Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SHEOrder-10524.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\Public\Libraries\Wagotghl.PIF
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Libraries\easinvoker.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Libraries\lhgtogaW.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Libraries\netutils.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Wagotghl.url
|
MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Wagotghl.PIF">), ASCII text, with CRLF line
terminators
|
dropped
|
|
|
|
C:\Users\Public\Libraries\KDECO.bat
|
DOS batch file, ASCII text, with very long lines (468), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Libraries\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Libraries\WagotghlO.bat
|
Unicode text, UTF-16, little-endian text, with very long lines (15012), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv1938.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x60d7b9e7, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\zhrdpmieysz
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SHEOrder-10524.exe
|
"C:\Users\user\Desktop\SHEOrder-10524.exe"
|
|
|
|
C:\Windows\SysWOW64\extrac32.exe
|
C:\\Windows\\System32\\extrac32.exe /C /Y C:\Users\user\Desktop\SHEOrder-10524.exe C:\\Users\\Public\\Libraries\\Wagotghl.PIF
|
|
|
|
C:\Users\Public\Libraries\lhgtogaW.pif
|
C:\Users\Public\Libraries\lhgtogaW.pif
|
|
|
|
C:\Users\Public\Libraries\lhgtogaW.pif
|
C:\Users\Public\Libraries\lhgtogaW.pif /stext "C:\Users\user\AppData\Local\Temp\zhrdpmieysz"
|
|
|
|
C:\Users\Public\Libraries\lhgtogaW.pif
|
C:\Users\Public\Libraries\lhgtogaW.pif /stext "C:\Users\user\AppData\Local\Temp\kbfnqftxmarjte"
|
|
|
|
C:\Users\Public\Libraries\lhgtogaW.pif
|
C:\Users\Public\Libraries\lhgtogaW.pif /stext "C:\Users\user\AppData\Local\Temp\mekgrxezaijovlxyi"
|
|
|
|
C:\Users\Public\Libraries\Wagotghl.PIF
|
"C:\Users\Public\Libraries\Wagotghl.PIF"
|
|
|
|
C:\Users\Public\Libraries\lhgtogaW.pif
|
C:\Users\Public\Libraries\lhgtogaW.pif
|
|
|
|
C:\Users\Public\Libraries\Wagotghl.PIF
|
"C:\Users\Public\Libraries\Wagotghl.PIF"
|
|
|
|
C:\Users\Public\Libraries\lhgtogaW.pif
|
C:\Users\Public\Libraries\lhgtogaW.pif
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\WagotghlO.bat" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://geoplugin.net/json.gp/C
|
unknown
|
|
|
|
91.223.3.151
|
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
http://www.imvu.comr
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=W
|
unknown
|
||
|
http://www.imvu.comta
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?29331761644ba41ebf9abf96ecc6fbad
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingth
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
|
unknown
|
||
|
https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?66601c3b572f284b9da07fcc
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
|
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BLUr5a&Fr
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?fc66b8a78ab7a1394f56e742
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BL2r8e&Fr
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
https://rum8.perf.linkedin.com/apc/trans.gif?fe61b216ccbcc1bca02cb20f2e94fb51
|
unknown
|
||
|
https://onedrive.live.com/
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://bnaqzw.sn.files.1drv.com/y4mjSrmVGqdqL8hnH_btf-6Qys453bsv2FyIiEEOlZHaw9haei9AHV5FIa03OCcOV-q
|
unknown
|
||
|
https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?a9bddedb22fa9ee1d455a5d5a89b950c
|
unknown
|
||
|
http://geoplugin.net/json.gpH
|
unknown
|
||
|
https://maps.windows.com/windows-app-web-link
|
unknown
|
||
|
https://bnaqzw.sn.files.1drv.com/W
|
unknown
|
||
|
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
|
unknown
|
||
|
https://live.com/
|
unknown
|
||
|
https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?60caefc8ca640843bccad421cfaadcc8
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
https://bnaqzw.sn.files.1drv.com:443/y4mFB-7cF0RJhpIN7Sx_6Q1D2DImE5mQPbbhluzK7S-dhQrKxqFk72nhp4k4_Sd
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
https://onedrive.live.com/download?resid=B24528E77689F9AC%21162&authkey=!APfH4vXvDJEK1Qc
|
13.107.139.11
|
||
|
http://geoplugin.net/json.gpZ
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?17a81fd4cdc7fc73a2b4cf5b67ff816d
|
unknown
|
||
|
https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?f67d919da1a9ba8a5672367d
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
|
unknown
|
||
|
https://www.office.com/
|
unknown
|
||
|
https://bnaqzw.sn.files.1drv.com/y4mFB-7cF0RJhpIN7Sx_6Q1D2DImE5mQPbbhluzK7S-dhQrKxqFk72nhp4k4_SdW3Ee
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?2f153f40414852a5ead98f4103d563a8
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?a176b93f037f93b5720edf68
|
unknown
|
||
|
https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?909b77fc750668f20e07288ff0ed43e2
|
unknown
|
||
|
https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?c9b5e9d2b836931c8ddd4e8d
|
unknown
|
||
|
https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?18b635b804a8d6ad0a1fa437
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=wsb
|
unknown
|
||
|
https://bnaqzw.sn.files.1drv.com/y4mUNi1irqpVap8qJ_hkhgVkZ9e6GpCglPli4DYI3goIWfA8FsMCycwJbzbnR6k4jns
|
unknown
|
||
|
