Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Quotation.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\Public\alpha.pif
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Links\Agcakrhb.PIF
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\22183.cmd
|
Unicode text, UTF-8 text, with very long lines (577), with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\4140.cmd
|
Unicode text, UTF-8 text, with very long lines (324), with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\neo.cmd
|
Unicode text, UTF-8 text, with very long lines (372), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\Flighting\FlightingLogging.txt
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\bhv72CB.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x1d2d76f6, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cjuokcdbbgcjypgifkadlgabsyky
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Links\Agcakrhb.url
|
MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\user\\Links\\Agcakrhb.PIF">), ASCII text, with CRLF line terminators
|
modified
|
||
|
\Device\Null
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Quotation.exe
|
"C:\Users\user\Desktop\Quotation.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\\Users\\All Users\\4140.cmd""
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\\Users\\All Users\\22183.cmd""
|
|
|
|
C:\Windows\SysWOW64\PING.EXE
|
ping 127.0.0.1 -n 10
|
|
|
|
C:\Windows\SysWOW64\colorcpl.exe
|
C:\Windows\System32\colorcpl.exe
|
|
|
|
C:\Windows\SysWOW64\esentutl.exe
|
C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o
|
|
|
|
C:\Users\Public\alpha.pif
|
C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows "
|
|
|
|
C:\Users\Public\alpha.pif
|
C:\\Users\\Public\\alpha.pif /c mkdir "\\?\C:\Windows \SysWOW64"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\cjuokcdbbgcjypgifkadlgabsyky"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\fdhglvnuxouoivcuwvmxwtvktnthewt"
|
|
|
|
C:\Windows\SysWOW64\recover.exe
|
C:\Windows\SysWOW64\recover.exe /stext "C:\Users\user\AppData\Local\Temp\pfmz"
|
|
|
|
C:\Users\user\Links\Agcakrhb.PIF
|
"C:\Users\user\Links\Agcakrhb.PIF"
|
|
|
|
C:\Windows\SysWOW64\colorcpl.exe
|
C:\Windows\System32\colorcpl.exe
|
|
|
|
C:\Users\user\Links\Agcakrhb.PIF
|
"C:\Users\user\Links\Agcakrhb.PIF"
|
|
|
|
C:\Windows\SysWOW64\SndVol.exe
|
C:\Windows\System32\SndVol.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\backgroundTaskHost.exe
|
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
qwertyuioplkjhgfdsazxcvbnm.ydns.eu
|
|
||
|
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=P
|
unknown
|
||
|
https://www.office.com/
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
https://fp-afd.azurefd.us/apc/trans.gif?0cf92be82316943650f2ee723bc6949e
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
http://c.pki.goog/r/gsr1.crl0
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
|
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
|
http://c.pki.goog/we2/64OUIVzpZV4.crl0
|
unknown
|
||
|
http://i.pki.goog/we2.crt0
|
unknown
|
||
|
http://o.pki.goog/we20%
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://www.google.com
|
unknown
|
||
|
https://fp-afd.azurefd.us/apc/trans.gif?94fb5ac9609bcb4cda0bf8acf1827073
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=Skype&DestinationEndpoint=Edge-Prod-LAX31r5a&FrontEnd=AF
|
unknown
|
||
|
http://geoplugin.net/json.gpF
|
unknown
|
||
|
https://dl.google.com/update2/installers/icons/%7B8a69d345-d564-463c-aff1-a69d9e530f96%7D.bmp?lang=e
|
unknown
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
https://maps.windows.com/windows-app-web-link
|
unknown
|
||
|
http://i.pki.goog/gsr1.crt0-
|
unknown
|
||
|
http://c.pki.goog/r/r4.crl0
|
unknown
|
||
|
http://geoplugin.net/json.gpP
|
unknown
|
||
|
http://i.pki.goog/r4.crt0
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://geoplugin.net/json.gpW
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://www.imvu.comata
|
unknown
|
||
|
http://www.pmail.com
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=wsb&ndcParam=QWthbWFp
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 27 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
qwertyuioplkjhgfdsazxcvbnm.ydns.eu
|
185.208.156.45
|
|
|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.208.156.45
|
qwertyuioplkjhgfdsazxcvbnm.ydns.eu
|
Switzerland
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Agcakrhb
|
||
|
HKEY_CURRENT_USER\SOFTWARE\chrome-3GMLHL
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\chrome-3GMLHL
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\chrome-3GMLHL
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\chrome-3GMLHL
|
UID
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1
|
UILanguage
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\MaxAttachmentSizeInBytes
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\LocationReminderDesktopOnUnlockRadius
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\MaxRetryCount
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\DeviceManagementEnabled
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\ShowSearchGlyphLeftOfSearchBox
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\LocationReminderDesktopOnUnlockSpan
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\ReminderCalendarUpdate
