Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\MaxLoonaFest2663\MaxLoonaFest2663.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FANBooster2663.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MaxLoonaFest2663.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\OfficeTrackerNMP2663.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\FANBooster2663\FANBooster2663.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0glaokhr.30r.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1aga23cs.pjf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1w2sfdkc.gvm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_23dmljal.dbl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2br1ukrl.ql3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4czbpl1u.2fz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4va2ro5t.2u3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4xa0om4w.eht.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_51zdcgil.0tq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5dg45pi2.dqz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a3wj4rmo.al5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bhaabn42.5b1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_buaxntsg.43e.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ejlvv503.usn.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ew2cj0xd.2sr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ezjmxwhs.sgc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iitlzu0l.ofp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j01zpbfn.p5i.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jefzcpkj.wpv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jo2jmpcw.zcy.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jyiygxxj.55e.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_khvhtcyk.5nn.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kofrvwje.dxu.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kpdeefvc.dfg.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l0ncuatr.hkn.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l1qz2ehr.xql.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l2nuatuv.acq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mcvmaxwy.aop.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mtmva3vi.oyv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n0bprkgz.ydw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o4csvh0y.njf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_omuvxrkx.zsq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pcbnlsf2.p3o.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_peuj2bi2.f2v.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rj4eeeug.nxd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rju0ouis.pic.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ru0xvhov.bae.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sfsvdss3.rjc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_svfl5xqn.l1d.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uqnejpd4.jp2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uv1knh4j.m1m.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_widja2cw.1b0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wj2xl5vs.zfn.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wv4nlc3s.hs0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xwuim123.fzn.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_za55xzna.hea.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zfhyf0zw.emd.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zxze2yic.s2k.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\rise2663M9Asphalt.tmp
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster2663.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive,
ctime=Sat Sep 21 14:33:26 2024, mtime=Sat Sep 21 14:33:26 2024, atime=Sat Dec 7 08:10:47 2019, length=65440, window=hide
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 49 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell" Get-MpPreference -verbose
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableArchiveScanning $true
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableBlockAtFirstSeen $true
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisablePrivacyMode $true
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableScriptScanning $true
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -HighThreatDefaultAction 6 -Force
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -LowThreatDefaultAction 6
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -MAPSReporting 0
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ModerateThreatDefaultAction 6
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SevereThreatDefaultAction 6
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine
$true
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SubmitSamplesConsent 2
