Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Register.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_67610627f3d80862be4395c8c3d38d7f16bdd81_7522e4b5_05c1c5a9-feca-4ea1-8b83-1995f0382e3d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_67610627f3d80862be4395c8c3d38d7f16bdd81_7522e4b5_073317ce-26e9-4a8b-899e-5ad5b4c14d2f\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_67610627f3d80862be4395c8c3d38d7f16bdd81_7522e4b5_25afbb4a-fb05-4299-89cc-552653051d94\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_67610627f3d80862be4395c8c3d38d7f16bdd81_7522e4b5_7840c9f2-9337-4ce2-ae78-4357fbd0b120\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_67610627f3d80862be4395c8c3d38d7f16bdd81_7522e4b5_935ab68d-2b79-41b7-8cda-70829c04b3ae\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_67610627f3d80862be4395c8c3d38d7f16bdd81_7522e4b5_a503244f-1a73-41ca-95dd-8c855909acd8\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_67610627f3d80862be4395c8c3d38d7f16bdd81_7522e4b5_f4a64302-c074-4cf3-a3fa-2c6a200a88d5\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER559B.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Oct 10 18:13:40 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER55BA.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Oct 10 18:13:40 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5677.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5678.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER56D6.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5744.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER603A.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Oct 10 18:13:42 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6099.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER60B9.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7A2A.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Oct 10 18:13:49 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7A79.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Oct 10 18:13:50 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7A98.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Oct 10 18:13:49 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B35.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B75.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7BF1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7C4D.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Oct 10 18:13:50 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7C4F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7C5E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D0B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7F7B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7FAB.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\{E0224FF9-7AE3-4F9E-991A-2F004F7E3952}\desktop.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 21 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\Register.dll"
|
 |
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\Register.dll,ActiveApp
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Register.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\Register.dll,ActiveAppSpecial
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\Register.dll,ActiveTrial
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Register.dll",ActiveApp
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Register.dll",ActiveAppSpecial
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Register.dll",ActiveTrial
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Register.dll",ValidateThreadLicense
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Register.dll",GetSurplusDays
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Register.dll",GetLicenseType
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Register.dll",ClearTrialData
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Register.dll",CheckTrialInstalled
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Register.dll",CheckLicenseLocatin
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Register.dll",CheckDbValue
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\Register.dll",#1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 644
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 652
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 644
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 644