https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?467894188c5d788807342326
|
unknown
|
||
|
https://bnaqzw.sn.files.1drv.com:443/y4msc3kYI7yGn3gEL_3gJvdpmyEkhOCRDBRFk1eCCUOzN0wBjvROvE3UIu0RkWH
|
unknown
|
||
|
http://geoplugin.net/json.gpu
|
unknown
|
||
|
https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?1c89d9658c6af83a02d98b03
|
unknown
|
||
|
https://onedrive.live.com/download?resid=B24528E77689F9AC%21162&authkey=
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3-4102-ae
|
unknown
|
||
|
https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?74b620657ac570f7999e6ad7
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=Skype&DestinationEndpoint=Edge-Prod-BL2r8e&FrontEnd=AFD
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
|
https://rum8.perf.linkedin.com/apc/trans.gif?690daf9375f3d267a5b7b08fbc174993
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?cf2d8bf3b68a3e37eef992d5
|
unknown
|
||
|
https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?a50e32ebd978eda4d21928b1dbc78135
|
unknown
|
||
|
https://bnaqzw.sn.files.1drv.com:443/y4mUNi1irqpVap8qJ_hkhgVkZ9e6GpCglPli4DYI3goIWfA8FsMCycwJbzbnR6k
|
unknown
|
||
|
http://www.pmail.com
|
unknown
|
||
|
https://bnaqzw.sn.files.1drv.com/
|
unknown
|
||
|
http://ocsp.sectigo.com0C
|
unknown
|
||
|
https://onedrive.live.com/downlo
|
unknown
|
||
|
https://bnaqzw.sn.files.1drv.com/y4msc3kYI7yGn3gEL_3gJvdpmyEkhOCRDBRFk1eCCUOzN0wBjvROvE3UIu0RkWHiUlu
|
unknown
|
||
|
https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?c6931b9e725f95cf9c20849dd6498c59
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 64 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dual-spov-0006.spov-msedge.net
|
13.107.139.11
|
||
|
geoplugin.net
|
178.237.33.50
|
||
|
onedrive.live.com
|
unknown
|
||
|
bnaqzw.sn.files.1drv.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
91.223.3.151
|
unknown
|
Poland
|
|
|
|
13.107.139.11
|
dual-spov-0006.spov-msedge.net
|
United States
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Wagotghl
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-V052BG
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-V052BG
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-V052BG
|
time
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2416C000
|
heap
|
page read and write
|
|
|
|
490000
|
unkown
|
page execute and read and write
|
|
|
|
7E700000
|
direct allocation
|
page read and write
|
|
|
|
490000
|
unkown
|
page execute and read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
AC0000
|
unkown
|
page execute and read and write
|
|
|
|
2315000
|
direct allocation
|
page read and write
|
|
|
|
25BBF000
|
stack
|
page read and write
|
|
|
|
490000
|
unkown
|
page execute and read and write
|
|
|
|
490000
|
remote allocation
|
page execute and read and write
|
|
|
|
7E790000
|
direct allocation
|
page read and write
|
|
|
|
AC0000
|
unkown
|
page execute and read and write
|
|
|
|
2412E000
|
heap
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
28A1000
|
direct allocation
|
page execute read
|
|
|
|
24164000
|
heap
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
7FBF0000
|
direct allocation
|
page read and write
|
|
|
|
AC0000
|
remote allocation
|
page execute and read and write
|
|
|
|
AC0000
|
unkown
|
page execute and read and write
|
|
|
|
28C1000
|
direct allocation
|
page execute read
|
|
|
|
2216000
|
heap
|
page read and write
|
||
|
4F5000
|
heap
|
page read and write
|
||
|
5D7000
|
heap
|
page read and write
|
||
|
2419D000
|
heap
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
1471E000
|
stack
|
page read and write
|
||
|
7E930000
|
direct allocation
|
page read and write
|
||
|
697000
|
heap
|
page read and write
|
||
|
13C7D000
|
direct allocation
|
page read and write
|
||
|
220C000
|
heap
|
page read and write
|
||
|
1402F000
|
stack
|
page read and write
|
||
|
280A000
|
heap
|
page read and write
|
||
|
241A6000
|
heap
|
page read and write
|
||
|
274AB000
|
unclassified section
|
page execute and read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
6CE000
|
stack
|
page read and write
|
||
|
2238000
|
heap
|
page read and write
|
||
|
13B9E000
|
direct allocation
|
page read and write
|
||
|
2418E000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
8A4000
|
heap
|
page read and write
|
||
|
260DE000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2340000
|
direct allocation
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
2243000
|
heap
|
page read and write
|
||
|
CE0000
|
remote allocation
|
page execute and read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
2561000
|
heap
|
page read and write
|
||
|
5A0000
|
unkown
|
page execute and read and write
|
||
|
13EEF000
|
stack
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
459000
|
unkown
|
page write copy
|
||
|
148A4000
|
heap
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
2211000
|
heap
|
page read and write
|
||
|
26AE000
|
stack
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
273A0000
|
unclassified section
|
page execute and read and write
|
||
|
8D5000
|
heap
|
page read and write
|
||
|
4370000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
272BB000
|
heap
|
page read and write
|
||
|
4374000
|
heap
|
page read and write
|
||
|
1454E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2813000
|
heap
|
page read and write
|
||
|
27315000
|
heap
