Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
#U5b89#U88c5#U52a9#U624b1.0.3.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Program Files (x86)\Windows NT\hrsw.vbc
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Windows NT\tProtect.dll
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-3G83D.tmp\#U5b89#U88c5#U52a9#U624b1.0.3.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-HSI1O.tmp\#U5b89#U88c5#U52a9#U624b1.0.3.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-MRB94.tmp\update.vac
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-U1N14.tmp\update.vac
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Windows NT\7zr.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Windows NT\file.bin (copy)
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\is-51JMP.tmp
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\is-9UHGB.tmp
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale2.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale2.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale3.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale3.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale4.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale4.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale7.bin
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\locale7.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\res.dat
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Program Files (x86)\Windows NT\task.xml
|
data
|
dropped
|
||
C:\Program Files (x86)\Windows NT\trash
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2p2k5iwb.q0y.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kvjygs2h.2td.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uv3ixvps.aom.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zcnjpcuh.3b5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-MRB94.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-U1N14.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
\Device\ConDrv
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
There are 22 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.3.exe
|
"C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.3.exe"
|
||
C:\Users\user\AppData\Local\Temp\is-HSI1O.tmp\#U5b89#U88c5#U52a9#U624b1.0.3.tmp
|
"C:\Users\user\AppData\Local\Temp\is-HSI1O.tmp\#U5b89#U88c5#U52a9#U624b1.0.3.tmp" /SL5="$2040C,6541320,845824,C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.3.exe"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -Command "Add-MpPreference -ExclusionPath 'C:\'"
|
||
C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.3.exe
|
"C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.3.exe" /VERYSILENT
|
||
C:\Users\user\AppData\Local\Temp\is-3G83D.tmp\#U5b89#U88c5#U52a9#U624b1.0.3.tmp
|
"C:\Users\user\AppData\Local\Temp\is-3G83D.tmp\#U5b89#U88c5#U52a9#U624b1.0.3.tmp" /SL5="$1042A,6541320,845824,C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.3.exe"
/VERYSILENT
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc create CleverSoar displayname= CleverSoar binPath= "C:\Program Files (x86)\Windows NT\tProtect.dll" type=
kernel start= auto
|
||
C:\Windows\System32\sc.exe
|
sc create CleverSoar displayname= CleverSoar binPath= "C:\Program Files (x86)\Windows NT\tProtect.dll" type= kernel start=
auto
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Program Files (x86)\Windows NT\7zr.exe
|
7zr.exe x -y res.dat -pad8dtyw9eyfd9aslyd9iald
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Program Files (x86)\Windows NT\7zr.exe
|
7zr.exe x -y locale3.dat -pasfasdf79yf9layslofs
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
||
C:\Windows\System32\sc.exe
|
sc start CleverSoar
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /c start sc start CleverSoar
|
There are 98 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
https://www.remobjects.com/ps
|
unknown
|
||
https://www.innosetup.com/
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
HKEY_CURRENT_USER\SOFTWARE\Magisk
|
ring3_username
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1C6883D0000
|
heap
|
page read and write
|
||
1163000
|
heap
|
page read and write
|
||
EE8377F000
|
stack
|
page read and write
|
||
22C238D0000
|
heap
|
page read and write
|
||
882000
|
unkown
|
page read and write
|
||
1E844AB0000
|
heap
|
page read and write
|
||
189721C0000
|
heap
|
page read and write
|
||
6D97D4D000
|
stack
|
page read and write
|
||
1AE4C020000
|
heap
|
page read and write
|
||
4C9000
|
unkown
|
page read and write
|
||
1C688390000
|
heap
|
page read and write
|
||
3CCC000
|
stack
|
page read and write
|
||
250000
|
unkown
|
page readonly
|
||
1F50FFF000
|
stack
|
page read and write
|
||
882000
|
unkown
|
page write copy
|
||
C90000
|
heap
|
page read and write
|
||
CC000
|
stack
|
page read and write
|
||
1484EF18000
|
heap
|
page read and write
|
||
1E844AB8000
|
heap
|
page read and write
|
||
2473B930000
|
heap
|
page read and write
|
||
2C74000
|
direct allocation
|
page read and write
|
||
B1729FF000
|
stack