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 644
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 644
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 644
|
There are 14 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://www.indyproject.org/
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProgramId
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
FileId
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LongPathHash
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Name
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
OriginalFileName
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Publisher
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Version
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinFileVersion
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinaryType
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductName
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductVersion
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LinkDate
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinProductVersion
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Size
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Language
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
IsOsComponent
|
||
|
\REGISTRY\A\{d7b0f32b-4247-b6b8-3533-cc6af5d24c5c}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
There are 22 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4E48000
|
direct allocation
|
page read and write
|
||
|
929000
|
unkown
|
page read and write
|
||
|
4DF9000
|
direct allocation
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
45AC000
|
direct allocation
|
page read and write
|
||
|
4240000
|
unkown
|
page readonly
|
||
|
443D000
|
direct allocation
|
page read and write
|
||
|
4412000
|
direct allocation
|
page read and write
|
||
|
4576000
|
direct allocation
|
page read and write
|
||
|
4E5000
|
unkown
|
page read and write
|
||
|
50C000
|
unkown
|
page readonly
|
||
|
46C0000
|
heap
|
page read and write
|
||
|
4E0C000
|
direct allocation
|
page read and write
|
||
|
2FBE000
|
stack
|
page read and write
|
||
|
28B6000
|
direct allocation
|
page read and write
|
||
|
4E2000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
74A000
|
heap
|
page read and write
|
||
|
4DE000
|
unkown
|
page read and write
|
||
|
44A9000
|
unkown
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
4E4000
|
unkown
|
page write copy
|
||
|
70F000
|
stack
|
page read and write
|
||
|
32DA000
|
heap
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
4319000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
459E000
|
direct allocation
|
page read and write
|
||
|
500D000
|
direct allocation
|
page read and write
|
||
|
4DEB000
|
direct allocation
|
page read and write
|
||
|
4DA9000
|
direct allocation
|
page read and write
|
||
|
44C8000
|
direct allocation
|
page read and write
|
||
|
4E2000
|
unkown
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
42D9000
|
direct allocation
|
page read and write
|
||
|
5038000
|
direct allocation
|
page read and write
|
||
|
4CFF000
|
direct allocation
|
page read and write
|
||
|
53C0000
|
heap
|
page read and write
|
||
|
A3B000
|
stack
|
page read and write
|
||
|
D3E000
|
unkown
|
page read and write
|
||
|
4363000
|
direct allocation
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
4322000
|
direct allocation
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
445A000
|
direct allocation
|
page read and write
|
||
|
44AE000
|
unkown
|
page read and write
|
||
|
4EC8000
|
direct allocation
|
page read and write
|
||
|
4618000
|
direct allocation
|
page read and write
|
||
|
44B2000
|
unkown
|
page read and write
|
||
|
5014000
|
direct allocation
|
page read and write
|
||
|
CBD000
|
unkown
|
page write copy
|
||
|
29B000
|
stack
|
page read and write
|
||
|
433F000
|
direct allocation
|
page read and write
|
||
|
4D9000
|
unkown
|
page read and write
|
||
|
4DD4000
|
direct allocation
|
page read and write
|
||
|
44BA000
|
direct allocation
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
47E9000
|
direct allocation
|
page read and write
|
||
|
4E5000
|
unkown
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
43D1000
|
unkown
|
page execute read
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
43B000
|
stack
|
page read and write
