Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, InnoSetup self-extracting archive
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Split Files\SplitFiles131.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
modified
|
|
|
|
C:\Program Files (x86)\Split Files\is-HBEMJ.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Split Files\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-DTM8E.tmp\is-6A80U.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-NO1B1.tmp\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-NO1B1.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\2v3Q9V1aRpd.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Split Files\is-AGVDF.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-D5FV2.tmp\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-D5FV2.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-LMEP0.tmp\is-DTRND.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\KN38AzDG.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Split Files\ReadMe - EN.txt (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\ReadMe - RU.txt (copy)
|
ISO-8859 text, with very long lines (1053), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\is-61K5M.tmp
|
ISO-8859 text, with very long lines (1053), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\is-7HLEL.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\is-E35J6.tmp
|
MS Windows 95 Internet shortcut text (URL=<http://www.altarsoft.com/split_files.shtml>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\is-S95ML.tmp
|
data
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Arabic.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Chinese.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Dutch.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\English.ini (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\French.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Italian.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Russian.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Spanish.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\Turkish.ini (copy)
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-2PF6K.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-3OLEK.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-7QVA3.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-7R5M5.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-AFEG0.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-B5MB3.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-CSEUG.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-FNEKR.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-OOV97.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\unins000.dat
|
InnoSetup Log Split Files {215D64A9-0240-4952-9F4D-4D0A65391F2C}, version 0x2a, 4440 bytes, 675052\user, "C:\Program Files
(x86)\Split Files"
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\webpage.url (copy)
|
MS Windows 95 Internet shortcut text (URL=<http://www.altarsoft.com/split_files.shtml>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fuckingdllENCR[1].dll
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ping[1].htm
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\library[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\count[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\library[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-NO1B1.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\is-3OAED.tmp
|
ISO-8859 text, with very long lines (1053), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\is-6QN6Q.tmp
|
data
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\is-JSP8F.tmp
|
MS Windows 95 Internet shortcut text (URL=<http://www.altarsoft.com/split_files.shtml>), ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\is-UJJ0L.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-79U67.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-7L4JB.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-7O3KV.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-8E2LT.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-APJVT.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-B20UO.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-FBKGV.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-JMARM.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Split Files\language\is-R2P47.tmp
