Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
nft438A5fN.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\Public\Libraries\Wuqtggvo
|
OpenPGP Public Key
|
dropped
|
|
|
|
C:\Users\Public\Libraries\Wuqtggvo.PIF
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Libraries\ovggtquW.cmd
|
DOS batch file, Unicode text, UTF-8 text, with very long lines (324), with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\Public\Wuqtggvo.url
|
MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Wuqtggvo.PIF">), ASCII text, with CRLF line
terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SndVol.exe_2a34d4499138a07f93f374c737745cafe30b7df_15f2fd1e_2ed2e291-1011-42c6-840c-dbd314cdf520\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SndVol.exe_30a7c05382919c22758b99127e1564cf8a12d6a0_15f2fd1e_6f6af954-d08e-4f2a-95c1-614b15e172ca\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_colorcpl.exe_175fe811589184573733f29f8d90926c9d3acb6_ddba1c1d_896fd093-19ca-4a1e-8301-677a8a25e309\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_colorcpl.exe_3c3ed7f6d1b6f2b663d0a68a61f2223ae3ea1ea_ddba1c1d_100e9fa7-8485-408d-890e-a42f32003c03\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_colorcpl.exe_e08f44738a680ff1812c472f8c239d2dca1238f_ddba1c1d_97cf7208-2971-4814-be7b-50919cf9034b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_colorcpl.exe_e08f44738a680ff1812c472f8c239d2dca1238f_ddba1c1d_dae9bb0e-fa00-4fd8-8cf0-dc60dd63b84a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER810D.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Nov 26 07:12:26 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER82C3.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8322.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB2A.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Nov 26 07:12:37 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAC44.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERACE2.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB5F8.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Nov 26 07:12:39 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB695.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB6C5.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC2C9.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Nov 26 07:12:43 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC3B4.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC3F4.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD29.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Nov 26 07:12:45 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCE53.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCE73.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE351.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Nov 26 07:12:51 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE40E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE42E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Libraries\PNO
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\alpha.pif
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\Public\xpha.pif
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
There are 25 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\nft438A5fN.exe
|
"C:\Users\user\Desktop\nft438A5fN.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\ovggtquW.cmd" "
|
|
|
|
C:\Windows\SysWOW64\esentutl.exe
|
C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o
|
|
|
|
C:\Windows\SysWOW64\esentutl.exe
|
C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o
|
|
|
|
C:\Users\Public\alpha.pif
|
C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows "
|
|
|
|
C:\Windows\SysWOW64\esentutl.exe
|
C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\Desktop\nft438A5fN.exe /d C:\\Users\\Public\\Libraries\\Wuqtggvo.PIF
/o
|
|
|
|
C:\Users\Public\alpha.pif
|
C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64"
|
|
|
|
C:\Windows\SysWOW64\colorcpl.exe
|
C:\Windows\System32\colorcpl.exe
|
|
|
|
C:\Users\Public\alpha.pif
|
C:\\Users\\Public\\alpha.pif /c C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
|
|
|
|
C:\Users\Public\xpha.pif
|
C:\\Users\\Public\\xpha.pif 127.0.0.1 -n 10
|
|
|
|
C:\Users\Public\Libraries\Wuqtggvo.PIF
|
"C:\Users\Public\Libraries\Wuqtggvo.PIF"
|
|
|
|
C:\Windows\SysWOW64\colorcpl.exe
|
C:\Windows\System32\colorcpl.exe
|
|
|
|
C:\Users\Public\alpha.pif
|
C:\\Users\\Public\\alpha.pif /c del "C:\Users\Public\xpha.pif"
|
|
|
|
C:\Users\Public\alpha.pif
|
C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \SysWOW64
|
|
|
|
C:\Users\Public\alpha.pif
|
C:\\Users\\Public\\alpha.pif /c rmdir "C:\Windows \"
|
|
|
|
C:\Users\Public\Libraries\Wuqtggvo.PIF
|
"C:\Users\Public\Libraries\Wuqtggvo.PIF"
|
|
|
|
C:\Windows\SysWOW64\SndVol.exe
|
C:\Windows\System32\SndVol.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 652
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 668
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 660
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 676
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 608
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 624
|
There are 15 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
unknown
|
||
|
https://drive.usercontent.google.com/dow
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
https://drive.usercontent.google.com:443/download?id=1dnXhBmgnD9HLHSDJbmDBCMsTIXqIwKdiX?
