Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
FileOpenInstaller.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
 |
|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\FileOpen.api (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\is-GV932.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (copy)
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\FileOpen\Services\FileOpenManager64.exe (copy)
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\FileOpen\Services\is-FC998.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\FileOpen\Services\is-JKV7N.tmp
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\FileOpen\UtilDll.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\FileOpen\examples\installcomplete.pdf (copy)
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
|
C:\Program Files\FileOpen\examples\is-5NKPI.tmp
|
PDF document, version 1.6 (zip deflate encoded)
|
dropped
|
||
|
C:\Program Files\FileOpen\is-9KV5A.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\FileOpen\is-NSHSA.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\FileOpen\unins000.dat
|
InnoSetup Log 64-bit FileOpen Client B998, version 0x418, 28298 bytes, 724536\37\user\37, C:\Program Files\FileOpen\376\377\377\007
|
dropped
|
||
|
C:\Program Files\FileOpen\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\FileOpen\unins000.msg
|
InnoSetup messages, version 6.0.0, 243 messages (UTF-16), Cancel installation
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\L10n\fotk_de.lcd (copy)
|
ASCII text, with very long lines (12648), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\L10n\fotk_fr.lcd (copy)
|
ASCII text, with very long lines (12752), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\L10n\fotk_ja.lcd (copy)
|
ASCII text, with very long lines (15400), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\L10n\fotk_zh.lcd (copy)
|
ASCII text, with very long lines (10172), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\L10n\is-50LB9.tmp
|
ASCII text, with very long lines (12752), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\L10n\is-B9C47.tmp
|
ASCII text, with very long lines (12648), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\L10n\is-BQIFQ.tmp
|
ASCII text, with very long lines (15400), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\L10n\is-H0NCM.tmp
|
ASCII text, with very long lines (10172), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\Lists\fotkBus.lcd (copy)
|
ASCII text, with very long lines (7568), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\Lists\fotkCnfs.lcd (copy)
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\Lists\fotkDrs.lcd (copy)
|
ASCII text, with very long lines (7248), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\Lists\fotkLngs.lcd (copy)
|
ASCII text, with very long lines (720), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\Lists\fotkLsts.lcd (copy)
|
ASCII text, with very long lines (1104), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\Lists\fotkNis.lcd (copy)
|
ASCII text, with very long lines (2640), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\Lists\fotkPrs.lcd (copy)
|
ASCII text, with very long lines (2960), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\Lists\fotkRds.lcd (copy)
|
ASCII text, with very long lines (424), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\Lists\is-9F2R0.tmp
|
ASCII text, with very long lines (1104), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\Lists\is-CKRT4.tmp
|
ASCII text, with very long lines (424), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\Lists\is-DNLJ4.tmp
|
ASCII text, with very long lines (2640), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\Lists\is-KNQ1D.tmp
|
ASCII text, with very long lines (720), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\Lists\is-L7T53.tmp
|
ASCII text, with very long lines (2960), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\Lists\is-O4NSE.tmp
|
ASCII text, with very long lines (7568), with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\Lists\is-OQA7C.tmp
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\FileOpen\Updates\Lists\is-THTBB.tmp
|
ASCII text, with very long lines (7248), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3035004, file counter 22, database pages 16, 1st free page 12, free
pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 22
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt22.lst.1460
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt21.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Setup Log 2023-02-07 #001.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-K56MV.tmp\UtilDll.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-K56MV.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\FileOpen\Fowpmadi.txt
|
data
|
dropped
|
There are 41 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\FileOpenInstaller.exe
|
C:\Users\user\Desktop\FileOpenInstaller.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp
|
"C:\Users\user\AppData\Local\Temp\is-RJIJI.tmp\FileOpenInstaller.tmp" /SL5="$6040A,6054369,1320960,C:\Users\user\Desktop\FileOpenInstaller.exe"
|
|
|
|
C:\Windows\System32\sc.exe
|
"C:\Windows\system32\sc.exe" create FileOpenManager binpath= "\"C:\Program Files\FileOpen\Services\FileOpenManager64.exe\""
start= auto
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\sc.exe
|
"C:\Windows\system32\sc.exe" description FileOpenManager "FileOpen Client Manager"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\sc.exe
|
"C:\Windows\system32\sc.exe" start FileOpenManager
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\FileOpen\Services\FileOpenManager64.exe
|
C:\Program Files\FileOpen\Services\FileOpenManager64.exe
|
||
|
C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
|
C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
|
||
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
|
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" installcomplete.pdf
|
||
|
C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
|
"C:\Program Files\FileOpen\Services\FileOpenBroker64.exe"
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://fileopen.com/updates
|
unknown
|
||
|
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
|
http://www.fileopen.com/request-tech-support/
|
unknown
|
||
|
https://usr.fileopen.com/check/usr/ZHAk7YpwDRdZvZq3ePSvK2nhY4hHWUX
|
unknown
|
||
|
http://www.fileopen.com/request-tech-support/Zhttp://www.fileopen.com/request-tech-support/
|
unknown
|
||
|
http://fileopen.com
|
unknown
|
||
|
http://www.fileopen.com/request-tech-support/q
|
unknown
|
||
|
http://plugin.fileopen.com/.