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\TemplatesSyncInterval
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\SubmitButtonNarratorText
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\TimerSyncInterval
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\ProactivePrefetchIntervalMinutes
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\LocalNewBatchSize
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\SearchBoxAutoSuggestedForegroundColor
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\SearchBoxText
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\WideAtStartupDeltaMinWidthThreshold
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\SearchBoxUseSearchIconAtRest
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\SearchBoxWideWidth
|
Value
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\Flighting\1\MaxReminderCount
|
Value
|
||
|
\REGISTRY\A\{4895240c-7196-61ef-25b7-06030c0b16b3}\LocalState
|
BINGIDENTITY_PROP_USEREMAIL
|
||
|
\REGISTRY\A\{4895240c-7196-61ef-25b7-06030c0b16b3}\LocalState
|
BINGIDENTITY_PROP_ACCOUNTTYPETEXT
|
||
|
\REGISTRY\A\{4895240c-7196-61ef-25b7-06030c0b16b3}\LocalState
|
BINGIDENTITY_PROP_ACCOUNTTYPE
|
||
|
\REGISTRY\A\{4895240c-7196-61ef-25b7-06030c0b16b3}\LocalState
|
BINGIDENTITY_PROP_ACCOUNTTYPE
|
||
|
\REGISTRY\A\{4895240c-7196-61ef-25b7-06030c0b16b3}\LocalState
|
BINGIDENTITY_PROP_AUTHORITY
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C00000
|
remote allocation
|
page execute and read and write
|
|
|
|
1E243000
|
heap
|
page read and write
|
|
|
|
20611000
|
heap
|
page read and write
|
|
|
|
2820000
|
remote allocation
|
page execute and read and write
|
|
|
|
20810000
|
unclassified section
|
page execute and read and write
|
|
|
|
2AB0000
|
remote allocation
|
page execute and read and write
|
|
|
|
2C050000
|
heap
|
page read and write
|
|
|
|
20A4A000
|
heap
|
page read and write
|
|
|
|
20993000
|
heap
|
page read and write
|
|
|
|
20BC0000
|
heap
|
page read and write
|
|
|
|
208B2000
|
heap
|
page read and write
|
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
2081F000
|
heap
|
page read and write
|
|
|
|
1E218000
|
heap
|
page read and write
|
|
|
|
20673000
|
heap
|
page read and write
|
|
|
|
1B6E7000
|
heap
|
page read and write
|
|
|
|
20B0D000
|
heap
|
page read and write
|
|
|
|
2058B000
|
heap
|
page read and write
|
|
|
|
2A05000
|
direct allocation
|
page execute and read and write
|
|
|
|
20611000
|
heap
|
page read and write
|
|
|
|
7E770000
|
direct allocation
|
page read and write
|
|
|
|
20990000
|
heap
|
page read and write
|
|
|
|
23DA000
|
direct allocation
|
page read and write
|
|
|
|
24A1000
|
direct allocation
|
page read and write
|
||
|
239D000
|
direct allocation
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
4EF8000
|
heap
|
page read and write
|
||
|
1E28E000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
7ECCF000
|
direct allocation
|
page read and write
|
||
|
211AF000
|
trusted library allocation
|
page read and write
|
||
|
307F000
|
stack
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
317D000
|
heap
|
page read and write
|
||
|
4EFC000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
4FCE000
|
stack
|
page read and write
|
||
|
4665000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
23C8000
|
direct allocation
|
page read and write
|
||
|
23B3000
|
direct allocation
|
page read and write
|
||
|
317D000
|
heap
|
page read and write
|
||
|
4660000
|
heap
|
page read and write
|
||
|
289C000
|
stack
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
283D000
|
stack
|
page read and write
|
||
|
20673000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
19E000
|
unkown
|
page write copy
|
||
|
4EC8000
|
heap
|
page read and write
|
||
|
21119000
|
direct allocation
|
page read and write
|
||
|
2EAD000
|
stack
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
1E279000
|
heap
|
page read and write
|
||
|
1E2AA000
|
heap
|
page read and write
|
||
|
503B000
|
heap
|
page read and write
|
||
|
2925000
|
direct allocation
|
page execute and read and write
|
||
|
211A0000
|
trusted library allocation
|
page read and write
|
||
|
89A000
|
heap
|
page read and write
|
||
|
2320000
|
heap
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
29DA000
|
stack
|
page read and write
|
||
|
259A000
|
direct allocation
|
page read and write
|
||
|
3600000
|
heap
|
page read and write
|
||
|
55C0000
|
direct allocation
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
615000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
207AE000
|
stack
|
page execute and read and write
|
||
|
206DD000
|
direct allocation
|
page read and write
|
||
|
2C2C000
|
heap
|
page read and write
|
||
|
7F0B0000
|
direct allocation
|
page read and write
|
||
|
25A1000
|
direct allocation
|
page read and write
|
||
|
8D4000
|
heap
|
page read and write
|
||
|
2790000
|
heap
|
page read and write
|
||
|
464C000
|
heap
|
page read and write
|
||
|
1E100000
|
heap
|
page read and write
|
||
|
4ECB000
|
heap
|
page read and write
|
||
|
526F000
|
stack
|
page read and write
|
||
|
4665000
|
heap
|
page read and write
|
||
|
26EC000
|
stack
|
page read and write
|
||
|
7F07F000
|
direct allocation
|
page read and write
|
||
|
1E286000
|
heap
|
page read and write
|
||
|
1E140000
|
heap