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
|
unknown
|
||
|
https://drive.usercontent.google.com/download?id=1dnXhBmgnD9HLHSDJbmDBCMsTIXqIwKdi
|
142.250.181.129
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://www.pmail.com
|
unknown
|
||
|
http://ocsp.sectigo.com0C
|
unknown
|
||
|
https://drive.usercontent.google.com/t
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.usercontent.google.com
|
142.250.181.129
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.181.129
|
drive.usercontent.google.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Wuqtggvo
|
|
|
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
ProgramId
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
FileId
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
LongPathHash
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
Name
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
OriginalFileName
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
Publisher
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
Version
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
BinFileVersion
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
BinaryType
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
ProductName
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
ProductVersion
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
LinkDate
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
BinProductVersion
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
Size
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
Language
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
IsOsComponent
|
||
|
\REGISTRY\A\{d4d87a8b-f5c9-89e9-ac1f-efe6783adc82}\Root\InventoryApplicationFile\colorcpl.exe|96dc59bdd2c9d72a
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00B8F8B0D2B
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00B8F8B0D2B
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3200000
|
remote allocation
|
page execute and read and write
|
|
|
|
2E80000
|
remote allocation
|
page execute and read and write
|
|
|
|
2D17000
|
direct allocation
|
page execute and read and write
|
|
|
|
7E810000
|
direct allocation
|
page read and write
|
|
|
|
3290000
|
remote allocation
|
page execute and read and write
|
|
|
|
2740000
|
heap
|
page read and write
|
||
|
2CBE000
|
direct allocation
|
page read and write
|
||
|
6E000
|
unkown
|
page read and write
|
||
|
2FAE000
|
stack
|
page read and write
|
||
|
5250000
|
heap
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
3042000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
2B24000
|
heap
|
page read and write
|
||
|
3A53F000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
295E000
|
heap
|
page read and write
|
||
|
7F310000
|
direct allocation
|
page read and write
|
||
|
2BA10000
|
heap
|
page read and write
|
||
|
8A000
|
unkown
|
page readonly
|
||
|
3042000
|
heap
|
page read and write
|
||
|
7EC80000
|
direct allocation
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
826000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
1CF000
|
stack
|
page read and write
|
||
|
3025000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
7EBE0000
|
direct allocation
|
page read and write
|
||
|
303F000
|
heap
|
page read and write
|
||
|
540C000
|
heap
|
page read and write
|
||
|
2B3D000
|
stack
|
page read and write
|
||
|
540C000
|
heap
|
page read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
4B4000
|
heap
|
page read and write
|
||
|
396D3000
|
direct allocation
|
page read and write
|
||
|
287A000
|
direct allocation
|
page read and write
|
||
|
39E2E000
|
stack
|
page read and write
|
||
|
3A563000
|
heap
|
page read and write
|
||
|
3041000
|
heap
|
page read and write
|
||
|
7EA50000
|
direct allocation
|
page read and write
|
||
|
38B0000
|
heap
|
page read and write
|
||
|
8A000
|
unkown
|
page readonly
|
||
|
884000
|
heap
|
page read and write
|
||
|
32EF000
|
stack
|
page read and write
|
||
|
3025000
|
heap
|
page read and write
|
||
|
7E700000
|
direct allocation
|
page read and write
|
||
|
250E000
|
stack
|
page read and write
|
||
|
7FD90000
|
direct allocation
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
23E3000
|
direct allocation
|
page read and write
|
||
|
3062000
|
heap
|
page read and write
|
||
|
7EB50000
|
direct allocation
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
20D1E000
|
stack
|
page read and write
|
||
|
7E630000
|
direct allocation
|
page read and write
|
||
|
7E9C0000
|
direct allocation
|
page read and write
|
||
|
87E000
|
stack
|
page read and write
|
||
|
6E000
|
unkown
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3AD40000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
468000
|
unkown
|
page read and write
|
||
|
741000
|
heap
|
page read and write
|
||
|
2290000
|
direct allocation
|
page read and write
|
||
|
22B0000
|
heap
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
288E000
|
stack
|
page read and write
|
||
|
6E000
|
unkown
|
page write copy
|
||
|
41000
|
unkown
|
page execute read
|
||
|
4C5000
|
heap
|
page read and write
|
||
|
2282000
|
direct allocation
|
page read and write
|
||
|
7FC20000
|
direct allocation
