Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
#U5b89#U88c5#U52a9#U624b1.0.1.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Temp\is-LDPLH.tmp\#U5b89#U88c5#U52a9#U624b1.0.1.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-PB21B.tmp\#U5b89#U88c5#U52a9#U624b1.0.1.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Windows NT\7zr.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Windows NT\file.bin (copy)
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\hrsw.vbc
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Windows NT\is-9Q49J.tmp
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\is-SBH8U.tmp
|
OpenPGP Secret Key
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale2.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale2.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale3.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale3.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale4.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale4.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale7.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale7.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\res.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\tProtect.dll
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Windows NT\task.xml
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\trash
|
OpenPGP Secret Key
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0cwkgqrh.vf1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2snt4uvh.3kt.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ksrgjyaw.flz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_spijxguy.jrr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-5OPPK.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-5OPPK.tmp\update.vac
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-P2CCP.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-P2CCP.tmp\update.vac
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
\Device\ConDrv
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
There are 22 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.1.exe
|
"C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.1.exe"
|
||
C:\Users\user\AppData\Local\Temp\is-LDPLH.tmp\#U5b89#U88c5#U52a9#U624b1.0.1.tmp
|
"C:\Users\user\AppData\Local\Temp\is-LDPLH.tmp\#U5b89#U88c5#U52a9#U624b1.0.1.tmp" /SL5="$20474,7641276,845824,C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.1.exe"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -Command "Add-MpPreference -ExclusionPath 'C:\'"
|
||
C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.1.exe
|
"C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.1.exe" /VERYSILENT
|
||
C:\Users\user\AppData\Local\Temp\is-PB21B.tmp\#U5b89#U88c5#U52a9#U624b1.0.1.tmp
|
"C:\Users\user\AppData\Local\Temp\is-PB21B.tmp\#U5b89#U88c5#U52a9#U624b1.0.1.tmp" /SL5="$20492,7641276,845824,C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.1.exe"
/VERYSILENT
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc create CleverSoar displayname= CleverSoar binPath= "C:\Program Files (x86)\Windows NT\tProtect.dll" type=
kernel start= auto
|
||
C:\Windows\System32\sc.exe
|
sc create CleverSoar displayname= CleverSoar binPath= "C:\Program Files (x86)\Windows NT\tProtect.dll" type= kernel start=
auto
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Program Files (x86)\Windows NT\7zr.exe
|
7zr.exe x -y res.dat -pad8dtyw9eyfd9aslyd9iald
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Program Files (x86)\Windows NT\7zr.exe
|
7zr.exe x -y locale3.dat -pasfasdf79yf9layslofs
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
There are 98 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
https://www.remobjects.com/ps
|
unknown
|
||
https://www.innosetup.com/
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
HKEY_CURRENT_USER\SOFTWARE\Magisk
|
ring3_username
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
2980000
|
heap
|
page read and write
|
||
2244000
|
direct allocation
|
page read and write
|
||
2BE53305000
|
heap
|
page read and write
|
||
711000
|
unkown
|
page execute read
|
||
22F4000
|
direct allocation
|
page read and write
|
||
181DB210000
|
heap
|
page read and write
|
||
184E000
|
direct allocation
|
page read and write
|
||
CCD000
|
unkown
|
page execute read
|
||
2A357E18000
|
heap
|
page read and write
|
||
FCE000
|
stack
|
page read and write
|
||
98E000
|
heap
|
page read and write
|
||
185D000
|
direct allocation
|
page read and write
|
||
15EA000
|
heap
|
page read and write
|
||
224B000
|
direct allocation
|
page read and write
|
||
C694A7F000
|
stack
|
page read and write
|
||
15CAE7E000
|
stack
|
page read and write
|
||
28C2000
|
heap
|
page read and write
|
||
CE0000
|
unkown
|
page readonly
|
||
1AD949B0000
|
heap
|
page read and write
|
||
12EC000
|
stack
|
page read and write
|
||
148C87B0000
|
heap
|
page read and write
|
||
3FD7000
|
heap
|
page read and write
|
||
16505470000
|
heap
|
page read and write
|
||
16505370000
|
heap
|