|
page read and write
|
||
|
5029000
|
heap
|
page read and write
|
||
|
2E3F000
|
stack
|
page read and write
|
||
|
2A97000
|
direct allocation
|
page read and write
|
||
|
4ED4000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
522E000
|
stack
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
1E257000
|
heap
|
page read and write
|
||
|
20F50000
|
heap
|
page read and write
|
||
|
7EC10000
|
direct allocation
|
page read and write
|
||
|
20CBF000
|
stack
|
page read and write
|
||
|
2BFF000
|
stack
|
page read and write
|
||
|
4EDF000
|
heap
|
page read and write
|
||
|
4F03000
|
heap
|
page read and write
|
||
|
4698000
|
heap
|
page read and write
|
||
|
3006000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
1D300000
|
heap
|
page read and write
|
||
|
20B6F000
|
stack
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
26E1000
|
direct allocation
|
page read and write
|
||
|
20D0E000
|
stack
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
7E770000
|
direct allocation
|
page read and write
|
||
|
4EE1000
|
heap
|
page read and write
|
||
|
4EC8000
|
heap
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
7ECB8000
|
direct allocation
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
2366000
|
heap
|
page read and write
|
||
|
21487000
|
heap
|
page read and write
|
||
|
1BE000
|
unkown
|
page readonly
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
2C2C000
|
heap
|
page read and write
|
||
|
31CF000
|
unkown
|
page read and write
|
||
|
92F000
|
heap
|
page read and write
|
||
|
4EC9000
|
heap
|
page read and write
|
||
|
4EDF000
|
heap
|
page read and write
|
||
|
7F0CF000
|
direct allocation
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
7EFF0000
|
direct allocation
|
page read and write
|
||
|
2C6E000
|
stack
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
20A2F000
|
stack
|
page read and write
|
||
|
50C0000
|
trusted library allocation
|
page read and write
|
||
|
4EE8000
|
heap
|
page read and write
|
||
|
2310000
|
direct allocation
|
page execute and read and write
|
||
|
20510000
|
heap
|
page read and write
|
||
|
4693000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
2AF9000
|
direct allocation
|
page execute and read and write
|
||
|
25F3000
|
direct allocation
|
page read and write
|
||
|
962000
|
heap
|
page read and write
|
||
|
7EFB0000
|
direct allocation
|
page read and write
|
||
|
4EFF000
|
heap
|
page read and write
|
||
|
4EDE000
|
heap
|
page read and write
|
||
|
4B5E000
|
heap
|
page read and write
|
||
|
2BDF000
|
stack
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
1E257000
|
heap
|
page read and write
|
||
|
89E000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
46AD000
|
heap
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
1E2CE000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
2F3D000
|
stack
|
page read and write
|
||
|
4EDE000
|
heap
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
85A000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
2560000
|
direct allocation
|
page read and write
|
||
|
206F3000
|
direct allocation
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
4EDE000
|
heap
|
page read and write
|
||
|
2914000
|
remote allocation
|
page execute and read and write
|
||
|
1E4C0000
|
heap
|
page read and write
|
||
|
293D000
|
stack
|
page read and write
|
||
|
7EEE0000
|
direct allocation
|
page read and write
|
||
|
318D000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
46F000
|
unkown
|
page read and write
|
||
|
1E29B000
|
heap
|
page read and write
|
||
|
2B28000
|
remote allocation
|
page execute and read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
2BEA000
|
heap
|
page read and write
|
||
|
4F04000
|
heap
|
page read and write
|
||
|
1B9CF000
|
stack
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
505D000
|
heap
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
7FE46000
|
direct allocation
|
page read and write
|
||
|
1E2CA000
|
heap
|
page read and write
|
||
|
2C23000
|
heap
|
page read and write
|
||
|
1E28E000
|
heap
|
page read and write
|
||
|
4ED5000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
322E000
|
stack
|
page read and write
|
||
|
171000
|
unkown
|
page execute read
|
||
|
171000
|
unkown
|
page execute read
|
||
|
E6D000
|
stack
|
page read and write
|
||
|
20BC0000
|
unclassified section
|
page execute and read and write
|
||
|
7DF000
|
stack
|
page read and write
|
||
|
4ECC000
|
heap
|
page read and write
|
||
|
4EDB000
|
heap
|
page read and write
|
||
|
4EC9000
|
heap
|
page read and write
|
||
|
4F04000
|
heap
|
page read and write
|
||
|
4EDE000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
4EDE000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
4661000
|
heap
|
page read and write
|
||
|
1E257000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
92B000
|
heap
|
page read and write
|
||
|
7FB15000
|
direct allocation
|
page read and write
|
||
|
4F04000
|
heap
|
page read and write
|
||
|
1E2C8000
|
heap
|
page read and write
|
||
|
94F000
|
stack
|
page read and write
|
||
|
23C1000
|
direct allocation
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
20698000
|
direct allocation
|
page read and write
|
||
|
25AC000
|
stack
|
page read and write
|
||
|
2BEFE000
|
stack
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
