Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
WATER TREATMENT PROJECT.zip
|
Zip archive data, at least v1.0 to extract, compression method=store
|
initial sample
|
 |
|
|
C:\Users\Public\ANYDESK.PIF
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\alpha.pif
|
PE32+ executable (console) x86-64, for MS Windows
|
modified
|
|
|
|
C:\Users\Public\expha.pif
|
PE32+ executable (GUI) x86-64, for MS Windows
|
modified
|
|
|
|
C:\Users\Public\ghf.pif
|
PE32+ executable (console) x86-64, for MS Windows
|
modified
|
|
|
|
C:\Users\Public\rdha.pif
|
PE32+ executable (GUI) x86-64, for MS Windows
|
modified
|
|
|
|
C:\Users\user\Links\Kaitdipg.PIF
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\15897.cmd
|
Unicode text, UTF-8 text, with very long lines (577), with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\5964.cmd
|
Unicode text, UTF-8 text, with very long lines (324), with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\neo.cmd
|
Unicode text, UTF-8 text, with very long lines (372), with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\HEW.3GP
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv3B03.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x20a679e7, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\takeydqzzhsuw
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Links\Kaitdipg.url
|
MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\user\\Links\\Kaitdipg.PIF">), ASCII text, with CRLF line terminators
|
modified
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\WATER TREATMENT PROJECT\WATER TREATMENT PROJECT\RFQ Filter Specifications,PDF.cmd"
"
|
|
|
|
C:\Windows\System32\extrac32.exe
|
extrac32 /C /Y "C:\\Windows\\System32\\extrac32.exe" "C:\\Users\\Public\\expha.pif"
|
|
|
|
C:\Users\Public\expha.pif
|
C:\\Users\\Public\\expha.pif /C /Y "C:\\Windows\\System32\\cmd.exe" "C:\\Users\\Public\\alpha.pif"
|
|
|
|
C:\Users\Public\expha.pif
|
C:\\Users\\Public\\expha.pif /C /Y "C:\\Windows\\System32\\rundll32.exe" "C:\\Users\\Public\\rdha.pif"
|
|
|
|
C:\Users\Public\expha.pif
|
C:\\Users\\Public\\expha.pif /C /Y "C:\Windows\System32\certutil.exe" "C:\\Users\\Public\\ghf.pif"
|
|
|
|
C:\Users\Public\alpha.pif
|
C:\\Users\\Public\\alpha.pif /C C:\\Users\\Public\\ghf.pif -decodehex -f "C:\Users\user\Desktop\WATER TREATMENT PROJECT\WATER
TREATMENT PROJECT\RFQ Filter Specifications,PDF.cmd" "C:\Users\Public\HEW.3GP" 9
|
|
|
|
C:\Users\Public\ghf.pif
|
C:\\Users\\Public\\ghf.pif -decodehex -f "C:\Users\user\Desktop\WATER TREATMENT PROJECT\WATER TREATMENT PROJECT\RFQ Filter
Specifications,PDF.cmd" "C:\Users\Public\HEW.3GP" 9
|
|
|
|
C:\Users\Public\alpha.pif
|
C:\\Users\\Public\\alpha.pif /C C:\\Users\\Public\\ghf.pif -decodehex -f "C:\Users\Public\HEW.3GP" "C:\Users\Public\ANYDESK.PIF"
12
|
|
|
|
C:\Users\Public\ghf.pif
|
C:\\Users\\Public\\ghf.pif -decodehex -f "C:\Users\Public\HEW.3GP" "C:\Users\Public\ANYDESK.PIF" 12
|
|
|
|
C:\Users\Public\alpha.pif
|
C:\\Users\\Public\\alpha.pif /c PING -n 2 127.0.0.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
PING -n 2 127.0.0.1
|
|
|
|
C:\Users\Public\rdha.pif
|
C:\\Users\\Public\\rdha.pif zipfldr.dll,RouteTheCall C:\Users\Public\ANYDESK.PIF
|
|
|
|
C:\Users\Public\ANYDESK.PIF
|
"C:\Users\Public\ANYDESK.PIF"
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c exit /b 0
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\\Users\\All Users\\5964.cmd""
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\\Users\\All Users\\15897.cmd""
|
|
|
|
C:\Windows\SysWOW64\PING.EXE
|
ping 127.0.0.1 -n 10
|
|
|
|
C:\Users\Public\alpha.pif
|
C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows "
|
|
|
|
C:\Windows\SysWOW64\colorcpl.exe
|
C:\Windows\System32\colorcpl.exe
|
|
|
|
C:\Users\Public\alpha.pif
|
C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\WATER TREATMENT PROJECT\WATER TREATMENT PROJECT\RFQ Mixer Specifications,PDF.bat"
"
|
|
|
|
C:\Windows\System32\extrac32.exe
|
extrac32 /C /Y "C:\\Windows\\System32\\extrac32.exe" "C:\\Users\\Public\\expha.pif"
|
|
|
|
C:\Users\Public\expha.pif
|
C:\\Users\\Public\\expha.pif /C /Y "C:\\Windows\\System32\\cmd.exe" "C:\\Users\\Public\\alpha.pif"
|
|
|
|
C:\Users\Public\expha.pif
|
C:\\Users\\Public\\expha.pif /C /Y "C:\\Windows\\System32\\rundll32.exe" "C:\\Users\\Public\\rdha.pif"
|
|
|
|
C:\Users\Public\expha.pif
|
C:\\Users\\Public\\expha.pif /C /Y "C:\Windows\System32\certutil.exe" "C:\\Users\\Public\\ghf.pif"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\takeydqzzhsuw"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\takeydqzzhsuw"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\takeydqzzhsuw"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\wvqpzwbsnpkzgrsc"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\wvqpzwbsnpkzgrsc"
|
|
|
|
C:\Users\Public\alpha.pif
|
C:\\Users\\Public\\alpha.pif /C C:\\Users\\Public\\ghf.pif -decodehex -f "C:\Users\user\Desktop\WATER TREATMENT PROJECT\WATER
TREATMENT PROJECT\RFQ Mixer Specifications,PDF.bat" "C:\Users\Public\HEW.3GP" 9
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\gxvizoluaxcejxogfbg"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\gxvizoluaxcejxogfbg"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\gxvizoluaxcejxogfbg"
|
|
|
|
C:\Users\Public\ghf.pif
|
C:\\Users\\Public\\ghf.pif -decodehex -f "C:\Users\user\Desktop\WATER TREATMENT PROJECT\WATER TREATMENT PROJECT\RFQ Mixer
Specifications,PDF.bat" "C:\Users\Public\HEW.3GP" 9
|
|
|
|
C:\Users\Public\alpha.pif
|
C:\\Users\\Public\\alpha.pif /C C:\\Users\\Public\\ghf.pif -decodehex -f "C:\Users\Public\HEW.3GP" "C:\Users\Public\ANYDESK.PIF"