page read and write
|
||
2867000
|
direct allocation
|
page read and write
|
||
2951A5F0000
|
heap
|
page read and write
|
||
165F0F30000
|
heap
|
page read and write
|
||
2B01000
|
heap
|
page read and write
|
||
30A0000
|
direct allocation
|
page read and write
|
||
FA7000
|
unkown
|
page readonly
|
||
148C85B0000
|
heap
|
page read and write
|
||
294C000
|
direct allocation
|
page read and write
|
||
293F84D0000
|
heap
|
page read and write
|
||
2F0A000
|
heap
|
page read and write
|
||
237965F0000
|
heap
|
page read and write
|
||
1220000
|
heap
|
page read and write
|
||
1D5A7A30000
|
heap
|
page read and write
|
||
3C10000
|
heap
|
page read and write
|
||
443E000
|
stack
|
page read and write
|
||
1910000
|
heap
|
page read and write
|
||
2F7A000
|
heap
|
page read and write
|
||
117547D000
|
stack
|
page read and write
|
||
D05000
|
unkown
|
page read and write
|
||
1FAAAA25000
|
heap
|
page read and write
|
||
1B5516C5000
|
heap
|
page read and write
|
||
3760000
|
heap
|
page read and write
|
||
312A000
|
heap
|
page read and write
|
||
165054F0000
|
heap
|
page read and write
|
||
13B8000
|
heap
|
page read and write
|
||
F90000
|
unkown
|
page read and write
|
||
93AE0FF000
|
stack
|
page read and write
|
||
29C0000
|
heap
|
page read and write
|
||
311F000
|
direct allocation
|
page read and write
|
||
1FAAAA20000
|
heap
|
page read and write
|
||
15433320000
|
heap
|
page read and write
|
||
1D7551D8000
|
heap
|
page read and write
|
||
1380000
|
direct allocation
|
page read and write
|
||
295A000
|
direct allocation
|
page read and write
|
||
15F4000
|
heap
|
page read and write
|
||
1CDBCE97000
|
heap
|
page read and write
|
||
2408CAA0000
|
heap
|
page read and write
|
||
23796895000
|
heap
|
page read and write
|
||
10017F000
|
stack
|
page read and write
|
||
2A357D20000
|
heap
|
page read and write
|
||
2BC677E000
|
stack
|
page read and write
|
||
292F000
|
direct allocation
|
page read and write
|
||
711000
|
unkown
|
page execute read
|
||
2651F640000
|
heap
|
page read and write
|
||
1CDBCDD0000
|
heap
|
page read and write
|
||
D0D000
|
unkown
|
page read and write
|
||
A30000
|
heap
|
page read and write
|
||
2F19000
|
heap
|
page read and write
|
||
28E4000
|
direct allocation
|
page read and write
|
||
12FC000
|
stack
|
page read and write
|
||
232AF990000
|
heap
|
page read and write
|
||
1AD94CF5000
|
heap
|
page read and write
|
||
1CDBCE90000
|
heap
|
page read and write
|
||
92E000
|
stack
|
page read and write
|
||
2B80000
|
direct allocation
|
page read and write
|
||
1818000
|
direct allocation
|
page read and write
|
||
180B000
|
direct allocation
|
page read and write
|
||
56E000
|
stack
|
page read and write
|
||
27A0000
|
direct allocation
|
page read and write
|
||
2860000
|
direct allocation
|
page read and write
|
||
1B5518D0000
|
heap
|
page read and write
|
||
2B00000
|
heap
|
page read and write
|
||
3CB0000
|
direct allocation
|
page read and write
|
||
28FB000
|
direct allocation
|
page read and write
|
||
90F23AD000
|
stack
|
page read and write
|
||
28F4000
|
direct allocation
|
page read and write
|
||
2276000
|
direct allocation
|
page read and write
|
||
1215000
|
heap
|
page read and write
|
||
CE1000
|
unkown
|
page execute read
|
||
4D97000
|
trusted library allocation
|
page read and write
|
||
3B30000
|
direct allocation
|
page read and write
|
||
1D7550B0000
|
heap
|
page read and write
|
||
3158000
|
direct allocation
|
page read and write
|
||
A50000
|
unkown
|
page readonly
|
||
2331BB80000
|
heap
|
page read and write
|
||
2919000
|
direct allocation
|
page read and write
|
||
2A357D40000
|
heap
|
page read and write
|
||
E110F1D000
|
stack
|
page read and write
|
||
D14000
|
unkown
|
page read and write
|
||
C4F000
|
stack
|
page read and write
|
||
2220000
|
direct allocation
|
page read and write
|
||
26EE000
|
heap
|
page read and write
|
||
2331BEE0000
|
heap
|
page read and write
|
||
141EF3F0000
|
heap
|
page read and write
|
||
18E1000
|
direct allocation
|
page read and write
|
||
2178C9A0000
|
heap
|
page read and write
|
||
18F0000
|
heap
|
page read and write
|
||
F8E000
|
unkown
|
page write copy
|
||
21111780000
|
heap
|
page read and write
|
||
A51000
|
unkown
|
page execute read
|
||
1E0C9FC0000
|
heap
|
page read and write
|
||
3049000
|
direct allocation
|
page read and write
|
||
21F9000
|
direct allocation
|
page read and write
|
||
140E000
|
stack
|
page read and write
|
||
141EF7C0000
|
heap
|
page read and write
|
||
10047F000
|
stack
|
page read and write
|
||
1FA858D0000
|
heap
|
page read and write
|
||
2F16000
|
heap
|
page read and write
|
||
1FAAAA50000
|
heap
|
page read and write
|
||
1447000
|
heap
|
page read and write
|
||
28CB000
|
direct allocation
|
page read and write
|
||
B7B7D9D000
|
stack
|
page read and write
|
||
D00000
|
unkown
|
page write copy
|
||
1FAAAAB8000
|
heap
|
page read and write
|
||
26EE000
|
heap
|
page read and write
|
||
C56000
|
unkown
|
page execute read
|
||
16505705000
|
heap
|
page read and write
|
||
232AFC65000