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /c schtasks /create /f /RU "user" /tr "C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe" /tn "OfficeTrackerNMP2663
HR" /sc HOURLY /rl HIGHEST
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /f /RU "user" /tr "C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe" /tn "OfficeTrackerNMP2663
HR" /sc HOURLY /rl HIGHEST
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /c schtasks /create /f /RU "user" /tr "C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe" /tn "OfficeTrackerNMP2663
LG" /sc ONLOGON /rl HIGHEST
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /f /RU "user" /tr "C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe" /tn "OfficeTrackerNMP2663
LG" /sc ONLOGON /rl HIGHEST
|
|
|
|
C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe
|
C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe
|
|
|
|
C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe
|
C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Users\user\AppData\Local\MaxLoonaFest2663\MaxLoonaFest2663.exe
|
"C:\Users\user\AppData\Local\MaxLoonaFest2663\MaxLoonaFest2663.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Users\user\AppData\Local\MaxLoonaFest2663\MaxLoonaFest2663.exe
|
"C:\Users\user\AppData\Local\MaxLoonaFest2663\MaxLoonaFest2663.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Users\user\AppData\Local\Temp\FANBooster2663\FANBooster2663.exe
|
"C:\Users\user\AppData\Local\Temp\FANBooster2663\FANBooster2663.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 31 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://ipinfo.io/
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://api.myip.com/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://ion=v4.5
|
unknown
|
||
|
https://www.maxmind.com/en/locate-my-ip-address
|
unknown
|
||
|
https://api64.ipify.org/?format=json
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://discord.com/api/v9/users/
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://db-ip.com/demo/home.php?s=
|
unknown
|
||
|
https://maxmind.com/geoip/v2.1/city/me
|
unknown
|
||
|
https://t.me/RiseProSUPPORT
|
unknown
|
||
|
https://ipinfo.io/widget/demo/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://go.L
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://maxmind.com/geoip/v2.1/city/me/https://www.maxmind.com/en/locate-my-ip-address
|
unknown
|
There are 14 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
118.194.235.187
|
unknown
|
China
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
|
DisableRoutinelyTakingAction
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRawWriteNotification
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
MaxLoonaFest2663
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2BF5000
|
trusted library allocation
|
page read and write
|
|
|
|
9392000
|
trusted library allocation
|
page read and write
|
||
|
4BFE000
|
stack
|
page read and write
|
||
|
61AB000
|
trusted library allocation
|
page read and write
|
||
|
11E0000
|
trusted library allocation
|
page read and write
|
||
|
7B20000
|
trusted library allocation
|
page read and write
|
||
|
5B9B000
|
stack
|
page read and write
|
||
|
384F000
|
stack
|
page read and write
|
||
|
2D4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
558A000
|
stack
|
page read and write
|
||
|
5199000
|
trusted library allocation
|
page read and write
|
||
|
50DD000
|
stack
|
page read and write
|
||
|
BBC000
|
stack
|
page read and write
|
||
|
891E000
|
heap
|
page read and write
|
||
|
8DCE000
|
stack
|
page read and write
|
||
|
7B30000
|
trusted library allocation
|
page execute and read and write
|
||
|
757A000
|
stack
|
page read and write
|
||
|
10BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
8912000
|
heap
|
page read and write
|
||
|
EC5000
|
trusted library allocation
|
page execute and read and write
|
||
|
F76000
|
heap
|
page read and write
|
||
|
78EF000
|
stack
|
page read and write
|
||
|
CC9000
|
heap
|
page read and write
|
||
|
5180000
|
trusted library section
|
page read and write
|
||
|
5810000
|
heap
|
page read and write
|
||
|
4F8B000
|
stack
|
page read and write
|
||
|
12F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
5140000
|
trusted library allocation
|
page read and write
|
||
|
CD6000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
C66000
|
heap
|
page read and write
|
||
|
4F1D000
|
stack
|
page read and write
|
||
|
8900000
|
heap
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
56F0000
|
heap
|
page execute and read and write
|
||
|
75BE000
|
stack
|
page read and write
|
||
|
79CE000
|
heap
|
page read and write
|
||
|
64FE000
|
stack
|
page read and write
|
||
|
33FB000
|
heap
|
page read and write
|
||
|
11F2000
|
heap
