
|
||
28A9000
|
direct allocation
|
page read and write
|
||
27D6000
|
direct allocation
|
page read and write
|
||
2B20000
|
direct allocation
|
page read and write
|
||
2607000
|
heap
|
page read and write
|
||
2D42000
|
heap
|
page read and write
|
||
FA0000
|
heap
|
page read and write
|
||
1D558845000
|
heap
|
page read and write
|
||
663DE7D000
|
stack
|
page read and write
|
||
1E095B15000
|
heap
|
page read and write
|
||
3A39000
|
direct allocation
|
page read and write
|
||
18760C60000
|
heap
|
page read and write
|
||
246F000
|
direct allocation
|
page read and write
|
||
5B0AE7F000
|
stack
|
page read and write
|
||
1A9B3FE000
|
stack
|
page read and write
|
||
37F01FF000
|
stack
|
page read and write
|
||
45AB000
|
trusted library allocation
|
page read and write
|
||
28DF9025000
|
heap
|
page read and write
|
||
8A7B6DD000
|
stack
|
page read and write
|
||
6A15BED000
|
stack
|
page read and write
|
||
F50000
|
heap
|
page read and write
|
||
2B0B000
|
direct allocation
|
page read and write
|
||
3040000
|
direct allocation
|
page read and write
|
||
20958040000
|
heap
|
page read and write
|
||
1FD80FD0000
|
heap
|
page read and write
|
||
3B70000
|
direct allocation
|
page read and write
|
||
3750000
|
direct allocation
|
page read and write
|
||
CF0000
|
unkown
|
page readonly
|
||
CE4000
|
heap
|
page read and write
|
||
1FD80FA0000
|
heap
|
page read and write
|
||
1432C0D0000
|
heap
|
page read and write
|
||
E89FB7F000
|
stack
|
page read and write
|
||
285E000
|
direct allocation
|
page read and write
|
||
2CF0000
|
direct allocation
|
page read and write
|
||
28FB000
|
direct allocation
|
page read and write
|
||
2CB9000
|
heap
|
page read and write
|
||
1C704960000
|
heap
|
page read and write
|
||
2853000
|
direct allocation
|
page read and write
|
||
2609F130000
|
heap
|
page read and write
|
||
C2C000
|
unkown
|
page readonly
|
||
2389000
|
direct allocation
|
page read and write
|
||
894A7C000
|
stack
|
page read and write
|
||
484E000
|
stack
|
page read and write
|
||
D99000
|
unkown
|
page write copy
|
||
11A0000
|
heap
|
page read and write
|
||
D9B000
|
unkown
|
page read and write
|
||
1BA72A00000
|
heap
|
page read and write
|
||
ADF9B7E000
|
stack
|
page read and write
|
||
2934000
|
direct allocation
|
page read and write
|
||
14904E90000
|
heap
|
page read and write
|
||
4E0000
|
unkown
|
page readonly
|
||
28CD000
|
direct allocation
|
page read and write
|
||
18B74ED000
|
stack
|
page read and write
|
||
663E07E000
|
stack
|
page read and write
|
||
3A90000
|
direct allocation
|
page read and write
|
||
1FE23D35000
|
heap
|
page read and write
|
||
5BE000
|
stack
|
page read and write
|
||
12FAF560000
|
heap
|
page read and write
|
||
1405FC78000
|
heap
|
page read and write
|
||
1FE23D30000
|
heap
|
page read and write
|
||
25F0000
|
heap
|
page read and write
|
||
790000
|
unkown
|
page read and write
|
||
2B5A000
|
direct allocation
|
page read and write
|
||
21097295000
|
heap
|
page read and write
|
||
2CBE000
|
heap
|
page read and write
|
||
43314FE000
|
stack
|
page read and write
|
||
2B44000
|
direct allocation
|
page read and write
|
||
253CE210000
|
heap
|
page read and write
|
||
B7E000
|
stack
|
page read and write
|
||
68C859D000
|
stack
|
page read and write
|
||
32D0000
|
heap
|
page read and write
|
||
3E8E000
|
direct allocation
|
page read and write
|
||
5FD000
|
unkown
|
page read and write
|
||
B80000
|
unkown
|
page readonly
|
||
163D6FE000
|
stack
|
page read and write
|
||
23B7000
|
direct allocation
|
page read and write
|
||
2A59000
|
direct allocation
|
page read and write