|
page read and write
|
||
20A16920000
|
heap
|
page read and write
|
||
6CC78000
|
unkown
|
page readonly
|
||
2A1B000
|
direct allocation
|
page read and write
|
||
2AB6000
|
direct allocation
|
page read and write
|
||
E89267D000
|
stack
|
page read and write
|
||
115A000
|
heap
|
page read and write
|
||
165F5510000
|
heap
|
page read and write
|
||
4A16000
|
trusted library allocation
|
page read and write
|
||
C1F000
|
stack
|
page read and write
|
||
21D603C5000
|
heap
|
page read and write
|
||
F8E000
|
stack
|
page read and write
|
||
2C28000
|
direct allocation
|
page read and write
|
||
2BB0000
|
direct allocation
|
page read and write
|
||
1AEA9F68000
|
heap
|
page read and write
|
||
1AEA9EA0000
|
heap
|
page read and write
|
||
22E09F60000
|
heap
|
page read and write
|
||
2460D590000
|
heap
|
page read and write
|
||
2A81000
|
direct allocation
|
page read and write
|
||
2836000
|
direct allocation
|
page read and write
|
||
1E844CA0000
|
heap
|
page read and write
|
||
3DDE000
|
direct allocation
|
page read and write
|
||
EEF000
|
stack
|
page read and write
|
||
47B0000
|
heap
|
page read and write
|
||
28D8000
|
direct allocation
|
page read and write
|
||
3163000
|
direct allocation
|
page read and write
|
||
DC4F4FE000
|
unkown
|
page readonly
|
||
22E09E50000
|
heap
|
page read and write
|
||
1AF77E50000
|
heap
|
page read and write
|
||
2BF5000
|
direct allocation
|
page read and write
|
||
49EB000
|
stack
|
page read and write
|
||
216695A0000
|
heap
|
page read and write
|
||
280B000
|
direct allocation
|
page read and write
|
||
15DD000
|
heap
|
page read and write
|
||
26B5000
|
heap
|
page read and write
|
||
F40000
|
heap
|
page read and write
|
||
950000
|
heap
|
page read and write
|
||
7C0000
|
unkown
|
page readonly
|
||
515000
|
unkown
|
page readonly
|
||
6CC88000
|
unkown
|
page write copy
|
||
1150000
|
heap
|
page read and write
|
||
22E09F70000
|
heap
|
page read and write
|
||
2460D308000
|
heap
|
page read and write
|
||
2804000
|
direct allocation
|
page read and write
|
||
239EE580000
|
heap
|
page read and write
|
||
2013D8D5000
|
heap
|
page read and write
|
||
1EF417B0000
|
heap
|
page read and write
|
||
2150000
|
direct allocation
|
page read and write
|
||
287A000
|
direct allocation
|
page read and write
|
||
21D60078000
|
heap
|
page read and write
|
||
4D2000
|
unkown
|
page read and write
|
||
2A5D000
|
direct allocation
|
page read and write
|
||
27C0000
|
heap
|
page read and write
|
||
2A99000
|
direct allocation
|
page read and write
|
||
B5E000
|
stack
|
page read and write
|
||
2BFD000
|
direct allocation
|
page read and write
|
||
2CD3000
|
direct allocation
|
page read and write
|
||
20A16758000
|
heap
|
page read and write
|
||
2460D420000
|
heap
|
page read and write
|
||
4A0A000
|
trusted library allocation
|
page read and write
|
||
20C72635000
|
heap
|
page read and write
|
||
440000
|
heap
|
page read and write
|
||
1D06E410000
|
heap
|
page read and write
|
||
17AFDD48000
|
heap
|
page read and write
|
||
284D000
|
direct allocation
|
page read and write
|
||
48ED000
|
stack
|
page read and write
|
||
450000
|
unkown
|
page readonly
|
||
2C12000
|
direct allocation
|
page read and write
|
||
2140000
|
heap
|
page read and write
|
||
2828000
|
direct allocation
|
page read and write
|
||
160E8985000
|
heap
|
page read and write
|
||
310B000
|
direct allocation
|
page read and write
|
||
1AE4C210000
|
heap
|
page read and write
|
||
1F242C40000
|
heap
|
page read and write
|
||
4410000
|
direct allocation
|
page read and write
|
||
22CBE260000
|
heap
|
page read and write
|
||
1158000
|
heap
|
page read and write
|
||
64A87C000
|
stack
|
page read and write
|
||
2C83000
|
direct allocation
|
page read and write
|
||
132F000
|
stack
|
page read and write
|
||
2A56000
|
direct allocation
|
page read and write
|
||
5B9A87E000
|
stack
|
page read and write
|
||
3DCE000
|
direct allocation
|
page read and write
|
||
B9E000
|
stack
|
page read and write
|
||
1F7DB9B0000
|
heap
|
page read and write
|
||
26BC000
|
heap
|
page read and write
|
||
6CD59000
|
unkown
|
page execute read
|
||
9BE000
|
stack
|
page read and write
|
||
B77DF7F000
|
stack
|
page read and write
|
||
2C4B000
|
direct allocation
|
page read and write
|
||
103FDB30000
|
heap
|
page read and write
|
||
238EAD70000
|
heap
|
page read and write
|
||
DF1577E000
|
stack
|
page read and write
|
||
2898000
|
direct allocation
|
page read and write
|
||
9ED3EAC000
|
stack
|
page read and write
|
||
3085000
|
direct allocation
|
page read and write
|
||
882000
|
unkown
|
page read and write
|
||
2BEE000
|
direct allocation
|
page read and write
|
||
1AE4C3F5000
|
heap
|
page read and write
|
||
3D0000
|
heap
|
page read and write
|
||
2AE8000
|
direct allocation
|
page read and write
|
||
5F12EFE000
|
stack
|
page read and write
|
||
5F12FFE000
|
stack
|
page read and write
|
||
29E8000
|
direct allocation
|
page read and write
|
||
1F7DBB18000
|
heap
|
page read and write
|
||
22CBE1C0000
|
heap
|
page read and write
|
||