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
8D80000
|
trusted library allocation
|
page execute and read and write
|
||
|
D01000
|
heap
|
page read and write
|
||
|
10B4000
|
trusted library allocation
|
page read and write
|
||
|
4D2E000
|
stack
|
page read and write
|
||
|
3673000
|
trusted library allocation
|
page execute and read and write
|
||
|
11E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
F3B000
|
heap
|
page read and write
|
||
|
799F000
|
heap
|
page read and write
|
||
|
7B2D000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
AF9000
|
stack
|
page read and write
|
||
|
63EE000
|
stack
|
page read and write
|
||
|
EB2000
|
trusted library allocation
|
page read and write
|
||
|
11ED000
|
heap
|
page read and write
|
||
|
BDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
EAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
E90000
|
trusted library allocation
|
page read and write
|
||
|
8EBD000
|
stack
|
page read and write
|
||
|
EAA000
|
trusted library allocation
|
page read and write
|
||
|
8926000
|
heap
|
page read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
1320000
|
trusted library allocation
|
page read and write
|
||
|
8830000
|
heap
|
page read and write
|
||
|
68F0000
|
heap
|
page read and write
|
||
|
2C50000
|
heap
|
page execute and read and write
|
||
|
7CF0000
|
trusted library allocation
|
page read and write
|
||
|
7CD0000
|
trusted library allocation
|
page read and write
|
||
|
2CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
BC0000
|
trusted library allocation
|
page read and write
|
||
|
5110000
|
heap
|
page execute and read and write
|
||
|
782E000
|
stack
|
page read and write
|
||
|
E90000
|
trusted library allocation
|
page read and write
|
||
|
139E000
|
stack
|
page read and write
|
||
|
107E000
|
stack
|
page read and write
|
||
|
1206000
|
heap
|
page read and write
|
||
|
6270000
|
trusted library allocation
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
4D70000
|
heap
|
page readonly
|
||
|
EBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
9D5000
|
unkown
|
page readonly
|
||
|
287F000
|
stack
|
page read and write
|
||
|
568A000
|
stack
|
page read and write
|
||
|
1090000
|
trusted library allocation
|
page execute and read and write
|
||
|
ECB000
|
trusted library allocation
|
page execute and read and write
|
||
|
155F000
|
stack
|
page read and write
|
||
|
6CFA000
|
stack
|
page read and write
|
||
|
CF8000
|
stack
|
page read and write
|
||
|
32D000
|
stack
|
page read and write
|
||
|
5118000
|
trusted library allocation
|
page read and write
|
||
|
2881000
|
trusted library allocation
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
367D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DAE000
|
stack
|
page read and write
|
||
|
74FE000
|
stack
|
page read and write
|
||
|
7900000
|
trusted library allocation
|
page read and write
|
||
|
870000
|
unkown
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
69B8000
|
heap
|
page read and write
|
||
|
5C9F000
|
stack
|
page read and write
|
||
|
95C000
|
stack
|
page read and write
|
||
|
7EEE8000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C4E000
|
stack
|
page read and write
|
||
|
3B31000
|
trusted library allocation
|
page read and write
|
||
|
116E000
|
stack
|
page read and write
|
||
|
2A70000
|
trusted library allocation
|
page read and write
|
||
|
50E8000
|
trusted library allocation
|
page read and write
|
||
|
89FA000
|
heap
|
page read and write
|
||
|
500E000
|
stack
|
page read and write
|
||
|
7C9D000
|
stack
|
page read and write
|
||
|
BD3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
EA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
79BE000
|
heap
|
page read and write
|
||
|
3850000
|
heap
|
page read and write
|
||
|
7927000
|
heap
|
page read and write
|
||
|
75C000
|
stack
|
page read and write
|
||
|
7F0C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3660000
|
trusted library allocation
|
page read and write
|
||
|
7A31000
|
heap
|
page read and write
|
||
|
733E000
|
stack
|
page read and write
|
||
|
62D7000
|
trusted library allocation
|
page read and write
|
||
|
116F000
|
stack
|
page read and write
|
||
|
365C000
|
heap
|
page read and write
|
||
|
1106000
|
heap
|
page read and write
|
||
|
108F000
|
stack
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
3408000
|
heap
|
page read and write
|
||
|
78F0000
|
heap
|
page execute and read and write
|
||
|
5B37000
|
trusted library allocation
|
page read and write
|
||
|
2A5D000
|
stack
|
page read and write
|
||
|
CC3000
|
heap
|
page read and write
|
||
|
E2E000
|
stack
|
page read and write
|
||
|
6A00000
|
heap
|
page read and write
|
||
|
5F2000
|
unkown
|
page readonly
|
||
|
1394000
|
heap
|
page read and write
|
||
|
743E000
|
stack
|
