Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
AutoHotkey_2.0.12_setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
initial sample
|
 |
|
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey64.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\Templates\Minimal for v2.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\WindowSpy.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\inc\CommandLineToArgs.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\inc\CreateAppShortcut.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\inc\EnableUIAccess.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\inc\GetGitHubReleaseAssetURL.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\inc\HashFile.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\inc\README.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\inc\ShellRun.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\inc\bounce-v1.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\inc\common.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\inc\config.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\inc\identify.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\inc\identify_regex.ahk
|
ASCII text, with very long lines (3982), with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\inc\launcher-common.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\inc\spy.ico
|
MS Windows icon resource - 4 icons, 32x32 with PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 48x48
with PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\inc\ui-base.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\install-ahk2exe.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\install-version.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\install.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\launcher.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\reload-v1.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\reset-assoc.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\ui-dash.ahk
|
C source, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\ui-editor.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\ui-launcherconfig.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\ui-newscript.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\ui-setup.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\UX\ui-uninstall.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\license.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\v2\AutoHotkey.chm
|
MS Windows HtmlHelp Data
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\v2\AutoHotkey32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\v2\AutoHotkey32_UIA.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\v2\AutoHotkey64.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\v2\AutoHotkey64_UIA.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\v2\RCXC8B7.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\v2\RCXC9D2.tmp
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\AutoHotkey.chm
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\Install.cmd
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\Templates\Minimal for v2.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\WindowSpy.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\CommandLineToArgs.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\CreateAppShortcut.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\EnableUIAccess.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\GetGitHubReleaseAssetURL.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\HashFile.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\README.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\ShellRun.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\bounce-v1.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\common.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\config.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\identify.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\identify_regex.ahk
|
ASCII text, with very long lines (3982), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\launcher-common.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\spy.ico
|
MS Windows icon resource - 4 icons, 32x32 with PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 48x48
with PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\inc\ui-base.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install-ahk2exe.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install-version.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\install.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\launcher.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\reload-v1.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\reset-assoc.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-dash.ahk
