Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\CyberSphere Dynamics\M
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\CyberSphere Dynamics\ZeusChat.js
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\CyberSphere Dynamics\ZeusChat.scr
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\29442\Reynolds.com
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\29442\l
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Actual
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Ai
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Americans
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Biodiversity
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Blvd
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Carlo
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Chan
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Dealing
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Def
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Delaware
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Drums
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Eagle
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Ebooks
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Elliott
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Eugene
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Exempt
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Exhibits
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Expert
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Games
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Guy
|
DOS executable (COM)
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Holdem
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Hotel
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Households
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Individuals
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Innocent
|
OpenPGP Public Key
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Jpg
|
OpenPGP Public Key
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Jungle
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Lambda
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Landscape
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Matching
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Nervous
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Norway
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Odds
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Peeing
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Psychiatry
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Resolutions
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Result
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Rid
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Same
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Satin
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Seafood
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Smithsonian
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Sucking
|
OpenPGP Secret Key
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Through
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Tm
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Turns
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Typical
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Wendy
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZeusChat.url
|
MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\CyberSphere Dynamics\ZeusChat.js" >), ASCII text,
with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Bukkake
|
ASCII text, with very long lines (5406), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Bukkake.cmd
|
ASCII text, with very long lines (5406), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Realized
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tech
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
There are 49 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c copy Bukkake Bukkake.cmd && Bukkake.cmd
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /I "wrsa opssvc"
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c md 29442
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c copy /b ..\Wendy + ..\Psychiatry + ..\Rid + ..\Games + ..\Norway + ..\Matching + ..\Jungle + ..\Elliott + ..\Jpg +
..\Americans + ..\Exhibits + ..\Peeing + ..\Typical + ..\Innocent + ..\Seafood + ..\Nervous + ..\Households + ..\Ai + ..\Hotel
+ ..\Holdem + ..\Drums + ..\Carlo + ..\Tm + ..\Landscape + ..\Resolutions + ..\Def + ..\Lambda + ..\Biodiversity + ..\Odds
+ ..\Smithsonian + ..\Blvd + ..\Actual + ..\Guy + ..\Expert + ..\Delaware + ..\Eagle + ..\Eugene + ..\Exempt + ..\Same + ..\Ebooks
+ ..\Individuals + ..\Sucking + ..\Chan + ..\Turns + ..\Satin + ..\Dealing + ..\Result + ..\Through + ..\Realized l
|
|
|
|
C:\Users\user\AppData\Local\Temp\29442\Reynolds.com
|
Reynolds.com l