|
unknown
|
||
|
http://www.fileopen.com/%sPlugin
|
unknown
|
||
|
https://usr.fileopen.com/check/usr/ZHAk7YpwDRdZvZq3ePSvK2nhY4hHWUX+9uW5qs0U4Ek=
|
72.3.136.136
|
||
|
http://www.fileopen.com/0
|
unknown
|
||
|
http://www.fileopen.com/request-tech-support/0A
|
unknown
|
||
|
https://plugin.fileopen.com/installcomplete.ashx?Request=DocPerm&Stamp=1675795218&Mode=CNR&USR=10007
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
https://plugin.fileopen.com/installcomplete.ashx?Request=Setting&Stamp=1675795217&Mode=CNR&USR=10007
|
unknown
|
||
|
https://usr.fileopen.com/_
|
unknown
|
||
|
https://usr.fileopen.com/
|
unknown
|
||
|
http://www.fileopen.com/%s
|
unknown
|
||
|
http://plugin.fileopen.com/.n
|
unknown
|
||
|
https://plugin.fileopen.com/
|
unknown
|
||
|
https://plugin.fileopen.com//&
|
unknown
|
There are 12 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
usr.fileopen.com
|
72.3.136.136
|
||
|
plugin.fileopen.com
|
72.3.136.132
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
72.3.136.136
|
usr.fileopen.com
|
United States
|
||
|
72.3.136.132
|
plugin.fileopen.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FileOpenBroker
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
Inno Setup: Setup Type
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
Inno Setup: Selected Components
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
Inno Setup: Deselected Components
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
Inno Setup: Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileOpenClient_is1
|
EstimatedSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\FileOpen
|
Fowp3Uuid
|
||
|
HKEY_CURRENT_USER\SOFTWARE\FileOpen
|
Fowp3Madi
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
There are 33 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
53B1CFE000
|
stack
|
page read and write
|
||
|
43FD000
|
heap
|
page read and write
|
||
|
23DFDBD2000
|
heap
|
page read and write
|
||
|
6C5000
|
unkown
|
page readonly
|
||
|
7AF000
|
heap
|
page read and write
|
||
|
28B0000
|
direct allocation
|
page read and write
|
||
|
23DFD90F000
|
heap
|
page read and write
|
||
|
2253DD82000
|
heap
|
page read and write
|
||
|
4371000
|
heap
|
page read and write
|
||
|
A9E000
|
stack
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
7FF600B28000
|
unkown
|
page write copy
|
||
|
23DFD907000
|
heap
|
page read and write
|
||
|
7FE23000
|
direct allocation
|
page read and write
|
||
|
23DFDBD6000
|
heap
|
page read and write
|
||
|
7FB50000
|
direct allocation
|
page read and write
|
||
|
89E000
|
stack
|
page read and write
|
||
|
7B7000
|
heap
|
page read and write
|
||
|
3663000
|
heap
|
page read and write
|
||
|
AC62B7F000
|
stack
|
page read and write
|
||
|
AA1807F000
|
stack
|
page read and write
|
||
|
1EF10F56000
|
heap
|
page read and write
|
||
|
1D0000
|
unclassified section
|
page readonly
|
||
|
53B1F79000
|
stack
|
page read and write
|
||
|
7FF600B2F000
|
unkown
|
page read and write
|
||
|
23DFD93E000
|
heap
|
page read and write
|
||
|
23DFDA7A000
|
heap
|
page read and write
|
||
|
65D000
|
unkown
|
page write copy
|
||
|
2253DD4C000
|
heap
|
page read and write
|
||
|
254A000
|
direct allocation
|
page read and write
|
||
|
3661000
|
heap
|
page read and write
|
||
|
927A5FE000
|
stack
|
page read and write
|
||
|
7EE000
|
heap
|
page read and write
|
||
|
23AD000
|
direct allocation
|
page read and write
|
||
|
7FF668FA2000
|
unkown
|
page write copy
|
||
|
1EF11030000
|
heap
|
page read and write
|
||
|
394B000
|
direct allocation
|
page read and write
|
||
|
4372000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
3959000
|
direct allocation
|
page read and write
|
||
|
24207E56000
|
heap
|
page read and write
|
||
|
24207E7E000
|
heap
|
page read and write
|
||
|
65F000
|
unkown
|
page read and write
|
||
|
2661000
|
direct allocation
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
2628000
|
direct allocation
|
page read and write
|
||
|
23DFD91B000
|
heap
|
page read and write
|
||
|
811000
|
heap
|
page read and write
|
||
|
3933000
|
direct allocation
|
page read and write
|
||
|
21445EE3000
|
heap
|
page read and write
|
||
|
A2CD47E000
|
stack
|
page read and write
|
||
|
43FD000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
23DFCC80000
|
heap
|
page read and write
|
||
|
25BD000
|
direct allocation
|
page read and write
|
||
|
3C5E000
|
direct allocation
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
7C1000
|
heap
|
page read and write
|
||
|
24207E78000
|
heap
|
page read and write
|
||
|
7FE16000
|
direct allocation
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
24207F10000
|
heap
|
page read and write
|
||
|
23DFD890000
|
heap
|
page read and write
|
||
|
24207EEF000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
7FE000
|
heap
|
page read and write
|
||
|
DBF69FE000
|
stack
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
4FE000
|
unkown
|
page readonly
|
||
|
927ACFF000
|
stack
|
page read and write
|
||
|
24207F00000
|
heap
|
page read and write
|
||
|
23DFD8FF000
|
heap
|
page read and write
|
||
|
433B000
|
heap
|
page read and write
|
||
|
25FF000
|
direct allocation
|
page read and write
|
||
|
4C2000
|
unkown
|