|
||
|
4CAF000
|
direct allocation
|
page read and write
|
||
|
4D6F000
|
direct allocation
|
page read and write
|
||
|
4E2000
|
unkown
|
page read and write
|
||
|
44DC000
|
unkown
|
page readonly
|
||
|
71E000
|
stack
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
DCF000
|
stack
|
page read and write
|
||
|
4FF8000
|
direct allocation
|
page read and write
|
||
|
4EB000
|
stack
|
page read and write
|
||
|
4830000
|
heap
|
page read and write
|
||
|
45FC000
|
direct allocation
|
page read and write
|
||
|
4444000
|
direct allocation
|
page read and write
|
||
|
4EAB000
|
direct allocation
|
page read and write
|
||
|
4436000
|
direct allocation
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
47B000
|
stack
|
page read and write
|
||
|
5450000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4CF8000
|
direct allocation
|
page read and write
|
||
|
45F4000
|
direct allocation
|
page read and write
|
||
|
34EF000
|
stack
|
page read and write
|
||
|
28A0000
|
direct allocation
|
page read and write
|
||
|
45BB000
|
direct allocation
|
page read and write
|
||
|
4314000
|
direct allocation
|
page read and write
|
||
|
4E1B000
|
direct allocation
|
page read and write
|
||
|
841000
|
unkown
|
page execute read
|
||
|
D80000
|
heap
|
page read and write
|
||
|
4EB9000
|
direct allocation
|
page read and write
|
||
|
C60000
|
unkown
|
page readonly
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
4DE3000
|
direct allocation
|
page read and write
|
||
|
4C00000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
323B000
|
stack
|
page read and write
|
||
|
43D1000
|
unkown
|
page execute read
|
||
|
454B000
|
direct allocation
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
4EB2000
|
direct allocation
|
page read and write
|
||
|
4CE2000
|
direct allocation
|
page read and write
|
||
|
4D38000
|
direct allocation
|
page read and write
|
||
|
50C000
|
unkown
|
page readonly
|
||
|
4E5000
|
unkown
|
page read and write
|
||
|
4E5000
|
unkown
|
page read and write
|
||
|
37A0000
|
heap
|
page read and write
|
||
|
4CBE000
|
direct allocation
|
page read and write
|
||
|
4EF000
|
unkown
|
page readonly
|
||
|
343E000
|
stack
|
page read and write
|
||
|
4329000
|
unkown
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
4FE2000
|
direct allocation
|
page read and write
|
||
|
87B000
|
stack
|
page read and write
|
||
|
4E24000
|
direct allocation
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
4E4000
|
unkown
|
page write copy
|
||
|
4D9000
|
unkown
|
page read and write
|
||
|
452E000
|
direct allocation
|
page read and write
|
||
|
8EF000
|
stack
|
page read and write
|
||
|
2ECB000
|
stack
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
4DF000
|
unkown
|
page write copy
|
||
|
448F000
|
direct allocation
|
page read and write
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
4CFE000
|
stack
|
page read and write
|
||
|
4E4000
|
unkown
|
page write copy
|
||
|
44DC000
|
unkown
|
page readonly
|
||
|
44B2000
|
unkown
|
page read and write
|
||
|
D3D000
|
unkown
|
page write copy
|
||
|
44BF000
|
unkown
|
page readonly
|
||
|
79D000
|
stack
|
page read and write
|
||
|
320A000
|
heap
|
page read and write
|
||
|
4E00000
|
direct allocation
|
page read and write
|
||
|
4E5000
|
unkown
|
page read and write
|
||
|
4FF0000
|
direct allocation
|
page read and write
|
||
|
4E9000
|
unkown
|
page read and write
|
||
|
286E000
|
direct allocation
|
page read and write
|
||
|
434C000
|
unkown
|
page readonly
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
9EF000
|
stack
|
page read and write
|
||
|
77E000
|
stack
|
page read and write
|
||
|
44BD000
|
unkown
|
page write copy
|
||
|
CFF000
|
stack
|
page read and write
|
||
|
919000
|
unkown
|
page read and write
|
||
|
3500000
|
direct allocation
|
page execute and read and write
|
||
|
4856000
|
direct allocation
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
44BD000
|
unkown
|
page write copy
|
||
|
4840000
|
direct allocation
|
page read and write
|
||
|
E3E000
|
stack
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
4500000
|
heap
|
page read and write
|
||
|
4D9000
|
unkown
|
page read and write
|
||
|
44AF000
|
unkown
|
page write copy
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
93F000
|
stack
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
4DFF000
|
stack
|
page read and write