|
heap
|
page read and write
|
||
2951A750000
|
heap
|
page read and write
|
||
B7B81FE000
|
stack
|
page read and write
|
||
A86157E000
|
stack
|
page read and write
|
||
7A0000
|
heap
|
page read and write
|
||
2BE530B0000
|
heap
|
page read and write
|
||
293F85F0000
|
heap
|
page read and write
|
||
1F7FB958000
|
heap
|
page read and write
|
||
2961000
|
direct allocation
|
page read and write
|
||
18BD000
|
direct allocation
|
page read and write
|
||
141EF7C5000
|
heap
|
page read and write
|
||
1CDBCE00000
|
heap
|
page read and write
|
||
2800000
|
heap
|
page read and write
|
||
E7C7AFE000
|
stack
|
page read and write
|
||
141EF4D0000
|
heap
|
page read and write
|
||
1CFC8830000
|
heap
|
page read and write
|
||
1AD94B38000
|
heap
|
page read and write
|
||
3126000
|
direct allocation
|
page read and write
|
||
90F27FE000
|
stack
|
page read and write
|
||
F80000
|
heap
|
page read and write
|
||
3F90000
|
heap
|
page read and write
|
||
E6F000
|
stack
|
page read and write
|
||
22D0000
|
direct allocation
|
page read and write
|
||
2F3A000
|
heap
|
page read and write
|
||
52207DF000
|
stack
|
page read and write
|
||
D6E000
|
stack
|
page read and write
|
||
453B2FD000
|
stack
|
page read and write
|
||
293F8785000
|
heap
|
page read and write
|
||
312D000
|
direct allocation
|
page read and write
|
||
227F000
|
direct allocation
|
page read and write
|
||
E11137F000
|
stack
|
page read and write
|
||
2981000
|
heap
|
page read and write
|
||
18CC000
|
direct allocation
|
page read and write
|
||
9B6000
|
unkown
|
page read and write
|
||
7DB000
|
unkown
|
page readonly
|
||
4B54BFD000
|
stack
|
page read and write
|
||
1FA85990000
|
heap
|
page read and write
|
||
CA78D1C000
|
stack
|
page read and write
|
||
2259000
|
direct allocation
|
page read and write
|
||
2651F660000
|
heap
|
page read and write
|
||
1230000
|
heap
|
page read and write
|
||
2294000
|
direct allocation
|
page read and write
|
||
22C06D70000
|
heap
|
page read and write
|
||
1FA85C35000
|
heap
|
page read and write
|
||
7F8CA000
|
direct allocation
|
page read and write
|
||
4290000
|
direct allocation
|
page read and write
|
||
2F29000
|
heap
|
page read and write
|
||
2651F668000
|
heap
|
page read and write
|
||
EBC000
|
stack
|
page read and write
|
||
2928000
|
direct allocation
|
page read and write
|
||
15AF000
|
stack
|
page read and write
|
||
17C3000
|
direct allocation
|
page read and write
|
||
AB000
|
stack
|
page read and write
|
||
148C85D0000
|
heap
|
page read and write
|
||
2408CB18000
|
heap
|
page read and write
|
||
18E8000
|
direct allocation
|
page read and write
|
||
18AF000
|
direct allocation
|
page read and write
|
||
230A000
|
direct allocation
|
page read and write
|
||
2BE52FB0000
|
heap
|
page read and write
|
||
90F26FE000
|
stack
|
page read and write
|
||
117567F000
|
stack
|
page read and write
|
||
FA5000
|
unkown
|
page readonly
|
||
2211000
|
direct allocation
|
page read and write
|
||
6CAC3000
|
unkown
|
page read and write
|
||
30AF000
|
direct allocation
|
page read and write
|
||
6CAC9000
|
unkown
|
page execute read
|
||
287D000
|
direct allocation
|
page read and write
|
||
1AD94A90000
|
heap
|
page read and write
|
||
410000
|
heap
|
page read and write
|
||
22C9000
|
direct allocation
|
page read and write
|
||
28ED000
|
direct allocation
|
page read and write
|
||
A10000
|
heap
|
page read and write
|
||
8EE000
|
stack
|
page read and write
|
||
3AE8000
|
direct allocation
|
page read and write
|
||
1FA85C30000
|
heap
|
page read and write
|
||
2FD0000
|
trusted library allocation
|
page read and write
|
||
2803000
|
heap
|
page read and write
|
||
5C0000
|
heap
|
page read and write
|
||
2331BBA0000
|
heap
|
page read and write
|
||
2842000
|
heap
|
page read and write
|
||
C79097E000
|
stack
|
page read and write
|
||
958000
|
heap
|
page read and write
|
||
7BC000
|
unkown
|
page readonly
|
||
4B54FFF000
|
stack
|
page read and write
|
||
158E000
|
stack
|
page read and write
|
||
6C841000
|
unkown
|
page execute read
|
||
1AD94B30000
|
heap
|
page read and write
|
||
B7B80FF000
|
stack
|
page read and write
|
||
3075000
|
direct allocation
|
page read and write
|
||
9B5000
|
unkown
|
page write copy
|
||
15D5000
|
heap
|
page read and write
|
||
7BC000
|
unkown
|
page readonly
|
||
2B10000
|
direct allocation
|
page read and write
|
||
148C8638000
|
heap
|
page read and write
|
||
1CFC8AF0000
|
heap
|
page read and write
|
||
1856000
|
direct allocation
|
page read and write
|
||
1550000
|
heap
|
page read and write
|
||
3AB0000
|
direct allocation
|
page read and write
|
||
2F10000
|
heap
|
page read and write
|
||
20FBF2C0000
|
heap
|
page read and write
|
||
2286000
|
direct allocation
|
page read and write
|
||
154F000
|
stack
|
page read and write
|
||
37D0000
|
direct allocation
|
page read and write
|
||
2178C910000
|
heap
|
page read and write
|
||
9AB000
|
unkown
|
page read and write
|
||
58A16EC000
|
stack
|
page read and write
|
||
226F000
|
direct allocation
|
page read and write
|