2CF4000
|
remote allocation
|
page execute and read and write
|
||
|
28F1000
|
direct allocation
|
page execute read
|
||
|
1BE000
|
unkown
|
page readonly
|
||
|
7F104000
|
direct allocation
|
page read and write
|
||
|
788000
|
heap
|
page read and write
|
||
|
208A0000
|
heap
|
page read and write
|
||
|
2BA4000
|
remote allocation
|
page execute and read and write
|
||
|
7F9C0000
|
direct allocation
|
page read and write
|
||
|
1E2E1000
|
heap
|
page read and write
|
||
|
300D000
|
heap
|
page read and write
|
||
|
1B6C0000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4EDE000
|
heap
|
page read and write
|
||
|
2E6D000
|
stack
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
3450000
|
heap
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
317E000
|
heap
|
page read and write
|
||
|
272B000
|
stack
|
page read and write
|
||
|
20658000
|
direct allocation
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
1E279000
|
heap
|
page read and write
|
||
|
95E000
|
heap
|
page read and write
|
||
|
4EDE000
|
heap
|
page read and write
|
||
|
4F04000
|
heap
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
2AA5000
|
direct allocation
|
page execute and read and write
|
||
|
4EDE000
|
heap
|
page read and write
|
||
|
1E51E000
|
stack
|
page read and write
|
||
|
4EFF000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
1B81E000
|
stack
|
page read and write
|
||
|
57A000
|
unkown
|
page read and write
|
||
|
298E000
|
stack
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
4ECB000
|
heap
|
page read and write
|
||
|
4F26000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
24B3000
|
heap
|
page read and write
|
||
|
2638000
|
direct allocation
|
page read and write
|
||
|
4B40000
|
heap
|
page read and write
|
||
|
4991000
|
heap
|
page read and write
|
||
|
4F04000
|
heap
|
page read and write
|
||
|
7EB20000
|
direct allocation
|
page read and write
|
||
|
31ED000
|
heap
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
4EF6000
|
heap
|
page read and write
|
||
|
1D20F000
|
stack
|
page read and write
|
||
|
300D000
|
heap
|
page read and write
|
||
|
1E550000
|
heap
|
page read and write
|
||
|
1D260000
|
heap
|
page read and write
|
||
|
1E2BA000
|
heap
|
page read and write
|
||
|
4F10000
|
heap
|
page read and write
|
||
|
4F39000
|
stack
|
page read and write
|
||
|
4EDE000
|
heap
|
page read and write
|
||
|
2C030000
|
heap
|
page read and write
|
||
|
23A4000
|
direct allocation
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
578000
|
unkown
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
4F03000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
2035E000
|
stack
|
page read and write
|
||
|
4640000
|
heap
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
1E2CA000
|
heap
|
page read and write
|
||
|
170000
|
unkown
|
page readonly
|
||
|
578000
|
unkown
|
page read and write
|
||
|
25A8000
|
direct allocation
|
page read and write
|
||
|
6B5000
|
heap
|
page read and write
|
||
|
2039F000
|
stack
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
4F04000
|
heap
|
page read and write
|
||
|
2552000
|
direct allocation
|
page read and write
|
||
|
1E257000
|
heap
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
20672000
|
heap
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
26C4000
|
direct allocation
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
20691000
|
direct allocation
|
page read and write
|
||
|
315B000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
4EDE000
|
heap
|
page read and write
|
||
|
7F830000
|
direct allocation
|
page read and write
|
||
|
1E29B000
|
heap
|
page read and write
|
||
|
19E000
|
unkown
|
page read and write
|
||
|
477E000
|
stack
|
page read and write
|
||
|
7F140000
|
direct allocation
|
page read and write
|
||
|
4F03000
|
heap
|
page read and write
|
||
|
4ECB000
|
heap
|
page read and write
|
||
|
4F3B000
|
stack
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
46F000
|
unkown
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
171000
|
unkown
|
page execute read
|
||
|
4EE5000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
1E257000
|
heap
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
20176000
|
direct allocation
|
page execute and read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
20F4F000
|
stack
|
page read and write
|
||
|
4EE1000
|
heap
|
page read and write
|
||
|
1E248000
|
heap
|
page read and write
|
||
|
1E2DD000
|
heap
|
page read and write
|
||
|
20BCE000
|
stack
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
26D3000
|
direct allocation
|
page read and write
|
||
|
28DC000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
4EE3000
|
heap
|
page read and write
|
||
|
4ED5000
|
heap
|
page read and write
|
||
|
206D6000
|
direct allocation
|
page read and write
|
||
|
7ED00000
|
direct allocation
|
page read and write
|
||
|
4F25000
|
heap
|
page read and write
|
||
|
265C000
|
stack
|
page read and write
|
||
|
1E2A8000
|
heap
|
page read and write
|
||
|
2A94000
|
stack
|
page read and write
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
938000
|
heap
|
page read and write
|
||
|
29F7000
|
direct allocation
|
page read and write
|
||
|
4C5C000
|
heap
|
page read and write
|
||
|
7E670000
|
direct allocation
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