|
C source, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-editor.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-launcherconfig.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-newscript.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-setup.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\UX\ui-uninstall.ahk
|
C source, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\WindowSpy.ahk
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\.staging\AutoHotkey_2.0.12_setup.exe\license.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\AutoHotkey\UX\installed-files.csv
|
CSV text
|
dropped
|
||
|
C:\Program Files\AutoHotkey\WindowSpy.ahk
|
C source, ASCII text
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Dash.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command
line arguments, Archive, ctime=Fri Mar 29 05:49:19 2024, mtime=Fri Mar 29 05:49:19 2024, atime=Fri Mar 29 05:49:19 2024, length=1256448,
window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Window Spy.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command
line arguments, Icon number=0, Archive, ctime=Fri Mar 29 05:49:19 2024, mtime=Fri Mar 29 05:49:20 2024, atime=Fri Mar 29 05:49:19
2024, length=1256448, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\f213bf5a8af890680781f9b7261613ea_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
There are 69 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
|
"C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe"
|
|
|
|
C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe
|
"C:\Users\user\Desktop\AutoHotkey_2.0.12_setup.exe" /to "C:\Program Files\AutoHotkey"
|
|
|
|
C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
|
"C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" "C:\Program Files\AutoHotkey\UX\reset-assoc.ahk" /check
|
|
|
|
C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe
|
"C:\Program Files\AutoHotkey\UX\AutoHotkeyUX.exe" UX\ui-dash.ahk
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://autohotkey.com/board/topic/66139-ahk-l-calculating-md5sha-checksum-from-file/
|
unknown
|
||
|
https://autohotkey.comx
|
unknown
|
||
|
https://www.autohotkey.com/download/
|
unknown
|
||
|
https://www.autohotkey.com/docs/v2/
|
unknown
|
||
|
https://www.autohotkey.com/docs/v1/
|
unknown
|
||
|
http://msdn.com/library/bb756929
|
unknown
|
||
|
https://autohotkey.com
|
unknown
|
||
|
https://api.github.com/repos/
|
unknown
|
||
|
https://autohotkey.com6122658-3693405117-2476756634-1002
|
unknown
|
||
|
https://autohotkey.comCould
|
unknown
|
||
|
https://www.autohotkey.com/docs/v2/misc/Editors.htm
|
unknown
|
There are 1 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D978374624D0A031EB7358966F389DB6A253AFD7
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
|
DisplayIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoHotkey
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\AutoHotkey
|
InstallDir
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\AutoHotkey
|
InstallCommand
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\AutoHotkey
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ahk
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ahk\ShellNew
|
Command
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ahk\PersistentHandler
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript
|
AppUserModelID
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open
|
FriendlyAppName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open\Command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Open
|
AppUserModelID
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs\Command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\RunAs
|
HasLUAShield
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess\Command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\UIAccess
|
AppUserModelID
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch\Command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Launch
|
ProgrammaticAccessOnly
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit\Command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AutoHotkeyScript\Shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
There are 30 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4C78000
|
heap
|
page read and write
|
||
|
E37000
|
heap
|
page read and write
|
||
|
1400FB000
|
unkown
|
page readonly
|
||
|
EE8000
|
heap
|
page read and write
|
||
|
4C67000
|
heap
|
page read and write