page write copy
|
||
|
7FC000
|
heap
|
page read and write
|
||
|
AA17D3D000
|
stack
|
page read and write
|
||
|
1DE62820000
|
heap
|
page read and write
|
||
|
23DFD8FD000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
7FE27000
|
direct allocation
|
page read and write
|
||
|
7FF668FAA000
|
unkown
|
page read and write
|
||
|
23DFCD10000
|
heap
|
page read and write
|
||
|
2360000
|
direct allocation
|
page read and write
|
||
|
24207EF4000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
23DFD906000
|
heap
|
page read and write
|
||
|
38E6000
|
direct allocation
|
page read and write
|
||
|
24207E10000
|
heap
|
page read and write
|
||
|
857000
|
heap
|
page read and write
|
||
|
23DFDBC0000
|
heap
|
page read and write
|
||
|
23DFD913000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
36B8000
|
direct allocation
|
page read and write
|
||
|
2253DDFA000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
7FF600B07000
|
unkown
|
page readonly
|
||
|
23DFD93D000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
23DFCCFA000
|
heap
|
page read and write
|
||
|
36F0000
|
direct allocation
|
page read and write
|
||
|
23DFDBC7000
|
heap
|
page read and write
|
||
|
2253FA30000
|
remote allocation
|
page read and write
|
||
|
927AAFE000
|
stack
|
page read and write
|
||
|
210FECF0000
|
heap
|
page read and write
|
||
|
2668000
|
direct allocation
|
page read and write
|
||
|
23DFDA74000
|
heap
|
page read and write
|
||
|
21445ED2000
|
heap
|
page read and write
|
||
|
2636000
|
direct allocation
|
page read and write
|
||
|
23DFDBCF000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
7FE0C000
|
direct allocation
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
7E3000
|
heap
|
page read and write
|
||
|
927ADFD000
|
stack
|
page read and write
|
||
|
7E6000
|
heap
|
page read and write
|
||
|
A3F9CFE000
|
stack
|
page read and write
|
||
|
4321000
|
heap
|
page read and write
|
||
|
2618000
|
direct allocation
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
23DFD8F5000
|
heap
|
page read and write
|
||
|
23DFD8FE000
|
heap
|
page read and write
|
||
|
4420000
|
heap
|
page read and write
|
||
|
23DFDA72000
|
heap
|
page read and write
|
||
|
263D000
|
direct allocation
|
page read and write
|
||
|
243E000
|
direct allocation
|
page read and write
|
||
|
7FF600B34000
|
unkown
|
page read and write
|
||
|
23DFDBDC000
|
heap
|
page read and write
|
||
|
23DFDBDB000
|
heap
|
page read and write
|
||
|
7FF668F9A000
|
unkown
|
page write copy
|
||
|
1C8BE7F0000
|
heap
|
page read and write
|
||
|
69D97FE000
|
stack
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
3964000
|
direct allocation
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
433B000
|
heap
|
page read and write
|
||
|
280A000
|
direct allocation
|
page read and write
|
||
|
23DFDA7E000
|
heap
|
page read and write
|
||
|
AC62BFD000
|
stack
|
page read and write
|
||
|
7FC000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
23DFCCE9000
|
heap
|
page read and write
|
||
|
AC625CE000
|
stack
|
page read and write
|
||
|
2E50000
|
trusted library allocation
|
page read and write
|
||
|
7FDFE000
|
direct allocation
|
page read and write
|
||
|
23DFD907000
|
heap
|
page read and write
|
||
|
23DFD8FD000
|
heap
|
page read and write
|
||
|
7FF668F99000
|
unkown
|
page write copy
|
||
|
23DFD90A000
|
heap
|
page read and write
|
||
|
23DFD8AC000
|
heap
|
page read and write
|
||
|
2253F9A0000
|
heap
|
page read and write
|
||
|
24207DD0000
|
trusted library allocation
|
page read and write
|
||
|
7FE07000
|
direct allocation
|
page read and write
|
||
|
21445ECB000
|
heap
|
page read and write
|
||
|
69D96FE000
|
stack
|
page read and write
|
||
|
7FF668F4B000
|
unkown
|
page readonly
|
||
|
28A0000
|
direct allocation
|
page read and write
|
||
|
7FF600B07000
|
unkown
|
page readonly
|
||
|
7FE4C000
|
direct allocation
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
23DFCD4F000
|
heap
|
page read and write
|
||
|
23DFDA75000
|
heap
|
page read and write
|
||
|
7E1000
|
heap
|
page read and write
|
||
|
23DFD945000
|
heap
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
36D3000
|
direct allocation
|
page read and write
|
||
|
6B7000
|
unkown
|
page readonly
|
||
|
4320000
|
heap
|
page read and write
|
||
|
2466000
|
direct allocation
|
page read and write
|
||
|
38C1000
|
direct allocation
|
page read and write
|
||
|
3661000
|
heap
|
page read and write
|
||
|
927A4FF000
|
stack
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
38A0000
|
direct allocation
|
page read and write
|
||
|
7FE13000
|
direct allocation
|
page read and write
|
||
|
7CA000
|
heap
|
page read and write
|
||
|
672000
|
unkown
|
page readonly
|
||
|
23DFD919000
|
heap
|
page read and write
|
||
|
1EF110A0000
|
heap
|
page read and write
|
||
|
23DFCD4F000
|
heap
|
page read and write
|
||
|
24207EE3000
|
heap
|
page read and write
|
||
|
25E1000
|
direct allocation
|
page read and write
|
||
|
23DFD90C000
|
heap
|
page read and write
|
||
|
541000
|
unkown
|
page readonly
|
||
|
2253FA5E000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
533000
|
unkown
|
page readonly
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