||
9D10A7D000
|
stack
|
page read and write
|
||
F5BEBFF000
|
stack
|
page read and write
|
||
A18000
|
heap
|
page read and write
|
||
20FBF530000
|
heap
|
page read and write
|
||
9A9000
|
unkown
|
page read and write
|
||
1FAAAA30000
|
heap
|
page read and write
|
||
1EC04610000
|
heap
|
page read and write
|
||
2218000
|
direct allocation
|
page read and write
|
||
C54327C000
|
stack
|
page read and write
|
||
AB973FE000
|
stack
|
page read and write
|
||
222E000
|
direct allocation
|
page read and write
|
||
133E000
|
stack
|
page read and write
|
||
26E5000
|
heap
|
page read and write
|
||
1D5A7DD0000
|
heap
|
page read and write
|
||
2951A755000
|
heap
|
page read and write
|
||
28A8000
|
direct allocation
|
page read and write
|
||
2408CAC0000
|
heap
|
page read and write
|
||
15F3000
|
heap
|
page read and write
|
||
1B5518B0000
|
heap
|
page read and write
|
||
2900000
|
direct allocation
|
page read and write
|
||
247F57F000
|
stack
|
page read and write
|
||
26F4000
|
heap
|
page read and write
|
||
711000
|
unkown
|
page execute read
|
||
1446000
|
heap
|
page read and write
|
||
1F7FBCC5000
|
heap
|
page read and write
|
||
1B5516E8000
|
heap
|
page read and write
|
||
A86147D000
|
stack
|
page read and write
|
||
4C40000
|
trusted library allocation
|
page read and write
|
||
3ADE000
|
direct allocation
|
page read and write
|
||
200A9EA0000
|
heap
|
page read and write
|
||
181DB270000
|
heap
|
page read and write
|
||
1840000
|
direct allocation
|
page read and write
|
||
22BA000
|
direct allocation
|
page read and write
|
||
C69487C000
|
stack
|
page read and write
|
||
6CBB3000
|
unkown
|
page readonly
|
||
8BE000
|
stack
|
page read and write
|
||
2A40000
|
heap
|
page read and write
|
||
8E0000
|
heap
|
page read and write
|
||
6AD000
|
stack
|
page read and write
|
||
3067000
|
direct allocation
|
page read and write
|
||
46FC000
|
stack
|
page read and write
|
||
1AC000
|
stack
|
page read and write
|
||
1EC045F0000
|
heap
|
page read and write
|
||
F95000
|
unkown
|
page read and write
|
||
20FBF2C8000
|
heap
|
page read and write
|
||
2944000
|
direct allocation
|
page read and write
|
||
1E0C9FD0000
|
heap
|
page read and write
|
||
30BF000
|
direct allocation
|
page read and write
|
||
CA7917E000
|
stack
|
page read and write
|
||
15433420000
|
heap
|
page read and write
|
||
211117E8000
|
heap
|
page read and write
|
||
3084000
|
direct allocation
|
page read and write
|
||
17E0000
|
direct allocation
|
page read and write
|
||
1D5A7A40000
|
heap
|
page read and write
|
||
53F94D000
|
stack
|
page read and write
|
||
30EA000
|
direct allocation
|
page read and write
|
||
141EF5F0000
|
heap
|
page read and write
|
||
232AF940000
|
heap
|
page read and write
|
||
2227000
|
direct allocation
|
page read and write
|
||
1EC04940000
|
heap
|
page read and write
|
||
26E0000
|
heap
|
page read and write
|
||
2303000
|
direct allocation
|
page read and write
|
||
181DB240000
|
heap
|
page read and write
|
||
2875000
|
direct allocation
|
page read and write
|
||
58A1AFE000
|
stack
|
page read and write
|
||
1D5A7AA8000
|
heap
|
page read and write
|
||
148C8630000
|
heap
|
page read and write
|
||
2651F850000
|
heap
|
page read and write
|
||
165F11B5000
|
heap
|
page read and write
|
||
37F0000
|
heap
|
page read and write
|
||
165F11B0000
|
heap
|
page read and write
|
||
47FC000
|
stack
|
page read and write
|
||
7BF000
|
stack
|
page read and write
|
||
2884000
|
direct allocation
|
page read and write
|
||
2920000
|
heap
|
page read and write
|
||
15433500000
|
heap
|
page read and write
|
||
1CFC8AF5000
|
heap
|
page read and write
|
||
1007000
|
unkown
|
page readonly
|
||
21E0000
|
heap
|
page read and write
|
||
2859000
|
direct allocation
|
page read and write
|
||
17D1000
|
direct allocation
|
page read and write
|
||
420000
|
heap
|
page read and write
|
||
21111750000
|
heap
|
page read and write
|
||
A0851CE000
|
stack
|
page read and write
|
||
4254000
|
direct allocation
|
page read and write
|
||
2178CC00000
|
heap
|
page read and write
|
||
3058000
|
direct allocation
|
page read and write
|
||
CFB000
|
unkown
|
page execute read
|
||
1828000
|
direct allocation
|
page read and write
|
||
2951A3E0000
|
heap
|
page read and write
|
||
7F5B0000
|
direct allocation
|
page read and write
|
||
1B5516C0000
|
heap
|
page read and write
|
||
201B1120000
|
heap
|
page read and write
|
||
2BE530B8000
|
heap
|
page read and write
|
||
2F12000
|
heap
|
page read and write
|
||
639000
|
stack
|
page read and write
|
||
1B5516B0000
|
heap
|
page read and write
|
||
37ED000
|
direct allocation
|
page read and write
|
||
301E000
|
heap
|
page read and write
|
||
15B8000
|
heap
|
page read and write
|
||
6C840000
|
unkown
|
page readonly
|
||
1D5A7DD5000
|
heap
|
page read and write
|
||
17FD000
|
direct allocation
|
page read and write
|
||
2904000
|
direct allocation
|
page read and write
|
||
D05000
|
unkown
|
page write copy
|
||
17EE000
|
direct allocation
|
page read and write
|
||
1CFC8858000
|
heap
|