|
||
|
CF9000
|
heap
|
page read and write
|
||
|
4D01000
|
heap
|
page read and write
|
||
|
32FE000
|
heap
|
page read and write
|
||
|
4F4000
|
unkown
|
page execute and read and write
|
||
|
4CCF000
|
heap
|
page read and write
|
||
|
F00000
|
unkown
|
page read and write
|
||
|
32F6000
|
heap
|
page read and write
|
||
|
7DC000
|
stack
|
page read and write
|
||
|
140000000
|
unkown
|
page readonly
|
||
|
4C76000
|
heap
|
page read and write
|
||
|
FF2000
|
heap
|
page read and write
|
||
|
FE8000
|
heap
|
page read and write
|
||
|
48C0000
|
trusted library allocation
|
page read and write
|
||
|
7D4000
|
stack
|
page read and write
|
||
|
4C94000
|
heap
|
page read and write
|
||
|
177000
|
heap
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
D29000
|
stack
|
page read and write
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
D26000
|
stack
|
page read and write
|
||
|
62D3000
|
heap
|
page read and write
|
||
|
D35000
|
stack
|
page read and write
|
||
|
4CE0000
|
heap
|
page read and write
|
||
|
32FB000
|
heap
|
page read and write
|
||
|
4C71000
|
heap
|
page read and write
|
||
|
4D27000
|
heap
|
page read and write
|
||
|
4CB4000
|
heap
|
page read and write
|
||
|
EC4000
|
heap
|
page read and write
|
||
|
4CA7000
|
heap
|
page read and write
|
||
|
14012A000
|
unkown
|
page readonly
|
||
|
8C6000
|
unkown
|
page execute and read and write
|
||
|
5BD8000
|
heap
|
page read and write
|
||
|
4D24000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
5ADE000
|
heap
|
page read and write
|
||
|
4CEF000
|
heap
|
page read and write
|
||
|
140000000
|
unkown
|
page readonly
|
||
|
4CE9000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
FF3000
|
heap
|
page read and write
|
||
|
4CE0000
|
heap
|
page read and write
|
||
|
EBE000
|
heap
|
page read and write
|
||
|
EE8000
|
heap
|
page read and write
|
||
|
33F5000
|
heap
|
page read and write
|
||
|
4C94000
|
heap
|
page read and write
|
||
|
4D19000
|
heap
|
page read and write
|
||
|
32F1000
|
heap
|
page read and write
|
||
|
EE8000
|
heap
|
page read and write
|
||
|
4F4000
|
unkown
|
page execute and read and write
|
||
|
14011D000
|
unkown
|
page write copy
|
||
|
666000
|
unkown
|
page execute and write copy
|
||
|
32F9000
|
heap
|
page read and write
|
||
|
A2D000
|
heap
|
page read and write
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
133E000
|
stack
|
page read and write
|
||
|
4CCF000
|
heap
|
page read and write
|
||
|
9A8000
|
heap
|
page read and write
|
||
|
DE0000
|
trusted library section
|
page read and write
|
||
|
4C40000
|
heap
|
page read and write
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1FE000
|
heap
|
page read and write
|
||
|
D26000
|
stack
|
page read and write
|
||
|
DCE000
|
stack
|
page read and write
|
||
|
FEC000
|
heap
|
page read and write
|
||
|
E32000
|
heap
|
page read and write
|
||
|
14011C000
|
unkown
|
page read and write
|
||
|
4CCF000
|
heap
|
page read and write
|
||
|
7E5000
|
stack
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
4CA7000
|
heap
|
page read and write
|
||
|
4C83000
|
heap
|
page read and write
|
||
|
140122000
|
unkown
|
page write copy
|
||
|
140121000
|
unkown
|
page read and write
|
||
|
4CA7000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
4C83000
|
heap
|
page read and write
|
||
|
EBC000
|
heap
|
page read and write
|
||
|
35A0000
|
heap
|
page read and write
|
||
|
EC2000
|
heap
|
page read and write
|
||
|
33C0000
|
trusted library allocation
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
32F7000
|
heap
|
page read and write
|
||
|
5ECC000
|
stack
|
page read and write
|
||
|
4C94000
|
heap
|
page read and write
|
||
|
32F2000
|
heap
|
page read and write
|
||
|
345E000
|
stack
|
page read and write
|
||
|
140000000
|
unkown
|
page readonly
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
F42000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
93A000
|
unkown
|
page write copy
|
||
|
4C71000
|
heap
|
page read and write
|
||
|
17C8000
|
heap
|
page read and write
|
||
|
32F8000
|
heap
|
page read and write
|
||
|
4D37000
|
heap
|
page read and write
|
||
|
4CA5000
|
heap
|
page read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
14011C000
|
unkown
|
page write copy
|
||
|
4C94000
|
heap
|
page read and write
|
||
|
62D3000
|
heap
|
page read and write
|
||
|
140127000
|
unkown
|
page read and write
|
||
|
4CEF000
|
heap
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
93A000
|
unkown
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
F64000
|
heap
|
page read and write
|
||
|
4C6A000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
9F7000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