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3304000
|
remote allocation
|
page execute and read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
6E000
|
unkown
|
page write copy
|
||
|
22C3000
|
direct allocation
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
2C9E000
|
stack
|
page read and write
|
||
|
3A738000
|
heap
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
247D000
|
stack
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
2ACFE000
|
stack
|
page read and write
|
||
|
7FC30000
|
direct allocation
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
7FC70000
|
direct allocation
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
2915000
|
heap
|
page read and write
|
||
|
3AD50000
|
trusted library allocation
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
2E5A000
|
heap
|
page read and write
|
||
|
6E000
|
unkown
|
page read and write
|
||
|
8E000
|
unkown
|
page readonly
|
||
|
2A794000
|
direct allocation
|
page read and write
|
||
|
3A6CF000
|
stack
|
page read and write
|
||
|
2322000
|
direct allocation
|
page read and write
|
||
|
2371000
|
direct allocation
|
page read and write
|
||
|
2BD50000
|
heap
|
page read and write
|
||
|
23D0000
|
heap
|
page read and write
|
||
|
3960E000
|
direct allocation
|
page read and write
|
||
|
3024000
|
heap
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
3A534000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
3051000
|
heap
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
27DD000
|
stack
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
2C3E000
|
direct allocation
|
page read and write
|
||
|
330F000
|
stack
|
page read and write
|
||
|
39AEF000
|
stack
|
page read and write
|
||
|
8A000
|
unkown
|
page readonly
|
||
|
3052000
|
heap
|
page read and write
|
||
|
5850000
|
direct allocation
|
page read and write
|
||
|
303F000
|
heap
|
page read and write
|
||
|
28DA000
|
direct allocation
|
page read and write
|
||
|
31AF000
|
stack
|
page read and write
|
||
|
735000
|
heap
|
page read and write
|
||
|
8A000
|
unkown
|
page readonly
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
2A7AA000
|
direct allocation
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
41000
|
unkown
|
page execute read
|
||
|
4AA000
|
heap
|
page read and write
|
||
|
3A6AF000
|
heap
|
page read and write
|
||
|
303F000
|
heap
|
page read and write
|
||
|
2D3F000
|
stack
|
page read and write
|
||
|
2B8FF000
|
stack
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
2C11000
|
direct allocation
|
page execute read
|
||
|
381F000
|
stack
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
8A000
|
unkown
|
page readonly
|
||
|
200E0000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
4CB000
|
heap
|
page read and write
|
||
|
2A8FF000
|
stack
|
page read and write
|
||
|
8E000
|
unkown
|
page readonly
|
||
|
3A58E000
|
stack
|
page execute and read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
2873000
|
direct allocation
|
page read and write
|
||
|
256E000
|
stack
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
28BC000
|
heap
|
page read and write
|
||
|
7EAC0000
|
direct allocation
|
page read and write
|
||
|
39FA0000
|
remote allocation
|
page read and write
|
||
|
2F74000
|
remote allocation
|
page execute and read and write
|
||
|
2E0B000
|
direct allocation
|
page execute and read and write
|
||
|
3024000
|
heap
|
page read and write
|
||
|
254E000
|
stack
|
page read and write
|
||
|
468000
|
unkown
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
4CD000
|
heap
|
page read and write
|
||
|
3024000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
28E1000
|
direct allocation
|
page read and write
|
||
|
3A458000
|
heap
|
page read and write
|
||
|
A80000
|
direct allocation
|
page read and write
|
||
|
3A290000
|
heap
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
9B000
|
stack
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
4B5000
|
heap
|
page read and write
|
||
|
6E000
|
unkown
|
page read and write
|
||
|
303F000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
2ACE000
|
stack
|
page execute and read and write
|
||
|
74E000
|
stack
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
53EB000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
3AAFE000
|
stack
|
page read and write
|
||
|
7EB40000
|
direct allocation
|
page read and write
|
||
|
7EF8F000
|
direct allocation
|
page read and write
|
||
|
883000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
23F1000
|
direct allocation
|
page read and write
|
||
|
3A6BC000
|
direct allocation
|
page read and write
|
||
|
F6000
|
unkown
|
page readonly
|
||
|
72000
|
unkown
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
7F140000
|
direct allocation
|
page read and write
|
||
|
5260000
|
heap
|
page read and write
|
||
|
3024000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
3061000
|
heap
|
page read and write
|
||
|
A96000
|
heap
|
page read and write
|
||
|
2ACA000
|
stack
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
2C95000
|
direct allocation
|
page read and write
|
||
|
3A9BE000
|
stack
|
page read and write
|
||
|
2AA3F000
|
stack
|
page read and write
|
||
|
2C41000
|