25DD000
|
direct allocation
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
1E29B000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
26AF000
|
direct allocation
|
page read and write
|
||
|
4F04000
|
heap
|
page read and write
|
||
|
7EFAB000
|
direct allocation
|
page read and write
|
||
|
4EF7000
|
heap
|
page read and write
|
||
|
4671000
|
heap
|
page read and write
|
||
|
7F061000
|
direct allocation
|
page read and write
|
||
|
6FE000
|
stack
|
page read and write
|
||
|
72E000
|
stack
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
2080B000
|
stack
|
page read and write
|
||
|
4ED2000
|
heap
|
page read and write
|
||
|
1D1CE000
|
stack
|
page read and write
|
||
|
83E000
|
stack
|
page read and write
|
||
|
8EB000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
46B0000
|
heap
|
page read and write
|
||
|
4EDB000
|
heap
|
page read and write
|
||
|
1E279000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
20884000
|
unclassified section
|
page execute and read and write
|
||
|
4ECB000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
2601000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
2A3C000
|
stack
|
page read and write
|
||
|
1E2AA000
|
heap
|
page read and write
|
||
|
4698000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4673000
|
heap
|
page read and write
|
||
|
5045000
|
heap
|
page read and write
|
||
|
7A1000
|
heap
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
4EDE000
|
heap
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
4EDE000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
1BE000
|
unkown
|
page readonly
|
||
|
7F125000
|
direct allocation
|
page read and write
|
||
|
7FF000
|
stack
|
page read and write
|
||
|
30BE000
|
unkown
|
page read and write
|
||
|
2683000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
2E99000
|
heap
|
page read and write
|
||
|
1E24C000
|
heap
|
page read and write
|
||
|
1E2CE000
|
heap
|
page read and write
|
||
|
46C2000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
81E000
|
stack
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
1FD3F000
|
stack
|
page read and write
|
||
|
5A10000
|
trusted library allocation
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
20F50000
|
heap
|
page read and write
|
||
|
7EFE0000
|
direct allocation
|
page read and write
|
||
|
7F080000
|
direct allocation
|
page read and write
|
||
|
300E000
|
heap
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
7EDF0000
|
direct allocation
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
2C75000
|
remote allocation
|
page execute and read and write
|
||
|
4EFE000
|
heap
|
page read and write
|
||
|
7F080000
|
direct allocation
|
page read and write
|
||
|
1E286000
|
heap
|
page read and write
|
||
|
967000
|
heap
|
page read and write
|
||
|
171000
|
unkown
|
page execute read
|
||
|
257D000
|
direct allocation
|
page read and write
|
||
|
1B98E000
|
stack
|
page read and write
|
||
|
20E0E000
|
stack
|
page read and write
|
||
|
20708000
|
direct allocation
|
page read and write
|
||
|
7F080000
|
direct allocation
|
page read and write
|
||
|
2380000
|
direct allocation
|
page read and write
|
||
|
7F0B0000
|
direct allocation
|
page read and write
|
||
|
20E4E000
|
stack
|
page read and write
|
||
|
2A19000
|
direct allocation
|
page execute and read and write
|
||
|
24A8000
|
direct allocation
|
page read and write
|
||
|
4698000
|
heap
|
page read and write
|
||
|
4EF7000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
4ECF000
|
heap
|
page read and write
|
||
|
4665000
|
heap
|
page read and write
|
||
|
4ECB000
|
heap
|
page read and write
|
||
|
7F0CF000
|
direct allocation
|
page read and write
|
||
|
2484000
|
direct allocation
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
4ECB000
|
heap
|
page read and write
|
||
|
1E18E000
|
stack
|
page read and write
|
||
|
240C000
|
stack
|
page read and write
|
||
|
695000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
1E2C8000
|
heap
|
page read and write
|
||
|
23AC000
|
stack
|
page read and write
|
||
|
1E24C000
|
heap
|
page read and write
|
||
|
2BF3F000
|
stack
|
page read and write
|
||
|
5056000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
249A000
|
direct allocation
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
2543000
|
direct allocation
|
page read and write
|
||
|
2A8F000
|
stack
|
page read and write
|
||
|
7EFF0000
|
direct allocation
|
page read and write
|
||
|
20CCF000
|
stack
|
page read and write
|
||
|
2C038000
|
heap
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
908000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
467E000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
7FC25000
|
direct allocation
|
page read and write
|
||
|
300D000
|
heap
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
300D000
|
heap
|
page read and write
|
||
|
1B6E0000
|
heap
|
page read and write
|
||
|
1E257000
|
heap
|
page read and write
|
||
|
4F26000
|
heap
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
7EDA0000
|
direct allocation
|
page read and write
|
||
|
57C000
|
unkown
|
page write copy
|
||
|
30FE000
|
unkown
|
page read and write
|
||
|
2B38000
|
heap
|
page read and write
|
||
|
1E2CA000
|
heap
|
page read and write
|
||
|
4EC9000
|
heap
|
page read and write
|
||
|
258C000