|
||
|
5023000
|
direct allocation
|
page read and write
|
||
|
CDC000
|
unkown
|
page readonly
|
||
|
481C000
|
direct allocation
|
page read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
D39000
|
unkown
|
page read and write
|
||
|
434D000
|
direct allocation
|
page read and write
|
||
|
4338000
|
direct allocation
|
page read and write
|
||
|
4ED000
|
unkown
|
page write copy
|
||
|
4DE000
|
unkown
|
page read and write
|
||
|
4DDC000
|
direct allocation
|
page read and write
|
||
|
4DF000
|
unkown
|
page write copy
|
||
|
44B3000
|
direct allocation
|
page read and write
|
||
|
4832000
|
direct allocation
|
page read and write
|
||
|
4E4000
|
unkown
|
page write copy
|
||
|
285F000
|
direct allocation
|
page read and write
|
||
|
35B000
|
stack
|
page read and write
|
||
|
4D0D000
|
direct allocation
|
page read and write
|
||
|
28C4000
|
direct allocation
|
page read and write
|
||
|
CB2000
|
unkown
|
page read and write
|
||
|
35E0000
|
heap
|
page read and write
|
||
|
D4D000
|
unkown
|
page write copy
|
||
|
4322000
|
unkown
|
page read and write
|
||
|
44C1000
|
direct allocation
|
page read and write
|
||
|
4D9000
|
unkown
|
page read and write
|
||
|
288B000
|
direct allocation
|
page read and write
|
||
|
45ED000
|
direct allocation
|
page read and write
|
||
|
4DC000
|
unkown
|
page write copy
|
||
|
4330000
|
direct allocation
|
page read and write
|
||
|
4DB0000
|
direct allocation
|
page read and write
|
||
|
457D000
|
direct allocation
|
page read and write
|
||
|
435C000
|
direct allocation
|
page read and write
|
||
|
4ED000
|
unkown
|
page write copy
|
||
|
4581000
|
direct allocation
|
page read and write
|
||
|
443F000
|
direct allocation
|
page read and write
|
||
|
438F000
|
stack
|
page read and write
|
||
|
820000
|
direct allocation
|
page execute and read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
4329000
|
unkown
|
page read and write
|
||
|
7DF000
|
stack
|
page read and write
|
||
|
2FFB000
|
stack
|
page read and write
|
||
|
4DDC000
|
direct allocation
|
page read and write
|
||
|
D6C000
|
unkown
|
page readonly
|
||
|
4E69000
|
direct allocation
|
page read and write
|
||
|
48D0000
|
heap
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
4DC000
|
unkown
|
page write copy
|
||
|
45A1000
|
direct allocation
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
436A000
|
direct allocation
|
page read and write
|
||
|
4DFE000
|
direct allocation
|
page read and write
|
||
|
4371000
|
direct allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
4FA1000
|
direct allocation
|
page read and write
|
||
|
4DBF000
|
direct allocation
|
page read and write
|
||
|
4378000
|
direct allocation
|
page read and write
|
||
|
4E1D000
|
direct allocation
|
page read and write
|
||
|
89F000
|
stack
|
page read and write
|
||
|
460A000
|
direct allocation
|
page read and write
|
||
|
42EF000
|
direct allocation
|
page read and write
|
||
|
59B000
|
stack
|
page read and write
|
||
|
AFA000
|
heap
|
page read and write
|
||
|
4EF000
|
unkown
|
page readonly
|
||
|
43FC000
|
direct allocation
|
page read and write
|
||
|
44AD000
|
unkown
|
page write copy
|
||
|
5270000
|
heap
|
page read and write
|
||
|
4E5000
|
unkown
|
page read and write
|
||
|
4461000
|
direct allocation
|
page read and write
|
||
|
76A000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4E4000
|
unkown
|
page write copy
|
||
|
4552000
|
direct allocation
|
page read and write
|
||
|
34F0000
|
heap
|
page read and write
|
||
|
347F000
|
stack
|
page read and write
|
||
|
4D3F000
|
stack
|
page read and write
|
||
|
4E9000
|
unkown
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
4DC000
|
unkown
|
page write copy
|
||
|
BD1000
|
unkown
|
page execute read
|
||
|
4DF000
|
unkown
|
page write copy
|
||
|
560000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
4EF000
|
unkown
|
page readonly
|
||
|
2740000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
44B9000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
440B000
|
direct allocation
|
page read and write
|
||
|
BD0000
|
unkown
|
page readonly
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
4D7E000
|
direct allocation
|
page read and write
|
||
|
4EF000
|
unkown
|
page readonly
|
||
|
42FE000
|
direct allocation
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
45DF000
|
direct allocation
|
page read and write