2460D595000
|
heap
|
page read and write
|
||
71B1D7E000
|
stack
|
page read and write
|
||
2CE8000
|
direct allocation
|
page read and write
|
||
E89287F000
|
stack
|
page read and write
|
||
2F90000
|
direct allocation
|
page read and write
|
||
307E000
|
direct allocation
|
page read and write
|
||
5D2376D000
|
stack
|
page read and write
|
||
2E70C290000
|
heap
|
page read and write
|
||
286A000
|
direct allocation
|
page read and write
|
||
1830000
|
heap
|
page read and write
|
||
3DB9000
|
direct allocation
|
page read and write
|
||
7AB000
|
stack
|
page read and write
|
||
238EAD50000
|
heap
|
page read and write
|
||
165F54E0000
|
heap
|
page read and write
|
||
2C64000
|
direct allocation
|
page read and write
|
||
1AE4C230000
|
heap
|
page read and write
|
||
4429000
|
direct allocation
|
page read and write
|
||
460000
|
heap
|
page read and write
|
||
2C5D000
|
direct allocation
|
page read and write
|
||
1EF41838000
|
heap
|
page read and write
|
||
4D9000
|
unkown
|
page readonly
|
||
88B000
|
unkown
|
page readonly
|
||
6FD000
|
stack
|
page read and write
|
||
451000
|
unkown
|
page execute read
|
||
7FC5A000
|
direct allocation
|
page read and write
|
||
22E09F65000
|
heap
|
page read and write
|
||
7C0000
|
unkown
|
page readonly
|
||
28C0000
|
heap
|
page read and write
|
||
2A29000
|
direct allocation
|
page read and write
|
||
1816F7E000
|
stack
|
page read and write
|
||
28D1000
|
direct allocation
|
page read and write
|
||
1A7CE1A5000
|
heap
|
page read and write
|
||
B1728FE000
|
stack
|
page read and write
|
||
2AA0000
|
direct allocation
|
page read and write
|
||
7F95B000
|
direct allocation
|
page read and write
|
||
160E8980000
|
heap
|
page read and write
|
||
114A000
|
heap
|
page read and write
|
||
3154000
|
direct allocation
|
page read and write
|
||
165F58C5000
|
heap
|
page read and write
|
||
1899000
|
heap
|
page read and write
|
||
27B9000
|
direct allocation
|
page read and write
|
||
4D7000
|
unkown
|
page readonly
|
||
489000
|
heap
|
page read and write
|
||
1ECBDFF000
|
stack
|
page read and write
|
||
1154000
|
heap
|
page read and write
|
||
2460D400000
|
heap
|
page read and write
|
||
2199000
|
heap
|
page read and write
|
||
1AE4C130000
|
heap
|
page read and write
|
||
409F000
|
direct allocation
|
page read and write
|
||
3B5E000
|
heap
|
page read and write
|
||
30AE000
|
direct allocation
|
page read and write
|
||
2190000
|
heap
|
page read and write
|
||
1110000
|
heap
|
page read and write
|
||
1F7DBA90000
|
heap
|
page read and write
|
||
4FE000
|
unkown
|
page read and write
|
||
30C9000
|
direct allocation
|
page read and write
|
||
3B8E000
|
stack
|
page read and write
|
||
2EB0000
|
heap
|
page read and write
|
||
1E844A50000
|
heap
|
page read and write
|
||
20A169C0000
|
heap
|
page read and write
|
||
17AFE0D5000
|
heap
|
page read and write
|
||
1F242958000
|
heap
|
page read and write
|
||
1F242950000
|
heap
|
page read and write
|
||
1132000
|
heap
|
page read and write
|
||
2E70C5B5000
|
heap
|
page read and write
|
||
1D06DFF0000
|
heap
|
page read and write
|
||
705000
|
unkown
|
page write copy
|
||
315C000
|
direct allocation
|
page read and write
|
||
2013D8A0000
|
heap
|
page read and write
|
||
F46000
|
heap
|
page read and write
|
||
14131D000
|
stack
|
page read and write
|
||
1496000
|
heap
|
page read and write
|
||
F8F000
|
stack
|
page read and write
|
||
5B9A77E000
|
stack
|
page read and write
|
||
2A92000
|
direct allocation
|
page read and write
|
||
21A7EFE000
|
stack
|
page read and write
|
||
21669540000
|
heap
|
page read and write
|
||
154E000
|
stack
|
page read and write
|
||
3070000
|
direct allocation
|
page read and write
|
||
1484EE70000
|
heap
|
page read and write
|
||
22E09F90000
|
heap
|
page read and write
|
||
470000
|
heap
|
page read and write
|
||
1C688370000
|
heap
|
page read and write
|
||
1200000
|
heap
|
page read and write
|
||
9FE000
|
stack
|
page read and write
|
||
239EE588000
|
heap
|
page read and write
|
||
4070000
|
direct allocation
|
page read and write
|
||
1298AFF000
|
stack
|
page read and write
|
||
BD61BFD000
|
stack
|
page read and write
|
||
2551E3C0000
|
heap
|
page read and write
|
||
160E8680000
|
heap
|
page read and write
|
||
7B0000
|
heap
|
page read and write
|
||
1A7CDEE8000
|
heap
|
page read and write
|
||
218C000
|
heap
|
page read and write
|
||
2C18000
|
direct allocation
|
page read and write
|
||
27EE000
|
direct allocation
|
page read and write
|
||
21A9000
|
heap
|
page read and write
|
||
316A000
|
direct allocation
|
page read and write
|
||
1484EEA5000
|
heap
|
page read and write
|
||
99E000
|
stack
|
page read and write
|
||
EA5671C000
|
stack
|
page read and write
|
||
1135000
|
heap
|
page read and write
|
||
4E1EC7F000
|
stack
|
page read and write
|
||
2A64000
|
direct allocation
|
page read and write
|
||
2A8A000
|
direct allocation
|
page read and write
|
||
30DB000
|
direct allocation
|
page read and write
|
||
239EE845000
|
heap
|
page read and write
|
||
2A14000
|
direct allocation
|
page read and write