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
2110000
|
heap
|
page read and write
|
||
|
A3E000
|
heap
|
page read and write
|
||
|
26598000
|
heap
|
page read and write
|
||
|
14BF0000
|
heap
|
page read and write
|
||
|
2213000
|
heap
|
page read and write
|
||
|
9D0000
|
unkown
|
page execute and read and write
|
||
|
2809000
|
heap
|
page read and write
|
||
|
237A000
|
direct allocation
|
page read and write
|
||
|
222E000
|
heap
|
page read and write
|
||
|
26520000
|
heap
|
page read and write
|
||
|
149B1000
|
heap
|
page read and write
|
||
|
C10000
|
unkown
|
page execute and read and write
|
||
|
5E1000
|
heap
|
page read and write
|
||
|
570000
|
unkown
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
241A6000
|
heap
|
page read and write
|
||
|
2230000
|
direct allocation
|
page execute and read and write
|
||
|
289D000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
474000
|
unkown
|
page execute and read and write
|
||
|
13CA8000
|
direct allocation
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
91B000
|
heap
|
page read and write
|
||
|
2808000
|
heap
|
page read and write
|
||
|
2730D000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2813000
|
heap
|
page read and write
|
||
|
281B000
|
heap
|
page read and write
|
||
|
510000
|
unkown
|
page execute and read and write
|
||
|
241B3000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
887000
|
heap
|
page read and write
|
||
|
27111000
|
heap
|
page read and write
|
||
|
13B70000
|
direct allocation
|
page read and write
|
||
|
57E000
|
unkown
|
page readonly
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
177000
|
stack
|
page read and write
|
||
|
2218000
|
heap
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
1481F000
|
stack
|
page read and write
|
||
|
2560000
|
heap
|
page read and write
|
||
|
4F5000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
7CF000
|
stack
|
page read and write
|
||
|
241B3000
|
heap
|
page read and write
|
||
|
2328000
|
direct allocation
|
page read and write
|
||
|
2813000
|
heap
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
76F000
|
stack
|
page read and write
|
||
|
2415C000
|
heap
|
page read and write
|
||
|
7F138000
|
direct allocation
|
page read and write
|
||
|
1C5000
|
heap
|
page read and write
|
||
|
13C9A000
|
direct allocation
|
page read and write
|
||
|
2358000
|
direct allocation
|
page read and write
|
||
|
241B8000
|
heap
|
page read and write
|
||
|
241A6000
|
heap
|
page read and write
|
||
|
84A000
|
heap
|
page read and write
|
||
|
2807000
|
heap
|
page read and write
|
||
|
481000
|
heap
|
page read and write
|
||
|
7FC10000
|
direct allocation
|
page read and write
|
||
|
13C64000
|
direct allocation
|
page read and write
|
||
|
2DBD000
|
heap
|
page read and write
|
||
|
22EF000
|
direct allocation
|
page read and write
|
||
|
13C81000
|
direct allocation
|
page read and write
|
||
|
25E3C000
|
stack
|
page read and write
|
||
|
B40000
|
remote allocation
|
page execute and read and write
|
||
|
1414F000
|
stack
|
page read and write
|
||
|
646000
|
heap
|
page read and write
|
||
|
8A8000
|
heap
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
2718A000
|
heap
|
page read and write
|
||
|
925000
|
heap
|
page read and write
|
||
|
13C93000
|
direct allocation
|
page read and write
|
||
|
83E000
|
stack
|
page read and write
|
||
|
24080000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
13C73000
|
direct allocation
|
page read and write
|
||
|
8EC000
|
heap
|
page read and write
|
||
|
220C000
|
heap
|
page read and write
|
||
|
459000
|
unkown
|
page read and write
|
||
|
1444E000
|
stack
|
page read and write
|
||
|
927000
|
heap
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
14BFE000
|
heap
|
page read and write
|
||
|
27490000
|
unclassified section
|
page execute and read and write
|
||
|
242C000
|
stack
|
page read and write
|
||
|
2220000
|
heap
|
page read and write
|
||
|
241A6000
|
heap
|
page read and write
|
||
|
2416B000
|
heap
|
page read and write
|
||
|
1440D000
|
stack
|
page read and write
|
||
|
272E000
|
stack
|
page read and write
|
||
|
1400F000
|
stack
|
page read and write
|
||
|
2221000
|
heap
|
page read and write
|
||
|
13C68000
|
direct allocation
|
page read and write
|
||
|
8D1000
|
heap
|
page read and write
|
||
|
2727B000
|
heap
|
page read and write
|
||
|
2216000
|
heap
|
page read and write
|
||
|
2DCD000
|
heap
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
922000
|
heap
|
page read and write
|
||
|
27110000
|
heap
|
page read and write
|
||
|
5BC000
|
heap
|
page read and write
|
||
|
272FB000
|
heap
|
page read and write
|
||
|
146DF000
|
stack
|
page read and write
|
||
|
28DC000
|
direct allocation
|
page read and write
|
||
|
26CDF000
|
stack
|
page read and write
|
||
|
22AF000
|
stack
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
874000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
2310000
|
direct allocation
|
page read and write
|
||
|
2DBD000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
26521000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
220E000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
2807000
|
heap
|
page read and write
|
||
|
22B5000
|
direct allocation
|
page read and write
|
||
|
2211000
|
heap
|
page read and write
|
||
|
2747C000
|
unclassified section
|
page execute and read and write
|
||
|