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZeusChat.url"
& echo URL="C:\Users\user\AppData\Local\CyberSphere Dynamics\ZeusChat.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\ZeusChat.url" & exit
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\CyberSphere Dynamics\ZeusChat.js"
|
|
|
|
C:\Users\user\AppData\Local\CyberSphere Dynamics\ZeusChat.scr
|
"C:\Users\user\AppData\Local\CyberSphere Dynamics\ZeusChat.scr" "C:\Users\user\AppData\Local\CyberSphere Dynamics\M"
|
|
|
|
C:\Users\user\AppData\Local\Temp\29442\Reynolds.com
|
C:\Users\user\AppData\Local\Temp\29442\Reynolds.com
|
|
|
|
C:\Windows\explorer.exe
|
explorer.exe
|
|
|
|
C:\Users\user\AppData\Local\CyberSphere Dynamics\ZeusChat.scr
|
"C:\Users\user\AppData\Local\CyberSphere Dynamics\ZeusChat.scr"
|
|
|
|
C:\Users\user\AppData\Local\CyberSphere Dynamics\ZeusChat.scr
|
"C:\Users\user\AppData\Local\CyberSphere Dynamics\ZeusChat.scr"
|
|
|
|
C:\Windows\explorer.exe
|
explorer.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\choice.exe
|
choice /d y /t 5
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 12 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.virustotal.com/en/search/?query=
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://ocsp.entrust.net02
|
unknown
|
||
|
http://ocsp.cloudflare.com/origin_ca0
|
unknown
|
||
|
http://www.entrust.net/rpa03
|
unknown
|
||
|
http://crl.cloudflare.com/origin_ca.crl
|
unknown
|
||
|
http://aia.entrust.net/ts1-chain256.cer01
|
unknown
|
||
|
http://crl.cloudflare.com/origin_ca.crl0
|
unknown
|
||
|
http://ocsp.cloudflare.com/origin_ca
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/X
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/
|
unknown
|
||
|
https://github.com/horsicq/DIE-engine
|
unknown
|
||
|
http://crl.entrust.net/ts1ca.crl0
|
unknown
|
||
|
https://www.autoitscript.com/autoit3/
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://www.entrust.net/rpa0
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
DqnJUgbSFuO.DqnJUgbSFuO
|
unknown
|
|
|
|
xmr-eu2.nanopool.org
|
163.172.171.111
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
163.172.171.111
|
xmr-eu2.nanopool.org
|
United Kingdom
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
140001000
|
unkown
|
page execute and read and write
|
|
|
|
FE1000
|
heap
|
page read and write
|
|
|
|
12F8000
|
heap
|
page read and write
|
|
|
|
2453CC50000
|
heap
|
page read and write
|
||
|
229F460F000
|
heap
|
page read and write
|
||
|
5BE000
|
stack
|
page read and write
|
||
|
1335000
|
heap
|
page read and write
|
||
|
1E8FB090000
|
heap
|
page read and write
|
||
|
13BB000
|
heap
|
page read and write
|
||
|
1A699F2E000
|
unkown
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
2C5E000
|
heap
|
page read and write
|
||
|
15520000
|
trusted library allocation
|
page read and write
|
||
|
21FE000
|
stack
|
page read and write
|
||
|
1A69BEEB000
|
unkown
|
page read and write
|
||
|
7FF7AA1DA000
|
unkown
|
page write copy
|
||
|
2E0B45A0000
|
unkown
|
page read and write
|
||
|
2E0B45A0000
|
unkown
|
page read and write
|
||
|
4A70000
|
heap
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
229F45F5000
|
heap
|
page read and write
|
||
|
2E0B6D69000
|
unkown
|
page read and write
|
||
|
785000
|
heap
|
page read and write
|
||
|
1A69ABB0000
|
heap
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
22FE000
|
stack
|
page read and write
|
||
|
2C2E000
|
heap
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
2835000
|
heap
|
page read and write
|
||
|
1A69BEE6000
|
unkown
|
page read and write
|
||
|
7FF7520EE000
|
unkown
|
page write copy
|
||
|
229F460F000
|
heap
|
page read and write
|
||
|
2E0B45A0000
|
trusted library allocation
|
page read and write
|
||
|
7D0F000
|
heap
|
page read and write
|
||
|
2916000
|
heap
|
page read and write
|
||
|
54B3000
|
heap
|
page read and write
|
||
|
2E0B28B0000
|
unkown
|
page read and write
|
||
|
13BF000
|
heap
|
page read and write
|
||
|
280E000
|
heap
|
page read and write
|
||
|
4A40000
|
heap
|
page read and write
|
||
|
1A69BEE0000
|
unkown
|
page read and write
|
||
|
7FF7AA1DE000
|
unkown
|
page write copy
|
||
|
500000
|
unkown
|
page readonly
|
||
|
7FF7520D8000
|
unkown
|
page readonly
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
7FF7520D8000
|
unkown
|
page readonly
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
2E0B5F6F000
|
unkown
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
2E0B5909000
|
heap
|
page read and write
|
||
|
15CA0000
|
trusted library allocation
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
229F4765000
|
heap
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7520D8000
|
unkown
|
page readonly
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
254C000
|
stack
|
page read and write
|
||
|
480B1FE000
|
stack
|
page read and write
|
||
|
7A2000
|
heap
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