23DFCD0A000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
3650000
|
direct allocation
|
page read and write
|
||
|
368C000
|
heap
|
page read and write
|
||
|
25E2A005000
|
heap
|
page read and write
|
||
|
433E000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
1EF10DC0000
|
heap
|
page read and write
|
||
|
24208700000
|
heap
|
page read and write
|
||
|
DBF62FF000
|
stack
|
page read and write
|
||
|
7D2000
|
heap
|
page read and write
|
||
|
1DE627B0000
|
heap
|
page read and write
|
||
|
3E70000
|
direct allocation
|
page read and write
|
||
|
7F9000
|
heap
|
page read and write
|
||
|
23DFDA70000
|
heap
|
page read and write
|
||
|
3935000
|
direct allocation
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
43FC000
|
heap
|
page read and write
|
||
|
7FF668F4B000
|
unkown
|
page readonly
|
||
|
242E000
|
direct allocation
|
page read and write
|
||
|
4352000
|
heap
|
page read and write
|
||
|
210FE9E0000
|
heap
|
page read and write
|
||
|
A2CD4FF000
|
stack
|
page read and write
|
||
|
23DFD9B0000
|
heap
|
page read and write
|
||
|
23DFD8F3000
|
heap
|
page read and write
|
||
|
AC6254E000
|
stack
|
page read and write
|
||
|
23DFDA7E000
|
heap
|
page read and write
|
||
|
4B7000
|
unkown
|
page write copy
|
||
|
23DFCC10000
|
heap
|
page read and write
|
||
|
DBF64FD000
|
stack
|
page read and write
|
||
|
7FF668FA2000
|
unkown
|
page write copy
|
||
|
23DFD930000
|
heap
|
page read and write
|
||
|
24207EE5000
|
heap
|
page read and write
|
||
|
927A8F8000
|
stack
|
page read and write
|
||
|
238F000
|
direct allocation
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
61DE8FE000
|
stack
|
page read and write
|
||
|
23C3000
|
direct allocation
|
page read and write
|
||
|
2253F9A3000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
7FF668DD1000
|
unkown
|
page execute read
|
||
|
79C000
|
heap
|
page read and write
|
||
|
28F7000
|
direct allocation
|
page read and write
|
||
|
24207EDF000
|
heap
|
page read and write
|
||
|
2253DC90000
|
heap
|
page read and write
|
||
|
66B000
|
unkown
|
page write copy
|
||
|
7FE34000
|
direct allocation
|
page read and write
|
||
|
2905000
|
direct allocation
|
page read and write
|
||
|
7E7000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
7FF668FBC000
|
unkown
|
page read and write
|
||
|
AC624C6000
|
stack
|
page read and write
|
||
|
23DFCD21000
|
heap
|
page read and write
|
||
|
245F000
|
direct allocation
|
page read and write
|
||
|
7A1000
|
heap
|
page read and write
|
||
|
787000
|
heap
|
page read and write
|
||
|
7FDEE000
|
direct allocation
|
page read and write
|
||
|
23DFD8FD000
|
heap
|
page read and write
|
||
|
927A9FE000
|
stack
|
page read and write
|
||
|
4328000
|
heap
|
page read and write
|
||
|
23DFD914000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
7FE1A000
|
direct allocation
|
page read and write
|
||
|
23DFD904000
|
heap
|
page read and write
|
||
|
23DFDBE1000
|
heap
|
page read and write
|
||
|
77A000
|
heap
|
page read and write
|
||
|
36EB000
|
direct allocation
|
page read and write
|
||
|
23DFD8A3000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
2448000
|
direct allocation
|
page read and write
|
||
|
7DB000
|
heap
|
page read and write
|
||
|
7FF668FC8000
|
unkown
|
page readonly
|
||
|
D80000
|
heap
|
page read and write
|
||
|
23DFCE70000
|
heap
|
page read and write
|
||
|
7FE0E000
|
direct allocation
|
page read and write
|
||
|
397A000
|
direct allocation
|
page read and write
|
||
|
23DFD8E8000
|
heap
|
page read and write
|
||
|
23DFDBE4000
|
heap
|
page read and write
|
||
|
36D0000
|
direct allocation
|
page read and write
|
||
|
7FF668DD1000
|
unkown
|
page execute read
|
||
|
7A7000
|
heap
|
page read and write
|
||
|
24208762000
|
heap
|
page read and write
|
||
|
2396000
|
direct allocation
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
7FF668FAA000
|
unkown
|
page read and write
|
||
|
2381000
|
direct allocation
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
28EA000
|
direct allocation
|
page read and write
|
||
|
25E29D9B000
|
heap
|
page read and write
|
||
|
2818000
|
direct allocation
|
page read and write
|
||
|
4353000
|
heap
|
page read and write
|
||
|
7FF668FA2000
|
unkown
|
page write copy
|
||
|
851000
|
heap
|
page read and write
|
||
|
3704000
|
direct allocation
|
page read and write
|
||
|
53B190C000
|
stack
|
page read and write
|
||
|
36E2000
|
direct allocation
|
page read and write
|
||
|
2474000
|
direct allocation
|
page read and write
|
||
|
23DFD8C1000
|
heap
|
page read and write
|
||
|
391A000
|
direct allocation
|
page read and write
|
||
|
23DFCCE9000
|
heap
|
page read and write
|
||
|
24207FE0000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
3ACF000
|
stack
|
page read and write
|
||
|
23DFD917000
|
heap
|
page read and write
|
||
|
24207EE8000
|
heap
|
page read and write
|
||
|
25E29D93000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
28A0000
|
direct allocation
|
page read and write
|
||
|
23DFD921000
|
heap
|
page read and write
|
||
|
7EF000
|
heap
|
page read and write
|
||
|
433C000
|
heap
|
page read and write
|
||
|
3981000
|
direct allocation
|
page read and write
|
||
|
36C7000
|
direct allocation
|
page read and write
|
||