page read and write
|
||
2BE52FD0000
|
heap
|
page read and write
|
||
1A00000
|
heap
|
page read and write
|
||
2951A4F0000
|
heap
|
page read and write
|
||
2A358015000
|
heap
|
page read and write
|
||
2A358010000
|
heap
|
page read and write
|
||
711000
|
unkown
|
page execute read
|
||
3B03000
|
direct allocation
|
page read and write
|
||
2620000
|
heap
|
page read and write
|
||
181DB215000
|
heap
|
page read and write
|
||
623027C000
|
stack
|
page read and write
|
||
3102000
|
direct allocation
|
page read and write
|
||
148C84D0000
|
heap
|
page read and write
|
||
2F00000
|
heap
|
page read and write
|
||
456BD5D000
|
stack
|
page read and write
|
||
200A9FA0000
|
heap
|
page read and write
|
||
154336B0000
|
heap
|
page read and write
|
||
E11127E000
|
stack
|
page read and write
|
||
3E70000
|
direct allocation
|
page read and write
|
||
C54337F000
|
stack
|
page read and write
|
||
7BC000
|
unkown
|
page readonly
|
||
1E0CA088000
|
heap
|
page read and write
|
||
9B2000
|
unkown
|
page read and write
|
||
1F7FBB20000
|
heap
|
page read and write
|
||
201B14A5000
|
heap
|
page read and write
|
||
93ADCBC000
|
stack
|
page read and write
|
||
FD0000
|
heap
|
page read and write
|
||
3143000
|
direct allocation
|
page read and write
|
||
4C7D000
|
stack
|
page read and write
|
||
2F39000
|
heap
|
page read and write
|
||
53FC7E000
|
stack
|
page read and write
|
||
7D2000
|
unkown
|
page write copy
|
||
60A5A7F000
|
stack
|
page read and write
|
||
200AA1E0000
|
heap
|
page read and write
|
||
17E7000
|
direct allocation
|
page read and write
|
||
2908000
|
heap
|
page read and write
|
||
37D0000
|
direct allocation
|
page read and write
|
||
2883000
|
heap
|
page read and write
|
||
3C30000
|
direct allocation
|
page read and write
|
||
FA0000
|
unkown
|
page write copy
|
||
450000
|
heap
|
page read and write
|
||
60A5B7E000
|
stack
|
page read and write
|
||
308B000
|
direct allocation
|
page read and write
|
||
30F1000
|
direct allocation
|
page read and write
|
||
293F83F0000
|
heap
|
page read and write
|
||
2843000
|
direct allocation
|
page read and write
|
||
425E000
|
direct allocation
|
page read and write
|
||
3060000
|
direct allocation
|
page read and write
|
||
1AD94CF0000
|
heap
|
page read and write
|
||
23796890000
|
heap
|
page read and write
|
||
2951A3E8000
|
heap
|
page read and write
|
||
AB96FBD000
|
stack
|
page read and write
|
||
1CFC8800000
|
heap
|
page read and write
|
||
2E80000
|
heap
|
page read and write
|
||
201B14A0000
|
heap
|
page read and write
|
||
1EC046C0000
|
heap
|
page read and write
|
||
47CB000
|
direct allocation
|
page read and write
|
||
1D5A7AA0000
|
heap
|
page read and write
|
||
D14000
|
unkown
|
page write copy
|
||
4249000
|
direct allocation
|
page read and write
|
||
223C000
|
direct allocation
|
page read and write
|
||
1E0CA035000
|
heap
|
page read and write
|
||
1FA85900000
|
heap
|
page read and write
|
||
1FAAAAB0000
|
heap
|
page read and write
|
||
37FF000
|
direct allocation
|
page read and write
|
||
58A17EF000
|
stack
|
page read and write
|
||
1900000
|
direct allocation
|
page execute and read and write
|
||
9B7000
|
unkown
|
page readonly
|
||
4D7B000
|
stack
|
page read and write
|
||
2BC66FE000
|
unkown
|
page readonly
|
||
39CD000
|
stack
|
page read and write
|
||
C69497E000
|
stack
|
page read and write
|
||
FBD000
|
stack
|
page read and write
|
||
643D8FF000
|
stack
|
page read and write
|
||
CD0000
|
direct allocation
|
page read and write
|
||
21111660000
|
heap
|
page read and write
|
||
26E9000
|
heap
|
page read and write
|
||
53FD7E000
|
stack
|
page read and write
|
||
1892000
|
direct allocation
|
page read and write
|
||
2882000
|
heap
|
page read and write
|
||
184B000
|
direct allocation
|
page read and write
|
||
1874000
|
direct allocation
|
page read and write
|
||
2BC667E000
|
stack
|
page read and write
|
||
2408CB10000
|
heap
|
page read and write
|
||
D00000
|
unkown
|
page read and write
|
||
F5BE78C000
|
stack
|
page read and write
|
||
16505450000
|
heap
|
page read and write
|
||
5AE000
|
stack
|
page read and write
|
||
1E0CA080000
|
heap
|
page read and write
|
||
9D10C7F000
|
stack
|
page read and write
|
||
30FA000
|
direct allocation
|
page read and write
|
||
7DB000
|
unkown
|
page readonly
|
||
2178C920000
|
heap
|
page read and write
|
||
148C87B5000
|
heap
|
page read and write
|
||
200A9F80000
|
heap
|
page read and write
|
||
9A9000
|
unkown
|
page write copy
|
||
201B1220000
|
heap
|
page read and write
|
||
28CE000
|
direct allocation
|
page read and write
|
||
117557E000
|
stack
|
page read and write
|
||
1600000
|
heap
|
page read and write
|
||
23796630000
|
heap
|
page read and write
|
||
2331BC28000
|
heap
|
page read and write
|
||
4D80000
|
trusted library allocation
|
page read and write
|
||
30B6000
|
direct allocation
|
page read and write
|
||
1558000
|
heap
|
page read and write
|
||
4D9B000
|
trusted library allocation
|
page read and write
|
||
2331BC20000
|
heap
|
page read and write
|
||
22C2000
|