FC8000
|
heap
|
page read and write
|
||
|
2A2E000
|
stack
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
1CAE1F3B000
|
unkown
|
page read and write
|
||
|
4BFE000
|
stack
|
page read and write
|
||
|
2C4A000
|
heap
|
page read and write
|
||
|
1A69B1FF000
|
unkown
|
page read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
2E0B45A0000
|
unkown
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
1A69B0EF000
|
unkown
|
page read and write
|
||
|
14082D000
|
unkown
|
page execute and read and write
|
||
|
229F460C000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page read and write
|
||
|
91F000
|
stack
|
page read and write
|
||
|
4850000
|
heap
|
page read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
6FB000
|
heap
|
page read and write
|
||
|
2310000
|
heap
|
page read and write
|
||
|
2E0B5909000
|
heap
|
page read and write
|
||
|
2E0B4DA7000
|
unkown
|
page read and write
|
||
|
409000
|
unkown
|
page readonly
|
||
|
2E0B45A0000
|
unkown
|
page read and write
|
||
|
1A69AF11000
|
unkown
|
page read and write
|
||
|
2E0B45A0000
|
unkown
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
4880000
|
heap
|
page read and write
|
||
|
1CAE1F3D000
|
unkown
|
page read and write
|
||
|
5492000
|
heap
|
page read and write
|
||
|
7FF752001000
|
unkown
|
page execute read
|
||
|
127B000
|
stack
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
1634000
|
heap
|
page read and write
|
||
|
2E0B28B0000
|
unkown
|
page read and write
|
||
|
7FF7AA1E4000
|
unkown
|
page readonly
|
||
|
2E0B6D6E000
|
unkown
|
page read and write
|
||
|
5F0F000
|
heap
|
page read and write
|
||
|
1E8FB190000
|
heap
|
page read and write
|
||
|
54CF000
|
heap
|
page read and write
|
||
|
2E0B60B5000
|
unkown
|
page read and write
|
||
|
13BF000
|
heap
|
page read and write
|
||
|
9A7F1FE000
|
unkown
|
page readonly
|
||
|
54F0000
|
heap
|
page read and write
|
||
|
1A699F26000
|
unkown
|
page read and write
|
||
|
2E0B467C000
|
heap
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
25E0000
|
heap
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
14D5CCC0000
|
heap
|
page read and write
|
||
|
7FF7520D8000
|
unkown
|
page readonly
|
||
|
768000
|
heap
|
page read and write
|
||
|
1A699F23000
|
unkown
|
page read and write
|
||
|
2E0B45A0000
|
unkown
|
page read and write
|
||
|
1A69ACBB000
|
heap
|
page read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
1A699F25000
|
unkown
|
page read and write
|
||
|
14D5CE00000
|
heap
|
page read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
46DE000
|
stack
|
page read and write
|
||
|
2453CD70000
|
heap
|
page read and write
|
||
|
2E0B5F47000
|
unkown
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
7FF7520EA000
|
unkown
|
page write copy
|
||
|
229F45A8000
|
heap
|
page read and write
|
||
|
1E8FB446000
|
heap
|
page read and write
|
||
|
ED0000
|
direct allocation
|
page execute read
|
||
|
1CADFEC0000
|
unkown
|
page read and write
|
||
|
14D5CFC0000
|
unkown
|
page read and write
|
||
|
2F20000
|
direct allocation
|
page execute and read and write
|
||
|
7FF752001000
|
unkown
|
page execute read
|
||
|
1CAE1C40000
|
unkown
|
page read and write
|
||
|
1A6979C4000
|
heap
|
page read and write
|
||
|
2C5D000
|
heap
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
7FF7520B5000
|
unkown
|
page readonly
|
||
|
77C000
|
heap
|
page read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
54AC000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
480B4FF000
|
stack
|
page read and write
|
||
|
2E0B603E000
|
unkown
|
page read and write
|
||
|
49EE000
|
stack
|
page read and write
|
||
|
7FF752000000
|
unkown
|
page readonly
|
||
|
229F45C8000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
2E0B5F30000
|
unkown
|
page read and write
|
||
|
7FF752001000
|
unkown
|
page execute read
|
||
|
2BAE000
|
stack
|
page read and write
|
||
|
54CB000
|
heap
|
page read and write
|
||
|
548A000
|
heap
|
page read and write
|
||
|
2E0B5A21000
|
heap
|
page read and write
|
||
|
7FF7AA1DA000
|
unkown
|
page write copy
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
1328000
|
heap
|
page read and write
|
||
|
C30F000
|
heap
|
page read and write
|
||
|
1A69B27D000
|
unkown
|
page read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
229F476C000
|
heap
|
page read and write
|
||
|
47DE000
|
stack
|
page read and write
|
||
|
1CAE18F0000
|
heap
|
page read and write
|
||
|
9A7F2FE000
|
unkown
|
page readonly
|
||
|
283E000
|
heap
|
page read and write
|
||
|
7FF7AA1A5000
|
unkown
|
page readonly
|
||
|
1A69BEE4000
|
unkown
|
page read and write
|
||
|
2E0B5984000
|
heap
|
page read and write
|
||
|
1CAE1F04000
|
unkown
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
77F000
|
heap
|
page read and write
|
||
|
2C4E000
|
heap
|
page read and write
|
||
|
AF0F000
|
heap
|
page read and write
|
||
|
7FF7AA0F1000
|
unkown
|
page execute read
|
||
|
2840000
|
heap