66CF000
|
stack
|
page read and write
|
||
|
4D01000
|
heap
|
page read and write
|
||
|
4CA5000
|
heap
|
page read and write
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
14012A000
|
unkown
|
page readonly
|
||
|
EBF000
|
heap
|
page read and write
|
||
|
D3C000
|
stack
|
page read and write
|
||
|
1400DF000
|
unkown
|
page readonly
|
||
|
52C0000
|
heap
|
page read and write
|
||
|
32F8000
|
heap
|
page read and write
|
||
|
349C000
|
stack
|
page read and write
|
||
|
14012A000
|
unkown
|
page readonly
|
||
|
EB3000
|
heap
|
page read and write
|
||
|
EE8000
|
heap
|
page read and write
|
||
|
90000
|
heap
|
page read and write
|
||
|
4C71000
|
heap
|
page read and write
|
||
|
16F000
|
heap
|
page read and write
|
||
|
140121000
|
unkown
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
D23000
|
stack
|
page read and write
|
||
|
A0C000
|
heap
|
page read and write
|
||
|
FF7000
|
heap
|
page read and write
|
||
|
1400FB000
|
unkown
|
page readonly
|
||
|
3465000
|
heap
|
page read and write
|
||
|
9D1000
|
heap
|
page read and write
|
||
|
4CA5000
|
heap
|
page read and write
|
||
|
7CE000
|
stack
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
F3F000
|
heap
|
page read and write
|
||
|
32FE000
|
heap
|
page read and write
|
||
|
FE3000
|
heap
|
page read and write
|
||
|
4CA5000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
32FE000
|
heap
|
page read and write
|
||
|
7CE000
|
stack
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
F64000
|
heap
|
page read and write
|
||
|
4CE9000
|
heap
|
page read and write
|
||
|
32F5000
|
heap
|
page read and write
|
||
|
171000
|
heap
|
page read and write
|
||
|
7D7000
|
stack
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
7AA000
|
unkown
|
page execute and read and write
|
||
|
4CE3000
|
heap
|
page read and write
|
||
|
EE8000
|
heap
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
8C6000
|
unkown
|
page execute and read and write
|
||
|
E00000
|
trusted library section
|
page read and write
|
||
|
4C9C000
|
heap
|
page read and write
|
||
|
173E000
|
stack
|
page read and write
|
||
|
4C94000
|
heap
|
page read and write
|
||
|
D2C000
|
stack
|
page read and write
|
||
|
D4A000
|
stack
|
page read and write
|
||
|
188000
|
heap
|
page read and write
|
||
|
7B6000
|
stack
|
page read and write
|
||
|
4CE000
|
unkown
|
page execute and read and write
|
||
|
14011D000
|
unkown
|
page write copy
|
||
|
A07000
|
heap
|
page read and write
|
||
|
32FB000
|
heap
|
page read and write
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
7F9000
|
stack
|
page read and write
|
||
|
4CA5000
|
heap
|
page read and write
|
||
|
4C94000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
1400DF000
|
unkown
|
page readonly
|
||
|
E25000
|
heap
|
page read and write
|
||
|
1002000
|
heap
|
page read and write
|
||
|
14011C000
|
unkown
|
page read and write
|
||
|
1007000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
CFC000
|
heap
|
page read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
F04000
|
heap
|
page read and write
|
||
|
100F000
|
heap
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
4CEF000
|
heap
|
page read and write
|
||
|
ED9000
|
heap
|
page read and write
|
||
|
885000
|
heap
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
4CB4000
|
heap
|
page read and write
|
||
|
4CA5000
|
heap
|
page read and write
|
||
|
2763000
|
heap
|
page read and write
|
||
|
4CA7000
|
heap
|
page read and write
|
||
|
4CE5000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
853000
|
heap
|
page read and write
|
||
|
ED9000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
315F000
|
stack
|
page read and write
|
||
|
1400DF000
|
unkown
|
page readonly
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
1400DF000
|
unkown
|
page readonly
|
||
|
4E2000
|
unkown
|
page execute and read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
100F000
|
heap
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
32F1000
|
heap
|
page read and write
|
||
|
33EA000
|
heap
|
page read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
7AA000
|
unkown
|
page execute and read and write
|
||
|
CF6000
|
heap
|
page read and write
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
4CE000
|
unkown
|
page execute and read and write
|
||
|
4CA5000
|
heap
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
140000000
|
unkown
|
page readonly
|
||
|
17C0000
|
heap
|
page read and write
|
||
|
32F6000
|
heap
|
page read and write
|
||
|
5140000
|
heap
|
page read and write
|
||
|
4CE9000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
30C4000
|
heap
|
page read and write