12
|
|
|
|
C:\Users\Public\ghf.pif
|
C:\\Users\\Public\\ghf.pif -decodehex -f "C:\Users\Public\HEW.3GP" "C:\Users\Public\ANYDESK.PIF" 12
|
|
|
|
C:\Users\Public\alpha.pif
|
C:\\Users\\Public\\alpha.pif /c PING -n 2 127.0.0.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
PING -n 2 127.0.0.1
|
|
|
|
C:\Users\Public\rdha.pif
|
C:\\Users\\Public\\rdha.pif zipfldr.dll,RouteTheCall C:\Users\Public\ANYDESK.PIF
|
|
|
|
C:\Users\Public\ANYDESK.PIF
|
"C:\Users\Public\ANYDESK.PIF"
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c exit /b 0
|
|
|
|
C:\Windows\SysWOW64\SndVol.exe
|
C:\Windows\System32\SndVol.exe
|
|
|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\esentutl.exe
|
C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 39 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
conquer25.duckdns.org
|
|
||
|
baddieszn.duckdns.org
|
|
||
|
bahadii.duckdns.org
|
|
||
|
unforseen.duckdns.org
|
|
||
|
https://%ws/%ws_%ws_%ws/service.svc/%wsADPolicyProviderSCEP
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingth
|
unknown
|
||
|
https://ebd871449a8dbfc3efbaabaef620b095.clo.footprintdns.com/apc/trans.gif?b53a91fd779d41798d7818ff
|
unknown
|
||
|
http://geoplugin.net/json.gp)
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAXr4b&Fr
|
unknown
|
||
|
https://9cf1d93416b343cbb0aa1deae6dc7661.azr.footprintdns.com/apc/trans.gif?b4ef4344b8bbbc91cc6b3006
|
unknown
|
||
|
http://geoplugin.net/son.gp
|
unknown
|
||
|
https://ebd871449a8dbfc3efbaabaef620b095.clo.footprintdns.com/apc/trans.gif?2b5ac21b953982869b52cfd6
|
unknown
|
||
|
http://www.imvu.coma
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
|
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?2bedfa25f63b1e1b9bd24eb0a5625631
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
https://fp-afd.azurefd.net/apc/trans.gif?355cac43462bdbbb118c6145bdcc88c0
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=EL
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
https://maps.windows.com/windows-app-web-link
|
unknown
|
||
|
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
|
unknown
|
||
|
http://geoplugin.net/json.gpP
|
unknown
|
||
|
https://6a1824ae7f5b378648db1f87c4a047c1.azr.footprintdns.com/apc/trans.gif?6aff50c04f9af0461603c0c1
|
unknown
|
||
|
https://0bf8c87e7673b17d24aaf92c4c29ca42.azr.footprintdns.com/apc/trans.gif?6cc2fc022d35de4436d46235
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=wsb&ndcParam=QWthbWFp
|
unknown
|
||
|
https://www.office.com/
|
unknown
|
||
|
https://0bf8c87e7673b17d24aaf92c4c29ca42.azr.footprintdns.com/apc/trans.gif?97ae33b93885af7139d3f9b0
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=wsb
|
unknown
|
||
|
https://fp-afd.azurefd.net/apc/trans.gif?42704eed386765f870e05e14b5b322b7
|
unknown
|
||
|
https://fp-afd.azurefd.net/apc/trans.gif?b21ec88677686eb844798ccd641c5fe5
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://6a1824ae7f5b378648db1f87c4a047c1.azr.footprintdns.com/apc/trans.gif?e4d500512ddeced1b68e7640
|
unknown
|
||
|
https://login.microsoftonline.com/%s/oauth2/authorizeJoinStatusStorage::SetDefaultDiscoveryMetadatah
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
|
https://9cf1d93416b343cbb0aa1deae6dc7661.azr.footprintdns.com/apc/trans.gif?67e56b9b06a4d427a359554f
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
http://www.pmail.com
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?f60497627d681e8f4d8561fad4b92959
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5a&
|
unknown
|
||
|
https://fp-afd.azurefd.net/apc/trans.gif?2b2f77512f7c65b2f52ee30ffe87d61a
|
unknown
|
There are 39 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bahadii.duckdns.org
|
194.59.31.85
|
|
|
|
geoplugin.net
|
178.237.33.50
|
||
|
baddieszn.duckdns.org
|
193.9.36.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
194.59.31.85
|
bahadii.duckdns.org
|
Germany
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
|
|
|
193.9.36.1
|
baddieszn.duckdns.org
|
Czech Republic
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-14MUP4
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-14MUP4
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-14MUP4
|
time
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-14MUP4
|
UID
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Kaitdipg
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%systemroot%\system32\colorui.dll,-1400
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\ProfileAssociations\Print\Fax
|
UsePerUserProfiles
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
315E000
|
heap
|
page read and write
|
|
|
|
2EF01000
|
heap
|
page read and write
|
|
|
|
318C000
|
heap
|
page read and write
|
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
256F000
|
direct allocation
|
page read and write
|
|
|
|
2F285000
|
heap
|
page read and write
|
|
|
|
2F4A7000
|
heap
|
page read and write
|
|
|
|
317C000
|
heap
|
page read and write
|
|
|
|
6831000
|
remote allocation
|
page execute and read and write
|
|
|
|
3195000
|
heap
|
page read and write
|
|
|
|
315E000
|
heap
|
page read and write
|
|
|
|
400000
|
direct allocation
|
page execute and read and write
|
|
|
|
2F10D000
|
heap
|
page read and write
|
|
|
|
2EE7B000
|
heap
|
page read and write
|
|
|
|
2EF63000
|
heap
|
page read and write
|
|
|
|
3110000
|
heap
|
page read and write
|
|
|
|
3180000
|
heap
|
page read and write
|
|
|
|
30D0000
|
heap
|
page read and write
|
||
|
156214D0000
|
heap
|
page read and write
|
||
|
B9D000
|
stack
|
page read and write
|
||
|
210F0000
|
heap
|