|
direct allocation
|
page read and write
|
||
|
2921000
|
direct allocation
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
7F0FE000
|
direct allocation
|
page read and write
|
||
|
4ED2000
|
heap
|
page read and write
|
||
|
4698000
|
heap
|
page read and write
|
||
|
5056000
|
heap
|
page read and write
|
||
|
20BCE000
|
stack
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
208EF000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
7FB20000
|
direct allocation
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
205BA000
|
heap
|
page read and write
|
||
|
2363000
|
direct allocation
|
page read and write
|
||
|
1E2C8000
|
heap
|
page read and write
|
||
|
2B20000
|
heap
|
page readonly
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
7FC30000
|
direct allocation
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
505D000
|
heap
|
page read and write
|
||
|
7EBDF000
|
direct allocation
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
4EE1000
|
heap
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
7EDCF000
|
direct allocation
|
page read and write
|
||
|
4ED2000
|
heap
|
page read and write
|
||
|
1BE000
|
unkown
|
page readonly
|
||
|
4651000
|
heap
|
page read and write
|
||
|
4ED2000
|
heap
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
20130000
|
unclassified section
|
page execute and read and write
|
||
|
4ECB000
|
heap
|
page read and write
|
||
|
A4F000
|
stack
|
page read and write
|
||
|
2493000
|
direct allocation
|
page read and write
|
||
|
2720000
|
heap
|
page read and write
|
||
|
4EE8000
|
heap
|
page read and write
|
||
|
1E2CE000
|
heap
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
20F4F000
|
stack
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
20E0E000
|
stack
|
page read and write
|
||
|
1E145000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
7FC21000
|
direct allocation
|
page read and write
|
||
|
4EE3000
|
heap
|
page read and write
|
||
|
8D7000
|
heap
|
page read and write
|
||
|
2E88000
|
heap
|
page read and write
|
||
|
2094F000
|
stack
|
page read and write
|
||
|
26DA000
|
direct allocation
|
page read and write
|
||
|
1E24C000
|
heap
|
page read and write
|
||
|
4F8F000
|
stack
|
page read and write
|
||
|
1B85F000
|
stack
|
page read and write
|
||
|
2A7D000
|
direct allocation
|
page execute and read and write
|
||
|
32C4000
|
heap
|
page read and write
|
||
|
7FD40000
|
direct allocation
|
page read and write
|
||
|
4780000
|
trusted library allocation
|
page read and write
|
||
|
2A5C000
|
stack
|
page read and write
|
||
|
2C50000
|
heap
|
page readonly
|
||
|
4EDE000
|
heap
|
page read and write
|
||
|
4EFE000
|
heap
|
page read and write
|
||
|
7F0F0000
|
direct allocation
|
page read and write
|
||
|
1E2CA000
|
heap
|
page read and write
|
||
|
32F1000
|
heap
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
4EFF000
|
heap
|
page read and write
|
||
|
7FD36000
|
direct allocation
|
page read and write
|
||
|
2226000
|
heap
|
page read and write
|
||
|
7F0B0000
|
direct allocation
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
20A4F000
|
stack
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
1E257000
|
heap
|
page read and write
|
||
|
247D000
|
direct allocation
|
page read and write
|
||
|
7E655000
|
direct allocation
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
2A9C000
|
direct allocation
|
page read and write
|
||
|
291C000
|
direct allocation
|
page read and write
|
||
|
4ECC000
|
heap
|
page read and write
|
||
|
2326000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
464C000
|
heap
|
page read and write
|
||
|
1E279000
|
heap
|
page read and write
|
||
|
1E279000
|
heap
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
31ED000
|
heap
|
page read and write
|
||
|
2451000
|
direct allocation
|
page read and write
|
||
|
20E0E000
|
stack
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
2220000
|
heap
|
page read and write
|
||
|
20F60000
|
trusted library allocation
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
4F26000
|
heap
|
page read and write
|
||
|
5010000
|
heap
|
page read and write
|
||
|
46F000
|
unkown
|
page write copy
|
||
|
34CF000
|
stack
|
page read and write
|
||
|
1E287000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
24B0000
|
heap
|
page read and write
|
||
|
7E770000
|
direct allocation
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
50C0000
|
trusted library allocation
|
page read and write
|
||
|
26B6000
|
direct allocation
|
page read and write
|
||
|
4790000
|
trusted library allocation
|
page read and write
|
||
|
20C16000
|
unclassified section
|
page execute and read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
4780000
|
heap
|
page read and write
|
||
|
581000
|
unkown
|
page readonly
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
4F26000
|
heap
|
page read and write
|
||
|
7F080000
|
direct allocation
|
page read and write
|
||
|
20161000
|
direct allocation
|
page execute and read and write
|
||
|
1E257000
|
heap
|
page read and write
|
||
|
20CCF000
|
stack
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
4F80000
|
heap
|
page read and write
|
||
|
4F03000
|
heap
|
page read and write
|
||
|
4EDE000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
2372000
|
direct allocation
|
page read and write
|
||
|
4EC8000