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\fuckingdllENCR[1].dll
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\count[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\library[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\library[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\ping[1].htm
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-D5FV2.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 54 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Split Files\SplitFiles131.exe
|
"C:\Program Files (x86)\Split Files\SplitFiles131.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\2v3Q9V1aRpd.exe
|
|
|
|
|
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\KN38AzDG.exe
|
|
|
|
|
C:\Users\user\Desktop\file.exe
|
C:\Users\user\Desktop\file.exe
|
||
|
C:\Users\user\AppData\Local\Temp\is-DTM8E.tmp\is-6A80U.tmp
|
"C:\Users\user\AppData\Local\Temp\is-DTM8E.tmp\is-6A80U.tmp" /SL4 $203A8 "C:\Users\user\Desktop\file.exe" 1818498 170496
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c taskkill /im "SplitFiles131.exe" /f & erase "C:\Program Files (x86)\Split Files\SplitFiles131.exe"
& exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
taskkill /im "SplitFiles131.exe" /f
|
||
|
C:\Users\user\AppData\Local\Temp\is-LMEP0.tmp\is-DTRND.tmp
|
"C:\Users\user\AppData\Local\Temp\is-LMEP0.tmp\is-DTRND.tmp" /SL4 $902D6 "C:\Users\user\Desktop\file.exe" 1818498 170496
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://45.139.105.171/itsnotmalware/count.php?sub=NOSUB&stream=mixtwo&substream=mixinte
|
45.139.105.171
|
|
|
|
http://107.182.129.235/storage/extension.php2
|
unknown
|
|
|
|
http://171.22.30.106/u
|
unknown
|
|
|
|
http://107.182.129.235/storage/extension.php
|
107.182.129.235
|
|
|
|
http://171.22.30.106/library.phpT
|
unknown
|
|
|
|
http://171.22.30.106/
|
unknown
|
|
|
|
http://171.22.30.106/n
|
unknown
|
|
|
|
http://107.182.129.235/storage/ping.php
|
107.182.129.235
|
|
|
|
http://171.22.30.106/library.php4
|
unknown
|
|
|
|
http://171.22.30.106/library.php
|
171.22.30.106
|
|
|
|
http://171.22.30.106/library.phpch
|
unknown
|
|
|
|
http://171.22.30.106/library.phpYQ
|
unknown
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://107.182.129.235/storage/extension.phpu
|
unknown
|
||
|
http://107.182.129.235/storage/extension.phpr
|
unknown
|
||
|
http://www.remobjects.com/?ps
|
unknown
|
||
|
http://107.182.129.235/storage/extension.phpC&
|
unknown
|
||
|
http://107.182.129.235ibrary.php
|
unknown
|
||
|
http://www.innosetup.comDVarFileInfo$
|
unknown
|
||
|
http://107.182.129.235/storage/ping.phpS
|
unknown
|
||
|
http://107.182.129.235/storage/extension.phpO
|
unknown
|
||
|
http://www.altarsoft.com/split_files.shtml
|
unknown
|
||
|
http://107.182.129.235/
|
unknown
|
||
|
http://45.139.105.171/
|
unknown
|
||
|
http://rus.altarsoft.com/split_files.shtml
|
unknown
|
||
|
http://www.innosetup.com
|
unknown
|
||
|
http://107.182.129.235/storage/extension.phpz
|
unknown
|
||
|
http://www.remobjects.com/?psU
|
unknown
|
There are 18 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.139.105.171
|
unknown
|
Italy
|
|
|
|
45.139.105.1
|
unknown
|
Italy
|
|
|
|
85.31.46.167
|
unknown
|
Germany
|
|
|
|
107.182.129.235
|
unknown
|
Reserved
|
|
|
|
171.22.30.106
|
unknown
|
Germany
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Avepoint Software\SplitFiles131
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{215D64A9-0240-4952-9F4D-4D0A65391F2C}}_is1
|
NoRepair
|
There are 3 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3370000
|
direct allocation
|
page read and write
|
|
|
|
3130000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
42CD000
|
trusted library allocation
|
page read and write
|
||
|
3EC0000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1B5EE27B000
|
heap
|
page read and write
|
||
|
4F76000
|
direct allocation
|
page read and write
|
||
|
43BA000
|
trusted library allocation
|
page read and write
|
||
|
61E000
|
stack
|
page read and write
|
||
|
2A124059000
|
heap
|
page read and write
|
||
|
131C000
|
unkown
|
page readonly
|
||
|
33D0000
|
direct allocation
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2A124013000
|
heap
|
page read and write
|
||
|
2A124029000
|
heap
|
page read and write
|
||
|
1839000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
42DD000
|
trusted library allocation
|
page read and write