direct allocation
|
page execute read
|
||
|
45D000
|
unkown
|
page write copy
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
303F000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
7FCCC000
|
direct allocation
|
page read and write
|
||
|
2ABBE000
|
stack
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
2563000
|
heap
|
page read and write
|
||
|
8E000
|
unkown
|
page readonly
|
||
|
B8C000
|
stack
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
5050000
|
trusted library allocation
|
page read and write
|
||
|
303F000
|
heap
|
page read and write
|
||
|
7F140000
|
direct allocation
|
page read and write
|
||
|
2BB6F000
|
stack
|
page read and write
|
||
|
4F5D000
|
stack
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
2C32000
|
heap
|
page read and write
|
||
|
3308000
|
remote allocation
|
page execute and read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
7FB3F000
|
direct allocation
|
page read and write
|
||
|
2EFA000
|
heap
|
page read and write
|
||
|
3A84E000
|
stack
|
page read and write
|
||
|
23EA000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
2378000
|
direct allocation
|
page read and write
|
||
|
2363000
|
direct allocation
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
5CA0000
|
trusted library allocation
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
9F6000
|
heap
|
page read and write
|
||
|
2420000
|
direct allocation
|
page execute and read and write
|
||
|
8A000
|
unkown
|
page readonly
|
||
|
550F000
|
stack
|
page read and write
|
||
|
41000
|
unkown
|
page execute read
|
||
|
399EF000
|
stack
|
page read and write
|
||
|
32F4000
|
remote allocation
|
page execute and read and write
|
||
|
6E000
|
unkown
|
page read and write
|
||
|
4C5000
|
heap
|
page read and write
|
||
|
7E910000
|
direct allocation
|
page read and write
|
||
|
7F240000
|
direct allocation
|
page read and write
|
||
|
6E000
|
unkown
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
39FA0000
|
remote allocation
|
page read and write
|
||
|
2410000
|
heap
|
page read and write
|
||
|
7FC9F000
|
direct allocation
|
page read and write
|
||
|
3A315000
|
heap
|
page read and write
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
F6000
|
unkown
|
page readonly
|
||
|
E2C000
|
stack
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
3025000
|
heap
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
7FC20000
|
direct allocation
|
page read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
22350000
|
heap
|
page read and write
|
||
|
2EF8000
|
remote allocation
|
page execute and read and write
|
||
|
3046000
|
heap
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
2EF4000
|
remote allocation
|
page execute and read and write
|
||
|
7FC20000
|
direct allocation
|
page read and write
|
||
|
68E000
|
stack
|
page read and write
|
||
|
7F100000
|
direct allocation
|
page read and write
|
||
|
7EC80000
|
direct allocation
|
page read and write
|
||
|
4CD000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
7FC20000
|
direct allocation
|
page read and write
|
||
|
7F440000
|
direct allocation
|
page read and write
|
||
|
22B4000
|
direct allocation
|
page read and write
|
||
|
8A000
|
unkown
|
page readonly
|
||
|
2346000
|
direct allocation
|
page read and write
|
||
|
82C000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3DF000
|
stack
|
page read and write
|
||
|
2ADE000
|
stack
|
page read and write
|
||
|
4B4000
|
heap
|
page read and write
|
||
|
97D000
|
stack
|
page read and write
|
||
|
7CE000
|
stack
|
page read and write
|
||
|
27AF000
|
stack
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
23E0000
|
trusted library allocation
|
page read and write
|
||
|
3A48C000
|
stack
|
page read and write
|
||
|
8E000
|
unkown
|
page readonly
|
||
|
39CED000
|
stack
|
page read and write
|
||
|
7F14A000
|
direct allocation
|
page read and write
|
||
|
397EF000
|
stack
|
page read and write
|
||
|
6E000
|
unkown
|
page write copy
|
||
|
236A000
|
direct allocation
|
page read and write
|
||
|
2A78D000
|
direct allocation
|
page read and write
|
||
|
2C97000
|
direct allocation
|
page execute and read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
362A000
|
heap
|
page read and write
|
||
|
53D0000
|
heap
|
page read and write
|
||
|
7F310000
|
direct allocation
|
page read and write
|
||
|
F4000
|
unkown
|
page write copy
|
||
|
620000
|
heap
|
page read and write
|
||
|
7EAD2000
|
direct allocation
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
22D8000
|
direct allocation
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3A58F000
|
stack
|
page read and write
|
||
|
BCD000
|
stack
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
4B4000
|
heap
|
page read and write
|
||
|
26DD000
|
stack
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
540C000
|
heap
|
page read and write
|
||
|
4C5000
|
heap
|
page read and write
|
||
|
396C4000
|
direct allocation
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
303F000
|
heap
|
page read and write
|
||
|
3024000
|
heap
|
page read and write
|
||
|
7F440000
|
direct allocation
|
page read and write
|
||
|
7E7D0000
|
direct allocation
|
page read and write
|
||
|
