Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\nika.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\afCf.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with no line terminators
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
C:\Users\user\Desktop\file.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe
|
|
|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
|
C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
|
|
|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
|
|
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
"C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
/F
|
|
|
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
|
|
|
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76"
/P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
|
||
|
C:\Windows\SysWOW64\cacls.exe
|
CACLS "mnolyk.exe" /P "user:N"
|
||
|
C:\Windows\SysWOW64\cacls.exe
|
CACLS "mnolyk.exe" /P "user:R" /E
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
|
||
|
C:\Windows\SysWOW64\cacls.exe
|
CACLS "..\4b9a106e76" /P "user:N"
|
||
|
C:\Windows\SysWOW64\cacls.exe
|
CACLS "..\4b9a106e76" /P "user:R" /E
|
There are 14 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll
|
62.204.41.4
|
|
|
|
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll
|
62.204.41.4
|
|
|
|
62.204.41.4/Gol478Ns/index.php
|
|
||
|
http://62.204.41.4/Gol478Ns/index.php
|
62.204.41.4
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
62.204.41.4
|
unknown
|
United Kingdom
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
|
Startup
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features
|
TamperProtection
|
There are 3 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
D1A000
|
heap
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
6B0000
|
direct allocation
|
page read and write
|
|
|
|
981000
|
unkown
|
page execute read
|
|
|
|
660000
|
direct allocation
|
page execute and read and write
|
|
|
|
1361000
|
unkown
|
page execute read
|
|
|
|
981000
|
unkown
|
page execute read
|
|
|
|
981000
|
unkown
|
page execute read
|
|
|
|
981000
|
unkown
|
page execute read
|
|
|
|
981000
|
unkown
|
page execute read
|
|
|
|
981000
|
unkown
|
page execute read
|
|
|
|
CBA000
|
heap
|
page read and write
|
|
|
|
1361000
|
unkown
|
page execute read
|
|
|
|
981000
|
unkown
|
page execute read
|
|
|
|
981000
|
unkown
|
page execute read
|
|
|
|
981000
|
unkown
|
page execute read
|
|
|
|
CFA000
|
heap
|
page read and write
|
|
|
|
4A2A000
|
heap
|
page read and write
|
|
|
|
981000
|
unkown
|
page execute read
|
|
|
|
981000
|
unkown
|
page execute read
|
|
|
|
981000
|
unkown
|
page execute read
|
|
|
|
3070000
|
heap
|
page read and write
|
||
|
3789FFE000
|
stack
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
94C000
|
unkown
|
page readonly
|
||
|
268E000
|
stack
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
7FFC9D6B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
70B000
|
stack
|
page read and write
|
||
|
6A5000
|
heap
|
page read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
1D231A67000
|
heap
|
page read and write
|
||
|
9B8000
|
unkown
|
page write copy
|
||
|
47F000
|
stack
|
page read and write
|
||
|
F5E000
|
stack
|
page read and write
|
||
|
83A000
|
heap
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
2E4F000
|
stack
|
page read and write
|
||
|
2CE0000
|
heap
|
page execute and read and write
|
||
|
3570000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
51A0000
|
trusted library allocation
|
page read and write
|
||
|
787000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7FFC9D70C000
|
trusted library allocation
|
page execute and read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
37DE000
|
stack
|
page read and write
|
||
|
BDB000
|
stack
|
page read and write
|
||
|
4BC0000
|
trusted library allocation
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
15E0BE6E000
|
heap
|
page read and write
|
||
|
9BD000
|
unkown
|
page readonly
|
||
|
BAD000
|
stack
|
page read and write
|
||
|
15E0BE5A000
|
heap
|
page read and write
|
||
|
F8C06FD000
|
stack
|
page read and write
|
||
|
39FF000
|
stack
|
page read and write
|
||
|
1D231ACC000
|
heap
|
page read and write
|
||
|
2F3DBC29000
|
heap
|
page read and write
|
||
|
FA7000
|
heap