page read and write
|
||
|
31CD000
|
heap
|
page read and write
|
||
|
30244FF000
|
stack
|
page read and write
|
||
|
2F58000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
34EC000
|
heap
|
page read and write
|
||
|
320A000
|
heap
|
page read and write
|
||
|
7E8C0000
|
direct allocation
|
page read and write
|
||
|
2F4A000
|
heap
|
page read and write
|
||
|
47FC07D000
|
stack
|
page read and write
|
||
|
729000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
482000
|
unkown
|
page read and write
|
||
|
2B35000
|
direct allocation
|
page execute and read and write
|
||
|
CE7197E000
|
stack
|
page read and write
|
||
|
2F62000
|
heap
|
page read and write
|
||
|
1F75B270000
|
heap
|
page read and write
|
||
|
482000
|
unkown
|
page read and write
|
||
|
37EE2BC000
|
stack
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
2B248110000
|
heap
|
page read and write
|
||
|
532A000
|
heap
|
page read and write
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
210DF000
|
stack
|
page read and write
|
||
|
2EC2000
|
heap
|
page read and write
|
||
|
503C000
|
stack
|
page read and write
|
||
|
7FF7AB710000
|
unkown
|
page readonly
|
||
|
156216C0000
|
heap
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
92FFFDE000
|
stack
|
page read and write
|
||
|
2EB2000
|
heap
|
page read and write
|
||
|
7EE10000
|
direct allocation
|
page read and write
|
||
|
23BC4180000
|
heap
|
page read and write
|
||
|
2B5C000
|
stack
|
page read and write
|
||
|
7E71F000
|
direct allocation
|
page read and write
|
||
|
2F343000
|
heap
|
page read and write
|
||
|
7FF77758F000
|
unkown
|
page read and write
|
||
|
2EF9000
|
heap
|
page read and write
|
||
|
3830000
|
heap
|
page read and write
|
||
|
930047F000
|
stack
|
page read and write
|
||
|
34EC000
|
heap
|
page read and write
|
||
|
7FF7AB71E000
|
unkown
|
page readonly
|
||
|
23AA8C23000
|
heap
|
page read and write
|
||
|
21330000
|
heap
|
page read and write
|
||
|
31AF000
|
heap
|
page read and write
|
||
|
4CA0000
|
heap
|
page read and write
|
||
|
20918000
|
direct allocation
|
page read and write
|
||
|
34EC000
|
heap
|
page read and write
|
||
|
7FF789D22000
|
unkown
|
page readonly
|
||
|
8908FE000
|
stack
|
page read and write
|
||
|
66E5AFC000
|
stack
|
page read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
2EEDE000
|
heap
|
page read and write
|
||
|
15621710000
|
heap
|
page read and write
|
||
|
2F5A000
|
heap
|
page read and write
|
||
|
7E780000
|
direct allocation
|
page read and write
|
||
|
1F75B4A0000
|
heap
|
page read and write
|
||
|
32DF000
|
stack
|
page read and write
|
||
|
2EF00000
|
heap
|
page read and write
|
||
|
7FB30000
|
direct allocation
|
page read and write
|
||
|
7EE20000
|
direct allocation
|
page read and write
|
||
|
9D6000
|
heap
|
page read and write
|
||
|
1F5C086B000
|
heap
|
page read and write
|
||
|
27E0FD60000
|
heap
|
page read and write
|
||
|
34D3000
|
heap
|
page read and write
|
||
|
7FF777585000
|
unkown
|
page read and write
|
||
|
23AA7343000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
20E4F000
|
stack
|
page read and write
|
||
|
23BC4215000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
1FF42F4B000
|
heap
|
page read and write
|
||
|
23AA732B000
|
heap
|
page read and write
|
||
|
1F5C07C0000
|
heap
|
page read and write
|
||
|
5170000
|
heap
|
page read and write
|
||
|
5607000
|
direct allocation
|
page read and write
|
||
|
2F54000
|
heap
|
page read and write
|
||
|
8D4000
|
heap
|
page read and write
|
||
|
7EBEF000
|
direct allocation
|
page read and write
|
||
|
2B27000
|
direct allocation
|
page read and write
|
||
|
34D3000
|
heap
|
page read and write
|
||
|
318C000
|
heap
|
page read and write
|
||
|
2F55000
|
heap
|
page read and write
|
||
|
34D3000
|
heap
|
page read and write
|
||
|
2592000
|
direct allocation
|
page read and write
|
||
|
34D3000
|
heap
|
page read and write
|
||
|
20857000
|
direct allocation
|
page read and write
|
||
|
1DAC1D5F000
|
heap
|
page read and write
|
||
|
32D3000
|
heap
|
page read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
2EE7B000
|
heap
|
page read and write
|
||
|
2F22A000
|
heap
|
page read and write
|
||
|
20966437000
|
heap
|
page read and write
|
||
|
30C3000
|
heap
|
page read and write
|
||
|
31E8000
|
heap
|
page read and write
|
||
|
2F61000
|
heap
|
page read and write
|
||
|
1E816670000
|
heap
|
page read and write
|
||
|
34D3000
|
heap
|
page read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
8E9947E000
|
stack
|
page read and write
|
||
|
47FC17E000
|
stack
|
page read and write
|
||
|
24464FA0000
|
heap
|
page read and write
|
||
|
2F4A000
|
heap
|
page read and write
|
||
|
32FE000
|
stack
|
page read and write
|
||
|
E5396FF000
|
stack
|
page read and write
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
1FF42F47000
|
heap
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
230568E0000
|
heap
|
page read and write
|
||
|
34EC000
|
heap
|
page read and write
|
||
|
7EB80000
|
direct allocation
|
page read and write
|
||
|
24464FC0000
|
heap
|
page read and write
|
||
|
2F55000
|
heap
|
page read and write
|
||
|
1FF42F66000
|
heap
|
page read and write
|
||
|
4BF0000
|
heap
|
page read and write
|
||
|
2F5F000
|
heap
|
page read and write
|
||
|
20B9FF00000
|
heap
|
page read and write
|
||
|
2ED3000
|
heap
|
page read and write
|
||
|
2817000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
1A809030000
|
heap
|
page read and write
|
||
|
5A7000
|
unkown
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
7FF777573000
|
unkown
|
page readonly
|
||
|
2F4C000
|