|
||
|
334F000
|
stack
|
page read and write
|
||
|
1F8AF200000
|
heap
|
page read and write
|
||
|
588000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1A22A058000
|
heap
|
page read and write
|
||
|
23A9000
|
direct allocation
|
page read and write
|
||
|
1C9CFA44000
|
heap
|
page read and write
|
||
|
7CE000
|
stack
|
page read and write
|
||
|
4329000
|
trusted library allocation
|
page read and write
|
||
|
1F8AF227000
|
heap
|
page read and write
|
||
|
48C000
|
unkown
|
page write copy
|
||
|
184C000
|
heap
|
page read and write
|
||
|
1828000
|
heap
|
page read and write
|
||
|
8FB000
|
stack
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
E09AD4C000
|
stack
|
page read and write
|
||
|
184C000
|
heap
|
page read and write
|
||
|
1B5EE160000
|
heap
|
page read and write
|
||
|
1A22A000000
|
heap
|
page read and write
|
||
|
42FB000
|
trusted library allocation
|
page read and write
|
||
|
17D6A658000
|
heap
|
page read and write
|
||
|
42FB000
|
trusted library allocation
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
350E000
|
stack
|
page read and write
|
||
|
416C000
|
stack
|
page read and write
|
||
|
1A22A04C000
|
heap
|
page read and write
|
||
|
5AD000
|
stack
|
page read and write
|
||
|
39EE000
|
stack
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
4329000
|
trusted library allocation
|
page read and write
|
||
|
CCEFD7B000
|
stack
|
page read and write
|
||
|
2C61DFD000
|
stack
|
page read and write
|
||
|
620000
|
trusted library allocation
|
page read and write
|
||
|
410000
|
unkown
|
page readonly
|
||
|
2190000
|
trusted library allocation
|
page read and write
|
||
|
81A000
|
heap
|
page read and write
|
||
|
2C61B7F000
|
stack
|
page read and write
|
||
|
4F80000
|
direct allocation
|
page read and write
|
||
|
77F000
|
stack
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
867F4FE000
|
stack
|
page read and write
|
||
|
4F3E000
|
direct allocation
|
page read and write
|
||
|
4329000
|
trusted library allocation
|
page read and write
|
||
|
828000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
2A124065000
|
heap
|
page read and write
|
||
|
1A229F70000
|
trusted library allocation
|
page read and write
|
||
|
1C9CFA6D000
|
heap
|
page read and write
|
||
|
2BCC0802000
|
trusted library allocation
|
page read and write
|
||
|
42FB000
|
trusted library allocation
|
page read and write
|
||
|
1AD174B000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1B5EE228000
|
heap
|
page read and write
|
||
|
21C0000
|
heap
|
page read and write
|
||
|
43BA000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
43BA000
|
trusted library allocation
|
page read and write
|
||
|
417000
|
unkown
|
page readonly
|
||
|
16C6CD00000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
43BA000
|
trusted library allocation
|
page read and write
|
||
|
1A22A065000
|
heap
|
page read and write
|
||
|
16C6CC58000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
2BCBFE70000
|
heap
|
page read and write
|
||
|
210F000
|
stack
|
page read and write
|
||
|
1A22A802000
|
trusted library allocation
|
page read and write
|
||
|
2A124075000
|
heap
|
page read and write
|
||
|
CCF0279000
|
stack
|
page read and write
|
||
|
16C6CD13000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
4F5F000
|
direct allocation
|
page read and write
|
||
|
42FB000
|
trusted library allocation
|
page read and write
|
||
|
475C000
|
stack
|
page read and write
|
||
|
1F8AF220000
|
heap
|
page read and write
|
||
|
1C9CF9A0000
|
trusted library allocation
|
page read and write
|
||
|
1F8B00F0000
|
heap
|
page readonly
|
||
|
31EF000
|
stack
|
page read and write
|
||
|
2110000
|
direct allocation
|
page read and write
|
||
|
17D6AE02000
|
trusted library allocation
|
page read and write
|
||
|
1F8AF5A5000
|
heap
|
page read and write
|
||
|
2A124102000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
16C6CC24000
|
heap
|
page read and write
|
||
|
4329000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
867F37F000
|
stack
|
page read and write
|
||
|
4BC000
|
unkown
|
page readonly
|
||
|
17D6A600000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
42B0000
|
trusted library allocation
|
page read and write
|
||
|
4329000
|
trusted library allocation
|
page read and write
|
||
|
867F6FA000
|
stack
|
page read and write
|
||
|
D5A67FB000
|
stack
|
page read and write
|