7EA30000
|
direct allocation
|
page read and write
|
||
|
3A538000
|
heap
|
page read and write
|
||
|
303F000
|
heap
|
page read and write
|
||
|
46C000
|
unkown
|
page write copy
|
||
|
303F000
|
heap
|
page read and write
|
||
|
3A5CE000
|
stack
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
2D8F000
|
direct allocation
|
page execute and read and write
|
||
|
7FAB0000
|
direct allocation
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
25AA000
|
heap
|
page read and write
|
||
|
209E7000
|
heap
|
page read and write
|
||
|
20040000
|
heap
|
page read and write
|
||
|
87F000
|
stack
|
page read and write
|
||
|
7FAD0000
|
direct allocation
|
page read and write
|
||
|
A20000
|
direct allocation
|
page execute and read and write
|
||
|
3051000
|
heap
|
page read and write
|
||
|
5406000
|
heap
|
page read and write
|
||
|
DA000
|
stack
|
page read and write
|
||
|
2002E000
|
stack
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
29B3000
|
heap
|
page read and write
|
||
|
53BE000
|
stack
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
645000
|
heap
|
page read and write
|
||
|
3A94F000
|
stack
|
page read and write
|
||
|
7FC20000
|
direct allocation
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
7EAE0000
|
direct allocation
|
page read and write
|
||
|
3026000
|
heap
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
41000
|
unkown
|
page execute read
|
||
|
3052000
|
heap
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
3025000
|
heap
|
page read and write
|
||
|
3AABF000
|
stack
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
327D000
|
stack
|
page read and write
|
||
|
3026000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
65D000
|
heap
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
323C000
|
stack
|
page read and write
|
||
|
23D4000
|
direct allocation
|
page read and write
|
||
|
5406000
|
heap
|
page read and write
|
||
|
3A0EF000
|
stack
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
7EF00000
|
direct allocation
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
340E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3024000
|
heap
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
2800000
|
heap
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
2AA7E000
|
stack
|
page read and write
|
||
|
2C91000
|
direct allocation
|
page execute read
|
||
|
524E000
|
stack
|
page read and write
|
||
|
2410000
|
direct allocation
|
page execute and read and write
|
||
|
2DA000
|
stack
|
page read and write
|
||
|
7E910000
|
direct allocation
|
page read and write
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
2696000
|
heap
|
page read and write
|
||
|
4CD000
|
heap
|
page read and write
|
||
|
8E000
|
unkown
|
page readonly
|
||
|
284F000
|
stack
|
page read and write
|
||
|
2A7B8000
|
direct allocation
|
page read and write
|
||
|
85B000
|
heap
|
page read and write
|
||
|
6E000
|
unkown
|
page write copy
|
||
|
345E000
|
stack
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
70E000
|
stack
|
page read and write
|
||
|
396E1000
|
direct allocation
|
page read and write
|
||
|
39D2E000
|
stack
|
page read and write
|
||
|
537F000
|
stack
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
9D000
|
stack
|
page read and write
|
||
|
82C000
|
heap
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
2AB7F000
|
stack
|
page read and write
|
||
|
8E000
|
unkown
|
page readonly
|
||
|
8E000
|
unkown
|
page readonly
|
||
|
618000
|
heap
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
303F000
|
heap
|
page read and write
|
||
|
209E0000
|
heap
|
page read and write
|
||
|
8E000
|
unkown
|
page readonly
|
||
|
3025000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
468000
|
unkown
|
page read and write
|
||
|
320F000
|
stack
|
page read and write
|
||
|
7FC20000
|
direct allocation
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
2E0F000
|
stack
|
page read and write
|
||
|
28B6000
|
direct allocation
|
page read and write
|
||
|
7EA2F000
|
direct allocation
|
page read and write
|
||
|
7FC20000
|
direct allocation
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
278E000
|
stack
|
page read and write
|
||
|
3A510000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
540C000
|
heap
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
53F5000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
39BEF000
|
stack
|
page read and write
|
||
|
3A4F1000
|
heap
|
page read and write
|
||
|
7EEF0000
|
direct allocation
|
page read and write
|
||
|
7F900000
|
direct allocation
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
2CC3000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
290E000
|
stack
|
page read and write
|
||
|
3A56C000
|
heap
|
page read and write
|
||
|
397EE000
|
stack
|
page execute and read and write
|
||
|
8FF000
|
stack
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
3AC3E000
|
stack
|
page read and write
|
||
|
303F000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
23DC000
|
direct allocation
|
page read and write
|
||
|
980000
|
direct allocation
|
page read and write
|
||
|
7E99F000
|
direct allocation
|
page read and write
|
||
|
41000
|
unkown
|
page execute read