2214000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
A3E000
|
heap
|
page read and write
|
||
|
14BE8000
|
heap
|
page read and write
|
||
|
8A1000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
81E000
|
stack
|
page read and write
|
||
|
13C88000
|
direct allocation
|
page read and write
|
||
|
2706000
|
heap
|
page read and write
|
||
|
23CC000
|
direct allocation
|
page read and write
|
||
|
1440D000
|
stack
|
page read and write
|
||
|
A3E000
|
heap
|
page read and write
|
||
|
2208000
|
heap
|
page read and write
|
||
|
8E2000
|
heap
|
page read and write
|
||
|
13C60000
|
direct allocation
|
page read and write
|
||
|
2214000
|
heap
|
page read and write
|
||
|
2A5B000
|
heap
|
page read and write
|
||
|
141BE000
|
stack
|
page read and write
|
||
|
CE0000
|
unkown
|
page execute and read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
23F40000
|
heap
|
page read and write
|
||
|
272F9000
|
heap
|
page read and write
|
||
|
27203000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
2DBD000
|
heap
|
page read and write
|
||
|
4F5000
|
heap
|
page read and write
|
||
|
CE0000
|
unkown
|
page execute and read and write
|
||
|
272F9000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
2204000
|
heap
|
page read and write
|
||
|
2805000
|
heap
|
page read and write
|
||
|
7EE4F000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
13DEE000
|
stack
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
636000
|
heap
|
page read and write
|
||
|
280D000
|
heap
|
page read and write
|
||
|
5A0000
|
unkown
|
page execute and read and write
|
||
|
28CB000
|
direct allocation
|
page read and write
|
||
|
1444E000
|
stack
|
page read and write
|
||
|
272F9000
|
heap
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
89F000
|
heap
|
page read and write
|
||
|
8F9000
|
heap
|
page read and write
|
||
|
2211000
|
heap
|
page read and write
|
||
|
241B3000
|
heap
|
page read and write
|
||
|
220E000
|
heap
|
page read and write
|
||
|
2801000
|
heap
|
page read and write
|
||
|
2213000
|
heap
|
page read and write
|
||
|
2209000
|
heap
|
page read and write
|
||
|
1402F000
|
stack
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
2238000
|
heap
|
page read and write
|
||
|
4F5000
|
heap
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
2610000
|
heap
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
280A000
|
heap
|
page read and write
|
||
|
1481E000
|
stack
|
page read and write
|
||
|
141BE000
|
stack
|
page read and write
|
||
|
92D000
|
heap
|
page read and write
|
||
|
232D000
|
direct allocation
|
page read and write
|
||
|
27202000
|
heap
|
page read and write
|
||
|
2418E000
|
heap
|
page read and write
|
||
|
141BE000
|
stack
|
page read and write
|
||
|
2219000
|
heap
|
page read and write
|
||
|
241B8000
|
heap
|
page read and write
|
||
|
2C4E000
|
unkown
|
page read and write
|
||
|
B40000
|
unkown
|
page execute and read and write
|
||
|
27420000
|
unclassified section
|
page execute and read and write
|
||
|
280D000
|
heap
|
page read and write
|
||
|
13C7D000
|
direct allocation
|
page read and write
|
||
|
25DFF000
|
stack
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
1430E000
|
stack
|
page read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
272AB000
|
heap
|
page read and write
|
||
|
459000
|
unkown
|
page read and write
|
||
|
13C8C000
|
direct allocation
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
24120000
|
heap
|
page read and write
|
||
|
2201000
|
heap
|
page read and write
|
||
|
7EDC0000
|
direct allocation
|
page read and write
|
||
|
13F0E000
|
stack
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
1F48000
|
heap
|
page read and write
|
||
|
2A00000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
remote allocation
|
page execute and read and write
|
||
|
280D000
|
heap
|
page read and write
|
||
|
657000
|
heap
|
page read and write
|
||
|
7EDD0000
|
direct allocation
|
page read and write
|
||
|
630000
|
remote allocation
|
page execute and read and write
|
||
|
241BF000
|
heap
|
page read and write
|
||
|
2A00000
|
trusted library allocation
|
page read and write
|
||
|
474000
|
unkown
|
page execute and read and write
|
||
|
1471E000
|
stack
|
page read and write
|
||
|
282E000
|
heap
|
page read and write
|
||
|
92A000
|
heap
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
5FE000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
18F000
|
stack
|
page read and write
|
||
|
13C3F000
|
direct allocation
|
page read and write
|
||
|
272F9000
|
heap
|
page read and write
|
||
|
2530000
|
heap
|
page read and write
|
||
|
7E8F0000
|
direct allocation
|
page read and write
|
||
|
2215000
|
heap
|
page read and write
|
||
|
2208000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
2804000
|
heap
|
page read and write
|
||
|
980000
|
direct allocation
|
page execute and read and write
|
||
|
66C000
|
heap
|
page read and write
|
||
|
93F000
|
stack
|
page read and write
|
||
|
25CBF000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
208E000
|
stack
|
page read and write
|
||
|
13C5D000
|
direct allocation
|
page read and write
|
||
|
2201000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
1416F000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
13C84000
|
direct allocation
|
page read and write
|
||
|
67F000
|
heap
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
220E000
|
heap
|
page read and write