||
|
1A15000
|
heap
|
page read and write
|
||
|
2A124068000
|
heap
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
6AB6C7E000
|
stack
|
page read and write
|
||
|
1B5EE202000
|
heap
|
page read and write
|
||
|
43BA000
|
trusted library allocation
|
page read and write
|
||
|
184A000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
184C000
|
heap
|
page read and write
|
||
|
16C6CC89000
|
heap
|
page read and write
|
||
|
22FF000
|
stack
|
page read and write
|
||
|
82C000
|
heap
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
4AE000
|
unkown
|
page read and write
|
||
|
82F000
|
heap
|
page read and write
|
||
|
17D6A550000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
16C6CC58000
|
heap
|
page read and write
|
||
|
550000
|
trusted library allocation
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
3C2F000
|
stack
|
page read and write
|
||
|
1730000
|
direct allocation
|
page read and write
|
||
|
2A124060000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
2C6217F000
|
stack
|
page read and write
|
||
|
1828000
|
heap
|
page read and write
|
||
|
2070000
|
direct allocation
|
page read and write
|
||
|
867F5FF000
|
stack
|
page read and write
|
||
|
16C6C9F0000
|
heap
|
page read and write
|
||
|
D5A6EFE000
|
stack
|
page read and write
|
||
|
208C000
|
direct allocation
|
page read and write
|
||
|
2A124802000
|
trusted library allocation
|
page read and write
|
||
|
17D6A63D000
|
heap
|
page read and write
|
||
|
1F8AF5A9000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
184A000
|
heap
|
page read and write
|
||
|
1F8AF263000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1C9CFB13000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
2A12407D000
|
heap
|
page read and write
|
||
|
17D6A629000
|
heap
|
page read and write
|
||
|
21E8000
|
direct allocation
|
page read and write
|
||
|
2BCC0062000
|
heap
|
page read and write
|
||
|
2A124074000
|
heap
|
page read and write
|
||
|
1459000
|
unkown
|
page execute and write copy
|
||
|
1F8B0100000
|
trusted library allocation
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
42DD000
|
trusted library allocation
|
page read and write
|
||
|
4D96000
|
direct allocation
|
page read and write
|
||
|
16C6E602000
|
trusted library allocation
|
page read and write
|
||
|
1C9CFAB8000
|
heap
|
page read and write
|
||
|
1823000
|
heap
|
page read and write
|
||
|
184A000
|
heap
|
page read and write
|
||
|
184B000
|
heap
|
page read and write
|
||
|
2BCC003D000
|
heap
|
page read and write
|
||
|
1B5EEA02000
|
trusted library allocation
|
page read and write
|
||
|
1F8B00E0000
|
trusted library allocation
|
page read and write
|
||
|
1311000
|
unkown
|
page execute read
|
||
|
2A12403A000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
7DA000
|
heap
|
page read and write
|
||
|
21F4000
|
heap
|
page read and write
|
||
|
1640000
|
trusted library allocation
|
page read and write
|
||
|
3AEF000
|
stack
|
page read and write
|
||
|
16E0000
|
trusted library allocation
|
page read and write
|
||
|
2300000
|
direct allocation
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
312F000
|
stack
|
page read and write
|
||
|
42DD000
|
trusted library allocation
|
page read and write
|
||
|
4329000
|
trusted library allocation
|
page read and write
|
||
|
1F8AF3F0000
|
heap
|
page read and write
|
||
|
2A12405C000
|
heap
|
page read and write
|
||
|
42AD000
|
trusted library allocation
|
page read and write
|
||
|
16DE000
|
stack
|
page read and write
|
||
|
16C6CC71000
|
heap
|
page read and write
|
||
|
CCF007E000
|
stack
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
2A124000000
|
heap
|
page read and write
|
||
|
1720000
|
heap
|
page read and write
|
||
|
16C6CC62000
|
heap
|
page read and write
|
||
|
2A12405A000
|
heap
|
page read and write
|
||
|
184A000
|
heap
|
page read and write
|
||
|
341D000
|
stack
|
page read and write
|
||
|
1A22A029000
|
heap
|
page read and write
|
||
|
1839000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
2A124067000
|
heap
|
page read and write
|
||
|
5C0000
|
trusted library allocation
|
page read and write
|
||
|
2A12407E000
|
heap
|
page read and write
|
||
|
1839000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
867F47B000
|
stack
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1F8AF530000
|
trusted library allocation
|
page read and write
|
||
|