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
29717DB5000
|
heap
|
page read and write
|
||
|
7FFC9D7D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A9C000
|
stack
|
page read and write
|
||
|
129E000
|
stack
|
page read and write
|
||
|
36B1000
|
trusted library allocation
|
page read and write
|
||
|
7FFC9D760000
|
trusted library allocation
|
page read and write
|
||
|
308E000
|
stack
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
15E0BE41000
|
heap
|
page read and write
|
||
|
7FFC9D6D0000
|
trusted library allocation
|
page read and write
|
||
|
8C22FC000
|
stack
|
page read and write
|
||
|
439000
|
unkown
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
1948D1C0000
|
remote allocation
|
page read and write
|
||
|
15E0C602000
|
trusted library allocation
|
page read and write
|
||
|
63A617E000
|
stack
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
948000
|
unkown
|
page read and write
|
||
|
2690000
|
trusted library allocation
|
page read and write
|
||
|
D54000
|
heap
|
page read and write
|
||
|
197000
|
stack
|
page read and write
|
||
|
271F000
|
trusted library allocation
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page read and write
|
||
|
15E0BE74000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
7FF4D8BB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
9BD000
|
unkown
|
page readonly
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
4BAE000
|
stack
|
page read and write
|
||
|
146E000
|
stack
|
page read and write
|
||
|
8AF000
|
heap
|
page read and write
|
||
|
2727000
|
trusted library allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
2F3DBC02000
|
heap
|
page read and write
|
||
|
EEF000
|
stack
|
page read and write
|
||
|
8FB000
|
stack
|
page read and write
|
||
|
1D231A69000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
EBA000
|
unkown
|
page readonly
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
4FD000
|
stack
|
page read and write
|
||
|
1537AFE000
|
stack
|
page read and write
|
||
|
F21000
|
trusted library allocation
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
1948D0F0000
|
heap
|
page read and write
|
||
|
773000
|
trusted library allocation
|
page read and write
|
||
|
3DBC000
|
stack
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
5110000
|
trusted library allocation
|
page read and write
|
||
|
165A000
|
heap
|
page read and write
|
||
|
1D231A13000
|
heap
|
page read and write
|
||
|
1339000
|
stack
|
page read and write
|
||
|
EB8000
|
unkown
|
page read and write
|
||
|
FAC000
|
heap
|
page read and write
|
||
|
15E0BE40000
|
heap
|
page read and write
|
||
|
D16000
|
heap
|
page read and write
|
||
|
940000
|
unkown
|
page readonly
|
||
|
EB1000
|
unkown
|
page execute read
|
||
|
1D2318D0000
|
heap
|
page read and write
|
||
|
2F3DBC5B000
|
heap
|
page read and write
|
||
|
9AE000
|
unkown
|
page readonly
|
||
|
4B40000
|
trusted library allocation
|
page read and write
|
||
|
C4F000
|
stack
|
page read and write
|
||
|
30A2000
|
heap
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
37C0000
|
heap
|
page read and write
|
||
|
63A62FC000
|
stack
|
page read and write
|
||
|
37BE000
|
stack
|
page read and write
|
||
|
26F7000
|
trusted library allocation
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
15E0BE69000
|
heap
|
page read and write
|
||
|
713000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C2A000
|
heap
|
page read and write
|
||
|
142E000
|
stack
|
page read and write
|
||
|
D96000
|
heap
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
1495000
|
heap
|
page read and write
|
||
|
2F3DBC65000
|
heap
|
page read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
F28000
|
trusted library allocation
|
page read and write
|
||
|
2CDE000
|
stack
|
page read and write
|
||
|
1948D213000
|
heap
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
4B30000
|
trusted library allocation
|
page read and write
|
||
|
B38000
|
heap
|
page read and write
|
||
|
FC2000
|
heap
|
page read and write
|
||
|
26ED000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
1D8ACB70000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
43E000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
15E0BE59000
|
heap
|
page read and write
|
||
|
2732000
|
trusted library allocation
|
page read and write
|
||
|
4B59000
|