|
||
|
13DAA000
|
stack
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
2701000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
C10000
|
remote allocation
|
page execute and read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
7EE3F000
|
direct allocation
|
page read and write
|
||
|
7ED8F000
|
direct allocation
|
page read and write
|
||
|
2201000
|
heap
|
page read and write
|
||
|
1481E000
|
stack
|
page read and write
|
||
|
2A00000
|
trusted library allocation
|
page read and write
|
||
|
4F5000
|
heap
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
13DEE000
|
stack
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
2334000
|
direct allocation
|
page read and write
|
||
|
2388000
|
direct allocation
|
page read and write
|
||
|
1416F000
|
stack
|
page read and write
|
||
|
4F5000
|
heap
|
page read and write
|
||
|
272EB000
|
heap
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
510000
|
remote allocation
|
page execute and read and write
|
||
|
280A000
|
heap
|
page read and write
|
||
|
26612000
|
heap
|
page read and write
|
||
|
13C7F000
|
direct allocation
|
page read and write
|
||
|
2701000
|
heap
|
page read and write
|
||
|
13D8A000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
242C000
|
stack
|
page read and write
|
||
|
7ECD0000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
5B3000
|
heap
|
page read and write
|
||
|
240CE000
|
stack
|
page read and write
|
||
|
5BC000
|
heap
|
page read and write
|
||
|
27476000
|
unclassified section
|
page execute and read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
C10000
|
unkown
|
page execute and read and write
|
||
|
2214000
|
heap
|
page read and write
|
||
|
220C000
|
heap
|
page read and write
|
||
|
261DF000
|
stack
|
page read and write
|
||
|
B40000
|
unkown
|
page execute and read and write
|
||
|
7F970000
|
direct allocation
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
13C76000
|
direct allocation
|
page read and write
|
||
|
2364000
|
direct allocation
|
page read and write
|
||
|
1404E000
|
stack
|
page read and write
|
||
|
7E810000
|
direct allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
B40000
|
unkown
|
page execute and read and write
|
||
|
671000
|
heap
|
page read and write
|
||
|
21FC000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
5DE000
|
heap
|
page read and write
|
||
|
27111000
|
heap
|
page read and write
|
||
|
27FE000
|
heap
|
page read and write
|
||
|
28FC000
|
direct allocation
|
page read and write
|
||
|
26BDE000
|
stack
|
page read and write
|
||
|
14590000
|
remote allocation
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
946000
|
heap
|
page read and write
|
||
|
5F6000
|
heap
|
page read and write
|
||
|
2419F000
|
heap
|
page read and write
|
||
|
9D0000
|
unkown
|
page execute and read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
2F8E000
|
unkown
|
page read and write
|
||
|
23E1000
|
direct allocation
|
page read and write
|
||
|
272F9000
|
heap
|
page read and write
|
||
|
14590000
|
remote allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
A0F000
|
stack
|
page read and write
|
||
|
22F8000
|
direct allocation
|
page read and write
|
||
|
2201000
|
heap
|
page read and write
|
||
|
21E0000
|
heap
|
page read and write
|
||
|
1406E000
|
stack
|
page read and write
|
||
|
2215000
|
heap
|
page read and write
|
||
|
148AA000
|
heap
|
page read and write
|
||
|
2418E000
|
heap
|
page read and write
|
||
|
13CA8000
|
direct allocation
|
page read and write
|
||
|
193000
|
stack
|
page read and write
|
||
|
2483000
|
heap
|
page read and write
|
||
|
274C0000
|
direct allocation
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
220C000
|
heap
|
page read and write
|
||
|
2215000
|
heap
|
page read and write
|
||
|
13C48000
|
direct allocation
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
572000
|
unkown
|
page write copy
|
||
|
23DA000
|
direct allocation
|
page read and write
|
||
|
23E8000
|
direct allocation
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
148A3000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7EDD0000
|
direct allocation
|
page read and write
|
||
|
233C000
|
direct allocation
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
630000
|
unkown
|
page execute and read and write
|
||
|
940000
|
trusted library allocation
|
page read and write
|
||
|
272FB000
|
heap
|
page read and write
|
||
|
896000
|
heap
|
page read and write
|
||
|
2807000
|
heap
|
page read and write
|
||
|
25F3F000
|
stack
|
page read and write
|
||
|
2285000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2343000
|
direct allocation
|
page read and write
|
||
|
2573000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
145DE000
|
stack
|
page read and write
|
||
|
7F970000
|
direct allocation
|
page read and write
|
||
|
281D000
|
heap
|
page read and write
|
||
|
604000
|
heap
|
page read and write
|
||
|
478000
|
unkown
|
page execute and read and write
|
||
|
7CE000
|
stack
|
page read and write
|
||
|
8EB000
|
heap
|
page read and write
|
||
|
2813000
|
heap
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
241B3000
|
heap
|
page read and write
|
||
|
7E778000
|
direct allocation
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
23D3000
|
direct allocation
|
page read and write
|
||
|
248A000
|
stack
|
page read and write
|
||
|
2659A000
|
heap
|
page read and write
|