heap
|
page read and write
|
||
|
2EF9000
|
heap
|
page read and write
|
||
|
54FB000
|
stack
|
page read and write
|
||
|
230586E0000
|
heap
|
page read and write
|
||
|
7EC60000
|
direct allocation
|
page read and write
|
||
|
2F41000
|
heap
|
page read and write
|
||
|
34EC000
|
heap
|
page read and write
|
||
|
8D4000
|
heap
|
page read and write
|
||
|
9EB000
|
heap
|
page read and write
|
||
|
20BFE000
|
stack
|
page read and write
|
||
|
2F59000
|
heap
|
page read and write
|
||
|
44A000
|
unkown
|
page readonly
|
||
|
5A2B0FE000
|
stack
|
page read and write
|
||
|
30B6000
|
heap
|
page read and write
|
||
|
5DB000
|
stack
|
page read and write
|
||
|
2EAE000
|
heap
|
page read and write
|
||
|
2A55000
|
direct allocation
|
page execute and read and write
|
||
|
1FF44843000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
2EE01000
|
heap
|
page read and write
|
||
|
96F000
|
stack
|
page read and write
|
||
|
4CC0000
|
heap
|
page read and write
|
||
|
348E000
|
stack
|
page read and write
|
||
|
5352000
|
heap
|
page read and write
|
||
|
36BF000
|
stack
|
page read and write
|
||
|
884000
|
heap
|
page read and write
|
||
|
884000
|
heap
|
page read and write
|
||
|
2ADB000
|
stack
|
page read and write
|
||
|
2F4A000
|
heap
|
page read and write
|
||
|
3176000
|
heap
|
page read and write
|
||
|
547E000
|
stack
|
page read and write
|
||
|
20CFF000
|
stack
|
page read and write
|
||
|
1F75B292000
|
heap
|
page read and write
|
||
|
208ED000
|
direct allocation
|
page read and write
|
||
|
2ECB000
|
heap
|
page read and write
|
||
|
7FF6AFC36000
|
unkown
|
page readonly
|
||
|
A08EF8E000
|
stack
|
page read and write
|
||
|
2B2482D0000
|
heap
|
page read and write
|
||
|
2F46000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
4740000
|
trusted library allocation
|
page read and write
|
||
|
2F58000
|
heap
|
page read and write
|
||
|
4C1E000
|
stack
|
page read and write
|
||
|
66E5BFE000
|
stack
|
page read and write
|
||
|
34EF000
|
heap
|
page read and write
|
||
|
884000
|
heap
|
page read and write
|
||
|
BAF000
|
stack
|
page read and write
|
||
|
4BD0000
|
heap
|
page read and write
|
||
|
7FF630870000
|
unkown
|
page readonly
|
||
|
20BA0190000
|
heap
|
page read and write
|
||
|
31D6000
|
heap
|
page read and write
|
||
|
34EC000
|
heap
|
page read and write
|
||
|
496B000
|
stack
|
page read and write
|
||
|
2F58000
|
heap
|
page read and write
|
||
|
1F75B250000
|
heap
|
page read and write
|
||
|
53FF000
|
stack
|
page read and write
|
||
|
2C3B000
|
stack
|
page read and write
|
||
|
27E0FC67000
|
heap
|
page read and write
|
||
|
30B6000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
78A000
|
heap
|
page read and write
|
||
|
20BEE000
|
stack
|
page read and write
|
||
|
23056C40000
|
heap
|
page read and write
|
||
|
1E814390000
|
heap
|
page read and write
|
||
|
475000
|
direct allocation
|
page execute and read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
5A2B17E000
|
stack
|
page read and write
|
||
|
884000
|
heap
|
page read and write
|
||
|
4CC8000
|
heap
|
page read and write
|
||
|
20831000
|
direct allocation
|
page read and write
|
||
|
3187000
|
heap
|
page read and write
|
||
|
D4E000
|
unkown
|
page read and write
|
||
|
230586F7000
|
heap
|
page read and write
|
||
|
23AA7359000
|
heap
|
page read and write
|
||
|
20BA0010000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
1FF42F5C000
|
heap
|
page read and write
|
||
|
31B8000
|
heap
|
page read and write
|
||
|
1F75B296000
|
heap
|
page read and write
|
||
|
B032B7E000
|
stack
|
page read and write
|
||
|
1E8143D7000
|
heap
|
page read and write
|
||
|
1E8143EF000
|
heap
|
page read and write
|
||
|
7FF777581000
|
unkown
|
page read and write
|
||
|
7FE4E000
|
direct allocation
|
page read and write
|
||
|
8BE000
|
stack
|
page read and write
|
||
|
7E68F000
|
direct allocation
|
page read and write
|
||
|
31C1000
|
heap
|
page read and write
|
||
|
2F69000
|
heap
|
page read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
2990000
|
heap
|
page readonly
|
||
|
2C6F000
|
stack
|
page read and write
|
||
|
4A60000
|
heap
|
page read and write
|
||
|
7E424000
|
direct allocation
|
page read and write
|
||
|
2082A000
|
direct allocation
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
475000
|
direct allocation
|
page execute and read and write
|
||
|
20966340000
|
heap
|
page read and write
|
||
|
27E0FC71000
|
heap
|
page read and write
|
||
|
A0F000
|
heap
|
page read and write
|
||
|
2F5F000
|
heap
|
page read and write
|
||
|
933000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
7FF6309F8000
|
unkown
|
page read and write
|
||
|
5376000
|
direct allocation
|
page execute and read and write
|
||
|
2F69000
|
heap
|
page read and write
|
||
|
233B3E38000
|
heap
|
page read and write
|
||
|
1E683707000
|
heap
|
page read and write
|
||
|
794000
|
heap
|
page read and write
|
||
|
2F69000
|
heap
|
page read and write
|
||
|
2F45000
|
heap
|
page read and write
|
||
|
2ED9000
|
heap
|
page read and write
|
||
|
7FF630992000
|
unkown
|
page readonly
|
||
|
2E99000
|
heap
|
page read and write
|
||
|
9C9000
|
heap
|
page read and write
|
||
|
4D5A000
|
heap
|
page read and write
|
||
|
2F7F000
|
stack
|
page read and write
|
||
|
2F4A000
|
heap
|
page read and write
|
||
|
31B6000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
2EBB000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
2F65000
|
heap
|
page read and write
|
||
|
2F5E000
|
heap
|
page read and write
|
||
|
1E816020000
|
heap
|
page read and write
|
||
|
534C000
|
heap
|
page read and write