|
heap
|
page read and write
|
||
|
8A9000
|
heap
|
page read and write
|
||
|
1E210000
|
heap
|
page read and write
|
||
|
1E110000
|
heap
|
page read and write
|
||
|
205DF000
|
direct allocation
|
page read and write
|
||
|
1B870000
|
heap
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
20160000
|
direct allocation
|
page read and write
|
||
|
2A76000
|
stack
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
350A000
|
heap
|
page read and write
|
||
|
4ECB000
|
heap
|
page read and write
|
||
|
4728000
|
heap
|
page read and write
|
||
|
25E4000
|
direct allocation
|
page read and write
|
||
|
34AF000
|
stack
|
page read and write
|
||
|
1E1CF000
|
stack
|
page read and write
|
||
|
4EDB000
|
heap
|
page read and write
|
||
|
7EEAF000
|
direct allocation
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
7EDA0000
|
direct allocation
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
4EDB000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
50C0000
|
trusted library allocation
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
20E4E000
|
stack
|
page read and write
|
||
|
2058B000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
4665000
|
heap
|
page read and write
|
||
|
7ED60000
|
direct allocation
|
page read and write
|
||
|
2917000
|
direct allocation
|
page read and write
|
||
|
2092E000
|
stack
|
page read and write
|
||
|
4630000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
21190000
|
heap
|
page read and write
|
||
|
1BA000
|
unkown
|
page readonly
|
||
|
7F0F0000
|
direct allocation
|
page read and write
|
||
|
206FA000
|
direct allocation
|
page read and write
|
||
|
2E9F000
|
heap
|
page read and write
|
||
|
2E3D000
|
stack
|
page read and write
|
||
|
1BA000
|
unkown
|
page readonly
|
||
|
4ED4000
|
heap
|
page read and write
|
||
|
19E000
|
unkown
|
page write copy
|
||
|
214C7000
|
heap
|
page read and write
|
||
|
26A2000
|
direct allocation
|
page read and write
|
||
|
4F03000
|
heap
|
page read and write
|
||
|
505D000
|
heap
|
page read and write
|
||
|
20511000
|
heap
|
page read and write
|
||
|
7EFF0000
|
direct allocation
|
page read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
20D0E000
|
stack
|
page read and write
|
||
|
5057000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
7F0B0000
|
direct allocation
|
page read and write
|
||
|
4EE1000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
7ECAF000
|
direct allocation
|
page read and write
|
||
|
7F07F000
|
direct allocation
|
page read and write
|
||
|
57A000
|
unkown
|
page read and write
|
||
|
2FAD000
|
stack
|
page read and write
|
||
|
1E279000
|
heap
|
page read and write
|
||
|
2090F000
|
stack
|
page read and write
|
||
|
503A000
|
heap
|
page read and write
|
||
|
317D000
|
heap
|
page read and write
|
||
|
7F07F000
|
direct allocation
|
page read and write
|
||
|
25BF000
|
direct allocation
|
page read and write
|
||
|
1B6B0000
|
heap
|
page read and write
|
||
|
5045000
|
heap
|
page read and write
|
||
|
248C000
|
direct allocation
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
50C0000
|
trusted library allocation
|
page read and write
|
||
|
20F6F000
|
trusted library allocation
|
page read and write
|
||
|
2C78000
|
remote allocation
|
page execute and read and write
|
||
|
29CF000
|
stack
|
page read and write
|
||
|
1E279000
|
heap
|
page read and write
|
||
|
20890000
|
heap
|
page read and write
|
||
|
20BBE000
|
stack
|
page read and write
|
||
|
4EDB000
|
heap
|
page read and write
|
||
|
240E000
|
stack
|
page read and write
|
||
|
26E8000
|
direct allocation
|
page read and write
|
||
|
23AC000
|
direct allocation
|
page read and write
|
||
|
32BB000
|
heap
|
page read and write
|
||
|
32C4000
|
heap
|
page read and write
|
||
|
4EC9000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
1E248000
|
heap
|
page read and write
|
||
|
31E3000
|
heap
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
2AA1000
|
direct allocation
|
page read and write
|
||
|
4EBE000
|
stack
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
2C200000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
2543000
|
direct allocation
|
page read and write
|
||
|
344F000
|
stack
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
7F0FE000
|
direct allocation
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
1E2C4000
|
heap
|
page read and write
|
||
|
464C000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
4728000
|
heap
|
page read and write
|
||
|
2723000
|
heap
|
page read and write
|
||
|
3720000
|
heap
|
page read and write
|
||
|
2B99000
|
direct allocation
|
page execute and read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
2B25000
|
remote allocation
|
page execute and read and write
|
||
|
95A000
|
heap
|
page read and write
|
||
|
7ECD0000
|
direct allocation
|
page read and write
|
||
|
36FF000
|
stack
|
page read and write
|
||
|
1BA000
|
unkown
|
page readonly
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
2F6C000
|
stack
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
1BA000
|
unkown
|
page readonly
|
||
|
9B000
|
stack
|
page read and write
|
||
|
7F070000
|
direct allocation
|
page read and write
|
||
|
20F4F000
|
stack
|
page read and write
|
||
|
207AB000
|
stack
|
page read and write
|
||
|
4651000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