|
||
4ACE000
|
stack
|
page read and write
|
||
BDE000
|
stack
|
page read and write
|
||
274E18F0000
|
heap
|
page read and write
|
||
1C704968000
|
heap
|
page read and write
|
||
879FD0D000
|
stack
|
page read and write
|
||
CA8000
|
heap
|
page read and write
|
||
29907CF5000
|
heap
|
page read and write
|
||
1D558558000
|
heap
|
page read and write
|
||
2671000
|
heap
|
page read and write
|
||
2A30000
|
direct allocation
|
page read and write
|
||
3B9F000
|
direct allocation
|
page read and write
|
||
C42000
|
unkown
|
page read and write
|
||
C70000
|
heap
|
page read and write
|
||
23076E00000
|
heap
|
page read and write
|
||
1B91B8A0000
|
heap
|
page read and write
|
||
2116CA60000
|
heap
|
page read and write
|
||
2607000
|
heap
|
page read and write
|
||
2B2F000
|
direct allocation
|
page read and write
|
||
21097090000
|
heap
|
page read and write
|
||
277E000
|
direct allocation
|
page read and write
|
||
2841000
|
direct allocation
|
page read and write
|
||
21096F80000
|
heap
|
page read and write
|
||
266A000
|
heap
|
page read and write
|
||
1D558550000
|
heap
|
page read and write
|
||
604000
|
unkown
|
page read and write
|
||
CC3518C000
|
stack
|
page read and write
|
||
23A8000
|
direct allocation
|
page read and write
|
||
1DF5C2E8000
|
heap
|
page read and write
|
||
6C9A3000
|
unkown
|
page readonly
|
||
2218B8F0000
|
heap
|
page read and write
|
||
2EEE000
|
stack
|
page read and write
|
||
488D000
|
stack
|
page read and write
|
||
ECF000
|
stack
|
page read and write
|
||
1FD80FB0000
|
heap
|
page read and write
|
||
7E0000
|
heap
|
page read and write
|
||
2761000
|
direct allocation
|
page read and write
|
||
1E0957E0000
|
heap
|
page read and write
|
||
22E687D000
|
stack
|
page read and write
|
||
1D966800000
|
heap
|
page read and write
|
||
1405FE40000
|
heap
|
page read and write
|
||
23E9000
|
direct allocation
|
page read and write
|
||
78E000
|
unkown
|
page read and write
|
||
C42000
|
unkown
|
page write copy
|
||
1A9B2FE000
|
stack
|
page read and write
|
||
1B91B780000
|
heap
|
page read and write
|
||
163D7FE000
|
stack
|
page read and write
|
||
C2C000
|
unkown
|
page readonly
|
||
1671CA70000
|
heap
|
page read and write
|
||
C4B000
|
unkown
|
page readonly
|
||
807000
|
unkown
|
page readonly
|
||
28BB000
|
direct allocation
|
page read and write
|
||
C4B000
|
unkown
|
page readonly
|
||
1C704940000
|
heap
|
page read and write
|
||
BE0000
|
heap
|
page read and write
|
||
2406000
|
direct allocation
|
page read and write
|
||
2700000
|
direct allocation
|
page read and write
|
||
27BF000
|
direct allocation
|
page read and write
|
||
14904F78000
|
heap
|
page read and write
|
||
240F000
|
direct allocation
|
page read and write
|
||
DA9000
|
unkown
|
page readonly
|
||
3E8C000
|
direct allocation
|
page read and write
|
||
2671000
|
heap
|
page read and write
|
||
7F44B000
|
direct allocation
|
page read and write
|
||
2116C6A0000
|
heap
|
page read and write
|
||
2A60000
|
direct allocation
|
page read and write
|
||
2926000
|
direct allocation
|
page read and write
|
||
285A000
|
direct allocation
|
page read and write
|
||
7A5000
|
unkown
|
page readonly
|
||
DA2000
|
unkown
|
page read and write
|
||
1EB58485000
|
heap
|
page read and write
|
||
2218BC25000
|
heap
|
page read and write
|
||
1FD80F80000
|
heap
|
page read and write
|
||
255C2FC000
|
stack
|
page read and write
|
||
1E0957E8000
|
heap
|
page read and write
|
||
2A6E000
|
direct allocation
|
page read and write
|
||
2629000
|
heap
|
page read and write
|
There are 783 hidden memdumps, click here to show them.