|
77E000
|
heap
|
page read and write
|
||
|
69D9328000
|
stack
|
page read and write
|
||
|
3661000
|
heap
|
page read and write
|
||
|
43BB000
|
heap
|
page read and write
|
||
|
7FE23000
|
direct allocation
|
page read and write
|
||
|
2420861A000
|
heap
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
78D000
|
heap
|
page read and write
|
||
|
43F4000
|
heap
|
page read and write
|
||
|
27F2000
|
direct allocation
|
page read and write
|
||
|
74E000
|
stack
|
page read and write
|
||
|
7CC000
|
heap
|
page read and write
|
||
|
7FF668DD0000
|
unkown
|
page readonly
|
||
|
4325000
|
heap
|
page read and write
|
||
|
AC629FB000
|
stack
|
page read and write
|
||
|
2419000
|
direct allocation
|
page read and write
|
||
|
23DFD90F000
|
heap
|
page read and write
|
||
|
23DFD8BD000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
855000
|
heap
|
page read and write
|
||
|
7FF600A71000
|
unkown
|
page execute read
|
||
|
AC62A7D000
|
stack
|
page read and write
|
||
|
23DFCCE4000
|
heap
|
page read and write
|
||
|
1EF10F30000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
2551000
|
direct allocation
|
page read and write
|
||
|
6EF000
|
unkown
|
page readonly
|
||
|
DBF66FF000
|
stack
|
page read and write
|
||
|
25E29D60000
|
heap
|
page read and write
|
||
|
7FE38000
|
direct allocation
|
page read and write
|
||
|
857000
|
heap
|
page read and write
|
||
|
7AA000
|
heap
|
page read and write
|
||
|
7FF668DD1000
|
unkown
|
page execute read
|
||
|
7D2000
|
heap
|
page read and write
|
||
|
7FC000
|
heap
|
page read and write
|
||
|
7CD000
|
heap
|
page read and write
|
||
|
4337000
|
heap
|
page read and write
|
||
|
7E7000
|
heap
|
page read and write
|
||
|
7FF600B27000
|
unkown
|
page write copy
|
||
|
927A0F8000
|
stack
|
page read and write
|
||
|
24208621000
|
heap
|
page read and write
|
||
|
53B1D7E000
|
stack
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
7E1000
|
heap
|
page read and write
|
||
|
23DFD8E1000
|
heap
|
page read and write
|
||
|
2534000
|
direct allocation
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
3948000
|
direct allocation
|
page read and write
|
||
|
7F5000
|
heap
|
page read and write
|
||
|
23DFD8E1000
|
heap
|
page read and write
|
||
|
858000
|
heap
|
page read and write
|
||
|
24208791000
|
heap
|
page read and write
|
||
|
21445DF0000
|
heap
|
page read and write
|
||
|
7FF668DD0000
|
unkown
|
page readonly
|
||
|
36F6000
|
direct allocation
|
page read and write
|
||
|
6CF000
|
unkown
|
page readonly
|
||
|
7FF668FC8000
|
unkown
|
page readonly
|
||
|
23DFCD21000
|
heap
|
page read and write
|
||
|
2253DDCC000
|
heap
|
page read and write
|
||
|
AC628FC000
|
stack
|
page read and write
|
||
|
21447B80000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
D89000
|
heap
|
page read and write
|
||
|
3945000
|
direct allocation
|
page read and write
|
||
|
23DFCBC0000
|
heap
|
page read and write
|
||
|
3940000
|
direct allocation
|
page read and write
|
||
|
21446225000
|
heap
|
page read and write
|
||
|
23DFCD3B000
|
heap
|
page read and write
|
||
|
23DFD8B3000
|
heap
|
page read and write
|
||
|
A3F9E7F000
|
stack
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
7FF600A71000
|
unkown
|
page execute read
|
||
|
927AEFB000
|
stack
|
page read and write
|
||
|
DBF67FE000
|
stack
|
page read and write
|
||
|
23DFD93D000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
23DFD904000
|
heap
|
page read and write
|
||
|
21446190000
|
heap
|
page read and write
|
||
|
670000
|
unkown
|
page readonly
|
||
|
25D0000
|
direct allocation
|
page read and write
|
||
|
69D98FE000
|
stack
|
page read and write
|
||
|
23DFD904000
|
heap
|
page read and write
|
||
|
851000
|
heap
|
page read and write
|
||
|
811000
|
heap
|
page read and write
|
||
|
23DFD8EE000
|
heap
|
page read and write
|
||
|
2253FA30000
|
remote allocation
|
page read and write
|
||
|
28C2000
|
direct allocation
|
page read and write
|
||
|
927ABFE000
|
stack
|
page read and write
|
||
|
23DFCCC7000
|
heap
|
page read and write
|
||
|
21445EC7000
|
heap
|
page read and write
|
||
|
23DFD951000
|
heap
|
page read and write
|
||
|
851000
|
heap
|
page read and write
|
||
|
7FF600B37000
|
unkown
|
page readonly
|
||
|
7FF668FC5000
|
unkown
|
page read and write
|
||
|
21446220000
|
heap
|
page read and write
|
||
|
23DFCD61000
|
heap
|
page read and write
|
||
|
210FE8A0000
|
heap
|
page read and write
|
||
|
432B000
|
heap
|
page read and write
|
||
|
7FF668FA2000
|
unkown
|
page write copy
|
||
|
2372000
|
direct allocation
|
page read and write
|
||
|
38F6000
|
direct allocation
|
page read and write
|
||
|
23DFD93D000
|
heap
|
page read and write
|
||
|
7D2000
|
heap
|
page read and write
|
||
|
B1F000
|
stack
|
page read and write
|
||
|
7A4000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
23DFD8AA000
|
heap
|
page read and write
|
||
|
43FD000
|
heap
|
page read and write
|
||
|
24207C80000
|
heap
|
page read and write
|
||
|
A3F9C7E000
|
stack
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
768000
|
heap
|
page read and write
|
||
|
23DFD8E8000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
3916000
|
direct allocation
|
page read and write
|
||
|
25E2A000000
|
heap