|
||
1F242C45000
|
heap
|
page read and write
|
||
1154000
|
heap
|
page read and write
|
||
21669810000
|
heap
|
page read and write
|
||
6CD53000
|
unkown
|
page read and write
|
||
2551E428000
|
heap
|
page read and write
|
||
1172000
|
heap
|
page read and write
|
||
28A6000
|
direct allocation
|
page read and write
|
||
1164000
|
heap
|
page read and write
|
||
2C0B000
|
direct allocation
|
page read and write
|
||
1D06E415000
|
heap
|
page read and write
|
||
30FD000
|
direct allocation
|
page read and write
|
||
4D4E000
|
stack
|
page read and write
|
||
1AEAA225000
|
heap
|
page read and write
|
||
25C0000
|
direct allocation
|
page read and write
|
||
95D747C000
|
stack
|
page read and write
|
||
1F49D3D0000
|
heap
|
page read and write
|
||
1AF77D50000
|
heap
|
page read and write
|
||
189723E5000
|
heap
|
page read and write
|
||
2A46000
|
direct allocation
|
page read and write
|
||
1162000
|
heap
|
page read and write
|
||
2CA8000
|
direct allocation
|
page read and write
|
||
6D9807F000
|
stack
|
page read and write
|
||
27D8000
|
direct allocation
|
page read and write
|
||
165F55B8000
|
heap
|
page read and write
|
||
1F49D6F0000
|
heap
|
page read and write
|
||
2180000
|
heap
|
page read and write
|
||
2FB0000
|
direct allocation
|
page read and write
|
||
1D06E0A0000
|
heap
|
page read and write
|
||
22C23570000
|
heap
|
page read and write
|
||
1F49D6F5000
|
heap
|
page read and write
|
||
3040000
|
heap
|
page read and write
|
||
282F000
|
direct allocation
|
page read and write
|
||
1AF77B80000
|
heap
|
page read and write
|
||
3130000
|
direct allocation
|
page read and write
|
||
577000
|
unkown
|
page readonly
|
||
22E09E58000
|
heap
|
page read and write
|
||
1AF77E55000
|
heap
|
page read and write
|
||
88B000
|
unkown
|
page readonly
|
||
3E00000
|
direct allocation
|
page read and write
|
||
1484EEA0000
|
heap
|
page read and write
|
||
25D0000
|
direct allocation
|
page read and write
|
||
4F8F000
|
stack
|
page read and write
|
||
3050000
|
direct allocation
|
page execute and read and write
|
||
15A0000
|
heap
|
page read and write
|
||
3180000
|
heap
|
page read and write
|
||
4A0A000
|
trusted library allocation
|
page read and write
|
||
4C9000
|
unkown
|
page read and write
|
||
C98000
|
heap
|
page read and write
|
||
2ADA000
|
direct allocation
|
page read and write
|
||
6D9817F000
|
stack
|
page read and write
|
||
1AF77B50000
|
heap
|
page read and write
|
||
2A7A000
|
direct allocation
|
page read and write
|
||
160E8780000
|
heap
|
page read and write
|
||
22C23670000
|
heap
|
page read and write
|
||
88B000
|
unkown
|
page readonly
|
||
1CB30CD5000
|
heap
|
page read and write
|
||
22C238D5000
|
heap
|
page read and write
|
||
E8F000
|
stack
|
page read and write
|
||
29F7000
|
direct allocation
|
page read and write
|
||
20A16750000
|
heap
|
page read and write
|
||
238EAB88000
|
heap
|
page read and write
|
||
CFC000
|
stack
|
page read and write
|
||
3069000
|
direct allocation
|
page read and write
|
||
1AEAA220000
|
heap
|
page read and write
|
||
1CB30A80000
|
heap
|
page read and write
|
||
1ECB9FC000
|
stack
|
page read and write
|
||
29F0000
|
direct allocation
|
page read and write
|
||
2741000
|
heap
|
page read and write
|
||
2AC4000
|
direct allocation
|
page read and write
|
||
130E000
|
stack
|
page read and write
|
||
30E6000
|
direct allocation
|
page read and write
|
||
3DA9000
|
direct allocation
|
page read and write
|
||
CA9000
|
heap
|
page read and write
|
||
1153000
|
heap
|
page read and write
|
||
3053000
|
direct allocation
|
page read and write
|
||
28BC000
|
direct allocation
|
page read and write
|
||
30ED000
|
direct allocation
|
page read and write
|
||
27E0000
|
direct allocation
|
page read and write
|
||
309B000
|
direct allocation
|
page read and write
|
||
30B8000
|
direct allocation
|
page read and write
|
||
2ABD000
|
direct allocation
|
page read and write
|
||
179E000
|
stack
|
page read and write
|
||
421000
|
unkown
|
page execute read
|
||
1484EF10000
|
heap
|
page read and write
|
||
1C688630000
|
heap
|
page read and write
|
||
216695A8000
|
heap
|
page read and write
|
||
714000
|
unkown
|
page write copy
|
||
189722C0000
|
heap
|
page read and write
|
||
1F49D5E0000
|
heap
|
page read and write
|
||
4E4F000
|
stack
|
page read and write
|
||
1409000
|
heap
|
page read and write
|
||
656000
|
unkown
|
page execute read
|
||
2013D990000
|
heap
|
page read and write
|
||
4A18000
|
trusted library allocation
|
page read and write
|
||
1580000
|
heap
|
page read and write
|
||
283F000
|
direct allocation
|
page read and write
|
||
2A22000
|
direct allocation
|
page read and write
|
||
1CB309A0000
|
heap
|
page read and write
|
||
3146000
|
direct allocation
|
page read and write
|
||
6CE43000
|
unkown
|
page readonly
|
||
4070000
|
direct allocation
|
page read and write
|
||
160E8760000
|
heap
|
page read and write
|
||
46A3CE000
|
stack
|
page read and write
|
||
F47000
|
heap
|
page read and write
|
||
2CB6000
|
direct allocation
|
page read and write
|
||