|
||
|
7FF71DCF4000
|
unkown
|
page read and write
|
||
|
20ABE000
|
stack
|
page read and write
|
||
|
31B8000
|
heap
|
page read and write
|
||
|
8D4000
|
heap
|
page read and write
|
||
|
20966439000
|
heap
|
page read and write
|
||
|
4D5D000
|
heap
|
page read and write
|
||
|
2EBA000
|
heap
|
page read and write
|
||
|
34D3000
|
heap
|
page read and write
|
||
|
66E5DFF000
|
stack
|
page read and write
|
||
|
34D3000
|
heap
|
page read and write
|
||
|
5A2000
|
unkown
|
page write copy
|
||
|
37EE33D000
|
stack
|
page read and write
|
||
|
2F61000
|
heap
|
page read and write
|
||
|
31F7000
|
heap
|
page read and write
|
||
|
3176000
|
heap
|
page read and write
|
||
|
A1CDB5C000
|
stack
|
page read and write
|
||
|
34CE000
|
stack
|
page read and write
|
||
|
22606035000
|
heap
|
page read and write
|
||
|
27E0FB70000
|
heap
|
page read and write
|
||
|
5335000
|
heap
|
page read and write
|
||
|
316A000
|
heap
|
page read and write
|
||
|
3370000
|
heap
|
page read and write
|
||
|
2ADE000
|
stack
|
page execute and read and write
|
||
|
34D3000
|
heap
|
page read and write
|
||
|
7EDB0000
|
direct allocation
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
532B000
|
heap
|
page read and write
|
||
|
319E000
|
heap
|
page read and write
|
||
|
32FC000
|
heap
|
page read and write
|
||
|
2F4F000
|
heap
|
page read and write
|
||
|
2EFC4000
|
heap
|
page read and write
|
||
|
20A7F000
|
stack
|
page read and write
|
||
|
20BA0185000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
3163000
|
heap
|
page read and write
|
||
|
1A8090B3000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2F24000
|
heap
|
page read and write
|
||
|
7FD30000
|
direct allocation
|
page read and write
|
||
|
31A9000
|
heap
|
page read and write
|
||
|
1B9BA3C9000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
2F55000
|
heap
|
page read and write
|
||
|
207DF000
|
direct allocation
|
page read and write
|
||
|
2E68000
|
heap
|
page read and write
|
||
|
34D3000
|
heap
|
page read and write
|
||
|
7FF77757D000
|
unkown
|
page read and write
|
||
|
29DE000
|
stack
|
page read and write
|
||
|
7FF7AB71E000
|
unkown
|
page write copy
|
||
|
5A5000
|
unkown
|
page read and write
|
||
|
2F58000
|
heap
|
page read and write
|
||
|
4E4C8FE000
|
stack
|
page read and write
|
||
|
CE7187E000
|
stack
|
page read and write
|
||
|
2463000
|
heap
|
page read and write
|
||
|
4888000
|
heap
|
page read and write
|
||
|
527F000
|
stack
|
page read and write
|
||
|
34EC000
|
heap
|
page read and write
|
||
|
2EE7A000
|
heap
|
page read and write
|
||
|
31A3000
|
heap
|
page read and write
|
||
|
2B78000
|
heap
|
page read and write
|
||
|
23AA7337000
|
heap
|
page read and write
|
||
|
34BF000
|
unkown
|
page read and write
|
||
|
2F64000
|
heap
|
page read and write
|
||
|
5319000
|
heap
|
page read and write
|
||
|
1FF42F56000
|
heap
|
page read and write
|
||
|
7FF629D2E000
|
unkown
|
page write copy
|
||
|
2E9E000
|
heap
|
page read and write
|
||
|
2BA1000
|
heap
|
page read and write
|
||
|
24464FE7000
|
heap
|
page read and write
|
||
|
7FF629D28000
|
unkown
|
page readonly
|
||
|
23AA7348000
|
heap
|
page read and write
|
||
|
7E260000
|
direct allocation
|
page read and write
|
||
|
7FF789D88000
|
unkown
|
page read and write
|
||
|
35C0000
|
heap
|
page read and write
|
||
|
193CF187000
|
heap
|
page read and write
|
||
|
316D000
|
heap
|
page read and write
|
||
|
2B2481D7000
|
heap
|
page read and write
|
||
|
4BF1000
|
heap
|
page read and write
|
||
|
4C5E000
|
stack
|
page read and write
|
||
|
2EB1000
|
heap
|
page read and write
|
||
|
44A000
|
unkown
|
page readonly
|
||
|
91E000
|
stack
|
page read and write
|
||
|
34D3000
|
heap
|
page read and write
|
||
|
7E440000
|
direct allocation
|
page read and write
|
||
|
2F3E000
|
heap
|
page read and write
|
||
|
1E8169F8000
|
heap
|
page read and write
|
||
|
7FC10000
|
direct allocation
|
page read and write
|
||
|
1F5C0980000
|
heap
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
316C000
|
heap
|
page read and write
|
||
|
B6F000
|
stack
|
page read and write
|
||
|
8D4000
|
heap
|
page read and write
|
||
|
1E814280000
|
heap
|
page read and write
|
||
|
657000
|
heap
|
page read and write
|
||
|
2F46000
|
heap
|
page read and write
|
||
|
7E520000
|
direct allocation
|
page read and write
|
||
|
31C1000
|
heap
|
page read and write
|
||
|
7FF7AB718000
|
unkown
|
page readonly
|
||
|
244C000
|
stack
|
page read and write
|
||
|
20FDE000
|
stack
|
page read and write
|
||
|
7FF789D1E000
|
unkown
|
page readonly
|
||
|
1FF42F7D000
|
heap
|
page read and write
|
||
|
34EC000
|
heap
|
page read and write
|
||
|
31CD000
|
heap
|
page read and write
|
||
|
20840000
|
direct allocation
|
page read and write
|
||
|
7FF629D20000
|
unkown
|
page readonly
|
||
|
2F8A000
|
heap
|
page read and write
|
||
|
20810000
|
direct allocation
|
page read and write
|
||
|
2080D000
|
direct allocation
|
page read and write
|
||
|
7ED30000
|
direct allocation
|
page read and write
|
||
|
2ED5E000
|
stack
|
page read and write
|
||
|
8DEB5FE000
|
stack
|
page read and write
|
||
|
2EA1000
|
heap
|
page read and write
|
||
|
22605E50000
|
heap
|
page read and write
|
||
|
31AD000
|
heap
|
page read and write
|
||
|
2F3A000
|
heap
|
page read and write
|
||
|
23056987000
|
heap
|
page read and write
|
||
|
23AA7359000
|
heap
|
page read and write
|
||
|
1FF42F60000
|
heap
|
page read and write
|
||
|
7E5A0000
|
direct allocation
|
page read and write
|
||
|
7EDEF000
|
direct allocation
|
page read and write
|
||
|
2EBB000
|
heap
|
page read and write