|
||
|
2410000
|
heap
|
page read and write
|
||
|
7FA30000
|
direct allocation
|
page read and write
|
||
|
8E000
|
unkown
|
page readonly
|
||
|
80E000
|
heap
|
page read and write
|
||
|
3A8E6000
|
heap
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
78F000
|
stack
|
page read and write
|
||
|
7FC6F000
|
direct allocation
|
page read and write
|
||
|
77E000
|
stack
|
page read and write
|
||
|
7EB8F000
|
direct allocation
|
page read and write
|
||
|
8CF000
|
heap
|
page read and write
|
||
|
41000
|
unkown
|
page execute read
|
||
|
5406000
|
heap
|
page read and write
|
||
|
28BD000
|
direct allocation
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
2008F000
|
stack
|
page read and write
|
||
|
4CD000
|
heap
|
page read and write
|
||
|
2CC7000
|
direct allocation
|
page execute and read and write
|
||
|
2A9A000
|
heap
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
3A170000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
7EB8F000
|
direct allocation
|
page read and write
|
||
|
2ACBE000
|
stack
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
4F9B000
|
stack
|
page read and write
|
||
|
27DE000
|
stack
|
page read and write
|
||
|
3A17F000
|
heap
|
page read and write
|
||
|
3024000
|
heap
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
2520000
|
heap
|
page read and write
|
||
|
2560000
|
heap
|
page read and write
|
||
|
F1000
|
unkown
|
page execute read
|
||
|
8CB000
|
heap
|
page read and write
|
||
|
8E000
|
unkown
|
page readonly
|
||
|
7F150000
|
direct allocation
|
page read and write
|
||
|
30EF000
|
stack
|
page read and write
|
||
|
3025000
|
heap
|
page read and write
|
||
|
7E9A0000
|
direct allocation
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
2B8BE000
|
stack
|
page read and write
|
||
|
7F900000
|
direct allocation
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
8E000
|
unkown
|
page readonly
|
||
|
7E930000
|
direct allocation
|
page read and write
|
||
|
2BB2E000
|
stack
|
page read and write
|
||
|
20830000
|
heap
|
page read and write
|
||
|
8CE000
|
stack
|
page read and write
|
||
|
41000
|
unkown
|
page execute read
|
||
|
2570000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
28A8000
|
direct allocation
|
page read and write
|
||
|
626000
|
heap
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
4F99000
|
stack
|
page read and write
|
||
|
2F2A000
|
heap
|
page read and write
|
||
|
3ABFE000
|
stack
|
page read and write
|
||
|
39FA0000
|
remote allocation
|
page read and write
|
||
|
249C000
|
stack
|
page read and write
|
||
|
23CD000
|
direct allocation
|
page read and write
|
||
|
879000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
2B3F000
|
stack
|
page read and write
|
||
|
32FD000
|
stack
|
page read and write
|
||
|
2B0E000
|
stack
|
page read and write
|
||
|
395DE000
|
direct allocation
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
4CB000
|
heap
|
page read and write
|
||
|
70A000
|
heap
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
294A000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
7FCAF000
|
direct allocation
|
page read and write
|
||
|
7F240000
|
direct allocation
|
page read and write
|
||
|
3A2A5000
|
heap
|
page read and write
|
||
|
2A6E000
|
stack
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
3051000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3274000
|
remote allocation
|
page execute and read and write
|
||
|
46A000
|
unkown
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
2790000
|
heap
|
page read and write
|
||
|
5406000
|
heap
|
page read and write
|
||
|
398EF000
|
stack
|
page read and write
|
||
|
6E000
|
unkown
|
page write copy
|
||
|
20870000
|
heap
|
page read and write
|
||
|
3024000
|
heap
|
page read and write
|
||
|
7E90F000
|
direct allocation
|
page read and write
|
||
|
3041000
|
heap
|
page read and write
|
||
|
F0000
|
unkown
|
page readonly
|
||
|
7EFC0000
|
direct allocation
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
2ADFF000
|
stack
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
3052000
|
heap
|
page read and write
|
||
|
2A93E000
|
stack
|
page read and write
|
||
|
4AA000
|
heap
|
page read and write
|
||
|
8A000
|
unkown
|
page readonly
|
||
|
3025000
|
heap
|
page read and write
|
||
|
7EC80000
|
direct allocation
|
page read and write
|
||
|
3278000
|
remote allocation
|
page execute and read and write
|
||
|
8A000
|
unkown
|
page readonly
|
||
|
3042000
|
heap
|
page read and write
|
||
|
2395000
|
direct allocation
|
page read and write
|
||
|
2B9F8000
|
heap
|
page read and write
|
||
|
396DA000
|
direct allocation
|
page read and write
|
||
|
2A77F000
|
direct allocation
|
page read and write
|
||
|
3A567000
|
heap
|
page read and write
|
||
|
28CE000
|
stack
|
page read and write
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
27EE000
|
stack
|
page read and write
|
||
|
3024000
|
heap
|
page read and write
|
||
|
396A8000
|
direct allocation
|
page read and write
|
||
|
1FFDF000
|
stack
|
page read and write
|
||
|
28D3000
|
direct allocation
|
page read and write
|
||
|
2690000
|
heap
|
page read and write
|
||
|
8A000
|
unkown
|
page readonly
|
||
|
2A7A3000
|
direct allocation