1A7CDD30000
|
heap
|
page read and write
|
||
21669530000
|
heap
|
page read and write
|
||
20C72350000
|
heap
|
page read and write
|
||
26C0000
|
heap
|
page read and write
|
||
1A7CDE10000
|
heap
|
page read and write
|
||
70D000
|
unkown
|
page read and write
|
||
27C9000
|
direct allocation
|
page read and write
|
||
1D06E010000
|
heap
|
page read and write
|
||
27CC000
|
heap
|
page read and write
|
||
7C1000
|
unkown
|
page execute read
|
||
29FE000
|
direct allocation
|
page read and write
|
||
3061000
|
direct allocation
|
page read and write
|
||
2819000
|
direct allocation
|
page read and write
|
||
9E6CB7E000
|
stack
|
page read and write
|
||
882000
|
unkown
|
page write copy
|
||
1F49D5C0000
|
heap
|
page read and write
|
||
3077000
|
direct allocation
|
page read and write
|
||
F40000
|
heap
|
page read and write
|
||
2013D8D0000
|
heap
|
page read and write
|
||
79FF17F000
|
stack
|
page read and write
|
||
26C1000
|
heap
|
page read and write
|
||
49F0000
|
trusted library allocation
|
page read and write
|
||
1AE4C3F0000
|
heap
|
page read and write
|
||
3F0000
|
heap
|
page read and write
|
||
1C688635000
|
heap
|
page read and write
|
||
7BE000
|
stack
|
page read and write
|
||
C68ACBD000
|
stack
|
page read and write
|
||
29C9000
|
direct allocation
|
page read and write
|
||
17AFDC90000
|
heap
|
page read and write
|
||
3129000
|
direct allocation
|
page read and write
|
||
2C40000
|
direct allocation
|
page read and write
|
||
103FDC30000
|
heap
|
page read and write
|
||
238EAEC5000
|
heap
|
page read and write
|
||
E89277F000
|
stack
|
page read and write
|
||
3104000
|
direct allocation
|
page read and write
|
||
2A05000
|
direct allocation
|
page read and write
|
||
9E6C72C000
|
stack
|
page read and write
|
||
BA0000
|
heap
|
page read and write
|
||
1153000
|
heap
|
page read and write
|
||
86C000
|
unkown
|
page readonly
|
||
77E000
|
stack
|
page read and write
|
||
1E844950000
|
heap
|
page read and write
|
||
B10000
|
heap
|
page read and write
|
||
30F4000
|
direct allocation
|
page read and write
|
||
430000
|
heap
|
page read and write
|
||
4CB000
|
unkown
|
page read and write
|
||
2E70C5B0000
|
heap
|
page read and write
|
||
238EAB80000
|
heap
|
page read and write
|
||
4D6000
|
unkown
|
page read and write
|
||
2196000
|
heap
|
page read and write
|
||
1833000
|
heap
|
page read and write
|
||
DC4F47E000
|
stack
|
page read and write
|
||
1170000
|
heap
|
page read and write
|
||
3E924CD000
|
stack
|
page read and write
|
||
2473B5B8000
|
heap
|
page read and write
|
||
117C000
|
heap
|
page read and write
|
||
20A16720000
|
heap
|
page read and write
|
||
F30000
|
heap
|
page read and write
|
||
71B196C000
|
stack
|
page read and write
|
||
2192000
|
heap
|
page read and write
|
||
160E87D8000
|
heap
|
page read and write
|
||
88B000
|
unkown
|
page readonly
|
||
B77DE7F000
|
stack
|
page read and write
|
||
1F2428F0000
|
heap
|
page read and write
|
||
2CCC000
|
direct allocation
|
page read and write
|
||
2BD9000
|
direct allocation
|
page read and write
|
||
9ED3FAE000
|
stack
|
page read and write
|
||
15A8000
|
heap
|
page read and write
|
||
95D767F000
|
stack
|
page read and write
|
||
189721C8000
|
heap
|
page read and write
|
||
6FB000
|
unkown
|
page execute read
|
||
4CB000
|
unkown
|
page read and write
|
||
21BA000
|
heap
|
page read and write
|
||
1AEA9EC0000
|
heap
|
page read and write
|
||
77E000
|
stack
|
page read and write
|
||
28C1000
|
heap
|
page read and write
|
||
95D757E000
|
stack
|
page read and write
|
||
26B0000
|
heap
|
page read and write
|
||
4E1EB7F000
|
stack
|
page read and write
|
||
437E000
|
direct allocation
|
page read and write
|
||
22C23490000
|
heap
|
page read and write
|
||
26B9000
|
heap
|
page read and write
|
||
510000
|
unkown
|
page write copy
|
||
BD61EFE000
|
stack
|
page read and write
|
||
700000
|
unkown
|
page write copy
|
||
C68ADBE000
|
stack
|
page read and write
|
||
6CAD0000
|
unkown
|
page readonly
|
||
2AE1000
|
direct allocation
|
page read and write
|
||
2551E2E0000
|
heap
|
page read and write
|
||
2E70000
|
direct allocation
|
page read and write
|
||
479F000
|
stack
|
page read and write
|
||
43A0000
|
direct allocation
|
page read and write
|
||
2E70C390000
|
heap
|
page read and write
|
||
21A9000
|
heap
|
page read and write
|
||
4FF0C7C000
|
stack
|
page read and write
|
||
F48000
|
heap
|
page read and write
|
||
3C8F000
|
stack
|
page read and write
|
||
2013D8E0000
|
heap
|
page read and write
|
||
103FDC58000
|
heap
|
page read and write
|
||
1EF417D0000
|
heap
|
page read and write
|
||
103FDC10000
|
heap
|
page read and write
|
||
2AA8000
|
direct allocation
|
page read and write
|
||
DE0000
|
heap
|
page read and write
|
||
308D000
|
direct allocation
|
page read and write
|
||
46A2CD000
|
stack
|
page read and write
|
||
1180000
|
heap
|
page read and write
|
||
27E7000
|
direct allocation
|
page read and write
|
||
958000
|
heap
|
page read and write
|
||
160E87D0000
|
heap
|
page read and write
|
||
28CA000
|
direct allocation
|