direct allocation
|
page read and write
|
||
1D7551D0000
|
heap
|
page read and write
|
||
181DB220000
|
heap
|
page read and write
|
||
2920000
|
direct allocation
|
page read and write
|
||
2BE52ED0000
|
heap
|
page read and write
|
||
C2E000
|
stack
|
page read and write
|
||
17B0000
|
direct allocation
|
page read and write
|
||
1219000
|
heap
|
page read and write
|
||
232AF998000
|
heap
|
page read and write
|
||
AB972FF000
|
stack
|
page read and write
|
||
1CFC8810000
|
heap
|
page read and write
|
||
37E3000
|
direct allocation
|
page read and write
|
||
2331BB70000
|
heap
|
page read and write
|
||
4DAA000
|
trusted library allocation
|
page read and write
|
||
22ED000
|
direct allocation
|
page read and write
|
||
28DD000
|
direct allocation
|
page read and write
|
||
2651F905000
|
heap
|
page read and write
|
||
247F47D000
|
stack
|
page read and write
|
||
37DB000
|
direct allocation
|
page read and write
|
||
21111755000
|
heap
|
page read and write
|
||
247F67F000
|
stack
|
page read and write
|
||
184F000
|
stack
|
page read and write
|
||
2892000
|
direct allocation
|
page read and write
|
||
4330000
|
direct allocation
|
page read and write
|
||
15CAD7E000
|
stack
|
page read and write
|
||
237965D0000
|
heap
|
page read and write
|
||
2A357E10000
|
heap
|
page read and write
|
||
9A9000
|
unkown
|
page read and write
|
||
2F29000
|
heap
|
page read and write
|
||
8A0000
|
heap
|
page read and write
|
||
16505700000
|
heap
|
page read and write
|
||
623037E000
|
stack
|
page read and write
|
||
CA7907E000
|
stack
|
page read and write
|
||
7DB000
|
unkown
|
page readonly
|
||
2851000
|
direct allocation
|
page read and write
|
||
200A9FE8000
|
heap
|
page read and write
|
||
15F0000
|
heap
|
page read and write
|
||
4292000
|
direct allocation
|
page read and write
|
||
5220AFF000
|
stack
|
page read and write
|
||
28B9000
|
direct allocation
|
page read and write
|
||
228D000
|
direct allocation
|
page read and write
|
||
710000
|
unkown
|
page readonly
|
||
1FA858E0000
|
heap
|
page read and write
|
||
161C000
|
heap
|
page read and write
|
||
1603000
|
heap
|
page read and write
|
||
1E0C9FF0000
|
heap
|
page read and write
|
||
17F5000
|
direct allocation
|
page read and write
|
||
A86167E000
|
stack
|
page read and write
|
||
F1B000
|
stack
|
page read and write
|
||
7D2000
|
unkown
|
page read and write
|
||
22AA000
|
direct allocation
|
page read and write
|
||
22C06D60000
|
heap
|
page read and write
|
||
26EB000
|
heap
|
page read and write
|
||
306E000
|
direct allocation
|
page read and write
|
||
4D9B000
|
trusted library allocation
|
page read and write
|
||
30A8000
|
direct allocation
|
page read and write
|
||
456C07E000
|
stack
|
page read and write
|
||
1F7FBB40000
|
heap
|
page read and write
|
||
20FBF290000
|
heap
|
page read and write
|
||
5AC000
|
stack
|
page read and write
|
||
187B000
|
direct allocation
|
page read and write
|
||
4B41000
|
heap
|
page read and write
|
||
2252000
|
direct allocation
|
page read and write
|
||
36B0000
|
heap
|
page read and write
|
||
46BF000
|
stack
|
page read and write
|
||
1601000
|
heap
|
page read and write
|
||
22C07000000
|
heap
|
page read and write
|
||
1AD94AB0000
|
heap
|
page read and write
|
||
2408CDB0000
|
heap
|
page read and write
|
||
72F000
|
stack
|
page read and write
|
||
BE0000
|
heap
|
page read and write
|
||
3B00000
|
direct allocation
|
page read and write
|
||
A61098D000
|
stack
|
page read and write
|
||
22C06DB8000
|
heap
|
page read and write
|
||
623047F000
|
stack
|
page read and write
|
||
3151000
|
direct allocation
|
page read and write
|
||
1FA85998000
|
heap
|
page read and write
|
||
3BB0000
|
direct allocation
|
page read and write
|
||
1812000
|
direct allocation
|
page read and write
|
||
9B9000
|
unkown
|
page readonly
|
||
20FBF535000
|
heap
|
page read and write
|
||
4D80000
|
trusted library allocation
|
page read and write
|
||
1929000
|
heap
|
page read and write
|
||
687527D000
|
stack
|
page read and write
|
||
21111760000
|
heap
|
page read and write
|
||
30C6000
|
direct allocation
|
page read and write
|
||
141EF4F0000
|
heap
|
page read and write
|
||
165F1018000
|
heap
|
page read and write
|
||
30CD000
|
direct allocation
|
page read and write
|
||
1D755190000
|
heap
|
page read and write
|
||
C79087D000
|
stack
|
page read and write
|
||
9AB000
|
unkown
|
page read and write
|
||
20FBF490000
|
heap
|
page read and write
|
||
1EC04510000
|
heap
|
page read and write
|
||
D2F000
|
stack
|
page read and write
|
||
2936000
|
direct allocation
|
page read and write
|
||
3110000
|
direct allocation
|
page read and write
|
||
7BC000
|
unkown
|
page readonly
|
||
200AA1E5000
|
heap
|
page read and write
|
||
F9D000
|
unkown
|
page read and write
|
||
2260000
|
direct allocation
|
page read and write
|
||
293F85D0000
|
heap
|
page read and write
|
||
3134000
|
direct allocation
|
page read and write
|
||
9D10B7F000
|
stack
|
page read and write
|
||
293F84D8000
|
heap
|
page read and write
|
||
1804000
|