|
||
|
4E3F000
|
direct allocation
|
page read and write
|
||
|
431F000
|
unkown
|
page write copy
|
||
|
630000
|
heap
|
page read and write
|
||
|
485D000
|
direct allocation
|
page read and write
|
||
|
4468000
|
direct allocation
|
page read and write
|
||
|
3380000
|
heap
|
page read and write
|
||
|
4DC6000
|
direct allocation
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
431B000
|
direct allocation
|
page read and write
|
||
|
4E29000
|
direct allocation
|
page read and write
|
||
|
4EF000
|
unkown
|
page readonly
|
||
|
4CCC000
|
direct allocation
|
page read and write
|
||
|
4559000
|
direct allocation
|
page read and write
|
||
|
4ED000
|
unkown
|
page write copy
|
||
|
D4F000
|
unkown
|
page readonly
|
||
|
4ECF000
|
direct allocation
|
page read and write
|
||
|
4EF000
|
unkown
|
page readonly
|
||
|
43EE000
|
direct allocation
|
page read and write
|
||
|
4DE000
|
unkown
|
page read and write
|
||
|
4850000
|
heap
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
4E9000
|
unkown
|
page read and write
|
||
|
4DC000
|
unkown
|
page write copy
|
||
|
4E8E000
|
direct allocation
|
page read and write
|
||
|
D42000
|
unkown
|
page read and write
|
||
|
50C000
|
unkown
|
page readonly
|
||
|
4D14000
|
direct allocation
|
page read and write
|
||
|
430C000
|
direct allocation
|
page read and write
|
||
|
4320000
|
heap
|
page read and write
|
||
|
2892000
|
direct allocation
|
page read and write
|
||
|
4ED000
|
unkown
|
page write copy
|
||
|
4A10000
|
heap
|
page read and write
|
||
|
4DC000
|
unkown
|
page write copy
|
||
|
4DF000
|
unkown
|
page write copy
|
||
|
4DC000
|
unkown
|
page write copy
|
||
|
44D0000
|
direct allocation
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
482B000
|
direct allocation
|
page read and write
|
||
|
4D8C000
|
direct allocation
|
page read and write
|
||
|
43B000
|
stack
|
page read and write
|
||
|
4CE9000
|
direct allocation
|
page read and write
|
||
|
4378000
|
direct allocation
|
page read and write
|
||
|
44AD000
|
unkown
|
page write copy
|
||
|
287C000
|
direct allocation
|
page read and write
|
||
|
45D0000
|
direct allocation
|
page read and write
|
||
|
432D000
|
unkown
|
page write copy
|
||
|
433F000
|
direct allocation
|
page read and write
|
||
|
4E71000
|
direct allocation
|
page read and write
|
||
|
45A8000
|
direct allocation
|
page read and write
|
||
|
501C000
|
direct allocation
|
page read and write
|
||
|
4FCC000
|
direct allocation
|
page read and write
|
||
|
4322000
|
direct allocation
|
page read and write
|
||
|
4496000
|
direct allocation
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
459E000
|
direct allocation
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
D3D000
|
stack
|
page read and write
|
||
|
45C2000
|
direct allocation
|
page read and write
|
||
|
4E08000
|
direct allocation
|
page read and write
|
||
|
458C000
|
direct allocation
|
page read and write
|
||
|
484F000
|
direct allocation
|
page read and write
|
||
|
4E2000
|
unkown
|
page read and write
|
||
|
CAF000
|
unkown
|
page write copy
|
||
|
F7F000
|
stack
|
page read and write
|
||
|
442F000
|
direct allocation
|
page read and write
|
||
|
4AB000
|
stack
|
page read and write
|
||
|
4E50000
|
heap
|
page read and write
|
||
|
4839000
|
direct allocation
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
91F000
|
unkown
|
page write copy
|
||
|
349E000
|
stack
|
page read and write
|
||
|
43D0000
|
unkown
|
page readonly
|
||
|
4479000
|
direct allocation
|
page read and write
|
||
|
4240000
|
unkown
|
page readonly
|
||
|
4E2000
|
unkown
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
4E22000
|
direct allocation
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
5DA000
|
heap
|
page read and write
|
||
|
45BB000
|
direct allocation
|
page read and write
|
||
|
A4E000
|
heap
|
page read and write
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
28AF000
|
direct allocation
|
page read and write
|
||
|
4E9C000
|
direct allocation
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
4419000
|
direct allocation
|
page read and write
|
||
|
4D31000
|
direct allocation
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
3440000
|
direct allocation
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
840000
|
unkown
|
page readonly
|
||
|
4E2000
|
unkown
|
page read and write
|
||
|
2F3F000
|
stack
|
page read and write