page read and write
|
||
3514AED000
|
stack
|
page read and write
|
||
2C7B000
|
direct allocation
|
page read and write
|
||
1CB30AC8000
|
heap
|
page read and write
|
||
21669815000
|
heap
|
page read and write
|
||
2BE7000
|
direct allocation
|
page read and write
|
||
103FDC50000
|
heap
|
page read and write
|
||
1C6883D8000
|
heap
|
page read and write
|
||
2197000
|
heap
|
page read and write
|
||
4D0E000
|
stack
|
page read and write
|
||
103FDD90000
|
heap
|
page read and write
|
||
1170000
|
heap
|
page read and write
|
||
BEC000
|
stack
|
page read and write
|
||
2C39000
|
direct allocation
|
page read and write
|
||
4D5000
|
unkown
|
page write copy
|
||
71B1C7E000
|
stack
|
page read and write
|
||
1820000
|
heap
|
page read and write
|
||
2DF0000
|
direct allocation
|
page read and write
|
||
48B0000
|
trusted library allocation
|
page read and write
|
||
2C56000
|
direct allocation
|
page read and write
|
||
1E844A30000
|
heap
|
page read and write
|
||
49F0000
|
trusted library allocation
|
page read and write
|
||
9ED42FF000
|
stack
|
page read and write
|
||
30DE000
|
direct allocation
|
page read and write
|
||
86C000
|
unkown
|
page readonly
|
||
7C1000
|
unkown
|
page execute read
|
||
1570000
|
heap
|
page read and write
|
||
970000
|
heap
|
page read and write
|
||
2473B780000
|
heap
|
page read and write
|
||
17AFDC80000
|
heap
|
page read and write
|
||
79FF07E000
|
stack
|
page read and write
|
||
64A97E000
|
stack
|
page read and write
|
||
27D1000
|
direct allocation
|
page read and write
|
||
313F000
|
direct allocation
|
page read and write
|
||
6CD000
|
unkown
|
page execute read
|
||
1163000
|
heap
|
page read and write
|
||
1ECBCFF000
|
stack
|
page read and write
|
||
5B9A67C000
|
stack
|
page read and write
|
||
28AD000
|
direct allocation
|
page read and write
|
||
2A0C000
|
direct allocation
|
page read and write
|
||
21A7BED000
|
stack
|
page read and write
|
||
17AFDD40000
|
heap
|
page read and write
|
||
1298BFE000
|
stack
|
page read and write
|
||
2C04000
|
direct allocation
|
page read and write
|
||
2812000
|
direct allocation
|
page read and write
|
||
505000
|
unkown
|
page read and write
|
||
21669560000
|
heap
|
page read and write
|
||
189720B0000
|
heap
|
page read and write
|
||
239EE790000
|
heap
|
page read and write
|
||
EA56B7F000
|
stack
|
page read and write
|
||
86C000
|
unkown
|
page readonly
|
||
C2D7C8C000
|
stack
|
page read and write
|
||
239EE840000
|
heap
|
page read and write
|
||
1490000
|
heap
|
page read and write
|
||
2A30000
|
direct allocation
|
page read and write
|
||
3170000
|
heap
|
page read and write
|
||
2780000
|
heap
|
page read and write
|
||
6CAD1000
|
unkown
|
page execute read
|
||
28C3000
|
direct allocation
|
page read and write
|
||
218C000
|
heap
|
page read and write
|
||
21D603C0000
|
heap
|
page read and write
|
||
46A6FF000
|
stack
|
page read and write
|
||
49F0000
|
trusted library allocation
|
page read and write
|
||
22CBE268000
|
heap
|
page read and write
|
||
3514EFF000
|
stack
|
page read and write
|
||
30D0000
|
heap
|
page read and write
|
||
3030000
|
direct allocation
|
page read and write
|
||
7C0000
|
unkown
|
page readonly
|
||
10CE000
|
stack
|
page read and write
|
||
2820000
|
direct allocation
|
page read and write
|
||
2CAF000
|
direct allocation
|
page read and write
|
||
4E8E000
|
stack
|
page read and write
|
||
22C23678000
|
heap
|
page read and write
|
||
1F7DBB10000
|
heap
|
page read and write
|
||
2473B590000
|
heap
|
page read and write
|
||
189723E0000
|
heap
|
page read and write
|
||
21D5FFB0000
|
heap
|
page read and write
|
||
108E000
|
stack
|
page read and write
|
||
2013D997000
|
heap
|
page read and write
|
||
2D70000
|
direct allocation
|
page read and write
|
||
43A3000
|
direct allocation
|
page read and write
|
||
1F50EFF000
|
stack
|
page read and write
|
||
2013D7C0000
|
heap
|
page read and write
|
||
22CBE0E0000
|
heap
|
page read and write
|
||
3171000
|
direct allocation
|
page read and write
|
||
1AF77B60000
|
heap
|
page read and write
|
||
2460D300000
|
heap
|
page read and write
|
||
4FCB000
|
stack
|
page read and write
|
||
B77DB2D000
|
stack
|
page read and write
|
||
1F7DBAB0000
|
heap
|
page read and write
|
||
13A0000
|
heap
|
page read and write
|
||
1AE4C028000
|
heap
|
page read and write
|
||
1C688360000
|
heap
|
page read and write
|
||
27F5000
|
direct allocation
|
page read and write
|
||
285A000
|
direct allocation
|
page read and write
|
||
79FED4D000
|
stack
|
page read and write
|
||
3AD0000
|
direct allocation
|
page read and write
|
||
29C0000
|
direct allocation
|
page read and write
|
||
21D60070000
|
heap
|
page read and write
|
||
3870000
|
trusted library allocation
|
page read and write
|
||
1840000
|
direct allocation
|
page read and write
|
||
47B1000
|
heap
|
page read and write
|
||
2A4F000
|
direct allocation
|
page read and write
|
||
116F000
|
heap
|
page read and write
|
||
2551E420000
|
heap
|
page read and write
|
||
2BE0000
|
direct allocation
|
page read and write
|
||