direct allocation
|
page read and write
|
||
5C8000
|
heap
|
page read and write
|
||
6C9E8000
|
unkown
|
page readonly
|
||
134E000
|
stack
|
page read and write
|
||
2178CC05000
|
heap
|
page read and write
|
||
1D5A7A60000
|
heap
|
page read and write
|
||
181DB278000
|
heap
|
page read and write
|
||
687537E000
|
stack
|
page read and write
|
||
E7C7BFF000
|
stack
|
page read and write
|
||
4DAA000
|
trusted library allocation
|
page read and write
|
||
2E8F000
|
stack
|
page read and write
|
||
CFE000
|
unkown
|
page read and write
|
||
7F0000
|
heap
|
page read and write
|
||
165F1110000
|
heap
|
page read and write
|
||
26EE000
|
heap
|
page read and write
|
||
18B6000
|
direct allocation
|
page read and write
|
||
456C17F000
|
stack
|
page read and write
|
||
C70000
|
heap
|
page read and write
|
||
15FA000
|
heap
|
page read and write
|
||
710000
|
unkown
|
page readonly
|
||
3170000
|
heap
|
page read and write
|
||
30D4000
|
direct allocation
|
page read and write
|
||
93ADDBF000
|
stack
|
page read and write
|
||
453B6FE000
|
stack
|
page read and write
|
||
3740000
|
trusted library allocation
|
page read and write
|
||
1EC046C8000
|
heap
|
page read and write
|
||
293D000
|
direct allocation
|
page read and write
|
||
1920000
|
heap
|
page read and write
|
||
3F50000
|
direct allocation
|
page read and write
|
||
CD0000
|
direct allocation
|
page read and write
|
||
2D8E000
|
stack
|
page read and write
|
||
2331BEE5000
|
heap
|
page read and write
|
||
18D3000
|
direct allocation
|
page read and write
|
||
950000
|
heap
|
page read and write
|
||
1864000
|
direct allocation
|
page read and write
|
||
A610CFF000
|
stack
|
page read and write
|
||
1440000
|
heap
|
page read and write
|
||
1E0CA030000
|
heap
|
page read and write
|
||
27A0000
|
direct allocation
|
page read and write
|
||
13C8000
|
heap
|
page read and write
|
||
9B9000
|
heap
|
page read and write
|
||
26EA000
|
heap
|
page read and write
|
||
900000
|
unkown
|
page readonly
|
||
201B12D0000
|
heap
|
page read and write
|
||
201B1200000
|
heap
|
page read and write
|
||
410F000
|
stack
|
page read and write
|
||
880000
|
heap
|
page read and write
|
||
4D97000
|
trusted library allocation
|
page read and write
|
||
427E000
|
direct allocation
|
page read and write
|
||
7EA147D000
|
stack
|
page read and write
|
||
2BE53300000
|
heap
|
page read and write
|
||
3092000
|
direct allocation
|
page read and write
|
||
2F16000
|
heap
|
page read and write
|
||
3118000
|
direct allocation
|
page read and write
|
||
2A01000
|
heap
|
page read and write
|
||
15CAC7D000
|
stack
|
page read and write
|
||
426E000
|
direct allocation
|
page read and write
|
||
293F8780000
|
heap
|
page read and write
|
||
1D7553C5000
|
heap
|
page read and write
|
||
28BE000
|
direct allocation
|
page read and write
|
||
A0854FF000
|
stack
|
page read and write
|
||
23796638000
|
heap
|
page read and write
|
||
710000
|
unkown
|
page readonly
|
||
FE0000
|
heap
|
page read and write
|
||
17AE000
|
stack
|
page read and write
|
||
1913000
|
heap
|
page read and write
|
||
2A357C40000
|
heap
|
page read and write
|
||
901000
|
unkown
|
page execute read
|
||
1210000
|
heap
|
page read and write
|
||
C54347E000
|
stack
|
page read and write
|
||
232AF860000
|
heap
|
page read and write
|
||
1CDBCCF0000
|
heap
|
page read and write
|
||
1370000
|
heap
|
page read and write
|
||
447E000
|
stack
|
page read and write
|
||
3B40000
|
direct allocation
|
page read and write
|
||
2A80000
|
heap
|
page read and write
|
||
2178C9A8000
|
heap
|
page read and write
|
||
18C4000
|
direct allocation
|
page read and write
|
||
307C000
|
direct allocation
|
page read and write
|
||
165F1130000
|
heap
|
page read and write
|
||
20FBF280000
|
heap
|
page read and write
|
||
2318000
|
direct allocation
|
page read and write
|
||
237965C0000
|
heap
|
page read and write
|
||
286E000
|
direct allocation
|
page read and write
|
||
E7C779D000
|
stack
|
page read and write
|
||
15B0000
|
heap
|
page read and write
|
||
7D2000
|
unkown
|
page write copy
|
||
3099000
|
direct allocation
|
page read and write
|
||
2F17000
|
heap
|
page read and write
|
||
2178C940000
|
heap
|
page read and write
|
||
154336B5000
|
heap
|
page read and write
|
||
22FC000
|
direct allocation
|
page read and write
|
||
643D5AC000
|
stack
|
page read and write
|
||
165F1010000
|
heap
|
page read and write
|
||
4B54EFF000
|
stack
|
page read and write
|
||
22E6000
|
direct allocation
|
page read and write
|
||
1CDBCDF5000
|
heap
|
page read and write
|
||
165054F8000
|
heap
|
page read and write
|
||
181DB1F0000
|
heap
|
page read and write
|
||
3DB0000
|
direct allocation
|
page read and write
|
||
200A9FE0000
|
heap
|
page read and write
|
||
17D9000
|
direct allocation
|
page read and write
|
||
7F5CB000
|
direct allocation
|
page read and write
|
||
15433328000
|
heap
|
page read and write
|
||
15F3000
|
heap
|
page read and write
|
||
4B40000
|
heap
|
page read and write
|
||
4D80000
|
trusted library allocation
|
page read and write