|
||
|
129F000
|
stack
|
page read and write
|
||
|
938000
|
unkown
|
page execute and write copy
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
EC4000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
140120000
|
unkown
|
page write copy
|
||
|
4C6F000
|
heap
|
page read and write
|
||
|
32FA000
|
heap
|
page read and write
|
||
|
4CCF000
|
heap
|
page read and write
|
||
|
54BF000
|
stack
|
page read and write
|
||
|
4CA5000
|
heap
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
EE8000
|
heap
|
page read and write
|
||
|
4CA5000
|
heap
|
page read and write
|
||
|
9CC000
|
heap
|
page read and write
|
||
|
9F7000
|
heap
|
page read and write
|
||
|
FF2000
|
heap
|
page read and write
|
||
|
F62000
|
heap
|
page read and write
|
||
|
9F7000
|
heap
|
page read and write
|
||
|
62D2000
|
heap
|
page read and write
|
||
|
32F9000
|
heap
|
page read and write
|
||
|
4CB5000
|
heap
|
page read and write
|
||
|
EBB000
|
heap
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
EB8000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
4CE0000
|
heap
|
page read and write
|
||
|
4CA7000
|
heap
|
page read and write
|
||
|
32F4000
|
heap
|
page read and write
|
||
|
EB8000
|
heap
|
page read and write
|
||
|
4CA7000
|
heap
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
EE1000
|
heap
|
page read and write
|
||
|
2FC3000
|
heap
|
page read and write
|
||
|
4D36000
|
heap
|
page read and write
|
||
|
4CCF000
|
heap
|
page read and write
|
||
|
4C43000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
FEE000
|
heap
|
page read and write
|
||
|
938000
|
unkown
|
page execute and write copy
|
||
|
115000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
4C83000
|
heap
|
page read and write
|
||
|
32FF000
|
heap
|
page read and write
|
||
|
4CCF000
|
heap
|
page read and write
|
||
|
140122000
|
unkown
|
page write copy
|
||
|
99000
|
stack
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
7AD000
|
stack
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
33C1000
|
heap
|
page read and write
|
||
|
4C68000
|
heap
|
page read and write
|
||
|
FE8000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4EC000
|
unkown
|
page execute and read and write
|
||
|
1400FB000
|
unkown
|
page readonly
|
||
|
52D0000
|
trusted library allocation
|
page read and write
|
||
|
A0000
|
heap
|
page read and write
|
||
|
4CE3000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
14012A000
|
unkown
|
page readonly
|
||
|
7D7000
|
stack
|
page read and write
|
||
|
EB3000
|
heap
|
page read and write
|
||
|
32F8000
|
heap
|
page read and write
|
||
|
527C000
|
stack
|
page read and write
|
||
|
9D1000
|
heap
|
page read and write
|
||
|
FE8000
|
heap
|
page read and write
|
||
|
93A000
|
unkown
|
page write copy
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
EB8000
|
heap
|
page read and write
|
||
|
EC4000
|
heap
|
page read and write
|
||
|
4C76000
|
heap
|
page read and write
|
||
|
4CB5000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
4D01000
|
heap
|
page read and write
|
||
|
93A000
|
unkown
|
page read and write
|
||
|
4CB4000
|
heap
|
page read and write
|
||
|
32F3000
|
heap
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
D47000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
5ADF000
|
heap
|
page read and write
|
||
|
4E2000
|
unkown
|
page execute and read and write
|
||
|
4C90000
|
heap
|
page read and write
|
||
|
EC5000
|
heap
|
page read and write
|
||
|
4CB5000
|
heap
|
page read and write
|
||
|
D23000
|
stack
|
page read and write
|
||
|
A07000
|
heap
|
page read and write
|
||
|
4DD0000
|
trusted library allocation
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
FF1000
|
heap
|
page read and write
|
||
|
4CB4000
|
heap
|
page read and write
|
||
|
90000
|
heap
|
page read and write
|
||
|
4C70000
|
heap
|
page read and write
|
||
|
4CCF000
|
heap
|
page read and write
|
||
|
A0B000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
4CB4000
|
heap
|
page read and write
|
||
|
1002000
|
heap
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
2B79000
|
heap
|
page read and write
|
||
|
E35000
|
heap
|
page read and write
|
||
|
F18000
|
heap
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
DF8000
|
heap
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
14011F000
|
unkown
|
page read and write
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
F00000
|
heap
|
page read and write
|
||
|
140123000
|
unkown
|
page read and write
|
||
|
DF0000
|
trusted library section
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
CFA000
|
heap
|
page read and write
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