page read and write
|
||
|
5A9A000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
7D10000
|
trusted library allocation
|
page read and write
|
||
|
FDF000
|
stack
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
7944000
|
heap
|
page read and write
|
||
|
10F9000
|
heap
|
page read and write
|
||
|
78AE000
|
stack
|
page read and write
|
||
|
898C000
|
heap
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
2BC1000
|
trusted library allocation
|
page read and write
|
||
|
891A000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
74BE000
|
stack
|
page read and write
|
||
|
691D000
|
heap
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page read and write
|
||
|
870000
|
unkown
|
page write copy
|
||
|
4E9E000
|
stack
|
page read and write
|
||
|
1350000
|
heap
|
page execute and read and write
|
||
|
124E000
|
stack
|
page read and write
|
||
|
2B2F000
|
stack
|
page read and write
|
||
|
7CE0000
|
trusted library allocation
|
page read and write
|
||
|
3680000
|
trusted library allocation
|
page read and write
|
||
|
F06000
|
heap
|
page read and write
|
||
|
2DEF000
|
stack
|
page read and write
|
||
|
100A000
|
heap
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
599E000
|
stack
|
page read and write
|
||
|
103E000
|
stack
|
page read and write
|
||
|
132B000
|
trusted library allocation
|
page execute and read and write
|
||
|
11CF000
|
stack
|
page read and write
|
||
|
3674000
|
heap
|
page read and write
|
||
|
1340000
|
trusted library allocation
|
page read and write
|
||
|
36C9000
|
heap
|
page read and write
|
||
|
348E000
|
unkown
|
page read and write
|
||
|
C6D000
|
stack
|
page read and write
|
||
|
882E000
|
stack
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
4C5E000
|
stack
|
page read and write
|
||
|
2EF7000
|
stack
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
4FDE000
|
stack
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page execute and read and write
|
||
|
1368000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
88C0000
|
trusted library allocation
|
page read and write
|
||
|
10D7000
|
heap
|
page read and write
|
||
|
34CE000
|
stack
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
7935000
|
heap
|
page read and write
|
||
|
3881000
|
trusted library allocation
|
page read and write
|
||
|
EC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
7C5E000
|
stack
|
page read and write
|
||
|
8D50000
|
trusted library allocation
|
page read and write
|
||
|
11EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
5250000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
79C6000
|
heap
|
page read and write
|
||
|
841000
|
unkown
|
page execute read
|
||
|
636E000
|
stack
|
page read and write
|
||
|
33D8000
|
heap
|
page read and write
|
||
|
890E000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
2D13000
|
trusted library allocation
|
page execute and read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
5296000
|
trusted library allocation
|
page read and write
|
||
|
2AFC000
|
heap
|
page read and write
|
||
|
1382000
|
heap
|
page read and write
|
||
|
3D11000
|
trusted library allocation
|
page read and write
|
||
|
2EBC000
|
stack
|
page read and write
|
||
|
2B31000
|
trusted library allocation
|
page read and write
|
||
|
6141000
|
trusted library allocation
|
page read and write
|
||
|
7680000
|
heap
|
page read and write
|
||
|
8BE0000
|
trusted library allocation
|
page read and write
|
||
|
795000
|
heap
|
page read and write
|
||
|
574C000
|
trusted library allocation
|
page read and write
|
||
|
7D60000
|
trusted library allocation
|
page read and write
|
||
|
8B40000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DC000
|
remote allocation
|
page execute read
|
||
|
3FA1000
|
trusted library allocation
|
page read and write
|
||
|
50B0000
|
heap
|
page execute and read and write
|
||
|
56A7000
|
trusted library allocation
|
page read and write
|
||
|
88D2000
|
trusted library allocation
|
page read and write
|
||
|
865000
|
unkown
|
page readonly
|
||
|
C53000
|
heap
|
page read and write
|
||
|
E94000
|
trusted library allocation
|
page read and write
|
||
|
EDB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
62A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
79B3000
|
heap
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
6149000
|
trusted library allocation
|
page read and write
|
||
|
7042F000
|
unkown
|
page readonly
|
||
|
70426000
|
unkown
|
page readonly
|
||
|
79A000
|
stack
|
page read and write
|
||
|
5766000
|
trusted library allocation
|
page read and write
|
||
|
323D000
|
stack
|
page read and write
|
||
|
3670000
|
trusted library allocation
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
2C4D000
|
stack
|
page read and write
|
||
|
12F4000
|
trusted library allocation
|
page read and write