|
||
414C000
|
stack
|
page read and write
|
||
28C0000
|
direct allocation
|
page read and write
|
||
7EA157E000
|
stack
|
page read and write
|
||
314A000
|
direct allocation
|
page read and write
|
||
A6C000
|
unkown
|
page execute read
|
||
10007D000
|
stack
|
page read and write
|
||
C80000
|
direct allocation
|
page execute and read and write
|
||
B4E000
|
stack
|
page read and write
|
||
2408CA90000
|
heap
|
page read and write
|
||
2951A5D0000
|
heap
|
page read and write
|
||
2802000
|
heap
|
page read and write
|
||
2E83000
|
heap
|
page read and write
|
||
201B12D8000
|
heap
|
page read and write
|
||
C790A7F000
|
stack
|
page read and write
|
||
1F7FBCC0000
|
heap
|
page read and write
|
||
3109000
|
direct allocation
|
page read and write
|
||
1EC04945000
|
heap
|
page read and write
|
||
1350000
|
heap
|
page read and write
|
||
710000
|
unkown
|
page readonly
|
||
F76000
|
stack
|
page read and write
|
||
22B1000
|
direct allocation
|
page read and write
|
||
1839000
|
direct allocation
|
page read and write
|
||
22C07005000
|
heap
|
page read and write
|
||
22DF000
|
direct allocation
|
page read and write
|
||
FF0000
|
heap
|
page read and write
|
||
188B000
|
direct allocation
|
page read and write
|
||
22D8000
|
direct allocation
|
page read and write
|
||
15F4000
|
heap
|
page read and write
|
||
141EF4F8000
|
heap
|
page read and write
|
||
28D6000
|
direct allocation
|
page read and write
|
||
2F05000
|
heap
|
page read and write
|
||
9B2000
|
unkown
|
page read and write
|
||
2A00000
|
heap
|
page read and write
|
||
643D9FE000
|
stack
|
page read and write
|
||
174F000
|
stack
|
page read and write
|
||
2BC633C000
|
stack
|
page read and write
|
||
7D2000
|
unkown
|
page read and write
|
||
400E000
|
stack
|
page read and write
|
||
A0850CD000
|
stack
|
page read and write
|
||
4D80000
|
trusted library allocation
|
page read and write
|
||
453B3FF000
|
stack
|
page read and write
|
||
A00000
|
heap
|
page read and write
|
||
232AF960000
|
heap
|
page read and write
|
||
1F7FB950000
|
heap
|
page read and write
|
||
4240000
|
direct allocation
|
page read and write
|
||
CFE000
|
unkown
|
page write copy
|
||
8A6000
|
heap
|
page read and write
|
||
52206DD000
|
stack
|
page read and write
|
||
1D7551B0000
|
heap
|
page read and write
|
||
455000
|
heap
|
page read and write
|
||
F5BEAFF000
|
stack
|
page read and write
|
||
22C06DB0000
|
heap
|
page read and write
|
||
45BE000
|
stack
|
page read and write
|
||
13B0000
|
heap
|
page read and write
|
||
4239000
|
direct allocation
|
page read and write
|
||
1925000
|
heap
|
page read and write
|
||
22C06D90000
|
heap
|
page read and write
|
||
D17000
|
unkown
|
page readonly
|
||
7EA167E000
|
stack
|
page read and write
|
||
1FAAAA00000
|
heap
|
page read and write
|
||
7DB000
|
unkown
|
page readonly
|
||
2968000
|
direct allocation
|
page read and write
|
||
26EE000
|
heap
|
page read and write
|
||
2830000
|
direct allocation
|
page read and write
|
||
3051000
|
direct allocation
|
page read and write
|
||
687547E000
|
stack
|
page read and write
|
||
60A573D000
|
stack
|
page read and write
|
||
6C9F8000
|
unkown
|
page write copy
|
||
1CDBCDF0000
|
heap
|
page read and write
|
||
457F000
|
stack
|
page read and write
|
||
211117E0000
|
heap
|
page read and write
|
||
F8E000
|
unkown
|
page read and write
|
||
3010000
|
direct allocation
|
page read and write
|
||
1D7553C0000
|
heap
|
page read and write
|
||
1B5516E0000
|
heap
|
page read and write
|
||
2802000
|
heap
|
page read and write
|
||
1609000
|
heap
|
page read and write
|
||
2651F900000
|
heap
|
page read and write
|
||
13C0000
|
heap
|
page read and write
|
||
1F7FB940000
|
heap
|
page read and write
|
||
3039000
|
direct allocation
|
page read and write
|
||
232AFC60000
|
heap
|
page read and write
|
||
638F000
|
stack
|
page read and write
|
||
2651F830000
|
heap
|
page read and write
|
||
CC0000
|
heap
|
page read and write
|
||
2408CDB5000
|
heap
|
page read and write
|
||
18DA000
|
direct allocation
|
page read and write
|
||
290B000
|
direct allocation
|
page read and write
|
||
288B000
|
direct allocation
|
page read and write
|
||
8DE7DCD000
|
stack
|
page read and write
|
||
15433520000
|
heap
|
page read and write
|
||
2267000
|
direct allocation
|
page read and write
|
||
18A8000
|
direct allocation
|
page read and write
|
||
1569000
|
heap
|
page read and write
|
||
2235000
|
direct allocation
|
page read and write
|
||
30DA000
|
direct allocation
|
page read and write
|
||
A610DFE000
|
stack
|
page read and write
|
||
313C000
|
direct allocation
|
page read and write
|
||
1CFC8850000
|
heap
|
page read and write
|
||
2311000
|
direct allocation
|
page read and write
|
||
CD0000
|
direct allocation
|
page read and write
|
||
2912000
|
direct allocation
|
page read and write
|
||
12FD000
|
stack
|
page read and write
|
||
1883000
|
direct allocation
|
page read and write
|
||
2953000
|
direct allocation
|
page read and write
|
There are 758 hidden memdumps, click here to show them.