|
||
|
44A4000
|
direct allocation
|
page read and write
|
||
|
343F000
|
stack
|
page read and write
|
||
|
44AC000
|
direct allocation
|
page read and write
|
||
|
453C000
|
direct allocation
|
page read and write
|
||
|
4428000
|
direct allocation
|
page read and write
|
||
|
4DC000
|
unkown
|
page write copy
|
||
|
4860000
|
remote allocation
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
2E8B000
|
stack
|
page read and write
|
||
|
31B000
|
stack
|
page read and write
|
||
|
3510000
|
heap
|
page read and write
|
||
|
5031000
|
direct allocation
|
page read and write
|
||
|
431B000
|
direct allocation
|
page read and write
|
||
|
4CF0000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
A3B000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
4DF2000
|
direct allocation
|
page read and write
|
||
|
4DD9000
|
direct allocation
|
page read and write
|
||
|
4ED000
|
unkown
|
page write copy
|
||
|
446B000
|
direct allocation
|
page read and write
|
||
|
95A000
|
heap
|
page read and write
|
||
|
4DB000
|
stack
|
page read and write
|
||
|
4ED000
|
unkown
|
page write copy
|
||
|
45D0000
|
direct allocation
|
page read and write
|
||
|
43DF000
|
direct allocation
|
page read and write
|
||
|
4E5000
|
unkown
|
page read and write
|
||
|
4FBE000
|
direct allocation
|
page read and write
|
||
|
4D9000
|
unkown
|
page read and write
|
||
|
4CDB000
|
direct allocation
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
42C6000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
431F000
|
unkown
|
page write copy
|
||
|
B70000
|
heap
|
page read and write
|
||
|
49B000
|
stack
|
page read and write
|
||
|
5420000
|
heap
|
page read and write
|
||
|
4322000
|
unkown
|
page read and write
|
||
|
4E9000
|
unkown
|
page read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4D2A000
|
direct allocation
|
page read and write
|
||
|
4E4000
|
unkown
|
page write copy
|
||
|
4848000
|
direct allocation
|
page read and write
|
||
|
7BA000
|
heap
|
page read and write
|
||
|
2ECB000
|
stack
|
page read and write
|
||
|
4568000
|
direct allocation
|
page read and write
|
||
|
34E0000
|
direct allocation
|
page execute and read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
4453000
|
direct allocation
|
page read and write
|
||
|
4472000
|
direct allocation
|
page read and write
|
||
|
4E46000
|
direct allocation
|
page read and write
|
||
|
D49000
|
unkown
|
page read and write
|
||
|
323B000
|
stack
|
page read and write
|
||
|
C61000
|
unkown
|
page execute read
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
3520000
|
direct allocation
|
page execute and read and write
|
||
|
4E33000
|
direct allocation
|
page read and write
|
||
|
344F000
|
stack
|
page read and write
|
||
|
A2E000
|
stack
|
page read and write
|
||
|
4593000
|
direct allocation
|
page read and write
|
||
|
4DF000
|
unkown
|
page write copy
|
||
|
2770000
|
direct allocation
|
page execute and read and write
|
||
|
32EA000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
4D9000
|
unkown
|
page read and write
|
||
|
2E6B000
|
stack
|
page read and write
|
||
|
4E41000
|
direct allocation
|
page read and write
|
||
|
4E7F000
|
direct allocation
|
page read and write
|
||
|
45D8000
|
direct allocation
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
44A9000
|
unkown
|
page read and write
|
||
|
4E2C000
|
direct allocation
|
page read and write
|
||
|
4E3A000
|
direct allocation
|
page read and write
|
||
|
67F000
|
stack
|
page read and write
|
||
|
348E000
|
stack
|
page read and write
|
||
|
A3F000
|
heap
|
page read and write
|
||
|
351A000
|
heap
|
page read and write
|
||
|
435C000
|
direct allocation
|
page read and write
|
||
|
2FBF000
|
stack
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
4E0F000
|
direct allocation
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
45E6000
|
direct allocation
|
page read and write
|
||
|
34CF000
|
stack
|
page read and write
|
||
|
43F0000
|
heap
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
4FFF000
|
direct allocation
|
page read and write
|
||
|
42FE000
|
direct allocation
|
page read and write
|
||
|
45C9000
|
direct allocation
|
page read and write
|
||
|
45AC000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
8B0000
|
direct allocation
|
page execute and read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
5006000
|
direct allocation