||
|
7EDD0000
|
direct allocation
|
page read and write
|
||
|
14D98000
|
heap
|
page read and write
|
||
|
13C9A000
|
direct allocation
|
page read and write
|
||
|
23BD000
|
direct allocation
|
page read and write
|
||
|
2418E000
|
heap
|
page read and write
|
||
|
2813000
|
heap
|
page read and write
|
||
|
13C56000
|
direct allocation
|
page read and write
|
||
|
2215000
|
heap
|
page read and write
|
||
|
2808000
|
heap
|
page read and write
|
||
|
6AC000
|
heap
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
2211000
|
heap
|
page read and write
|
||
|
24CC000
|
stack
|
page read and write
|
||
|
280D000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2727B000
|
heap
|
page read and write
|
||
|
13C76000
|
direct allocation
|
page read and write
|
||
|
149BA000
|
heap
|
page read and write
|
||
|
28EB000
|
direct allocation
|
page read and write
|
||
|
8B1000
|
heap
|
page read and write
|
||
|
21FF000
|
heap
|
page read and write
|
||
|
280A000
|
heap
|
page read and write
|
||
|
24230000
|
heap
|
page read and write
|
||
|
23A0000
|
direct allocation
|
page read and write
|
||
|
142BF000
|
stack
|
page read and write
|
||
|
2A00000
|
trusted library allocation
|
page read and write
|
||
|
2388000
|
direct allocation
|
page read and write
|
||
|
4200000
|
heap
|
page read and write
|
||
|
8CA000
|
heap
|
page read and write
|
||
|
234A000
|
direct allocation
|
page read and write
|
||
|
2807000
|
heap
|
page read and write
|
||
|
14590000
|
remote allocation
|
page read and write
|
||
|
5A0000
|
unkown
|
page execute and read and write
|
||
|
236C000
|
direct allocation
|
page read and write
|
||
|
877000
|
heap
|
page read and write
|
||
|
242C000
|
stack
|
page read and write
|
||
|
2561000
|
heap
|
page read and write
|
||
|
2419F000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
284C000
|
heap
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
2381000
|
direct allocation
|
page read and write
|
||
|
25F7E000
|
stack
|
page read and write
|
||
|
1454D000
|
stack
|
page read and write
|
||
|
13ECF000
|
stack
|
page read and write
|
||
|
2430000
|
heap
|
page read and write
|
||
|
2808000
|
heap
|
page read and write
|
||
|
615000
|
heap
|
page read and write
|
||
|
2200000
|
heap
|
page read and write
|
||
|
7E834000
|
direct allocation
|
page read and write
|
||
|
272FB000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
13B7E000
|
direct allocation
|
page read and write
|
||
|
26080000
|
heap
|
page read and write
|
||
|
241A6000
|
heap
|
page read and write
|
||
|
7FB10000
|
direct allocation
|
page read and write
|
||
|
882000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
2412A000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
7FB5F000
|
direct allocation
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
2211000
|
heap
|
page read and write
|
||
|
13CA1000
|
direct allocation
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
1C5000
|
heap
|
page read and write
|
||
|
65F000
|
heap
|
page read and write
|
||
|
2620000
|
heap
|
page read and write
|
||
|
5C8000
|
heap
|
page read and write
|
||
|
941000
|
heap
|
page read and write
|
||
|
64C000
|
heap
|
page read and write
|
||
|
2790000
|
heap
|
page read and write
|
||
|
13C84000
|
direct allocation
|
page read and write
|
||
|
2399000
|
direct allocation
|
page read and write
|
||
|
613000
|
heap
|
page read and write
|
||
|
63F000
|
heap
|
page read and write
|
||
|
2415C000
|
heap
|
page read and write
|
||
|
7EDC0000
|
direct allocation
|
page read and write
|
||
|
7FB70000
|
direct allocation
|
page read and write
|
||
|
274C1000
|
direct allocation
|
page execute and read and write
|
||
|
26612000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
628000
|
heap
|
page read and write
|
||
|
2218000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
7F0C0000
|
direct allocation
|
page read and write
|
||
|
88F000
|
stack
|
page read and write
|
||
|
8C6000
|
heap
|
page read and write
|
||
|
CE0000
|
unkown
|
page execute and read and write
|
||
|
14BE4000
|
heap
|
page read and write
|
||
|
2416B000
|
heap
|
page read and write
|
||
|
2309000
|
direct allocation
|
page read and write
|
||
|
7E700000
|
direct allocation
|
page read and write
|
||
|
7E790000
|
direct allocation
|
page read and write
|
||
|
7FBF0000
|
direct allocation
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
222A000
|
heap
|
page read and write
|
||
|
2A00000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
27E8000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
2419D000
|
heap
|
page read and write
|
||
|
21FC000
|
heap
|
page read and write
|
||
|
5A0000
|
remote allocation
|
page execute and read and write
|
||
|
13CA1000
|
direct allocation
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
26598000
|
heap
|
page read and write
|
||
|
149BA000
|
heap
|
page read and write
|
||
|
2302000
|
direct allocation
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
510000
|
unkown
|
page execute and read and write
|
||
|
2415C000
|
heap
|
page read and write
|
||
|
241BF000
|
heap
|
page read and write
|
||
|
14BE8000
|
heap
|
page read and write
|
||
|
241B8000
|
heap
|
page read and write
|
||
|
69B000
|
heap
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
27F7000
|
heap
|
page read and write
|
||
|
273F9000
|
unclassified section
|
page execute and read and write
|
||
|
2A57000
|
heap