2E70C370000
|
heap
|
page read and write
|
||
1EF417D5000
|
heap
|
page read and write
|
||
73E000
|
stack
|
page read and write
|
||
20C72630000
|
heap
|
page read and write
|
||
3094000
|
direct allocation
|
page read and write
|
||
1EF41830000
|
heap
|
page read and write
|
||
1118000
|
heap
|
page read and write
|
||
714000
|
unkown
|
page read and write
|
||
22E09D60000
|
heap
|
page read and write
|
||
4FF0D7E000
|
stack
|
page read and write
|
||
3138000
|
direct allocation
|
page read and write
|
||
1AEA9E90000
|
heap
|
page read and write
|
||
115D000
|
heap
|
page read and write
|
||
2BC3000
|
direct allocation
|
page read and write
|
||
705000
|
unkown
|
page read and write
|
||
12987CD000
|
stack
|
page read and write
|
||
AE6000
|
stack
|
page read and write
|
||
1400000
|
heap
|
page read and write
|
||
21D5FFA0000
|
heap
|
page read and write
|
||
35C000
|
stack
|
page read and write
|
||
3114000
|
direct allocation
|
page read and write
|
||
2551E615000
|
heap
|
page read and write
|
||
2800000
|
heap
|
page read and write
|
||
1153000
|
heap
|
page read and write
|
||
113E000
|
stack
|
page read and write
|
||
165F55B0000
|
heap
|
page read and write
|
||
2551E3E0000
|
heap
|
page read and write
|
||
115A000
|
heap
|
page read and write
|
||
64AA7E000
|
stack
|
page read and write
|
||
3122000
|
direct allocation
|
page read and write
|
||
2CE1000
|
direct allocation
|
page read and write
|
||
2C92000
|
direct allocation
|
page read and write
|
||
1480000
|
heap
|
page read and write
|
||
B17259D000
|
stack
|
page read and write
|
||
14167F000
|
stack
|
page read and write
|
||
67E000
|
stack
|
page read and write
|
||
420000
|
unkown
|
page readonly
|
||
22CBE4F5000
|
heap
|
page read and write
|
||
1484ED70000
|
heap
|
page read and write
|
||
1AEA9F60000
|
heap
|
page read and write
|
||
2854000
|
direct allocation
|
page read and write
|
||
1F7DBDE5000
|
heap
|
page read and write
|
||
181707E000
|
stack
|
page read and write
|
||
1D06DFE0000
|
heap
|
page read and write
|
||
3B10000
|
heap
|
page read and write
|
||
1AF77B88000
|
heap
|
page read and write
|
||
1840000
|
direct allocation
|
page read and write
|
||
218A000
|
heap
|
page read and write
|
||
30D0000
|
direct allocation
|
page read and write
|
||
2551E610000
|
heap
|
page read and write
|
||
32D0000
|
trusted library allocation
|
page read and write
|
||
17A0000
|
direct allocation
|
page execute and read and write
|
||
2CDA000
|
direct allocation
|
page read and write
|
||
4388000
|
direct allocation
|
page read and write
|
||
21D5FFD0000
|
heap
|
page read and write
|
||
17AFE0D0000
|
heap
|
page read and write
|
||
9E6CA7F000
|
stack
|
page read and write
|
||
20A169C5000
|
heap
|
page read and write
|
||
7F940000
|
direct allocation
|
page read and write
|
||
1F49D3D8000
|
heap
|
page read and write
|
||
46C000
|
unkown
|
page execute read
|
||
22CBE4F0000
|
heap
|
page read and write
|
||
EE8387F000
|
stack
|
page read and write
|
||
5F12BDC000
|
stack
|
page read and write
|
||
239EE770000
|
heap
|
page read and write
|
||
7C0000
|
unkown
|
page readonly
|
||
BB0000
|
heap
|
page read and write
|
||
407B000
|
direct allocation
|
page read and write
|
||
1F49D4E0000
|
heap
|
page read and write
|
||
23A8000
|
heap
|
page read and write
|
||
1238000
|
stack
|
page read and write
|
||
1CD000
|
stack
|
page read and write
|
||
165F54F0000
|
heap
|
page read and write
|
||
1A7CDEE0000
|
heap
|
page read and write
|
||
2700000
|
heap
|
page read and write
|
||
1156000
|
heap
|
page read and write
|
||
1D06E0A8000
|
heap
|
page read and write
|
||
2A3F000
|
direct allocation
|
page read and write
|
||
478000
|
heap
|
page read and write
|
||
49F0000
|
trusted library allocation
|
page read and write
|
||
2882000
|
direct allocation
|
page read and write
|
||
EA56A7E000
|
stack
|
page read and write
|
||
408D000
|
direct allocation
|
page read and write
|
||
4E1EA7D000
|
stack
|
page read and write
|
||
3130000
|
direct allocation
|
page read and write
|
||
2846000
|
direct allocation
|
page read and write
|
||
35BE000
|
stack
|
page read and write
|
||
1A7CDE30000
|
heap
|
page read and write
|
||
20C72358000
|
heap
|
page read and write
|
||
2C4E000
|
direct allocation
|
page read and write
|
||
700000
|
unkown
|
page read and write
|
||
2473B5B0000
|
heap
|
page read and write
|
||
1895000
|
heap
|
page read and write
|
||
424E000
|
stack
|
page read and write
|
||
28B4000
|
direct allocation
|
page read and write
|
||
50CC000
|
stack
|
page read and write
|
||
2290000
|
direct allocation
|
page read and write
|
||
3C0000
|
heap
|
page read and write
|
||
4FE000
|
unkown
|
page write copy
|
||
218C000
|
heap
|
page read and write
|
||
22C23590000
|
heap
|
page read and write
|
||
165F58C0000
|
heap
|
page read and write
|
||
6FE000
|
unkown
|
page write copy
|
||
1CB30CD0000
|
heap
|
page read and write
|
||
3183000
|
heap
|
page read and write
|
||
C2D80FF000
|
stack
|
page read and write
|
||
7C1000
|
unkown
|
page execute read
|
||
21B9000
|
heap
|
page read and write