|
page read and write
|
||
|
4371000
|
direct allocation
|
page read and write
|
||
|
CBF000
|
unkown
|
page readonly
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
92D000
|
unkown
|
page write copy
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
449D000
|
direct allocation
|
page read and write
|
||
|
345F000
|
stack
|
page read and write
|
||
|
341E000
|
stack
|
page read and write
|
||
|
AC0000
|
direct allocation
|
page execute and read and write
|
||
|
4584000
|
direct allocation
|
page read and write
|
||
|
95E000
|
stack
|
page read and write
|
||
|
4DB8000
|
direct allocation
|
page read and write
|
||
|
434D000
|
direct allocation
|
page read and write
|
||
|
4E9000
|
unkown
|
page read and write
|
||
|
4E9000
|
unkown
|
page read and write
|
||
|
4BAF000
|
stack
|
page read and write
|
||
|
4E4D000
|
direct allocation
|
page read and write
|
||
|
CAD000
|
unkown
|
page write copy
|
||
|
4E5000
|
unkown
|
page read and write
|
||
|
44BF000
|
unkown
|
page readonly
|
||
|
4DE000
|
unkown
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
A80000
|
direct allocation
|
page execute and read and write
|
||
|
4611000
|
direct allocation
|
page read and write
|
||
|
3510000
|
heap
|
page read and write
|
||
|
4560000
|
direct allocation
|
page read and write
|
||
|
4DF8000
|
direct allocation
|
page read and write
|
||
|
4D9000
|
unkown
|
page read and write
|
||
|
456F000
|
direct allocation
|
page read and write
|
||
|
3CE000
|
stack
|
page read and write
|
||
|
4EF000
|
unkown
|
page readonly
|
||
|
4D06000
|
direct allocation
|
page read and write
|
||
|
90F000
|
stack
|
page read and write
|
||
|
44AE000
|
unkown
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
4488000
|
direct allocation
|
page read and write
|
||
|
47FF000
|
direct allocation
|
page read and write
|
||
|
432F000
|
unkown
|
page readonly
|
||
|
432F000
|
unkown
|
page readonly
|
||
|
DF0000
|
direct allocation
|
page execute and read and write
|
||
|
431E000
|
unkown
|
page read and write
|
||
|
CAE000
|
unkown
|
page read and write
|
||
|
431E000
|
unkown
|
page read and write
|
||
|
432D000
|
unkown
|
page write copy
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
1FB000
|
stack
|
page read and write
|
||
|
4338000
|
direct allocation
|
page read and write
|
||
|
73F000
|
stack
|
page read and write
|
||
|
327B000
|
stack
|
page read and write
|
||
|
4FAF000
|
direct allocation
|
page read and write
|
||
|
4D23000
|
direct allocation
|
page read and write
|
||
|
43D0000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
46D0000
|
heap
|
page read and write
|
||
|
50C000
|
unkown
|
page readonly
|
||
|
4824000
|
direct allocation
|
page read and write
|
||
|
2DB000
|
stack
|
page read and write
|
||
|
4346000
|
direct allocation
|
page read and write
|
||
|
55B000
|
stack
|
page read and write
|
||
|
480E000
|
direct allocation
|
page read and write
|
||
|
4DBF000
|
direct allocation
|
page read and write
|
||
|
97B000
|
stack
|
page read and write
|
||
|
4E2000
|
unkown
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
4E4000
|
unkown
|
page write copy
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
330A000
|
heap
|
page read and write
|
||
|
4E38000
|
direct allocation
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
4241000
|
unkown
|
page execute read
|
||
|
502A000
|
direct allocation
|
page read and write
|
||
|
340E000
|
stack
|
page read and write
|
||
|
4330000
|
direct allocation
|
page read and write
|
||
|
4E9000
|
unkown
|
page read and write
|
||
|
431D000
|
unkown
|
page write copy
|
||
|
CDB000
|
stack
|
page read and write
|
||
|
4D9000
|
unkown
|
page read and write
|
||
|
431D000
|
unkown
|
page write copy
|
||
|
350000
|
heap
|
page read and write
|
||
|
A6F000
|
stack
|
page read and write
|
||
|
28A8000
|
direct allocation
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
434C000
|
unkown
|
page readonly
|
||
|
A30000
|
heap
|
page read and write
|
||
|
28BD000
|
direct allocation
|
page read and write
|
||
|
2F0B000
|
stack
|
page read and write
|
||
|
4480000
|
direct allocation
|
page read and write
|
||
|
4E2000
|
unkown
|
page read and write
|
||
|
4E9000
|
unkown
|
page read and write
|
||
|
4DC000
|
unkown
|
page write copy
|
||
|
4EF000
|
unkown
|
page readonly
|
||
|
48C0000
|
heap
|
page read and write
|
||
|
444E000
|
direct allocation
|