1C9D0300000
|
heap
|
page read and write
|
||
|
184A000
|
heap
|
page read and write
|
||
|
1324000
|
unkown
|
page readonly
|
||
|
150A000
|
unkown
|
page execute and write copy
|
||
|
184C000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
17D6A4E0000
|
heap
|
page read and write
|
||
|
2BCC0000000
|
heap
|
page read and write
|
||
|
82F000
|
heap
|
page read and write
|
||
|
465E000
|
stack
|
page read and write
|
||
|
1AD1FFD000
|
stack
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
82C000
|
heap
|
page read and write
|
||
|
42DD000
|
trusted library allocation
|
page read and write
|
||
|
38A0000
|
heap
|
page read and write
|
||
|
3C6E000
|
stack
|
page read and write
|
||
|
452000
|
unkown
|
page execute and read and write
|
||
|
1322000
|
unkown
|
page read and write
|
||
|
1F8AF5A0000
|
heap
|
page read and write
|
||
|
1AD1C7E000
|
stack
|
page read and write
|
||
|
16C6CB70000
|
trusted library allocation
|
page read and write
|
||
|
2A124045000
|
heap
|
page read and write
|
||
|
470000
|
unkown
|
page readonly
|
||
|
1564000
|
heap
|
page read and write
|
||
|
1C9D0202000
|
heap
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
D5A6CFF000
|
stack
|
page read and write
|
||
|
2BCC006A000
|
heap
|
page read and write
|
||
|
2A124061000
|
heap
|
page read and write
|
||
|
4329000
|
trusted library allocation
|
page read and write
|
||
|
2C6154B000
|
stack
|
page read and write
|
||
|
2A12406A000
|
heap
|
page read and write
|
||
|
6AB6B7F000
|
stack
|
page read and write
|
||
|
1AD1BFE000
|
stack
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
4CD88FE000
|
stack
|
page read and write
|
||
|
A0A000
|
heap
|
page read and write
|
||
|
43BA000
|
trusted library allocation
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
351F000
|
stack
|
page read and write
|
||
|
1839000
|
heap
|
page read and write
|
||
|
2A124064000
|
heap
|
page read and write
|
||
|
E09B1FE000
|
stack
|
page read and write
|
||
|
2074000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1F8AF291000
|
heap
|
page read and write
|
||
|
D5A66FB000
|
stack
|
page read and write
|
||
|
42FB000
|
trusted library allocation
|
page read and write
|
||
|
184A000
|
heap
|
page read and write
|
||
|
2300000
|
direct allocation
|
page read and write
|
||
|
E09B2FE000
|
stack
|
page read and write
|
||
|
1C9CFAC9000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
326F000
|
stack
|
page read and write
|
||
|
1839000
|
heap
|
page read and write
|
||
|
D5A6DFE000
|
stack
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
145B000
|
unkown
|
page execute and write copy
|
||
|
675000
|
heap
|
page read and write
|
||
|
1B5EE190000
|
trusted library allocation
|
page read and write
|
||
|
1AD1EFF000
|
stack
|
page read and write
|
||
|
1828000
|
heap
|
page read and write
|
||
|
131C000
|
unkown
|
page readonly
|
||
|
1564000
|
heap
|
page read and write
|
||
|
1F8AF26F000
|
heap
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
1B5EE269000
|
heap
|
page read and write
|
||
|
1A22A03C000
|
heap
|
page read and write
|
||
|
16C6E5A0000
|
trusted library allocation
|
page read and write
|
||
|
1AD1E7D000
|
stack
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
4BC000
|
unkown
|
page readonly
|
||
|
5F0000
|
trusted library allocation
|
page read and write
|
||
|
4329000
|
trusted library allocation
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
2A124058000
|
heap
|
page read and write
|
||
|
209C000
|
direct allocation
|
page read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
2C61F7C000
|
stack
|
page read and write
|
||
|
2A124062000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
43BB000
|
trusted library allocation
|
page read and write
|
||
|
D5A6AFD000
|
stack
|
page read and write
|
||
|
42CF000
|
trusted library allocation
|
page read and write
|
||
|
16C6CC00000
|
heap
|
page read and write
|
||
|
17D6A5B0000
|
remote allocation
|
page read and write
|
||
|
CCEFDFE000
|
stack
|
page read and write
|
||
|
2A123FE0000
|
heap
|
page read and write
|
||
|
39A0000
|
trusted library allocation
|
page read and write
|
||
|
CCF01FE000
|
stack
|
page read and write
|
||
|
1B5EE302000
|
heap
|
page read and write
|
||
|
16C6CBE0000
|
remote allocation
|
page read and write
|
||
|
2A12403D000
|
heap
|
page read and write
|
||
|
D5A62DB000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