|
page read and write
|
||
|
28E8000
|
direct allocation
|
page read and write
|
||
|
F4000
|
unkown
|
page read and write
|
||
|
471000
|
unkown
|
page readonly
|
||
|
7FC30000
|
direct allocation
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
28C4000
|
direct allocation
|
page read and write
|
||
|
358F000
|
stack
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
396BD000
|
direct allocation
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
3A58A000
|
stack
|
page read and write
|
||
|
2ACE000
|
stack
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
3A80F000
|
stack
|
page read and write
|
||
|
2354000
|
direct allocation
|
page read and write
|
||
|
2590000
|
heap
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
70E000
|
heap
|
page read and write
|
||
|
23BC000
|
stack
|
page read and write
|
||
|
7EB8F000
|
direct allocation
|
page read and write
|
||
|
342F000
|
stack
|
page read and write
|
||
|
8A000
|
unkown
|
page readonly
|
||
|
3024000
|
heap
|
page read and write
|
||
|
3A2A7000
|
heap
|
page read and write
|
||
|
2330000
|
direct allocation
|
page read and write
|
||
|
395B0000
|
direct allocation
|
page read and write
|
||
|
2B900000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
22BC000
|
direct allocation
|
page read and write
|
||
|
2ACF000
|
stack
|
page read and write
|
||
|
2A3D000
|
stack
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
68E000
|
stack
|
page read and write
|
||
|
22D1000
|
direct allocation
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
53EA000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
46A000
|
unkown
|
page read and write
|
||
|
6E000
|
unkown
|
page write copy
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
2B9F0000
|
heap
|
page read and write
|
||
|
303F000
|
heap
|
page read and write
|
||
|
7F1D0000
|
direct allocation
|
page read and write
|
||
|
498000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
41000
|
unkown
|
page execute read
|
||
|
303E000
|
heap
|
page read and write
|
||
|
3025000
|
heap
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
7FC50000
|
direct allocation
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
234D000
|
direct allocation
|
page read and write
|
||
|
29D000
|
stack
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
39FEE000
|
stack
|
page read and write
|
||
|
3A4FC000
|
heap
|
page read and write
|
||
|
39E6E000
|
stack
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page read and write
|
||
|
209CF000
|
stack
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
2E0E000
|
direct allocation
|
page execute and read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
3052000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
22310000
|
heap
|
page read and write
|
||
|
7F20F000
|
direct allocation
|
page read and write
|
||
|
7EB40000
|
direct allocation
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
20840000
|
heap
|
page read and write
|
||
|
3025000
|
heap
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
F1000
|
unkown
|
page execute read
|
||
|
4AC000
|
heap
|
page read and write
|
||
|
3AD3F000
|
stack
|
page read and write
|
||
|
2C65000
|
direct allocation
|
page read and write
|
||
|
7F440000
|
direct allocation
|
page read and write
|
||
|
82C000
|
heap
|
page read and write
|
||
|
45D000
|
unkown
|
page read and write
|
||
|
140000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
4CB000
|
heap
|
page read and write
|
||
|
7FC20000
|
direct allocation
|
page read and write
|
||
|
7E8A0000
|
direct allocation
|
page read and write
|
||
|
2E4F000
|
stack
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
396A0000
|
direct allocation
|
page read and write
|
||
|
7FC20000
|
direct allocation
|
page read and write
|
||
|
396AF000
|
direct allocation
|
page read and write
|
||
|
41000
|
unkown
|
page execute read
|
||
|
303F000
|
heap
|
page read and write
|
||
|
2C93000
|
direct allocation
|
page read and write
|
||
|
3A730000
|
trusted library allocation
|
page read and write
|
||
|
53D9000
|
heap
|
page read and write
|
||
|
8E000
|
unkown
|
page readonly
|
||
|
9B000
|
stack
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
259F000
|
heap
|
page read and write
|
||
|
7ECF0000
|
direct allocation
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
3026000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
3AD5F000
|
trusted library allocation
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
19D000
|
stack
|
page read and write
|
||
|
7FCD0000
|
direct allocation
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
4AC000
|
heap
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
2F8D000
|
stack
|
page read and write
|
||
|
2CEE000
|
stack
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
2C90000
|
direct allocation
|
page readonly
|
||
|
28AF000
|
direct allocation
|
page read and write
|
||
|
826000
|
heap
|
page read and write
|
||
|
397EA000
|
stack
|
page read and write
|
||
|
39F6E000
|
stack
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
3A183000
|
heap
|
page read and write
|
||
|
2400000
|
heap
|
page read and write
|
||
|
22AD000
|
direct allocation