|
||
|
2E91000
|
heap
|
page read and write
|
||
|
25DA000
|
direct allocation
|
page read and write
|
||
|
23AA9960000
|
heap
|
page read and write
|
||
|
2F8E000
|
heap
|
page read and write
|
||
|
2F61000
|
heap
|
page read and write
|
||
|
31B7000
|
heap
|
page read and write
|
||
|
23058AC1000
|
heap
|
page read and write
|
||
|
23AA7327000
|
heap
|
page read and write
|
||
|
2093B000
|
stack
|
page read and write
|
||
|
20E9E000
|
stack
|
page read and write
|
||
|
7FF7AB711000
|
unkown
|
page execute read
|
||
|
1E21B2C000
|
stack
|
page read and write
|
||
|
7FF71DCFD000
|
unkown
|
page readonly
|
||
|
1FF42F4B000
|
heap
|
page read and write
|
||
|
317D000
|
heap
|
page read and write
|
||
|
FC587FE000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
2B5E000
|
stack
|
page read and write
|
||
|
2EE92000
|
heap
|
page read and write
|
||
|
2ED9000
|
heap
|
page read and write
|
||
|
1DAC1D59000
|
heap
|
page read and write
|
||
|
233B2430000
|
heap
|
page read and write
|
||
|
2EE5000
|
heap
|
page read and write
|
||
|
2EC4000
|
heap
|
page read and write
|
||
|
876AAFC000
|
stack
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
1B9BA290000
|
heap
|
page read and write
|
||
|
24466908000
|
heap
|
page read and write
|
||
|
457000
|
unkown
|
page readonly
|
||
|
20966454000
|
heap
|
page read and write
|
||
|
2EE7A000
|
heap
|
page read and write
|
||
|
2090A000
|
direct allocation
|
page read and write
|
||
|
31C9000
|
heap
|
page read and write
|
||
|
207B0000
|
direct allocation
|
page read and write
|
||
|
CE718FF000
|
stack
|
page read and write
|
||
|
1F75B150000
|
heap
|
page read and write
|
||
|
32D3000
|
heap
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
A08F27E000
|
stack
|
page read and write
|
||
|
7FF63098E000
|
unkown
|
page readonly
|
||
|
31B5000
|
heap
|
page read and write
|
||
|
2F4C000
|
heap
|
page read and write
|
||
|
21331000
|
heap
|
page read and write
|
||
|
7FF71DCDD000
|
unkown
|
page read and write
|
||
|
7FF789C01000
|
unkown
|
page execute read
|
||
|
2560000
|
heap
|
page read and write
|
||
|
2F58000
|
heap
|
page read and write
|
||
|
30CA000
|
heap
|
page read and write
|
||
|
31DB000
|
heap
|
page read and write
|
||
|
1E6839B5000
|
heap
|
page read and write
|
||
|
1DAC1FB5000
|
heap
|
page read and write
|
||
|
1DAC1D50000
|
heap
|
page read and write
|
||
|
34EC000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page readonly
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
7E890000
|
direct allocation
|
page read and write
|
||
|
2EA9000
|
heap
|
page read and write
|
||
|
7FF7AB71F000
|
unkown
|
page readonly
|
||
|
156214FF000
|
heap
|
page read and write
|
||
|
7FC01000
|
direct allocation
|
page read and write
|
||
|
2073A000
|
direct allocation
|
page read and write
|
||
|
7E863000
|
direct allocation
|
page read and write
|
||
|
7EDDF000
|
direct allocation
|
page read and write
|
||
|
7FF77757D000
|
unkown
|
page write copy
|
||
|
29FC000
|
stack
|
page read and write
|
||
|
31D6000
|
heap
|
page read and write
|
||
|
318F000
|
heap
|
page read and write
|
||
|
30CD000
|
heap
|
page read and write
|
||
|
9E7000
|
heap
|
page read and write
|
||
|
7FF71DCF4000
|
unkown
|
page read and write
|
||
|
2F4E000
|
heap
|
page read and write
|
||
|
2F3E000
|
heap
|
page read and write
|
||
|
2EFD9000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
7FF71DCEF000
|
unkown
|
page read and write
|
||
|
7FF71DCD3000
|
unkown
|
page readonly
|
||
|
7F950000
|
direct allocation
|
page read and write
|
||
|
31C1000
|
heap
|
page read and write
|
||
|
7E850000
|
direct allocation
|
page read and write
|
||
|
23AA7327000
|
heap
|
page read and write
|
||
|
42E000
|
unkown
|
page read and write
|
||
|
4DA6000
|
heap
|
page read and write
|
||
|
2F3A000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
534C000
|
heap
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
2EEAA000
|
heap
|
page read and write
|
||
|
31C2000
|
heap
|
page read and write
|
||
|
B0327CC000
|
stack
|
page read and write
|
||
|
8D4000
|
heap
|
page read and write
|
||
|
1E684FD0000
|
heap
|
page read and write
|
||
|
2F64000
|
heap
|
page read and write
|
||
|
7FF71DCFC000
|
unkown
|
page write copy
|
||
|
4CA4000
|
heap
|
page read and write
|
||
|
216AF000
|
heap
|
page read and write
|
||
|
1FF42F6C000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
3128000
|
heap
|
page read and write
|
||
|
4BF1000
|
heap
|
page read and write
|
||
|
2F51000
|
heap
|
page read and write
|
||
|
7E850000
|
direct allocation
|
page read and write
|
||
|
2F55000
|
heap
|
page read and write
|
||
|
20806000
|
direct allocation
|
page read and write
|
||
|
5D6000
|
stack
|
page read and write
|
||
|
7FF77759C000
|
unkown
|
page write copy
|
||
|
A08EF0D000
|
stack
|
page read and write
|
||
|
376F000
|
heap
|
page read and write
|
||
|
20FDE000
|
stack
|
page read and write
|
||
|
2F5A000
|
heap
|
page read and write
|
||
|
23AA7334000
|
heap
|
page read and write
|
||
|
7EA0F000
|
direct allocation
|
page read and write
|
||
|
20CEF000
|
stack
|
page read and write
|
||
|
2F55000
|
heap
|
page read and write
|
||
|
49D0000
|
heap
|
page read and write
|
||
|
7E850000
|
direct allocation
|
page read and write
|
||
|
31CC000
|
heap
|
page read and write
|
||
|
2F69000
|
heap
|
page read and write
|
||
|
FC589FE000
|
stack
|
page read and write
|
||
|
316F000
|
heap
|
page read and write
|
||
|
262C000
|
direct allocation
|
page read and write
|
||
|
2EA6000
|
heap
|
page read and write
|
||
|
7FF66B896000
|
unkown
|
page readonly
|
||
|
1B9BA3C0000