16C6CC48000
|
heap
|
page read and write
|
||
|
3D6F000
|
stack
|
page read and write
|
||
|
2095000
|
direct allocation
|
page read and write
|
||
|
1B5EE0F0000
|
heap
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
1C9CFA24000
|
heap
|
page read and write
|
||
|
1828000
|
heap
|
page read and write
|
||
|
1A22A102000
|
heap
|
page read and write
|
||
|
1F8AF26F000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page readonly
|
||
|
422A000
|
trusted library allocation
|
page read and write
|
||
|
42DD000
|
trusted library allocation
|
page read and write
|
||
|
1C9CFA00000
|
heap
|
page read and write
|
||
|
78A000
|
heap
|
page read and write
|
||
|
2A124047000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1A22A043000
|
heap
|
page read and write
|
||
|
1839000
|
heap
|
page read and write
|
||
|
1A229DF0000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
208C000
|
direct allocation
|
page read and write
|
||
|
16C6C9E0000
|
heap
|
page read and write
|
||
|
1B5EE264000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1710000
|
direct allocation
|
page read and write
|
||
|
6AB717C000
|
stack
|
page read and write
|
||
|
6AB69FD000
|
stack
|
page read and write
|
||
|
16C6CC48000
|
heap
|
page read and write
|
||
|
34CE000
|
stack
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
1F8B0110000
|
trusted library allocation
|
page read and write
|
||
|
3F1E000
|
stack
|
page read and write
|
||
|
1F8AF26F000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
184A000
|
heap
|
page read and write
|
||
|
410000
|
unkown
|
page readonly
|
||
|
1564000
|
heap
|
page read and write
|
||
|
786000
|
heap
|
page read and write
|
||
|
4CD81EB000
|
stack
|
page read and write
|
||
|
39A0000
|
trusted library allocation
|
page read and write
|
||
|
3B2E000
|
stack
|
page read and write
|
||
|
43BA000
|
trusted library allocation
|
page read and write
|
||
|
1802000
|
heap
|
page read and write
|
||
|
1A22A013000
|
heap
|
page read and write
|
||
|
1C9CFB02000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1F8AF190000
|
heap
|
page read and write
|
||
|
2C6207E000
|
stack
|
page read and write
|
||
|
10019000
|
direct allocation
|
page readonly
|
||
|
1C9CFA13000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
2700000
|
trusted library allocation
|
page read and write
|
||
|
6AB6F7C000
|
stack
|
page read and write
|
||
|
2A124084000
|
heap
|
page read and write
|
||
|
1C9CFAC1000
|
heap
|
page read and write
|
||
|
3DAE000
|
stack
|
page read and write
|
||
|
42DD000
|
trusted library allocation
|
page read and write
|
||
|
17D6A613000
|
heap
|
page read and write
|
||
|
6AB6D7F000
|
stack
|
page read and write
|
||
|
2084000
|
direct allocation
|
page read and write
|
||
|
4D00000
|
direct allocation
|
page read and write
|
||
|
175A000
|
heap
|
page read and write
|
||
|
16C6CC13000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
4AF000
|
unkown
|
page write copy
|
||
|
1A10000
|
heap
|
page read and write
|
||
|
500E000
|
direct allocation
|
page read and write
|
||
|
2A12404E000
|
heap
|
page read and write
|
||
|
5016000
|
direct allocation
|
page read and write
|
||
|
2BCC0113000
|
heap
|
page read and write
|
||
|
2A12406D000
|
heap
|
page read and write
|
||
|
1512000
|
unkown
|
page execute and write copy
|
||
|
16C6CC02000
|
heap
|
page read and write
|
||
|
1C9CF900000
|
heap
|
page read and write
|
||
|
1F8B0160000
|
trusted library allocation
|
page read and write
|
||
|
16C6CC2A000
|
heap
|
page read and write
|
||
|
E09B3FF000
|
stack
|
page read and write
|
||
|
1828000
|
heap
|
page read and write
|
||
|
867EDEB000
|
stack
|
page read and write
|
||
|
2C61C7E000
|
stack
|
page read and write
|
||
|
1B5EE225000
|
heap
|
page read and write
|
||
|
2C61CFC000
|
stack
|
page read and write
|
||
|
42FB000
|
trusted library allocation
|
page read and write
|
||
|
2BCC0102000
|
heap
|
page read and write
|
||
|
E09ADCE000
|
stack
|
page read and write
|
||
|
208C000
|
direct allocation
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
430000
|
trusted library allocation
|
page read and write
|
||
|
1839000
|
heap
|
page read and write
|
||
|
660000
|
direct allocation
|
page execute and read and write
|
||
|
1310000
|
unkown
|
page readonly
|
||
|
1564000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1B5EE256000
|
heap
|
page read and write
|
||
|
1F8AF1A0000