|
page read and write
|
||
|
2253DE13000
|
heap
|
page read and write
|
||
|
24207ED0000
|
heap
|
page read and write
|
||
|
23DFD93E000
|
heap
|
page read and write
|
||
|
7B6000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
24207ED7000
|
heap
|
page read and write
|
||
|
7FF668DD1000
|
unkown
|
page execute read
|
||
|
7FF600B37000
|
unkown
|
page readonly
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
26E0000
|
direct allocation
|
page read and write
|
||
|
23B5000
|
direct allocation
|
page read and write
|
||
|
2253FA30000
|
remote allocation
|
page read and write
|
||
|
24207FE5000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
4349000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
23DFD93D000
|
heap
|
page read and write
|
||
|
18D000
|
stack
|
page read and write
|
||
|
927A7FF000
|
stack
|
page read and write
|
||
|
7D5000
|
heap
|
page read and write
|
||
|
2437000
|
direct allocation
|
page read and write
|
||
|
24208614000
|
heap
|
page read and write
|
||
|
1EF11195000
|
heap
|
page read and write
|
||
|
23BC000
|
direct allocation
|
page read and write
|
||
|
23DFCD1B000
|
heap
|
page read and write
|
||
|
805000
|
heap
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
1EF11190000
|
heap
|
page read and write
|
||
|
24207E7C000
|
heap
|
page read and write
|
||
|
253B000
|
direct allocation
|
page read and write
|
||
|
2253DD89000
|
heap
|
page read and write
|
||
|
23DFD918000
|
heap
|
page read and write
|
||
|
3AB5000
|
direct allocation
|
page read and write
|
||
|
3661000
|
heap
|
page read and write
|
||
|
1EF10F3C000
|
heap
|
page read and write
|
||
|
7F6000
|
heap
|
page read and write
|
||
|
61DE97F000
|
stack
|
page read and write
|
||
|
2253DF10000
|
heap
|
page read and write
|
||
|
53B1C7E000
|
stack
|
page read and write
|
||
|
2653000
|
direct allocation
|
page read and write
|
||
|
1C8BEA49000
|
heap
|
page read and write
|
||
|
2644000
|
direct allocation
|
page read and write
|
||
|
53B1DFE000
|
stack
|
page read and write
|
||
|
38CA000
|
direct allocation
|
page read and write
|
||
|
23DFDA77000
|
heap
|
page read and write
|
||
|
25D3000
|
direct allocation
|
page read and write
|
||
|
53B1FFE000
|
stack
|
page read and write
|
||
|
1DE626B8000
|
heap
|
page read and write
|
||
|
2558000
|
direct allocation
|
page read and write
|
||
|
36DA000
|
direct allocation
|
page read and write
|
||
|
7FF668DD0000
|
unkown
|
page readonly
|
||
|
23DFCD11000
|
heap
|
page read and write
|
||
|
A1E000
|
stack
|
page read and write
|
||
|
25E29F30000
|
heap
|
page read and write
|
||
|
24207E5F000
|
heap
|
page read and write
|
||
|
7EB000
|
heap
|
page read and write
|
||
|
248A000
|
direct allocation
|
page read and write
|
||
|
851000
|
heap
|
page read and write
|
||
|
2820000
|
direct allocation
|
page read and write
|
||
|
7FF668DD0000
|
unkown
|
page readonly
|
||
|
36FA000
|
direct allocation
|
page read and write
|
||
|
21445E90000
|
heap
|
page read and write
|
||
|
7FF600A70000
|
unkown
|
page readonly
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
23DFDCC0000
|
heap
|
page read and write
|
||
|
DBF61FF000
|
stack
|
page read and write
|
||
|
23DFDBE1000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
1DE624F0000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
23DFD921000
|
heap
|
page read and write
|
||
|
7FF668FC8000
|
unkown
|
page readonly
|
||
|
23DFCD1B000
|
heap
|
page read and write
|
||
|
23DFCCE9000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
25E8000
|
direct allocation
|
page read and write
|
||
|
2253FA84000
|
heap
|
page read and write
|
||
|
3988000
|
direct allocation
|
page read and write
|
||
|
4C6000
|
unkown
|
page readonly
|
||
|
1C8BE930000
|
heap
|
page read and write
|
||
|
371E000
|
direct allocation
|
page read and write
|
||
|
53B207B000
|
stack
|
page read and write
|
||
|
A3F9DFF000
|
stack
|
page read and write
|
||
|
265A000
|
direct allocation
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
36D7000
|
direct allocation
|
page read and write
|
||
|
23DFD924000
|
heap
|
page read and write
|
||
|
36BE000
|
direct allocation
|
page read and write
|
||
|
805000
|
heap
|
page read and write
|
||
|
21445E97000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
2253E015000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
7F7000
|
heap
|
page read and write
|
||
|
2253FA75000
|
heap
|
page read and write
|
||
|
242086D3000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
23DFDBE2000
|
heap
|
page read and write
|
||
|
23DFCCB2000
|
heap
|
page read and write
|
||
|
23DFD95D000
|
heap
|
page read and write
|
||
|
23DFD8E3000
|
heap
|
page read and write
|
||
|
7B7000
|
heap
|
page read and write
|
||
|
25F8000
|
direct allocation
|
page read and write
|
||
|
23DFDA73000
|
heap
|
page read and write
|
||
|
239E000
|
direct allocation
|
page read and write
|
||
|
1DE626B0000
|
heap
|
page read and write
|
||
|
24207EDB000
|
heap
|
page read and write
|
||
|
2253DD84000
|
heap
|
page read and write
|
||
|
23DFCD0A000
|
heap
|
page read and write
|
||
|
2253DF80000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
A3F9D7F000
|
stack
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
DBF60FC000