page read and write
|
||
|
4354000
|
direct allocation
|
page read and write
|
||
|
4363000
|
direct allocation
|
page read and write
|
||
|
CA9000
|
unkown
|
page read and write
|
||
|
444C000
|
direct allocation
|
page read and write
|
||
|
922000
|
unkown
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
44AF000
|
unkown
|
page write copy
|
||
|
CB9000
|
unkown
|
page read and write
|
||
|
91E000
|
unkown
|
page read and write
|
||
|
459A000
|
direct allocation
|
page read and write
|
||
|
4DEF000
|
direct allocation
|
page read and write
|
||
|
4329000
|
direct allocation
|
page read and write
|
||
|
4DEA000
|
direct allocation
|
page read and write
|
||
|
A2E000
|
stack
|
page read and write
|
||
|
94C000
|
unkown
|
page readonly
|
||
|
4EC0000
|
direct allocation
|
page read and write
|
||
|
50C000
|
unkown
|
page readonly
|
||
|
71E000
|
stack
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
4DCD000
|
direct allocation
|
page read and write
|
||
|
353A000
|
heap
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
2F80000
|
direct allocation
|
page execute and read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
4ED000
|
unkown
|
page write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
D90000
|
heap
|
page read and write
|
||
|
44B9000
|
unkown
|
page read and write
|
||
|
430C000
|
direct allocation
|
page read and write
|
||
|
436A000
|
direct allocation
|
page read and write
|
||
|
6E0000
|
direct allocation
|
page execute and read and write
|
||
|
4241000
|
unkown
|
page execute read
|
||
|
4ED000
|
unkown
|
page write copy
|
||
|
4603000
|
direct allocation
|
page read and write
|
||
|
50C000
|
unkown
|
page readonly
|
||
|
990000
|
heap
|
page read and write
|
||
|
4D1C000
|
direct allocation
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
47D6000
|
direct allocation
|
page read and write
|
||
|
4F00000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
4420000
|
direct allocation
|
page read and write
|
||
|
DAE000
|
stack
|
page read and write
|
||
|
4329000
|
direct allocation
|
page read and write
|
||
|
4579000
|
direct allocation
|
page read and write
|
||
|
DEF000
|
stack
|
page read and write
|
||
|
42EF000
|
direct allocation
|
page read and write
|
||
|
4319000
|
unkown
|
page read and write
|
||
|
91D000
|
unkown
|
page write copy
|
||
|
7DB000
|
stack
|
page read and write
|
||
|
323F000
|
stack
|
page read and write
|
||
|
4DF1000
|
direct allocation
|
page read and write
|
||
|
4E30000
|
direct allocation
|
page read and write
|
||
|
4DA2000
|
direct allocation
|
page read and write
|
||
|
4BC0000
|
direct allocation
|
page execute and read and write
|
||
|
92F000
|
unkown
|
page readonly
|
||
|
4346000
|
direct allocation
|
page read and write
|
||
|
4FE9000
|
direct allocation
|
page read and write
|
||
|
4460000
|
heap
|
page read and write
|
||
|
4F99000
|
direct allocation
|
page read and write
|
||
|
445C000
|
direct allocation
|
page read and write
|
||
|
C2F000
|
stack
|
page read and write
|
||
|
710000
|
direct allocation
|
page execute and read and write
|
||
|
4FDB000
|
direct allocation
|
page read and write
|
||
|
4DE000
|
unkown
|
page read and write
|
||
|
4E4000
|
unkown
|
page write copy
|
||
|
4E16000
|
direct allocation
|
page read and write
|
||
|
2899000
|
direct allocation
|
page read and write
|
||
|
458F000
|
direct allocation
|
page read and write
|
||
|
45C2000
|
direct allocation
|
page read and write
|
||
|
E7E000
|
stack
|
page read and write
|
||
|
51F0000
|
heap
|
page read and write
|
||
|
50C000
|
unkown
|
page readonly
|
||
|
458F000
|
direct allocation
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
4DCE000
|
direct allocation
|
page read and write
|
||
|
4D9B000
|
direct allocation
|
page read and write
|
||
|
D1B000
|
stack
|
page read and write
|
||
|
50C000
|
unkown
|
page readonly
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
D3F000
|
unkown
|
page write copy
|
||
|
E0B000
|
stack
|
page read and write
|
||
|
4864000
|
direct allocation
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
6CE000
|
stack
|
page read and write
|
||
|
4354000
|
direct allocation
|
page read and write
|
||
|
451F000
|
direct allocation
|
page read and write
|
||
|
34FE000
|
stack
|
page read and write
|
||
|
45C9000
|
direct allocation
|
page read and write
|
There are 627 hidden memdumps, click here to show them.