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
1A69AF11000
|
unkown
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
7FF7520B5000
|
unkown
|
page readonly
|
||
|
2E0B6105000
|
unkown
|
page read and write
|
||
|
7FF7AA1E4000
|
unkown
|
page readonly
|
||
|
2E0B5909000
|
heap
|
page read and write
|
||
|
1CAE0321000
|
unkown
|
page readonly
|
||
|
54AC000
|
heap
|
page read and write
|
||
|
229F460F000
|
heap
|
page read and write
|
||
|
1E8FB2B0000
|
heap
|
page read and write
|
||
|
1A6979C2000
|
heap
|
page read and write
|
||
|
1A69B00A000
|
unkown
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
1A69B0C3000
|
unkown
|
page read and write
|
||
|
2EE0000
|
trusted library allocation
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
1A69ABC1000
|
heap
|
page read and write
|
||
|
15CA0000
|
trusted library allocation
|
page read and write
|
||
|
1408AE000
|
unkown
|
page execute and read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
229F45C1000
|
heap
|
page read and write
|
||
|
229F4470000
|
heap
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
13BB000
|
heap
|
page read and write
|
||
|
1CAE1E1A000
|
unkown
|
page read and write
|
||
|
2E0B4DAD000
|
unkown
|
page read and write
|
||
|
2E0B5B13000
|
heap
|
page read and write
|
||
|
2E0B5F1F000
|
unkown
|
page read and write
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
7FF752000000
|
unkown
|
page readonly
|
||
|
7FF7520EA000
|
unkown
|
page write copy
|
||
|
155FF000
|
heap
|
page read and write
|
||
|
1630000
|
heap
|
page read and write
|
||
|
2813000
|
heap
|
page read and write
|
||
|
15520000
|
trusted library allocation
|
page read and write
|
||
|
2F10000
|
heap
|
page readonly
|
||
|
480AB0A000
|
stack
|
page read and write
|
||
|
2E0B6D69000
|
unkown
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
870F000
|
heap
|
page read and write
|
||
|
1A69AF11000
|
unkown
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
292F000
|
stack
|
page read and write
|
||
|
14D5CCA7000
|
remote allocation
|
page execute and read and write
|
||
|
1A69B253000
|
unkown
|
page read and write
|
||
|
13B7000
|
heap
|
page read and write
|
||
|
54AC000
|
heap
|
page read and write
|
||
|
13BF000
|
heap
|
page read and write
|
||
|
43F0000
|
trusted library allocation
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
27BF000
|
stack
|
page read and write
|
||
|
72E000
|
heap
|
page read and write
|
||
|
69C000
|
stack
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
40C000
|
unkown
|
page write copy
|
||
|
75C000
|
heap
|
page read and write
|
||
|
229F45F8000
|
heap
|
page read and write
|
||
|
1A69B06F000
|
unkown
|
page read and write
|
||
|
1A69B0D5000
|
unkown
|
page read and write
|
||
|
1CAE1D04000
|
unkown
|
page read and write
|
||
|
54AB000
|
heap
|
page read and write
|
||
|
229F460B000
|
heap
|
page read and write
|
||
|
2E0B5A0A000
|
heap
|
page read and write
|
||
|
730F000
|
heap
|
page read and write
|
||
|
229F45A0000
|
heap
|
page read and write
|
||
|
1408B0000
|
unkown
|
page execute and read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
2E0B2940000
|
heap
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
2B59000
|
heap
|
page read and write
|
||
|
788000
|
heap
|
page read and write
|
||
|
1636000
|
heap
|
page read and write
|
||
|
1A69B096000
|
unkown
|
page read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
327F000
|
stack
|
page read and write
|
||
|
2E0B4DAA000
|
unkown
|
page read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
9A7F27E000
|
unkown
|
page read and write
|
||
|
1CADFC79000
|
heap
|
page read and write
|
||
|
2E0B28FF000
|
heap
|
page read and write
|
||
|
4A2F000
|
stack
|
page read and write
|
||
|
229F4570000
|
heap
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
229F6340000
|
heap
|
page read and write
|
||
|
1A69B0AC000
|
unkown
|
page read and write
|
||
|
1E8FB1BC000
|
heap
|
page read and write
|
||
|
7FF7AA1C8000
|
unkown
|
page readonly
|
||
|
54CC000
|
heap
|
page read and write
|
||
|
7FF7AA1DE000
|
unkown
|
page write copy
|
||
|
57E000
|
stack
|
page read and write
|
||
|
2E0B28B0000
|
unkown
|
page read and write
|
||
|
54CF000
|
heap
|
page read and write
|
||
|
2E0B5C20000
|
heap
|
page read and write
|
||
|
2E0B28B0000
|
unkown
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
1A69ABC7000
|
heap
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
1336000
|
heap
|
page read and write
|
||
|
282B000
|
heap
|
page read and write
|
||
|
480B2FF000
|
stack
|
page read and write
|
||
|
54AB000
|
heap
|
page read and write
|
||
|
229F4608000
|
heap
|
page read and write
|
||
|
15814000
|
heap
|
page read and write
|
||
|
54DB000
|
heap
|
page read and write
|
||
|
7FF752000000
|
unkown
|
page readonly
|
||
|
2453CED0000
|
heap
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
500000
|
unkown
|
page readonly
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