|
stack
|
page read and write
|
||
|
7FF668F99000
|
unkown
|
page read and write
|
||
|
23DFDBCC000
|
heap
|
page read and write
|
||
|
23DFD8F8000
|
heap
|
page read and write
|
||
|
A3F9EFF000
|
stack
|
page read and write
|
||
|
24207E17000
|
heap
|
page read and write
|
||
|
1DE626C1000
|
heap
|
page read and write
|
||
|
1C8BE9A0000
|
heap
|
page read and write
|
||
|
21446060000
|
heap
|
page read and write
|
||
|
23A6000
|
direct allocation
|
page read and write
|
||
|
236B000
|
direct allocation
|
page read and write
|
||
|
7F6000
|
heap
|
page read and write
|
||
|
B9F000
|
stack
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
3E3F000
|
stack
|
page read and write
|
||
|
3950000
|
direct allocation
|
page read and write
|
||
|
93000
|
stack
|
page read and write
|
||
|
24207EC2000
|
heap
|
page read and write
|
||
|
24207E6D000
|
heap
|
page read and write
|
||
|
1DE62650000
|
heap
|
page read and write
|
||
|
7FF668F4B000
|
unkown
|
page readonly
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
23DFD907000
|
heap
|
page read and write
|
||
|
7FF668F99000
|
unkown
|
page write copy
|
||
|
4C0000
|
unkown
|
page read and write
|
||
|
393D000
|
direct allocation
|
page read and write
|
||
|
7F6000
|
heap
|
page read and write
|
||
|
24208772000
|
heap
|
page read and write
|
||
|
23DFCF80000
|
heap
|
page read and write
|
||
|
23DFDBDB000
|
heap
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
246D000
|
direct allocation
|
page read and write
|
||
|
370A000
|
direct allocation
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
4353000
|
heap
|
page read and write
|
||
|
7DB000
|
heap
|
page read and write
|
||
|
23DFDBC8000
|
heap
|
page read and write
|
||
|
2483000
|
direct allocation
|
page read and write
|
||
|
24208680000
|
heap
|
page read and write
|
||
|
23DFD93D000
|
heap
|
page read and write
|
||
|
23DFD8DA000
|
heap
|
page read and write
|
||
|
23DFD91D000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
927A6FE000
|
stack
|
page read and write
|
||
|
264C000
|
direct allocation
|
page read and write
|
||
|
2491000
|
direct allocation
|
page read and write
|
||
|
36D5000
|
direct allocation
|
page read and write
|
||
|
36DD000
|
direct allocation
|
page read and write
|
||
|
3660000
|
heap
|
page read and write
|
||
|
25DA000
|
direct allocation
|
page read and write
|
||
|
24208664000
|
heap
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
AC6297F000
|
stack
|
page read and write
|
||
|
4B9000
|
unkown
|
page read and write
|
||
|
79D000
|
heap
|
page read and write
|
||
|
A2CD1FD000
|
stack
|
page read and write
|
||
|
24208665000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
7C9000
|
heap
|
page read and write
|
||
|
783000
|
heap
|
page read and write
|
||
|
53B1EFF000
|
stack
|
page read and write
|
||
|
23DFD8F8000
|
heap
|
page read and write
|
||
|
AC6287E000
|
stack
|
page read and write
|
||
|
7DB000
|
heap
|
page read and write
|
||
|
851000
|
heap
|
page read and write
|
||
|
28C3000
|
heap
|
page read and write
|
||
|
927AFFF000
|
stack
|
page read and write
|
||
|
247C000
|
direct allocation
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
36C5000
|
direct allocation
|
page read and write
|
||
|
23DFD918000
|
heap
|
page read and write
|
||
|
1C8BE9B0000
|
heap
|
page read and write
|
||
|
23DFD921000
|
heap
|
page read and write
|
||
|
23DFDA7A000
|
heap
|
page read and write
|
||
|
433C000
|
heap
|
page read and write
|
||
|
28DB000
|
direct allocation
|
page read and write
|
||
|
24207F0D000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
23DFDBD8000
|
heap
|
page read and write
|
||
|
242086B6000
|
heap
|
page read and write
|
||
|
38DF000
|
direct allocation
|
page read and write
|
||
|
214460D0000
|
heap
|
page read and write
|
||
|
24207E49000
|
heap
|
page read and write
|
||
|
25E29CC0000
|
heap
|
page read and write
|
||
|
D50000
|
direct allocation
|
page execute and read and write
|
||
|
2253F8D0000
|
heap
|
page read and write
|
||
|
2420862E000
|
heap
|
page read and write
|
||
|
36CE000
|
direct allocation
|
page read and write
|
||
|
7FE29000
|
direct allocation
|
page read and write
|
||
|
3D3E000
|
stack
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
23DFD921000
|
heap
|
page read and write
|
||
|
23DFDA77000
|
heap
|
page read and write
|
||
|
24208664000
|
heap
|
page read and write
|
||
|
24207ED3000
|
heap
|
page read and write
|
||
|
AC62AFE000
|
stack
|
page read and write
|
||
|
210FEB80000
|
heap
|
page read and write
|
||
|
7F5000
|
heap
|
page read and write
|
||
|
7D2000
|
heap
|
page read and write
|
||
|
24207FF0000
|
heap
|
page read and write
|
||
|
84C000
|
heap
|
page read and write
|
||
|
521000
|
unkown
|
page readonly
|
||
|
24208602000
|
heap
|
page read and write
|
||
|
24207E56000
|
heap
|
page read and write
|
||
|
23DFD900000
|
heap
|
page read and write
|
||
|
7DE000
|
heap
|
page read and write
|
||
|
23DFCD61000
|
heap
|
page read and write
|
||
|
6E1000
|
unkown
|
page readonly
|
||
|
3681000
|
heap
|
page read and write
|
||
|
53B1E7F000
|
stack
|
page read and write
|
||
|
7FF668FC5000
|
unkown
|
page read and write
|
||
|
24208600000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
7F6000