19E000
|
unkown
|
page read and write
|
||
|
2A71000
|
direct allocation
|
page execute read
|
||
|
24C0000
|
heap
|
page read and write
|
||
|
505D000
|
heap
|
page read and write
|
||
|
247E000
|
stack
|
page read and write
|
||
|
4668000
|
heap
|
page read and write
|
||
|
4EC1000
|
heap
|
page read and write
|
||
|
7EDA0000
|
direct allocation
|
page read and write
|
||
|
4F03000
|
heap
|
page read and write
|
||
|
578000
|
unkown
|
page read and write
|
||
|
25D6000
|
direct allocation
|
page read and write
|
||
|
20F50000
|
heap
|
page read and write
|
||
|
207AF000
|
stack
|
page read and write
|
||
|
4EFE000
|
heap
|
page read and write
|
||
|
45E000
|
system
|
page execute and read and write
|
||
|
7FA10000
|
direct allocation
|
page read and write
|
||
|
505D000
|
heap
|
page read and write
|
||
|
7F0B0000
|
direct allocation
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
4EE1000
|
heap
|
page read and write
|
||
|
170000
|
unkown
|
page readonly
|
||
|
1E28E000
|
heap
|
page read and write
|
||
|
7E7E8000
|
direct allocation
|
page read and write
|
||
|
7E4E0000
|
direct allocation
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
1E28E000
|
heap
|
page read and write
|
||
|
2BF80000
|
heap
|
page read and write
|
||
|
20D0E000
|
stack
|
page read and write
|
||
|
4EDE000
|
heap
|
page read and write
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
23BA000
|
direct allocation
|
page read and write
|
||
|
1E47D000
|
stack
|
page read and write
|
||
|
505B000
|
heap
|
page read and write
|
||
|
20A6E000
|
stack
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
4C51000
|
heap
|
page read and write
|
||
|
7F0F0000
|
direct allocation
|
page read and write
|
||
|
2500000
|
direct allocation
|
page read and write
|
||
|
505B000
|
heap
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
2058A000
|
heap
|
page read and write
|
||
|
1E4BF000
|
stack
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
933000
|
heap
|
page read and write
|
||
|
4640000
|
heap
|
page read and write
|
||
|
4EC9000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
20A4F000
|
stack
|
page read and write
|
||
|
7EFF0000
|
direct allocation
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
299C000
|
stack
|
page read and write
|
||
|
1E28E000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
46E000
|
unkown
|
page execute read
|
||
|
7F083000
|
direct allocation
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
20E4E000
|
stack
|
page read and write
|
||
|
474000
|
system
|
page execute and read and write
|
||
|
46C2000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
1E279000
|
heap
|
page read and write
|
||
|
4EE1000
|
heap
|
page read and write
|
||
|
300D000
|
heap
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
880000
|
direct allocation
|
page execute and read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
25EB000
|
stack
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
2C98000
|
heap
|
page read and write
|
||
|
4991000
|
heap
|
page read and write
|
||
|
2058B000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
4EFF000
|
heap
|
page read and write
|
||
|
1E24B000
|
heap
|
page read and write
|
||
|
4EE1000
|
heap
|
page read and write
|
||
|
7E350000
|
direct allocation
|
page read and write
|
||
|
6DE000
|
stack
|
page read and write
|
||
|
1E286000
|
heap
|
page read and write
|
||
|
2EA3000
|
heap
|
page read and write
|
||
|
4EDB000
|
heap
|
page read and write
|
||
|
20A8E000
|
stack
|
page read and write
|
||
|
505B000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
8F5000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
2119D000
|
heap
|
page read and write
|
||
|
467A000
|
heap
|
page read and write
|
||
|
1E24F000
|
heap
|
page read and write
|
||
|
2280000
|
heap
|
page read and write
|
||
|
2094E000
|
stack
|
page read and write
|
||
|
7F9C0000
|
direct allocation
|
page read and write
|
||
|
1E257000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
206CF000
|
direct allocation
|
page read and write
|
||
|
4EFF000
|
heap
|
page read and write
|
||
|
46F000
|
unkown
|
page read and write
|
||
|
300D000
|
heap
|
page read and write
|
||
|
317E000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
32F1000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
2895000
|
remote allocation
|
page execute and read and write
|
||
|
5056000
|
heap
|
page read and write
|
||
|
2671000
|
direct allocation
|
page read and write
|
||
|
2A7B000
|
stack
|
page read and write
|
||
|
2230000
|
direct allocation
|
page execute and read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
2AD5000
|
heap
|
page read and write
|
||
|
25FA000
|
direct allocation
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
7F07F000
|
direct allocation
|
page read and write
|
||
|
1E279000
|
heap
|
page read and write
|
||
|
318E000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
4F03000
|
heap
|
page read and write
|
||
|
206C2000
|
direct allocation
|
page read and write
|
||
|
2084B000
|
stack
|
page read and write
|
||
|
244E000
|
stack
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
300D000
|
heap
|
page read and write
|
||
|
2460000
|
direct allocation
|
page read and write
|
||
|
4EE2000
|
heap
|
page read and write
|
||
|
4800000
|
heap
|
page read and write
|