2E0B28B0000
|
unkown
|
page read and write
|
||
|
1A69AF11000
|
unkown
|
page read and write
|
||
|
9B0F000
|
heap
|
page read and write
|
||
|
1A69B069000
|
unkown
|
page read and write
|
||
|
480B5FF000
|
stack
|
page read and write
|
||
|
1A69A114000
|
heap
|
page read and write
|
||
|
54CC000
|
heap
|
page read and write
|
||
|
1A69AAAD000
|
heap
|
page read and write
|
||
|
9A7EF19000
|
unkown
|
page read and write
|
||
|
15522000
|
heap
|
page read and write
|
||
|
7FF7520B5000
|
unkown
|
page readonly
|
||
|
15829000
|
heap
|
page read and write
|
||
|
282E000
|
stack
|
page read and write
|
||
|
7FF752000000
|
unkown
|
page readonly
|
||
|
229F45EC000
|
heap
|
page read and write
|
||
|
1A69AF11000
|
unkown
|
page read and write
|
||
|
2E3C000
|
stack
|
page read and write
|
||
|
2E0B5A41000
|
heap
|
page read and write
|
||
|
13A8000
|
heap
|
page read and write
|
||
|
7FF7520B5000
|
unkown
|
page readonly
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
1A69B1D5000
|
unkown
|
page read and write
|
||
|
2E0B4F97000
|
heap
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
540B000
|
heap
|
page read and write
|
||
|
2E0B612B000
|
unkown
|
page read and write
|
||
|
1CAE1EE4000
|
unkown
|
page read and write
|
||
|
2E0B28B0000
|
unkown
|
page read and write
|
||
|
1CADFE50000
|
unkown
|
page read and write
|
||
|
434000
|
unkown
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
2AEF000
|
stack
|
page read and write
|
||
|
2C5D000
|
heap
|
page read and write
|
||
|
2834000
|
heap
|
page read and write
|
||
|
7FF7AA1A5000
|
unkown
|
page readonly
|
||
|
282E000
|
heap
|
page read and write
|
||
|
1A699F2E000
|
unkown
|
page read and write
|
||
|
7FF752000000
|
unkown
|
page readonly
|
||
|
1A69AF11000
|
unkown
|
page read and write
|
||
|
1A69BEEE000
|
unkown
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
54CF000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1CADFD70000
|
heap
|
page read and write
|
||
|
3BFC000
|
stack
|
page read and write
|
||
|
497000
|
unkown
|
page read and write
|
||
|
480B6FF000
|
stack
|
page read and write
|
||
|
2F20000
|
trusted library allocation
|
page read and write
|
||
|
1A69AAAD000
|
heap
|
page read and write
|
||
|
5440000
|
heap
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
1CAE1DB0000
|
unkown
|
page read and write
|
||
|
15CA0000
|
trusted library allocation
|
page read and write
|
||
|
15CA0000
|
trusted library allocation
|
page read and write
|
||
|
13BB000
|
heap
|
page read and write
|
||
|
1A69AAAD000
|
heap
|
page read and write
|
||
|
7FF7520EA000
|
unkown
|
page write copy
|
||
|
229F45FB000
|
heap
|
page read and write
|
||
|
7FF7AA1C8000
|
unkown
|
page readonly
|
||
|
2453CD30000
|
heap
|
page read and write
|
||
|
1A697DF0000
|
trusted library allocation
|
page read and write
|
||
|
54CC000
|
heap
|
page read and write
|
||
|
2E0B5A3A000
|
heap
|
page read and write
|
||
|
1CADFE91000
|
unkown
|
page readonly
|
||
|
2C7DFD000
|
stack
|
page read and write
|
||
|
2E0B4DAA000
|
unkown
|
page read and write
|
||
|
7FF7AA1DE000
|
unkown
|
page write copy
|
||
|
15CA0000
|
trusted library allocation
|
page read and write
|
||
|
471F000
|
stack
|
page read and write
|
||
|
1A699F2D000
|
unkown
|
page read and write
|
||
|
1A697DF0000
|
trusted library allocation
|
page read and write
|
||
|
229F45C1000
|
heap
|
page read and write
|
||
|
1573D000
|
heap
|
page read and write
|
||
|
7FF7AA0F1000
|
unkown
|
page execute read
|
||
|
229F45DE000
|
heap
|
page read and write
|
||
|
7FF7520EA000
|
unkown
|
page write copy
|
||
|
7FF7520F4000
|
unkown
|
page readonly
|
||
|
29B8000
|
heap
|
page read and write
|
||
|
49AF000
|
stack
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7AA0F0000
|
unkown
|
page readonly
|
||
|
B8C000
|
stack
|
page read and write
|
||
|
1A69AF11000
|
unkown
|
page read and write
|
||
|
7FF7520EE000
|
unkown
|
page write copy
|
||
|
290E000
|
stack
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
13BF000
|
heap
|
page read and write
|
||
|
1A69AB2F000
|
heap
|
page read and write
|
||
|
2BEF000
|
stack
|
page read and write
|
||
|
1CAE1730000
|
unkown
|
page read and write
|
||
|
2E0B28B0000
|
unkown
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
13BB000
|
heap
|
page read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
14D5CFB5000
|
heap
|
page read and write
|
||
|
229F460D000
|
heap
|
page read and write
|
||
|
258C000
|
stack
|
page read and write
|
||
|
46B000
|
unkown
|
page read and write
|
||
|
5480000
|
heap
|
page read and write
|
||
|
2C2E000
|
heap
|
page read and write
|
||
|
9A7F17C000
|
unkown
|
page read and write
|
||
|
2F3C000
|
stack
|
page read and write
|
||
|
2453CC37000
|
remote allocation
|
page execute and read and write
|
||
|
13B8000
|
heap
|
page read and write
|
||
|
1408F6000
|
unkown
|
page read and write
|
||
|
2E0B6155000
|
unkown
|
page read and write
|