|
||
|
66AE000
|
stack
|
page read and write
|
||
|
71FA000
|
stack
|
page read and write
|
||
|
4E4E000
|
stack
|
page read and write
|
||
|
7C1E000
|
stack
|
page read and write
|
||
|
753E000
|
stack
|
page read and write
|
||
|
3650000
|
heap
|
page read and write
|
||
|
2E90000
|
heap
|
page execute and read and write
|
||
|
F7A000
|
heap
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
70411000
|
unkown
|
page execute read
|
||
|
330E000
|
stack
|
page read and write
|
||
|
5611000
|
trusted library allocation
|
page read and write
|
||
|
6EFA000
|
stack
|
page read and write
|
||
|
538000
|
remote allocation
|
page execute and read and write
|
||
|
10F2000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
25AE000
|
stack
|
page read and write
|
||
|
EFA000
|
stack
|
page read and write
|
||
|
11D8000
|
heap
|
page read and write
|
||
|
EF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
10FE000
|
stack
|
page read and write
|
||
|
591B000
|
stack
|
page read and write
|
||
|
6A10000
|
heap
|
page read and write
|
||
|
2CB1000
|
trusted library allocation
|
page read and write
|
||
|
D7F000
|
stack
|
page read and write
|
||
|
8780000
|
trusted library allocation
|
page read and write
|
||
|
2C0F000
|
stack
|
page read and write
|
||
|
C0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
12E0000
|
trusted library allocation
|
page read and write
|
||
|
88F0000
|
heap
|
page read and write
|
||
|
50E4000
|
trusted library allocation
|
page read and write
|
||
|
EAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D5D000
|
stack
|
page read and write
|
||
|
10ED000
|
heap
|
page read and write
|
||
|
5141000
|
trusted library allocation
|
page read and write
|
||
|
2D60000
|
trusted library allocation
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
7EED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
333D000
|
stack
|
page read and write
|
||
|
1327000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A1F000
|
unkown
|
page read and write
|
||
|
338F000
|
stack
|
page read and write
|
||
|
7D40000
|
trusted library allocation
|
page read and write
|
||
|
E93000
|
trusted library allocation
|
page execute and read and write
|
||
|
79BB000
|
heap
|
page read and write
|
||
|
4EDE000
|
stack
|
page read and write
|
||
|
54E0000
|
heap
|
page execute and read and write
|
||
|
10C4000
|
trusted library allocation
|
page read and write
|
||
|
136F000
|
stack
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
F7E000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
88B0000
|
trusted library allocation
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
51A0000
|
trusted library allocation
|
page read and write
|
||
|
6984000
|
heap
|
page read and write
|
||
|
6430000
|
heap
|
page read and write
|
||
|
EF9000
|
stack
|
page read and write
|
||
|
EB0000
|
trusted library allocation
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
402000
|
remote allocation
|
page execute read
|
||
|
5190000
|
trusted library allocation
|
page read and write
|
||
|
B9E000
|
stack
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
EC2000
|
trusted library allocation
|
page read and write
|
||
|
4D4E000
|
stack
|
page read and write
|
||
|
79F6000
|
heap
|
page read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
9D5000
|
unkown
|
page readonly
|
||
|
5AD3000
|
trusted library allocation
|
page read and write
|
||
|
8922000
|
heap
|
page read and write
|
||
|
4EA0000
|
heap
|
page execute and read and write
|
||
|
5100000
|
heap
|
page execute and read and write
|
||
|
840000
|
unkown
|
page readonly
|
||
|
6934000
|
heap
|
page read and write
|
||
|
2D11000
|
trusted library allocation
|
page read and write
|
||
|
51B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8770000
|
trusted library allocation
|
page execute and read and write
|
||
|
70FA000
|
stack
|
page read and write
|
||
|
5776000
|
trusted library allocation
|
page read and write
|
||
|
50FB000
|
stack
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
36A2000
|
trusted library allocation
|
page read and write
|
||
|
88A0000
|
trusted library allocation
|
page read and write
|
||
|
ED7000
|
trusted library allocation
|
page execute and read and write
|
||
|
C37000
|
heap
|
page read and write
|
||
|
4DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B13000
|
heap
|
page read and write
|
||
|
D6D000
|
stack
|
page read and write
|
||
|
767A000
|
stack
|
page read and write
|
||
|
E80000
|
trusted library allocation
|
page read and write
|
||
|
7CB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DFA000
|
stack
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
5B70000
|
trusted library allocation
|
page read and write
|
||
|
109E000
|
stack
|
page read and write
|
||
|
3448000
|
heap
|
page read and write
|