|
trusted library allocation
|
page read and write
|
||
|
2A124041000
|
heap
|
page read and write
|
||
|
6AB707F000
|
stack
|
page read and write
|
||
|
1F8AF5B0000
|
trusted library allocation
|
page read and write
|
||
|
2BCBFE10000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
D5A6BFF000
|
stack
|
page read and write
|
||
|
169E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
2BCC0059000
|
heap
|
page read and write
|
||
|
2A124740000
|
trusted library allocation
|
page read and write
|
||
|
42FB000
|
trusted library allocation
|
page read and write
|
||
|
10017000
|
direct allocation
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
E09B4FF000
|
stack
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
406E000
|
stack
|
page read and write
|
||
|
CCF02FF000
|
stack
|
page read and write
|
||
|
2128000
|
direct allocation
|
page read and write
|
||
|
401A000
|
stack
|
page read and write
|
||
|
184C000
|
heap
|
page read and write
|
||
|
1A229F50000
|
trusted library allocation
|
page read and write
|
||
|
1AD1D7E000
|
stack
|
page read and write
|
||
|
4F5D000
|
direct allocation
|
page read and write
|
||
|
42DD000
|
trusted library allocation
|
page read and write
|
||
|
2A123F80000
|
heap
|
page read and write
|
||
|
43BA000
|
trusted library allocation
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
1700000
|
direct allocation
|
page read and write
|
||
|
1A22A002000
|
heap
|
page read and write
|
||
|
1B5EE100000
|
heap
|
page read and write
|
||
|
42DD000
|
trusted library allocation
|
page read and write
|
||
|
184C000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
21BE000
|
direct allocation
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
1B5EE23E000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
16C6CC3D000
|
heap
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
1C9CF910000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
CCF0179000
|
stack
|
page read and write
|
||
|
16C6CBE0000
|
remote allocation
|
page read and write
|
||
|
1828000
|
heap
|
page read and write
|
||
|
4CD86FB000
|
stack
|
page read and write
|
||
|
808000
|
heap
|
page read and write
|
||
|
16C6CA50000
|
heap
|
page read and write
|
||
|
184C000
|
heap
|
page read and write
|
||
|
2A12405F000
|
heap
|
page read and write
|
||
|
2A123F70000
|
heap
|
page read and write
|
||
|
48C000
|
unkown
|
page read and write
|
||
|
40C000
|
unkown
|
page write copy
|
||
|
E09B07E000
|
stack
|
page read and write
|
||
|
4F6A000
|
direct allocation
|
page read and write
|
||
|
1839000
|
heap
|
page read and write
|
||
|
184A000
|
heap
|
page read and write
|
||
|
2BCC0029000
|
heap
|
page read and write
|
||
|
184C000
|
heap
|
page read and write
|
||
|
1B5EE313000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
4329000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
16C6CB50000
|
trusted library allocation
|
page read and write
|
||
|
1275000
|
unkown
|
page readonly
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
143A000
|
unkown
|
page execute and write copy
|
||
|
2121000
|
direct allocation
|
page read and write
|
||
|
1AD217D000
|
stack
|
page read and write
|
||
|
2A124040000
|
heap
|
page read and write
|
||
|
2A12406F000
|
heap
|
page read and write
|
||
|
39A0000
|
trusted library allocation
|
page read and write
|
||
|
2A12407B000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1A22A113000
|
heap
|
page read and write
|
||
|
43BB000
|
trusted library allocation
|
page read and write
|
||
|
17D6A4F0000
|
heap
|
page read and write
|
||
|
17D6A5B0000
|
remote allocation
|
page read and write
|
||
|
2A124063000
|
heap
|
page read and write
|
||
|
16C6CD02000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
1828000
|
heap
|
page read and write
|
||
|
16C6CC57000
|
heap
|
page read and write
|
||
|
184C000
|
heap
|
page read and write
|
||
|
1001A000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2A124046000
|
heap
|
page read and write
|
||
|
4329000
|
trusted library allocation
|
page read and write
|
||
|
2A124057000
|
heap
|
page read and write
|
||
|
2A124031000
|
heap
|
page read and write
|
||
|
2780000
|
trusted library allocation
|
page read and write
|
||
|
1839000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1F8AFEA0000
|
trusted library allocation
|
page read and write
|
||
|
1310000
|
unkown
|
page readonly
|
||
|