D1E000
|
heap
|
page read and write
|
||
|
32FB000
|
heap
|
page read and write
|
||
|
4CB5000
|
heap
|
page read and write
|
||
|
4C94000
|
heap
|
page read and write
|
||
|
F65000
|
heap
|
page read and write
|
||
|
32F5000
|
heap
|
page read and write
|
||
|
32F8000
|
heap
|
page read and write
|
||
|
5ACF000
|
stack
|
page read and write
|
||
|
4C68000
|
heap
|
page read and write
|
||
|
4C4E000
|
heap
|
page read and write
|
||
|
34DC000
|
stack
|
page read and write
|
||
|
A2D000
|
heap
|
page read and write
|
||
|
4C83000
|
heap
|
page read and write
|
||
|
4CA7000
|
heap
|
page read and write
|
||
|
F28000
|
heap
|
page read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
513F000
|
stack
|
page read and write
|
||
|
32FF000
|
heap
|
page read and write
|
||
|
4CA5000
|
heap
|
page read and write
|
||
|
4C84000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
140123000
|
unkown
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
32FE000
|
heap
|
page read and write
|
||
|
4C94000
|
heap
|
page read and write
|
||
|
4C58000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
181F000
|
stack
|
page read and write
|
||
|
4CB4000
|
heap
|
page read and write
|
||
|
EC3000
|
heap
|
page read and write
|
||
|
E9E000
|
stack
|
page read and write
|
||
|
175000
|
heap
|
page read and write
|
||
|
4C62000
|
heap
|
page read and write
|
||
|
4EC000
|
unkown
|
page execute and read and write
|
||
|
4CCF000
|
heap
|
page read and write
|
||
|
14E000
|
stack
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
7E5000
|
stack
|
page read and write
|
||
|
1400FB000
|
unkown
|
page readonly
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
EE1000
|
heap
|
page read and write
|
||
|
EE8000
|
heap
|
page read and write
|
||
|
4D26000
|
heap
|
page read and write
|
||
|
E35000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
4C76000
|
heap
|
page read and write
|
||
|
4C5D000
|
heap
|
page read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
332E000
|
stack
|
page read and write
|
||
|
32F6000
|
heap
|
page read and write
|
||
|
4CA7000
|
heap
|
page read and write
|
||
|
14011F000
|
unkown
|
page read and write
|
||
|
4C83000
|
heap
|
page read and write
|
||
|
1FE000
|
heap
|
page read and write
|
||
|
14011C000
|
unkown
|
page write copy
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
33C0000
|
trusted library allocation
|
page read and write
|
||
|
6ACD000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4C94000
|
heap
|
page read and write
|
||
|
2760000
|
heap
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
4C68000
|
heap
|
page read and write
|
||
|
FE3000
|
heap
|
page read and write
|
||
|
EE8000
|
heap
|
page read and write
|
||
|
EBE000
|
heap
|
page read and write
|
||
|
4CE5000
|
heap
|
page read and write
|
||
|
108000
|
heap
|
page read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
32FD000
|
heap
|
page read and write
|
||
|
4C68000
|
heap
|
page read and write
|
||
|
32F4000
|
heap
|
page read and write
|
||
|
100F000
|
heap
|
page read and write
|
||
|
4CA7000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
4D1F000
|
heap
|
page read and write
|
||
|
4CCF000
|
heap
|
page read and write
|
||
|
32F5000
|
heap
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
140120000
|
unkown
|
page write copy
|
||
|
3466000
|
heap
|
page read and write
|
||
|
ED9000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
32F2000
|
heap
|
page read and write
|
||
|
4CCF000
|
heap
|
page read and write
|
||
|
D06000
|
heap
|
page read and write
|
||
|
62CD000
|
stack
|
page read and write
|
||
|
4D1D000
|
heap
|
page read and write
|
||
|
4C77000
|
heap
|
page read and write
|
||
|
4CA7000
|
heap
|
page read and write
|
||
|
4D25000
|
heap
|
page read and write
|
||
|
7F8000
|
stack
|
page read and write
|
||
|
C0000
|
heap
|
page read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
32F2000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
666000
|
unkown
|
page execute and write copy
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
7ED000
|
stack
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
D0C000
|
heap
|
page read and write
|
||
|
32F2000
|
heap
|
page read and write
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
4C78000
|
heap
|
page read and write
|
||
|
4CE5000
|
heap
|
page read and write
|
||
|
FF8000
|
heap
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
354E000
|
stack
|
page read and write
|
||
|
5BAC000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
18A000
|
heap
|
page read and write
|
||
|
4C90000
|
heap
|
page read and write
|
There are 468 hidden memdumps, click here to show them.