||
|
7FF7520D8000
|
unkown
|
page readonly
|
||
|
2E0B5909000
|
heap
|
page read and write
|
||
|
1CADFF80000
|
heap
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
1A69AF11000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1CADFC60000
|
unkown
|
page readonly
|
||
|
1A69AAAD000
|
heap
|
page read and write
|
||
|
2C5D000
|
heap
|
page read and write
|
||
|
54CC000
|
heap
|
page read and write
|
||
|
2E0B5F58000
|
unkown
|
page read and write
|
||
|
7FF7AA0F0000
|
unkown
|
page readonly
|
||
|
1A69BEE1000
|
unkown
|
page read and write
|
||
|
690F000
|
heap
|
page read and write
|
||
|
2E0B291F000
|
heap
|
page read and write
|
||
|
7FF7520EE000
|
unkown
|
page write copy
|
||
|
B90F000
|
heap
|
page read and write
|
||
|
15CA0000
|
trusted library allocation
|
page read and write
|
||
|
13A3000
|
heap
|
page read and write
|
||
|
282B000
|
heap
|
page read and write
|
||
|
2E0B28B0000
|
unkown
|
page read and write
|
||
|
2453CC3A000
|
remote allocation
|
page execute and read and write
|
||
|
33FD000
|
stack
|
page read and write
|
||
|
2453CED4000
|
heap
|
page read and write
|
||
|
2E0B5EF6000
|
unkown
|
page read and write
|
||
|
294F000
|
stack
|
page read and write
|
||
|
409000
|
unkown
|
page readonly
|
||
|
2E0B45A0000
|
unkown
|
page read and write
|
||
|
229F45DF000
|
heap
|
page read and write
|
||
|
1A699F28000
|
unkown
|
page read and write
|
||
|
7FF752001000
|
unkown
|
page execute read
|
||
|
283E000
|
heap
|
page read and write
|
||
|
13A8000
|
heap
|
page read and write
|
||
|
5492000
|
heap
|
page read and write
|
||
|
2B0F000
|
stack
|
page read and write
|
||
|
7FF7520B5000
|
unkown
|
page readonly
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
235E000
|
stack
|
page read and write
|
||
|
2A7F000
|
stack
|
page read and write
|
||
|
2E0B45A0000
|
unkown
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
2E0B6D6B000
|
unkown
|
page read and write
|
||
|
13B8000
|
heap
|
page read and write
|
||
|
7FF7AA1DA000
|
unkown
|
page write copy
|
||
|
1A69AF11000
|
unkown
|
page read and write
|
||
|
1A69B09B000
|
unkown
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
1A69AF11000
|
unkown
|
page read and write
|
||
|
788000
|
heap
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
15EA0000
|
trusted library allocation
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
15528000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
54E2000
|
heap
|
page read and write
|
||
|
1E8FB170000
|
heap
|
page read and write
|
||
|
2E0B4DA2000
|
unkown
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
420000
|
unkown
|
page read and write
|
||
|
2C4D000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
282F000
|
heap
|
page read and write
|
||
|
7FF7AA1E4000
|
unkown
|
page readonly
|
||
|
13BF000
|
heap
|
page read and write
|
||
|
53FE000
|
stack
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
1CADFE70000
|
unkown
|
page read and write
|
||
|
2E0B60DB000
|
unkown
|
page read and write
|
||
|
2836000
|
heap
|
page read and write
|
||
|
2A6F000
|
stack
|
page read and write
|
||
|
2E0B5F08000
|
unkown
|
page read and write
|
||
|
2ACE000
|
stack
|
page read and write
|
||
|
13AC000
|
heap
|
page read and write
|
||
|
A1F000
|
stack
|
page read and write
|
||
|
7FF7AA1A5000
|
unkown
|
page readonly
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
66C000
|
stack
|
page read and write
|
||
|
1A69AAAD000
|
heap
|
page read and write
|
||
|
15614000
|
heap
|
page read and write
|
||
|
1A69AF11000
|
unkown
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
7FF7520EA000
|
unkown
|
page write copy
|
||
|
1A69ABE7000
|
heap
|
page read and write
|
||
|
1A699F28000
|
unkown
|
page read and write
|
||
|
282B000
|
heap
|
page read and write
|
||
|
229F4604000
|
heap
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
229F45C9000
|
heap
|
page read and write
|
||
|
1A69AB29000
|
heap
|
page read and write
|
||
|
1CAE1E40000
|
unkown
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
54CC000
|
heap
|
page read and write
|
||
|
1CAE1F26000
|
unkown
|
page read and write
|
||
|
550F000
|
heap
|
page read and write
|
||
|
229F45F4000
|
heap
|
page read and write
|
||
|
229F45BC000
|
heap
|
page read and write
|
||
|
1A69B34F000
|
unkown
|
page read and write
|
||
|
5492000
|
heap
|
page read and write
|
||
|
2E0B5909000
|
heap
|
page read and write
|
||
|
229F46B0000
|
heap
|
page read and write
|
||
|
25C0000
|
heap
|
page read and write
|
||
|
27D8000
|
heap
|
page read and write
|
||
|
A50F000
|
heap
|
page read and write
|
||
|
7FF7520EE000
|
unkown
|
page write copy
|
||
|
280E000
|
heap
|
page read and write
|
||
|
2EDE000
|
stack
|
page read and write
|
||
|
7FF7520EE000
|
unkown
|
page write copy
|
||
|
15CA0000
|
trusted library allocation
|
page read and write
|
||
|
283E000
|
heap
|
page read and write
|
||
|
2E0B6D65000
|
unkown
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