|
page read and write
|
||
|
602000
|
heap
|
page read and write
|
||
|
A3D000
|
heap
|
page read and write
|
||
|
272F4000
|
heap
|
page read and write
|
||
|
56E000
|
unkown
|
page read and write
|
||
|
27F7000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
142BF000
|
stack
|
page read and write
|
||
|
68A000
|
heap
|
page read and write
|
||
|
26ED000
|
stack
|
page read and write
|
||
|
91D000
|
heap
|
page read and write
|
||
|
662000
|
heap
|
page read and write
|
||
|
281B000
|
heap
|
page read and write
|
||
|
2900000
|
direct allocation
|
page read and write
|
||
|
84E000
|
heap
|
page read and write
|
||
|
255F000
|
stack
|
page read and write
|
||
|
2416C000
|
heap
|
page read and write
|
||
|
146DF000
|
stack
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
241BF000
|
heap
|
page read and write
|
||
|
2802000
|
heap
|
page read and write
|
||
|
28EB000
|
direct allocation
|
page read and write
|
||
|
280A000
|
heap
|
page read and write
|
||
|
27203000
|
heap
|
page read and write
|
||
|
46F000
|
heap
|
page read and write
|
||
|
81E000
|
stack
|
page read and write
|
||
|
88B000
|
heap
|
page read and write
|
||
|
13DCE000
|
stack
|
page read and write
|
||
|
2339000
|
direct allocation
|
page read and write
|
||
|
21FD000
|
heap
|
page read and write
|
||
|
7EFE0000
|
direct allocation
|
page read and write
|
||
|
2332000
|
direct allocation
|
page read and write
|
||
|
2921000
|
direct allocation
|
page read and write
|
||
|
510000
|
unkown
|
page execute and read and write
|
||
|
2392000
|
direct allocation
|
page read and write
|
||
|
A3C000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
7FC40000
|
direct allocation
|
page read and write
|
||
|
21E0000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2218000
|
heap
|
page read and write
|
||
|
7DF000
|
stack
|
page read and write
|
||
|
7FC10000
|
direct allocation
|
page read and write
|
||
|
4BE000
|
stack
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
142BF000
|
stack
|
page read and write
|
||
|
2418E000
|
heap
|
page read and write
|
||
|
62A000
|
heap
|
page read and write
|
||
|
27413000
|
unclassified section
|
page execute and read and write
|
||
|
2416B000
|
heap
|
page read and write
|
||
|
617000
|
heap
|
page read and write
|
||
|
685000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
6A3000
|
heap
|
page read and write
|
||
|
7EEEF000
|
direct allocation
|
page read and write
|
||
|
7EE80000
|
direct allocation
|
page read and write
|
||
|
62A000
|
heap
|
page read and write
|
||
|
2415C000
|
heap
|
page read and write
|
||
|
91D000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
570000
|
unkown
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
220C000
|
heap
|
page read and write
|
||
|
2480000
|
heap
|
page read and write
|
||
|
458000
|
heap
|
page read and write
|
||
|
577000
|
unkown
|
page readonly
|
||
|
25CFC000
|
stack
|
page read and write
|
||
|
630000
|
unkown
|
page execute and read and write
|
||
|
7F0B0000
|
direct allocation
|
page read and write
|
||
|
478000
|
unkown
|
page execute and read and write
|
||
|
631000
|
heap
|
page read and write
|
||
|
2213000
|
heap
|
page read and write
|
||
|
1471E000
|
stack
|
page read and write
|
||
|
2808000
|
heap
|
page read and write
|
||
|
91D000
|
heap
|
page read and write
|
||
|
13DAA000
|
stack
|
page read and write
|
||
|
9D0000
|
unkown
|
page execute and read and write
|
||
|
2351000
|
direct allocation
|
page read and write
|
||
|
280A000
|
heap
|
page read and write
|
||
|
241B8000
|
heap
|
page read and write
|
||
|
478000
|
remote allocation
|
page execute and read and write
|
||
|
2570000
|
heap
|
page read and write
|
||
|
538000
|
heap
|
page read and write
|
||
|
2814000
|
heap
|
page read and write
|
||
|
1440E000
|
stack
|
page read and write
|
||
|
299D000
|
stack
|
page read and write
|
||
|
212F000
|
stack
|
page read and write
|
||
|
478000
|
unkown
|
page execute and read and write
|
||
|
146CD000
|
stack
|
page read and write
|
||
|
2370000
|
direct allocation
|
page execute and read and write
|
||
|
7F0D0000
|
direct allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
7FD30000
|
direct allocation
|
page read and write
|
||
|
280C000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
8DA000
|
heap
|
page read and write
|
||
|
272AC000
|
heap
|
page read and write
|
||
|
284C000
|
heap
|
page read and write
|
||
|
88E000
|
heap
|
page read and write
|
||
|
93E000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
2809000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
902000
|
heap
|
page read and write
|
||
|
13C93000
|
direct allocation
|
page read and write
|
||
|
8BF000
|
heap
|
page read and write
|
||
|
27309000
|
heap
|
page read and write
|
||
|
2373000
|
direct allocation
|
page read and write
|
||
|
2607F000
|
stack
|
page read and write
|
||
|
2216000
|
heap
|
page read and write
|
||
|
13F2E000
|
stack
|
page read and write
|
||
|
88A000
|
heap
|
page read and write
|
||
|
56E000
|
unkown
|
page read and write
|
||
|
2809000
|
heap
|
page read and write
|
||
|
241B3000
|
heap
|
page read and write
|
||
|
231F000
|
direct allocation
|
page read and write
|
||
|
2730E000
|
heap
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
14D91000
|
direct allocation
|
page read and write
|
||
|
87E000
|
heap
|
page read and write
|
||
|
13C1F000
|
direct allocation
|