||
|
8D53000
|
trusted library allocation
|
page read and write
|
||
|
4D6E000
|
stack
|
page read and write
|
||
|
8BCE000
|
stack
|
page read and write
|
||
|
E9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BBE000
|
stack
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
36CB000
|
heap
|
page read and write
|
||
|
7B8A000
|
trusted library allocation
|
page read and write
|
||
|
1014000
|
heap
|
page read and write
|
||
|
7D50000
|
trusted library allocation
|
page read and write
|
||
|
C90000
|
trusted library allocation
|
page read and write
|
||
|
8916000
|
heap
|
page read and write
|
||
|
8760000
|
heap
|
page read and write
|
||
|
E9F000
|
stack
|
page read and write
|
||
|
7042D000
|
unkown
|
page read and write
|
||
|
2D47000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E17000
|
heap
|
page read and write
|
||
|
F7E000
|
stack
|
page read and write
|
||
|
4CE0000
|
trusted library allocation
|
page read and write
|
||
|
2D00000
|
trusted library allocation
|
page read and write
|
||
|
555F000
|
stack
|
page read and write
|
||
|
51DE000
|
stack
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
841000
|
unkown
|
page execute read
|
||
|
12FE000
|
stack
|
page read and write
|
||
|
25C0000
|
heap
|
page read and write
|
||
|
516A000
|
trusted library allocation
|
page read and write
|
||
|
5130000
|
heap
|
page execute and read and write
|
||
|
4E4E000
|
stack
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
2D14000
|
trusted library allocation
|
page read and write
|
||
|
6630000
|
heap
|
page read and write
|
||
|
4E5C000
|
stack
|
page read and write
|
||
|
653E000
|
stack
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
3BC1000
|
trusted library allocation
|
page read and write
|
||
|
7D00000
|
trusted library allocation
|
page read and write
|
||
|
799D000
|
heap
|
page read and write
|
||
|
7920000
|
heap
|
page read and write
|
||
|
11F9000
|
heap
|
page read and write
|
||
|
2FFE000
|
unkown
|
page read and write
|
||
|
E80000
|
heap
|
page execute and read and write
|
||
|
10B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
2AA0000
|
trusted library allocation
|
page read and write
|
||
|
79EB000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
D95000
|
heap
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
62E8000
|
trusted library allocation
|
page read and write
|
||
|
68EE000
|
stack
|
page read and write
|
||
|
7D70000
|
trusted library allocation
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
52CF000
|
stack
|
page read and write
|
||
|
545E000
|
stack
|
page read and write
|
||
|
52DF000
|
stack
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
2960000
|
heap
|
page execute and read and write
|
||
|
87ED000
|
stack
|
page read and write
|
||
|
7D80000
|
trusted library allocation
|
page read and write
|
||
|
7D30000
|
trusted library allocation
|
page read and write
|
||
|
1388000
|
heap
|
page read and write
|
||
|
69C000
|
stack
|
page read and write
|
||
|
69A000
|
remote allocation
|
page execute and read and write
|
||
|
3159000
|
trusted library allocation
|
page read and write
|
||
|
4DDC000
|
stack
|
page read and write
|
||
|
7B2B000
|
trusted library allocation
|
page read and write
|
||
|
8BD0000
|
trusted library allocation
|
page read and write
|
||
|
1250000
|
trusted library allocation
|
page execute and read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
5130000
|
trusted library allocation
|
page read and write
|
||
|
4E10000
|
heap
|
page read and write
|
||
|
2B13000
|
heap
|
page read and write
|
||
|
137D000
|
heap
|
page read and write
|
||
|
10BE000
|
stack
|
page read and write
|
||
|
8B8E000
|
stack
|
page read and write
|
||
|
89E3000
|
heap
|
page read and write
|
||
|
570E000
|
stack
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
7B80000
|
trusted library allocation
|
page read and write
|
||
|
BD4000
|
trusted library allocation
|
page read and write
|
||
|
12FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FA1000
|
trusted library allocation
|
page read and write
|
||
|
79D4000
|
heap
|
page read and write
|
||
|
E20000
|
direct allocation
|
page execute and read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
4DF0000
|
trusted library allocation
|
page read and write
|
||
|
5110000
|
trusted library allocation
|
page read and write
|
||
|
56A1000
|
trusted library allocation
|
page read and write
|
||
|
2C60000
|
trusted library allocation
|
page read and write
|
||
|
795E000
|
heap
|
page read and write
|
||
|
840000
|
unkown
|
page readonly
|
||
|
3310000
|
heap
|
page read and write
|
||
|
3DE000
|
unkown
|
page read and write
|
||
|
2DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
560F000
|
trusted library allocation
|
page read and write
|
||
|
7CA0000
|
trusted library allocation