|
||
289F000
|
direct allocation
|
page read and write
|
||
1EF417E0000
|
heap
|
page read and write
|
||
4D2000
|
unkown
|
page read and write
|
||
2890000
|
direct allocation
|
page read and write
|
||
4083000
|
direct allocation
|
page read and write
|
||
3178000
|
direct allocation
|
page read and write
|
||
DF1567D000
|
stack
|
page read and write
|
||
2185000
|
heap
|
page read and write
|
||
239EE690000
|
heap
|
page read and write
|
||
17AFDCB0000
|
heap
|
page read and write
|
||
50D000
|
unkown
|
page read and write
|
||
1A7CE1A0000
|
heap
|
page read and write
|
||
20C722D0000
|
heap
|
page read and write
|
||
4A0A000
|
trusted library allocation
|
page read and write
|
||
4A16000
|
trusted library allocation
|
page read and write
|
||
3040000
|
direct allocation
|
page read and write
|
||
1CB30AA0000
|
heap
|
page read and write
|
||
30A2000
|
direct allocation
|
page read and write
|
||
103FDD95000
|
heap
|
page read and write
|
||
EE8367D000
|
stack
|
page read and write
|
||
2B00000
|
heap
|
page read and write
|
||
1E844CA5000
|
heap
|
page read and write
|
||
1484EE50000
|
heap
|
page read and write
|
||
BD61FFE000
|
stack
|
page read and write
|
||
4A18000
|
trusted library allocation
|
page read and write
|
||
C68B0FF000
|
stack
|
page read and write
|
||
29E1000
|
direct allocation
|
page read and write
|
||
2840000
|
heap
|
page read and write
|
||
3DC4000
|
direct allocation
|
page read and write
|
||
2A37000
|
direct allocation
|
page read and write
|
||
86C000
|
unkown
|
page readonly
|
||
2AD3000
|
direct allocation
|
page read and write
|
||
2ACC000
|
direct allocation
|
page read and write
|
||
3514BEE000
|
stack
|
page read and write
|
||
20C722A0000
|
heap
|
page read and write
|
||
1179000
|
heap
|
page read and write
|
||
14DE000
|
stack
|
page read and write
|
||
5D23A7F000
|
stack
|
page read and write
|
||
1EF417A0000
|
heap
|
page read and write
|
||
44F0000
|
heap
|
page read and write
|
||
24CC000
|
heap
|
page read and write
|
||
27FC000
|
direct allocation
|
page read and write
|
||
1840000
|
direct allocation
|
page read and write
|
||
3E925CE000
|
stack
|
page read and write
|
||
3DEE000
|
direct allocation
|
page read and write
|
||
6FE000
|
unkown
|
page read and write
|
||
2889000
|
direct allocation
|
page read and write
|
||
717000
|
unkown
|
page readonly
|
||
BDC000
|
stack
|
page read and write
|
||
20C722B0000
|
heap
|
page read and write
|
||
2740000
|
heap
|
page read and write
|
||
22CBE1E0000
|
heap
|
page read and write
|
||
BD6F72D000
|
stack
|
page read and write
|
||
3E928FE000
|
stack
|
page read and write
|
||
DF1587F000
|
stack
|
page read and write
|
||
2C8B000
|
direct allocation
|
page read and write
|
||
2294000
|
heap
|
page read and write
|
||
C2D7D8E000
|
stack
|
page read and write
|
||
1890000
|
heap
|
page read and write
|
||
AFC000
|
stack
|
page read and write
|
||
2E70C3B8000
|
heap
|
page read and write
|
||
27C1000
|
heap
|
page read and write
|
||
2CBD000
|
direct allocation
|
page read and write
|
||
2E70C3B0000
|
heap
|
page read and write
|
||
115A000
|
heap
|
page read and write
|
||
18972190000
|
heap
|
page read and write
|
||
1F7DBDE0000
|
heap
|
page read and write
|
||
2F90000
|
direct allocation
|
page read and write
|
||
90B000
|
stack
|
page read and write
|
||
2AAF000
|
direct allocation
|
page read and write
|
||
D1F000
|
stack
|
page read and write
|
||
1816E7C000
|
stack
|
page read and write
|
||
2473B935000
|
heap
|
page read and write
|
||
14177E000
|
stack
|
page read and write
|
||
2CC4000
|
direct allocation
|
page read and write
|
||
238EAEC0000
|
heap
|
page read and write
|
||
DC4F10D000
|
stack
|
page read and write
|
||
5D23B7E000
|
stack
|
page read and write
|
||
1F242810000
|
heap
|
page read and write
|
||
E50000
|
heap
|
page read and write
|
||
2BD1000
|
direct allocation
|
page read and write
|
||
1CB30AC0000
|
heap
|
page read and write
|
||
3E02000
|
direct allocation
|
page read and write
|
||
2F70000
|
direct allocation
|
page read and write
|
||
1405000
|
heap
|
page read and write
|
||
7C1000
|
unkown
|
page execute read
|
||
20A16710000
|
heap
|
page read and write
|
||
517000
|
unkown
|
page readonly
|
||
21A7FFF000
|
stack
|
page read and write
|
||
1151000
|
heap
|
page read and write
|
||
2473B580000
|
heap
|
page read and write
|
||
2460D220000
|
heap
|
page read and write
|
||
238EAB60000
|
heap
|
page read and write
|
||
1F242910000
|
heap
|
page read and write
|
||
4FF0E7E000
|
stack
|
page read and write
|
||
500000
|
unkown
|
page read and write
|
||
251000
|
unkown
|
page execute read
|
||
21FA000
|
heap
|
page read and write
|
||
DD0000
|
heap
|
page read and write
|
||
2871000
|
direct allocation
|
page read and write
|
||
314D000
|
direct allocation
|
page read and write
|
||
311B000
|
direct allocation
|
page read and write
|
||
4C9000
|
unkown
|
page write copy
|
||
3DB0000
|
direct allocation
|
page read and write
|
||
1F50B8D000
|
stack
|
page read and write
|
There are 758 hidden memdumps, click here to show them.