|
heap
|
page read and write
|
||
|
7FF600B27000
|
unkown
|
page read and write
|
||
|
1C8BEA40000
|
heap
|
page read and write
|
||
|
24207F06000
|
heap
|
page read and write
|
||
|
2253E010000
|
heap
|
page read and write
|
||
|
38DA000
|
direct allocation
|
page read and write
|
||
|
AA17DBE000
|
stack
|
page read and write
|
||
|
4C4000
|
unkown
|
page readonly
|
||
|
7FF668F99000
|
unkown
|
page read and write
|
||
|
23DFD913000
|
heap
|
page read and write
|
||
|
7D8000
|
heap
|
page read and write
|
||
|
DBF68FE000
|
stack
|
page read and write
|
||
|
7FE31000
|
direct allocation
|
page read and write
|
||
|
2253DD8F000
|
heap
|
page read and write
|
||
|
23DFCD04000
|
heap
|
page read and write
|
||
|
23DFD959000
|
heap
|
page read and write
|
||
|
517000
|
unkown
|
page readonly
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
432F000
|
heap
|
page read and write
|
||
|
851000
|
heap
|
page read and write
|
||
|
7AA000
|
heap
|
page read and write
|
||
|
23DFDA7B000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
65D000
|
unkown
|
page read and write
|
||
|
24208644000
|
heap
|
page read and write
|
||
|
24207E58000
|
heap
|
page read and write
|
||
|
7EB000
|
heap
|
page read and write
|
||
|
3943000
|
direct allocation
|
page read and write
|
||
|
4B7000
|
unkown
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
25C4000
|
direct allocation
|
page read and write
|
||
|
1DE62655000
|
heap
|
page read and write
|
||
|
7FF668F4B000
|
unkown
|
page readonly
|
||
|
2458000
|
direct allocation
|
page read and write
|
||
|
7FF668F9A000
|
unkown
|
page write copy
|
||
|
23DFD900000
|
heap
|
page read and write
|
||
|
23DFD904000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
23DFD921000
|
heap
|
page read and write
|
||
|
7FE000
|
heap
|
page read and write
|
||
|
7D8000
|
heap
|
page read and write
|
||
|
53B198E000
|
stack
|
page read and write
|
||
|
24207ED1000
|
heap
|
page read and write
|
||
|
2253FA30000
|
heap
|
page read and write
|
||
|
2811000
|
direct allocation
|
page read and write
|
||
|
2253DD40000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
7FE42000
|
direct allocation
|
page read and write
|
||
|
DBF65FF000
|
stack
|
page read and write
|
||
|
23DFCD04000
|
heap
|
page read and write
|
||
|
23DFD91D000
|
heap
|
page read and write
|
||
|
21445EC7000
|
heap
|
page read and write
|
||
|
851000
|
heap
|
page read and write
|
||
|
2253DD7E000
|
heap
|
page read and write
|
||
|
6AC000
|
unkown
|
page readonly
|
||
|
7FE11000
|
direct allocation
|
page read and write
|
||
|
7A7000
|
heap
|
page read and write
|
||
|
237A000
|
direct allocation
|
page read and write
|
||
|
7FE3F000
|
direct allocation
|
page read and write
|
||
|
210FEA80000
|
heap
|
page read and write
|
||
|
23DFDA7A000
|
heap
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
24208756000
|
heap
|
page read and write
|
||
|
23DFD904000
|
heap
|
page read and write
|
||
|
39CE000
|
stack
|
page read and write
|
||
|
23DFD904000
|
heap
|
page read and write
|
||
|
2498000
|
direct allocation
|
page read and write
|
||
|
36B5000
|
direct allocation
|
page read and write
|
||
|
210FEA89000
|
heap
|
page read and write
|
||
|
23DFD8FD000
|
heap
|
page read and write
|
||
|
668000
|
unkown
|
page read and write
|
||
|
7A7000
|
heap
|
page read and write
|
||
|
61DE87D000
|
stack
|
page read and write
|
||
|
7FF600A70000
|
unkown
|
page readonly
|
||
|
25E29C60000
|
heap
|
page read and write
|
||
|
79D000
|
heap
|
page read and write
|
||
|
21445EC0000
|
heap
|
page read and write
|
||
|
24207F0A000
|
heap
|
page read and write
|
||
|
2530000
|
direct allocation
|
page read and write
|
||
|
A3F99EA000
|
stack
|
page read and write
|
||
|
36BB000
|
direct allocation
|
page read and write
|
||
|
2253DDD0000
|
heap
|
page read and write
|
||
|
7FE01000
|
direct allocation
|
page read and write
|
||
|
24207EE5000
|
heap
|
page read and write
|
||
|
3973000
|
direct allocation
|
page read and write
|
||
|
2542000
|
direct allocation
|
page read and write
|
||
|
24207E63000
|
heap
|
page read and write
|
||
|
4353000
|
heap
|
page read and write
|
||
|
210FECF5000
|
heap
|
page read and write
|
||
|
D85000
|
heap
|
page read and write
|
||
|
3A30000
|
direct allocation
|
page read and write
|
||
|
21447B83000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
23DFCF85000
|
heap
|
page read and write
|
||
|
2253FA6B000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
25E29D68000
|
heap
|
page read and write
|
||
|
1C8BE9A5000
|
heap
|
page read and write
|
||
|
618000
|
heap
|
page read and write
|
||
|
2388000
|
direct allocation
|
page read and write
|
||
|
7FE21000
|
direct allocation
|
page read and write
|
||
|
7FDCE000
|
direct allocation
|
page read and write
|
||
|
2364000
|
direct allocation
|
page read and write
|
||
|
23DFD92C000
|
heap
|
page read and write
|
||
|
CDE000
|
stack
|
page read and write
|
||
|
3650000
|
direct allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
7A1000
|
heap
|
page read and write
|
||
|
7D8000
|
heap
|
page read and write
|
||
|
7FF668FC8000
|
unkown
|
page readonly
|
||
|
8C4000
|
heap
|
page read and write
|
There are 756 hidden memdumps, click here to show them.