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3026000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
2C6E000
|
direct allocation
|
page read and write
|
||
|
31EE000
|
stack
|
page read and write
|
||
|
4CB000
|
heap
|
page read and write
|
||
|
7EF00000
|
direct allocation
|
page read and write
|
||
|
5580000
|
heap
|
page read and write
|
||
|
7EC70000
|
direct allocation
|
page read and write
|
||
|
A33000
|
heap
|
page read and write
|
||
|
23DD000
|
stack
|
page read and write
|
||
|
7EB20000
|
direct allocation
|
page read and write
|
||
|
2AD3000
|
heap
|
page read and write
|
||
|
320F000
|
unkown
|
page read and write
|
||
|
3062000
|
heap
|
page read and write
|
||
|
2B9D000
|
stack
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3A73F000
|
trusted library allocation
|
page read and write
|
||
|
396B6000
|
direct allocation
|
page read and write
|
||
|
3025000
|
heap
|
page read and write
|
||
|
22CA000
|
direct allocation
|
page read and write
|
||
|
2A7FE000
|
stack
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
7FC60000
|
direct allocation
|
page read and write
|
||
|
2D8B000
|
direct allocation
|
page execute and read and write
|
||
|
7E918000
|
direct allocation
|
page read and write
|
||
|
2A786000
|
direct allocation
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
826000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
A2E000
|
unkown
|
page read and write
|
||
|
3062000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
45D000
|
unkown
|
page read and write
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
3051000
|
heap
|
page read and write
|
||
|
3024000
|
heap
|
page read and write
|
||
|
23F8000
|
direct allocation
|
page read and write
|
||
|
9DF000
|
stack
|
page read and write
|
||
|
2AFD000
|
stack
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
38C0000
|
heap
|
page read and write
|
||
|
3384000
|
remote allocation
|
page execute and read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
396CC000
|
direct allocation
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3A4F0000
|
heap
|
page read and write
|
||
|
301B000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
8A000
|
unkown
|
page readonly
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
20100000
|
heap
|
page read and write
|
||
|
3A530000
|
heap
|
page read and write
|
||
|
3A5E0000
|
heap
|
page read and write
|
||
|
7F1AF000
|
direct allocation
|
page read and write
|
||
|
235C000
|
direct allocation
|
page read and write
|
||
|
7E888000
|
direct allocation
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
7F150000
|
direct allocation
|
page read and write
|
||
|
41000
|
unkown
|
page execute read
|
||
|
750000
|
heap
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
3042000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
2A70A000
|
direct allocation
|
page read and write
|
||
|
45D000
|
unkown
|
page read and write
|
||
|
2859000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7F900000
|
direct allocation
|
page read and write
|
||
|
283A000
|
direct allocation
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
540C000
|
heap
|
page read and write
|
||
|
26FD000
|
stack
|
page read and write
|
||
|
39626000
|
direct allocation
|
page read and write
|
||
|
53F5000
|
heap
|
page read and write
|
||
|
24BD000
|
stack
|
page read and write
|
||
|
3A70E000
|
stack
|
page read and write
|
||
|
2DBB000
|
direct allocation
|
page execute and read and write
|
||
|
39E000
|
stack
|
page read and write
|
||
|
41000
|
unkown
|
page execute read
|
||
|
2098E000
|
stack
|
page read and write
|
||
|
DEC000
|
stack
|
page read and write
|
||
|
3051000
|
heap
|
page read and write
|
||
|
7F080000
|
direct allocation
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
7FC20000
|
direct allocation
|
page read and write
|
||
|
3025000
|
heap
|
page read and write
|
||
|
7EB40000
|
direct allocation
|
page read and write
|
||
|
3024000
|
heap
|
page read and write
|
||
|
2C1A000
|
heap
|
page read and write
|
||
|
7F9000
|
heap
|
page read and write
|
||
|
7F0E0000
|
direct allocation
|
page read and write
|
||
|
200E8000
|
heap
|
page read and write
|
||
|
7FB60000
|
direct allocation
|
page read and write
|
||
|
3A56D000
|
heap
|
page read and write
|
||
|
2911000
|
heap
|
page read and write
|
||
|
20D5E000
|
stack
|
page read and write
|
||
|
396E8000
|
direct allocation
|
page read and write
|
||
|
81E000
|
stack
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
41000
|
unkown
|
page execute read
|
||
|
23B0000
|
direct allocation
|
page read and write
|
||
|
3024000
|
heap
|
page read and write
|
||
|
303F000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
F0000
|
unkown
|
page readonly
|
||
|
82C000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
3620000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
2A7B1000
|
direct allocation
|
page read and write
|
||
|
6CE000
|
stack
|
page read and write
|
||
|
23EF000
|
trusted library allocation
|
page read and write
|
||
|
303E000
|
heap
|
page read and write
|
||
|
3052000
|
heap
|
page read and write
|
||
|
293D000
|
stack
|
page read and write
|
There are 838 hidden memdumps, click here to show them.