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
3CB1000
|
trusted library allocation
|
page read and write
|
||
|
363F000
|
unkown
|
page read and write
|
||
|
8D40000
|
trusted library allocation
|
page read and write
|
||
|
69AF000
|
heap
|
page read and write
|
||
|
67AE000
|
stack
|
page read and write
|
||
|
2E70000
|
trusted library allocation
|
page read and write
|
||
|
4C2E000
|
stack
|
page read and write
|
||
|
D03000
|
heap
|
page read and write
|
||
|
5170000
|
trusted library allocation
|
page execute and read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
5AF3000
|
trusted library allocation
|
page read and write
|
||
|
BE4000
|
trusted library allocation
|
page read and write
|
||
|
EB4000
|
trusted library allocation
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page read and write
|
||
|
62F7000
|
trusted library allocation
|
page read and write
|
||
|
106C000
|
stack
|
page read and write
|
||
|
72FA000
|
stack
|
page read and write
|
||
|
7B87000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
4FCE000
|
stack
|
page read and write
|
||
|
89D7000
|
heap
|
page read and write
|
||
|
865000
|
unkown
|
page readonly
|
||
|
116A000
|
stack
|
page read and write
|
||
|
2B11000
|
heap
|
page read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
4A5D000
|
stack
|
page read and write
|
||
|
EA3000
|
trusted library allocation
|
page read and write
|
||
|
3674000
|
trusted library allocation
|
page read and write
|
||
|
7CC0000
|
trusted library allocation
|
page read and write
|
||
|
792B000
|
heap
|
page read and write
|
||
|
256D000
|
stack
|
page read and write
|
||
|
2FBE000
|
unkown
|
page read and write
|
||
|
2A90000
|
trusted library allocation
|
page read and write
|
||
|
3370000
|
heap
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page read and write
|
||
|
CA8000
|
heap
|
page read and write
|
||
|
3345000
|
heap
|
page read and write
|
||
|
2A1A000
|
stack
|
page read and write
|
||
|
894C000
|
heap
|
page read and write
|
||
|
5310000
|
heap
|
page execute and read and write
|
||
|
62EE000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
5F0000
|
unkown
|
page readonly
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
509D000
|
stack
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
495D000
|
stack
|
page read and write
|
||
|
5150000
|
trusted library allocation
|
page read and write
|
||
|
6169000
|
trusted library allocation
|
page read and write
|
||
|
5160000
|
trusted library allocation
|
page read and write
|
||
|
36C0000
|
heap
|
page read and write
|
||
|
C07000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D40000
|
trusted library allocation
|
page read and write
|
||
|
63AE000
|
stack
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
7B7E000
|
stack
|
page read and write
|
||
|
34D0000
|
heap
|
page read and write
|
||
|
580A000
|
stack
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
7D20000
|
trusted library allocation
|
page read and write
|
||
|
763D000
|
stack
|
page read and write
|
||
|
3690000
|
trusted library allocation
|
page read and write
|
||
|
4D88000
|
trusted library allocation
|
page read and write
|
||
|
548E000
|
stack
|
page read and write
|
||
|
EA4000
|
trusted library allocation
|
page read and write
|
||
|
3950000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
7BDE000
|
stack
|
page read and write
|
||
|
1304000
|
trusted library allocation
|
page read and write
|
||
|
50B5000
|
heap
|
page execute and read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
3689000
|
trusted library allocation
|
page read and write
|
||
|
1177000
|
heap
|
page read and write
|
||
|
2A80000
|
heap
|
page execute and read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
142F000
|
stack
|
page read and write
|
||
|
2D24000
|
trusted library allocation
|
page read and write
|
||
|
36A5000
|
trusted library allocation
|
page execute and read and write
|
||
|
EB6000
|
trusted library allocation
|
page execute and read and write
|
||
|
5139000
|
trusted library allocation
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
5FE000
|
unkown
|
page readonly
|
||
|
786E000
|
stack
|
page read and write
|
||
|
79D2000
|
heap
|
page read and write
|
||
|
51CE000
|
stack
|
page read and write
|
||
|
2D1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
887E000
|
stack
|
page read and write
|
||
|
12AE000
|
stack
|
page read and write
|
||
|
BFC000
|
stack
|
page read and write
|
||
|
3675000
|
heap
|
page read and write
|
||
|
2910000
|
heap
|
page read and write
|
||
|
70410000
|
unkown
|
page readonly
|
||
|
75FE000
|
stack
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
6947000
|
heap
|
page read and write
|
||
|
799B000
|
heap
|
page read and write
|
There are 535 hidden memdumps, click here to show them.