|
heap
|
page read and write
|
||
|
2F59000
|
heap
|
page read and write
|
||
|
31BD000
|
heap
|
page read and write
|
||
|
8E991ED000
|
stack
|
page read and write
|
||
|
6330000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
30C6000
|
heap
|
page read and write
|
||
|
5AE000
|
unkown
|
page readonly
|
||
|
3210000
|
heap
|
page read and write
|
||
|
23BC5D00000
|
heap
|
page read and write
|
||
|
233B2510000
|
heap
|
page read and write
|
||
|
32FC000
|
heap
|
page read and write
|
||
|
325E000
|
stack
|
page read and write
|
||
|
42E000
|
unkown
|
page read and write
|
||
|
22608278000
|
heap
|
page read and write
|
||
|
302413C000
|
stack
|
page read and write
|
||
|
1A8090B8000
|
heap
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
7FF71DCE5000
|
unkown
|
page read and write
|
||
|
2F5B000
|
heap
|
page read and write
|
||
|
23056980000
|
heap
|
page read and write
|
||
|
2F4C000
|
heap
|
page read and write
|
||
|
4CC1000
|
heap
|
page read and write
|
||
|
247339DA000
|
heap
|
page read and write
|
||
|
23AA8C20000
|
heap
|
page read and write
|
||
|
193D16E4000
|
heap
|
page read and write
|
||
|
884000
|
heap
|
page read and write
|
||
|
305E000
|
stack
|
page read and write
|
||
|
5F4000
|
stack
|
page read and write
|
||
|
7FF71DCE1000
|
unkown
|
page read and write
|
||
|
2B2482B0000
|
heap
|
page read and write
|
||
|
8D4000
|
heap
|
page read and write
|
||
|
31B8000
|
heap
|
page read and write
|
||
|
1F75B27C000
|
heap
|
page read and write
|
||
|
1FF42F55000
|
heap
|
page read and write
|
||
|
2F46000
|
heap
|
page read and write
|
||
|
CE715FC000
|
stack
|
page read and write
|
||
|
1B9BA670000
|
heap
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
319A000
|
heap
|
page read and write
|
||
|
C26000
|
heap
|
page read and write
|
||
|
47FBDFC000
|
stack
|
page read and write
|
||
|
20F9E000
|
stack
|
page read and write
|
||
|
A18000
|
heap
|
page read and write
|
||
|
2F58000
|
heap
|
page read and write
|
||
|
4C510000
|
trusted library allocation
|
page read and write
|
||
|
7FF777572000
|
unkown
|
page readonly
|
||
|
23AA735D000
|
heap
|
page read and write
|
||
|
1E683660000
|
heap
|
page read and write
|
||
|
2F58000
|
heap
|
page read and write
|
||
|
31E2000
|
heap
|
page read and write
|
||
|
7FF777594000
|
unkown
|
page read and write
|
||
|
32CC000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
2EF62000
|
heap
|
page read and write
|
||
|
4CAD000
|
stack
|
page read and write
|
||
|
23AA7336000
|
heap
|
page read and write
|
||
|
92FFF5D000
|
stack
|
page read and write
|
||
|
1E21FFF000
|
stack
|
page read and write
|
||
|
8E9916C000
|
stack
|
page read and write
|
||
|
2F58000
|
heap
|
page read and write
|
||
|
210E0000
|
heap
|
page read and write
|
||
|
4C00000
|
heap
|
page read and write
|
||
|
2A0047F000
|
stack
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2E3D000
|
stack
|
page read and write
|
||
|
31C4000
|
heap
|
page read and write
|
||
|
1E8143D0000
|
heap
|
page read and write
|
||
|
1F75B390000
|
heap
|
page read and write
|
||
|
7FAF0000
|
direct allocation
|
page read and write
|
||
|
A08EE8C000
|
stack
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
31E7000
|
heap
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
2F3A000
|
heap
|
page read and write
|
||
|
7EA30000
|
direct allocation
|
page read and write
|
||
|
20966605000
|
heap
|
page read and write
|
||
|
4DE0000
|
heap
|
page read and write
|
||
|
7FF629D2E000
|
unkown
|
page readonly
|
||
|
FC5877E000
|
stack
|
page read and write
|
||
|
2E98000
|
heap
|
page read and write
|
||
|
47E0000
|
trusted library allocation
|
page read and write
|
||
|
25D3000
|
direct allocation
|
page read and write
|
||
|
32FC000
|
heap
|
page read and write
|
||
|
7FF789C00000
|
unkown
|
page readonly
|
||
|
3090000
|
heap
|
page read and write
|
||
|
472000
|
direct allocation
|
page execute and read and write
|
||
|
2B248130000
|
heap
|
page read and write
|
||
|
66E5CFE000
|
stack
|
page read and write
|
||
|
2F55000
|
heap
|
page read and write
|
||
|
8E994FE000
|
stack
|
page read and write
|
||
|
7E8C0000
|
direct allocation
|
page read and write
|
||
|
318C000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
30245FF000
|
stack
|
page read and write
|
||
|
7FF71DCA0000
|
unkown
|
page readonly
|
||
|
7020000
|
heap
|
page read and write
|
||
|
23AA7170000
|
heap
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
21327000
|
heap
|
page read and write
|
||
|
22607CE2000
|
heap
|
page read and write
|
||
|
1A8092F0000
|
heap
|
page read and write
|
||
|
2F5F000
|
heap
|
page read and write
|
||
|
930037E000
|
stack
|
page read and write
|
||
|
6FF0000
|
heap
|
page read and write
|
||
|
C6E000
|
stack
|
page read and write
|
||
|
7FF71DCE1000
|
unkown
|
page read and write
|
||
|
C9D000
|
stack
|
page read and write
|
||
|
21669000
|
heap
|
page read and write
|
||
|
1A809320000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
23AA735A000
|
heap
|
page read and write
|
||
|
4D80000
|
heap
|
page read and write
|
||
|
7EED1000
|
direct allocation
|
page read and write
|
||
|
1FF42F78000
|
heap
|
page read and write
|
||
|
7FF66B89A000
|
unkown
|
page readonly
|
||
|
34FF000
|
heap
|
page read and write
|
||
|
2B15000
|
stack
|
page read and write
|
||
|
23056C45000
|
heap
|
page read and write
|
||
|
1A809097000
|
heap
|
page read and write
|
||
|
226080B4000
|
heap
|
page read and write
|
||
|
23BC4237000
|
heap
|
page read and write
|
||
|
2ED9F000
|
stack
|
page read and write
|
||
|
49AD000
|
stack
|
page read and write
|
||
|
910000