282B000
|
heap
|
page read and write
|
||
|
2E0B5909000
|
heap
|
page read and write
|
||
|
2C33000
|
heap
|
page read and write
|
||
|
2E0B6D61000
|
unkown
|
page read and write
|
||
|
1A69AAAD000
|
heap
|
page read and write
|
||
|
2C4A000
|
heap
|
page read and write
|
||
|
54CC000
|
heap
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
1A69B2A8000
|
unkown
|
page read and write
|
||
|
2B26000
|
heap
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
337E000
|
stack
|
page read and write
|
||
|
2E0B4DA4000
|
unkown
|
page read and write
|
||
|
7FF752001000
|
unkown
|
page execute read
|
||
|
1408ED000
|
unkown
|
page execute and read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
5404000
|
heap
|
page read and write
|
||
|
1A69AB24000
|
heap
|
page read and write
|
||
|
2E0B5978000
|
heap
|
page read and write
|
||
|
277E000
|
stack
|
page read and write
|
||
|
2C55000
|
heap
|
page read and write
|
||
|
2E0B4DA7000
|
unkown
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
2E0B5F80000
|
unkown
|
page read and write
|
||
|
12E9000
|
heap
|
page read and write
|
||
|
307E000
|
stack
|
page read and write
|
||
|
229F4760000
|
heap
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
1A699F2E000
|
unkown
|
page read and write
|
||
|
54F7000
|
heap
|
page read and write
|
||
|
1A69B2D5000
|
unkown
|
page read and write
|
||
|
15CA0000
|
trusted library allocation
|
page read and write
|
||
|
2C77BF000
|
stack
|
page read and write
|
||
|
2C4A000
|
heap
|
page read and write
|
||
|
1CAE1CA2000
|
unkown
|
page read and write
|
||
|
1A69AF11000
|
unkown
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
13AD000
|
heap
|
page read and write
|
||
|
229F4608000
|
heap
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
1CADFF84000
|
heap
|
page read and write
|
||
|
14D5CCAA000
|
remote allocation
|
page execute and read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
A94733D000
|
stack
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
229F45EE000
|
heap
|
page read and write
|
||
|
1A69B22D000
|
unkown
|
page read and write
|
||
|
14057E000
|
unkown
|
page execute and read and write
|
||
|
2E0B45A0000
|
unkown
|
page read and write
|
||
|
2E0B6D67000
|
unkown
|
page read and write
|
||
|
480AFFD000
|
stack
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
496E000
|
stack
|
page read and write
|
||
|
7FF7520F4000
|
unkown
|
page readonly
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
1E8FB440000
|
heap
|
page read and write
|
||
|
77F59FD000
|
stack
|
page read and write
|
||
|
1A69AFF5000
|
unkown
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
2E0B6D6F000
|
unkown
|
page read and write
|
||
|
2E0B6D60000
|
unkown
|
page read and write
|
||
|
7FF7AA0F0000
|
unkown
|
page readonly
|
||
|
5483000
|
heap
|
page read and write
|
||
|
2E0B5909000
|
heap
|
page read and write
|
||
|
2E0B4DA3000
|
unkown
|
page read and write
|
||
|
1A69AAAD000
|
heap
|
page read and write
|
||
|
7FF7520F4000
|
unkown
|
page readonly
|
||
|
1A69B100000
|
unkown
|
page read and write
|
||
|
1A69BEEF000
|
unkown
|
page read and write
|
||
|
1A69AF1E000
|
unkown
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
283E000
|
heap
|
page read and write
|
||
|
7FF7520F4000
|
unkown
|
page readonly
|
||
|
14D5CA90000
|
remote allocation
|
page execute and read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
1A69AB1E000
|
heap
|
page read and write
|
||
|
1318000
|
heap
|
page read and write
|
||
|
5F5000
|
heap
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
1E8FB444000
|
heap
|
page read and write
|
||
|
25F0000
|
heap
|
page read and write
|
||
|
2E0B4DA4000
|
unkown
|
page read and write
|
||
|
5492000
|
heap
|
page read and write
|
||
|
2E0B28B0000
|
unkown
|
page read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
1A69BEEB000
|
unkown
|
page read and write
|
||
|
2C29000
|
heap
|
page read and write
|
||
|
2EE0000
|
trusted library allocation
|
page read and write
|
||
|
2F20000
|
trusted library allocation
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
229F45D6000
|
heap
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
2453CA20000
|
remote allocation
|
page execute and read and write
|
||
|
15CA0000
|
trusted library allocation
|
page read and write
|
||
|
6AC000
|
stack
|
page read and write
|
||
|
15520000
|
trusted library allocation
|
page read and write
|
||
|
11BF000
|
stack
|
page read and write
|
||
|
480B3FF000
|
stack
|
page read and write
|
||
|
1A69ABE0000
|
heap
|
page read and write
|
||
|
77F53EF000
|
stack
|
page read and write
|
||
|
2E0B608B000
|
unkown
|
page read and write
|
||
|
2E0B5909000
|
heap
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
1A69AF11000
|
unkown
|
page read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
2453CEE0000
|
unkown
|
page read and write
|
||
|
1A69BEE3000
|
unkown
|
page read and write
|
||
|
12C0000
|
direct allocation