page read and write
|
||
|
2218000
|
heap
|
page read and write
|
||
|
17C000
|
stack
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
28C0000
|
direct allocation
|
page readonly
|
||
|
56E000
|
unkown
|
page read and write
|
||
|
7FB80000
|
direct allocation
|
page read and write
|
||
|
46C0000
|
trusted library allocation
|
page read and write
|
||
|
7FBF0000
|
direct allocation
|
page read and write
|
||
|
2463000
|
heap
|
page read and write
|
||
|
262E000
|
heap
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
7FB70000
|
direct allocation
|
page read and write
|
||
|
7EE3F000
|
direct allocation
|
page read and write
|
||
|
8CE000
|
heap
|
page read and write
|
||
|
241B8000
|
heap
|
page read and write
|
||
|
905000
|
heap
|
page read and write
|
||
|
272FB000
|
heap
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
13C7A000
|
direct allocation
|
page read and write
|
||
|
1430E000
|
stack
|
page read and write
|
||
|
2419F000
|
heap
|
page read and write
|
||
|
459000
|
unkown
|
page read and write
|
||
|
940000
|
trusted library allocation
|
page read and write
|
||
|
2D9C000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
1454D000
|
stack
|
page read and write
|
||
|
8E2000
|
heap
|
page read and write
|
||
|
2A00000
|
trusted library allocation
|
page read and write
|
||
|
1444E000
|
stack
|
page read and write
|
||
|
23C4000
|
direct allocation
|
page read and write
|
||
|
2418E000
|
heap
|
page read and write
|
||
|
61D000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
235D000
|
direct allocation
|
page read and write
|
||
|
7EDD0000
|
direct allocation
|
page read and write
|
||
|
2730D000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
2801000
|
heap
|
page read and write
|
||
|
474000
|
unkown
|
page execute and read and write
|
||
|
8AD000
|
heap
|
page read and write
|
||
|
273FD000
|
unclassified section
|
page execute and read and write
|
||
|
149B1000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
416000
|
unkown
|
page readonly
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
2801000
|
heap
|
page read and write
|
||
|
2701000
|
heap
|
page read and write
|
||
|
274D6000
|
direct allocation
|
page execute and read and write
|
||
|
283E000
|
heap
|
page read and write
|
||
|
27309000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
285D000
|
heap
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
145DE000
|
stack
|
page read and write
|
||
|
272F9000
|
heap
|
page read and write
|
||
|
14E0F000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
2813000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
8BE000
|
heap
|
page read and write
|
||
|
7FCB0000
|
direct allocation
|
page read and write
|
||
|
280A000
|
heap
|
page read and write
|
||
|
220C000
|
heap
|
page read and write
|
||
|
14BEE000
|
heap
|
page read and write
|
||
|
21FC000
|
heap
|
page read and write
|
||
|
2418E000
|
heap
|
page read and write
|
||
|
5EE000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
272FB000
|
heap
|
page read and write
|
||
|
1430E000
|
stack
|
page read and write
|
||
|
27F7000
|
heap
|
page read and write
|
||
|
64F000
|
heap
|
page read and write
|
||
|
13C32000
|
direct allocation
|
page read and write
|
||
|
1406E000
|
stack
|
page read and write
|
||
|
630000
|
unkown
|
page execute and read and write
|
||
|
220C000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
7FDA7000
|
direct allocation
|
page read and write
|
||
|
2406E000
|
stack
|
page read and write
|
||
|
24020000
|
heap
|
page read and write
|
||
|
14BF0000
|
heap
|
page read and write
|
||
|
26521000
|
heap
|
page read and write
|
||
|
7E8A0000
|
direct allocation
|
page read and write
|
||
|
2215000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
24220000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
61E000
|
stack
|
page read and write
|
||
|
5DF000
|
heap
|
page read and write
|
||
|
14B54000
|
heap
|
page read and write
|
||
|
2805000
|
heap
|
page read and write
|
||
|
2808000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
227F000
|
heap
|
page read and write
|
||
|
7F140000
|
direct allocation
|
page read and write
|
||
|
272FB000
|
heap
|
page read and write
|
||
|
2205000
|
heap
|
page read and write
|
||
|
13C40000
|
direct allocation
|
page read and write
|
||
|
266D000
|
stack
|
page read and write
|
||
|
7EF10000
|
direct allocation
|
page read and write
|
||
|
145CE000
|
stack
|
page read and write
|
||
|
149B6000
|
heap
|
page read and write
|
||
|
13F2E000
|
stack
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
698000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
A36000
|
heap
|
page read and write
|
||
|
7EE40000
|
direct allocation
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
13EEF000
|
stack
|
page read and write
|
||
|
65D000
|
heap
|
page read and write
|
||
|
A3D000
|
heap
|
page read and write
|
||
|
913000
|
heap
|
page read and write
|
||
|
C10000
|
unkown
|
page execute and read and write
|
||
|
8E8000
|
heap
|
page read and write
|
||
|
A36000
|
heap
|
page read and write
|
||
|
4F5000
|
heap
|
page read and write
|
||
|
308F000
|
stack
|
page read and write
|
||
|
4F5000
|
heap
|
page read and write
|
||
|
2201000
|
heap
|
page read and write
|
||
|
7F250000
|
direct allocation
|
page read and write
|
||
|
2800000
|
heap
|
page read and write
|
There are 824 hidden memdumps, click here to show them.