2BCC0081000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1F8AF28D000
|
heap
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
3281000
|
trusted library allocation
|
page read and write
|
||
|
1750000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
18F000
|
stack
|
page read and write
|
||
|
4CD89FE000
|
stack
|
page read and write
|
||
|
16C6CBA0000
|
trusted library allocation
|
page read and write
|
||
|
6AB659B000
|
stack
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1A22A100000
|
heap
|
page read and write
|
||
|
D5A6FFE000
|
stack
|
page read and write
|
||
|
1826000
|
heap
|
page read and write
|
||
|
4F6E000
|
direct allocation
|
page read and write
|
||
|
38B0000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
1B5EE300000
|
heap
|
page read and write
|
||
|
3EAF000
|
stack
|
page read and write
|
||
|
1B5EE200000
|
heap
|
page read and write
|
||
|
4329000
|
trusted library allocation
|
page read and write
|
||
|
1F8AF540000
|
trusted library allocation
|
page read and write
|
||
|
2A124034000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2C61E7B000
|
stack
|
page read and write
|
||
|
10010000
|
direct allocation
|
page readonly
|
||
|
2C6197C000
|
stack
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
2BCBFE00000
|
heap
|
page read and write
|
||
|
17D6A580000
|
trusted library allocation
|
page read and write
|
||
|
1C9CF970000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1322000
|
unkown
|
page write copy
|
||
|
42FB000
|
trusted library allocation
|
page read and write
|
||
|
6AB6E7E000
|
stack
|
page read and write
|
||
|
208C000
|
direct allocation
|
page read and write
|
||
|
2BCC0060000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
17D6A602000
|
heap
|
page read and write
|
||
|
1311000
|
unkown
|
page execute read
|
||
|
1564000
|
heap
|
page read and write
|
||
|
48FF000
|
stack
|
page read and write
|
||
|
196000
|
stack
|
page read and write
|
||
|
4CD87FB000
|
stack
|
page read and write
|
||
|
42DD000
|
trusted library allocation
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
17D6A702000
|
heap
|
page read and write
|
||
|
184A000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
2A12406B000
|
heap
|
page read and write
|
||
|
2A12404A000
|
heap
|
page read and write
|
||
|
2A124044000
|
heap
|
page read and write
|
||
|
4C4000
|
unkown
|
page readonly
|
||
|
1A229DE0000
|
heap
|
page read and write
|
||
|
867F1FB000
|
stack
|
page read and write
|
||
|
42FB000
|
trusted library allocation
|
page read and write
|
||
|
42FB000
|
trusted library allocation
|
page read and write
|
||
|
19E0000
|
direct allocation
|
page read and write
|
||
|
42FB000
|
trusted library allocation
|
page read and write
|
||
|
4C4000
|
unkown
|
page readonly
|
||
|
1B5EE213000
|
heap
|
page read and write
|
||
|
2A124042000
|
heap
|
page read and write
|
||
|
416E000
|
stack
|
page read and write
|
||
|
16C6CC47000
|
heap
|
page read and write
|
||
|
2BCC0013000
|
heap
|
page read and write
|
||
|
42DD000
|
trusted library allocation
|
page read and write
|
||
|
2BCC0064000
|
heap
|
page read and write
|
||
|
1F8AF262000
|
heap
|
page read and write
|
||
|
D5A68FF000
|
stack
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
16C6CBE0000
|
remote allocation
|
page read and write
|
||
|
1839000
|
heap
|
page read and write
|
||
|
2BCBFF70000
|
trusted library allocation
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1828000
|
heap
|
page read and write
|
||
|
21CD000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1F8AF292000
|
heap
|
page read and write
|
||
|
1F8AFE90000
|
trusted library allocation
|
page read and write
|
||
|
CCF00F9000
|
stack
|
page read and write
|
||
|
43BA000
|
trusted library allocation
|
page read and write
|
||
|
17D6A5B0000
|
remote allocation
|
page read and write
|
||
|
129C000
|
unkown
|
page execute and write copy
|
||
|
6FE000
|
stack
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
49FF000
|
stack
|
page read and write
|
||
|
1324000
|
unkown
|
page readonly
|
||
|
2121000
|
direct allocation
|
page read and write
|
||
|
1A229E50000
|
heap
|
page read and write
|
||
|
16C6CD18000
|
heap
|
page read and write
|
||
|
4D78000
|
direct allocation
|
page read and write
|
||
|
1F8AF28D000
|
heap
|
page read and write
|
||
|
867F87E000
|
stack
|
page read and write
|
There are 598 hidden memdumps, click here to show them.