|
page execute read
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
2837000
|
heap
|
page read and write
|
||
|
1A69B44B000
|
unkown
|
page read and write
|
||
|
1CAE181E000
|
unkown
|
page read and write
|
||
|
229F4550000
|
heap
|
page read and write
|
||
|
1A69B0EA000
|
unkown
|
page read and write
|
||
|
1A69ACE9000
|
heap
|
page read and write
|
||
|
1E8FB445000
|
heap
|
page read and write
|
||
|
2E0B4DA5000
|
unkown
|
page read and write
|
||
|
317F000
|
stack
|
page read and write
|
||
|
1A69B080000
|
unkown
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
A9477FF000
|
stack
|
page read and write
|
||
|
54AB000
|
heap
|
page read and write
|
||
|
155F9000
|
heap
|
page read and write
|
||
|
2DFF000
|
stack
|
page read and write
|
||
|
2E0B4DAD000
|
unkown
|
page read and write
|
||
|
2E0B2921000
|
heap
|
page read and write
|
||
|
2E0B28B0000
|
unkown
|
page read and write
|
||
|
54AC000
|
heap
|
page read and write
|
||
|
229F45D6000
|
heap
|
page read and write
|
||
|
2E0B28B0000
|
unkown
|
page read and write
|
||
|
2E0B6D64000
|
unkown
|
page read and write
|
||
|
A9476FE000
|
unkown
|
page read and write
|
||
|
7FF7AA0F1000
|
unkown
|
page execute read
|
||
|
1A6979B3000
|
heap
|
page read and write
|
||
|
2E0B45A0000
|
unkown
|
page read and write
|
||
|
229F460F000
|
heap
|
page read and write
|
||
|
2E0B6D64000
|
unkown
|
page read and write
|
||
|
910F000
|
heap
|
page read and write
|
||
|
2E0B5989000
|
heap
|
page read and write
|
||
|
72A000
|
heap
|
page read and write
|
||
|
65C000
|
stack
|
page read and write
|
||
|
7FF7AA1C8000
|
unkown
|
page readonly
|
||
|
1CAE1EA2000
|
unkown
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
1CAE1D66000
|
unkown
|
page read and write
|
||
|
475E000
|
stack
|
page read and write
|
||
|
1560E000
|
heap
|
page read and write
|
||
|
2E0B5EE3000
|
unkown
|
page read and write
|
||
|
54CC000
|
heap
|
page read and write
|
||
|
2E0B6D6E000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
14D5CDA0000
|
heap
|
page read and write
|
||
|
54CC000
|
heap
|
page read and write
|
||
|
481F000
|
stack
|
page read and write
|
||
|
229F45D6000
|
heap
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
2E0B5A1B000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
229F45D6000
|
heap
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
43FE000
|
stack
|
page read and write
|
||
|
2E0B4DAC000
|
unkown
|
page read and write
|
||
|
1A69ADCA000
|
heap
|
page read and write
|
||
|
15CA0000
|
trusted library allocation
|
page read and write
|
||
|
2E0B4DA1000
|
unkown
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
2E0B45A0000
|
unkown
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
2E0B597E000
|
heap
|
page read and write
|
||
|
1CADFC70000
|
heap
|
page read and write
|
||
|
785000
|
heap
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
245F000
|
stack
|
page read and write
|
||
|
1A69AAAD000
|
heap
|
page read and write
|
||
|
54CD000
|
heap
|
page read and write
|
||
|
479F000
|
stack
|
page read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
1A6997FD000
|
heap
|
page read and write
|
||
|
2C5D000
|
heap
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
2E0B5972000
|
heap
|
page read and write
|
||
|
162E000
|
stack
|
page read and write
|
||
|
1A699F22000
|
unkown
|
page read and write
|
||
|
7FF7520F4000
|
unkown
|
page readonly
|
||
|
1A69AF11000
|
unkown
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
1A699FFA000
|
unkown
|
page read and write
|
||
|
2C4A000
|
heap
|
page read and write
|
||
|
1A697DF0000
|
unkown
|
page read and write
|
||
|
1A69AF11000
|
unkown
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
2910000
|
heap
|
page read and write
|
||
|
14D5CFB0000
|
heap
|
page read and write
|
||
|
2E0B28B0000
|
trusted library allocation
|
page read and write
|
||
|
1E8FB1B0000
|
heap
|
page read and write
|
||
|
480AEFF000
|
stack
|
page read and write
|
||
|
24A4000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
54CC000
|
heap
|
page read and write
|
||
|
13BB000
|
heap
|
page read and write
|
||
|
13C3000
|
heap
|
page read and write
|
||
|
2E0B5D91000
|
unkown
|
page read and write
|
||
|
1A69AF11000
|
unkown
|
page read and write
|
||
|
29AE000
|
stack
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
54C3000
|
heap
|
page read and write
|
||
|
7A2000
|
heap
|
page read and write
|
||
|
1A69A00F000
|
unkown
|
page read and write
|
||
|
2E0B291F000
|
heap
|
page read and write
|
||
|
229F460F000
|
heap
|
page read and write
|
||
|
2E0B5B41000
|
heap
|
page read and write
|
||
|
15CA0000
|
trusted library allocation
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
2C53000
|
heap
|
page read and write
|
||
|
2E0B6064000
|
unkown
|
page read and write
|
||
|
54CC000
|
heap
|
page read and write
|
||
|
1A699F2D000
|
unkown
|
page read and write
|
There are 727 hidden memdumps, click here to show them.