|
direct allocation
|
page execute and read and write
|
||
|
2EE00000
|
heap
|
page read and write
|
||
|
20B9FF0E000
|
heap
|
page read and write
|
||
|
884000
|
heap
|
page read and write
|
||
|
23AA7345000
|
heap
|
page read and write
|
||
|
5CD000
|
unkown
|
page readonly
|
||
|
A47000
|
heap
|
page read and write
|
||
|
2EFC000
|
heap
|
page read and write
|
||
|
27E0FA90000
|
heap
|
page read and write
|
||
|
233B2660000
|
heap
|
page read and write
|
||
|
2F43000
|
heap
|
page read and write
|
||
|
E5394FC000
|
stack
|
page read and write
|
||
|
2F1A2000
|
heap
|
page read and write
|
||
|
21AC0000
|
direct allocation
|
page execute and read and write
|
||
|
23AA7310000
|
heap
|
page read and write
|
||
|
2F46000
|
heap
|
page read and write
|
||
|
22605E20000
|
heap
|
page read and write
|
||
|
1E814510000
|
heap
|
page read and write
|
||
|
2E6F000
|
stack
|
page read and write
|
||
|
2EBB000
|
heap
|
page read and write
|
||
|
8D4000
|
heap
|
page read and write
|
||
|
2096643F000
|
heap
|
page read and write
|
||
|
1E683640000
|
heap
|
page read and write
|
||
|
1DAC1CA0000
|
heap
|
page read and write
|
||
|
23AA735F000
|
heap
|
page read and write
|
||
|
233B3E30000
|
heap
|
page read and write
|
||
|
1E683560000
|
heap
|
page read and write
|
||
|
35BF000
|
stack
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
7FF71DCA1000
|
unkown
|
page execute read
|
||
|
5335000
|
heap
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
7E080000
|
direct allocation
|
page read and write
|
||
|
2EBA000
|
heap
|
page read and write
|
||
|
2EEDE000
|
heap
|
page read and write
|
||
|
67F0000
|
trusted library allocation
|
page read and write
|
||
|
310D000
|
stack
|
page read and write
|
||
|
25C4000
|
direct allocation
|
page read and write
|
||
|
7EE7F000
|
direct allocation
|
page read and write
|
||
|
2305698A000
|
heap
|
page read and write
|
||
|
23AA9160000
|
trusted library allocation
|
page read and write
|
||
|
2E9E000
|
heap
|
page read and write
|
||
|
23AA7317000
|
heap
|
page read and write
|
||
|
2B2481B0000
|
heap
|
page read and write
|
||
|
20F9E000
|
stack
|
page read and write
|
||
|
FC586FE000
|
stack
|
page read and write
|
||
|
24733A16000
|
heap
|
page read and write
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
23AA75CD000
|
heap
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
210DF000
|
stack
|
page read and write
|
||
|
20966630000
|
heap
|
page read and write
|
||
|
37EE67E000
|
stack
|
page read and write
|
||
|
45E000
|
system
|
page execute and read and write
|
||
|
2F3E000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
1FF42F1D000
|
heap
|
page read and write
|
||
|
34EF000
|
heap
|
page read and write
|
||
|
247337E0000
|
heap
|
page read and write
|
||
|
24733995000
|
heap
|
page read and write
|
||
|
7FD2E000
|
direct allocation
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
156214F0000
|
heap
|
page read and write
|
||
|
2F8B000
|
heap
|
page read and write
|
||
|
543E000
|
stack
|
page read and write
|
||
|
1FF42F78000
|
heap
|
page read and write
|
||
|
2B248425000
|
heap
|
page read and write
|
||
|
24733990000
|
heap
|
page read and write
|
||
|
4D9E000
|
stack
|
page read and write
|
||
|
4E4C97F000
|
stack
|
page read and write
|
||
|
2EE7A000
|
heap
|
page read and write
|
||
|
1DAC1CB0000
|
heap
|
page read and write
|
||
|
2F7D000
|
stack
|
page read and write
|
||
|
31F7000
|
heap
|
page read and write
|
||
|
87E000
|
stack
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
2B00000
|
direct allocation
|
page readonly
|
||
|
31D6000
|
heap
|
page read and write
|
||
|
7FF7AB71C000
|
unkown
|
page read and write
|
||
|
70E000
|
stack
|
page read and write
|
||
|
20BBF000
|
stack
|
page read and write
|
||
|
31D7000
|
heap
|
page read and write
|
||
|
2F56000
|
heap
|
page read and write
|
||
|
1F5C0960000
|
heap
|
page read and write
|
||
|
4BA0000
|
trusted library allocation
|
page read and write
|
||
|
7EEF4000
|
direct allocation
|
page read and write
|
||
|
31CD000
|
heap
|
page read and write
|
||
|
5350000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
2EA1000
|
heap
|
page read and write
|
||
|
31B5000
|
heap
|
page read and write
|
||
|
2F49000
|
heap
|
page read and write
|
||
|
7ED60000
|
direct allocation
|
page read and write
|
||
|
2F4F000
|
unkown
|
page read and write
|
||
|
7FF71DCDD000
|
unkown
|
page write copy
|
||
|
A13000
|
heap
|
page read and write
|
||
|
1E816135000
|
heap
|
page read and write
|
||
|
1F5C0882000
|
heap
|
page read and write
|
||
|
2F5B000
|
heap
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
5346000
|
heap
|
page read and write
|
||
|
2096E000
|
stack
|
page read and write
|
||
|
2EDC000
|
heap
|
page read and write
|
||
|
20A6F000
|
stack
|
page read and write
|
||
|
7FF7AB718000
|
unkown
|
page readonly
|
||
|
24465155000
|
heap
|
page read and write
|
||
|
20B9FF28000
|
heap
|
page read and write
|
||
|
54BD000
|
stack
|
page read and write
|
||
|
2A51000
|
direct allocation
|
page read and write
|
||
|
2A47000
|
direct allocation
|
page read and write
|
||
|
2F8B000
|
heap
|
page read and write
|
||
|
89087C000
|
stack
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
884000
|
heap
|
page read and write
|
||
|
15621715000
|
heap
|
page read and write
|
||
|
25A0000
|
direct allocation
|
page read and write
|
||
|
2EEDE000
|
heap
|
page read and write
|
||
|
7F770000
|
direct allocation
|
page read and write
|
||
|
315F000
|
stack
|
page read and write
|
||
|
2F39000
|
heap
|
page read and write
|
||
|
7FF7AB71D000
|
unkown
|
page readonly
|