trusted library allocation
|
page read and write
|
||
|
50F0000
|
heap
|
page read and write
|
||
|
96E000
|
stack
|
page read and write
|
||
|
26F1000
|
trusted library allocation
|
page read and write
|
||
|
9BD000
|
unkown
|
page readonly
|
||
|
88B000
|
stack
|
page read and write
|
||
|
8C2000
|
heap
|
page read and write
|
||
|
64E000
|
stack
|
page read and write
|
||
|
9BD000
|
unkown
|
page readonly
|
||
|
71F000
|
stack
|
page read and write
|
||
|
1D231A29000
|
heap
|
page read and write
|
||
|
7FFC9D6DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
78A000
|
trusted library allocation
|
page execute and read and write
|
||
|
9B8000
|
unkown
|
page write copy
|
||
|
3A4F000
|
stack
|
page read and write
|
||
|
1D8AB415000
|
heap
|
page read and write
|
||
|
4B24000
|
trusted library allocation
|
page read and write
|
||
|
9BD000
|
unkown
|
page readonly
|
||
|
850000
|
heap
|
page read and write
|
||
|
75B000
|
stack
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
564000
|
unkown
|
page read and write
|
||
|
770000
|
trusted library allocation
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
8C217D000
|
stack
|
page read and write
|
||
|
2F3DC402000
|
trusted library allocation
|
page read and write
|
||
|
F22000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
8CC000
|
heap
|
page read and write
|
||
|
9BD000
|
unkown
|
page readonly
|
||
|
2DC1000
|
trusted library allocation
|
page read and write
|
||
|
274E000
|
trusted library allocation
|
page read and write
|
||
|
123C000
|
stack
|
page read and write
|
||
|
D78000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
63A627F000
|
stack
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
8CA000
|
heap
|
page read and write
|
||
|
F8C0DFE000
|
stack
|
page read and write
|
||
|
138E000
|
unkown
|
page readonly
|
||
|
3789EFE000
|
stack
|
page read and write
|
||
|
89D000
|
heap
|
page read and write
|
||
|
8C1DFE000
|
stack
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
EBA000
|
unkown
|
page readonly
|
||
|
124F000
|
stack
|
page read and write
|
||
|
9AE000
|
unkown
|
page readonly
|
||
|
15E0BE60000
|
heap
|
page read and write
|
||
|
1D231AC3000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
300E000
|
stack
|
page read and write
|
||
|
F6148FE000
|
stack
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
5179000
|
trusted library allocation
|
page read and write
|
||
|
3B3F000
|
stack
|
page read and write
|
||
|
C9F000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
714000
|
trusted library allocation
|
page read and write
|
||
|
2F3DC3C0000
|
trusted library allocation
|
page read and write
|
||
|
1688000
|
heap
|
page read and write
|
||
|
2708000
|
trusted library allocation
|
page read and write
|
||
|
63A667F000
|
stack
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
800000
|
heap
|
page read and write
|
||
|
F30000
|
trusted library allocation
|
page read and write
|
||
|
5CC000
|
stack
|
page read and write
|
||
|
9B8000
|
unkown
|
page read and write
|
||
|
5210000
|
trusted library allocation
|
page read and write
|
||
|
430000
|
unkown
|
page write copy
|
||
|
304F000
|
stack
|
page read and write
|
||
|
6D0D6000
|
unkown
|
page read and write
|
||
|
2710000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
12DC7000
|
trusted library allocation
|
page read and write
|
||
|
15E0BE73000
|
heap
|
page read and write
|
||
|
820000
|
trusted library allocation
|
page execute and read and write
|
||
|
51C0000
|
trusted library allocation
|
page read and write
|
||
|
4EE000
|
stack
|
page read and write
|
||
|
4D49000
|
heap
|
page read and write
|
||
|
9BD000
|
unkown
|
page readonly
|
||
|
63A63FD000
|
stack
|
page read and write
|
||
|
ADC000
|
stack
|
page read and write
|
||
|
16B6000
|
heap
|
page read and write
|
||
|
5100000
|
trusted library allocation
|
page read and write
|
||
|
26E9000
|
trusted library allocation
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
307A000
|
heap
|
page read and write
|
||
|
F40000
|
trusted library allocation
|
page read and write
|
||
|
94A000
|
unkown
|
page readonly
|
||
|
C58000
|
heap
|
page read and write
|
||
|
F8C04FB000
|
stack
|
page read and write
|
||
|
9AE000
|
unkown
|
page readonly
|
||
|
12DC1000
|
trusted library allocation
|
page read and write
|
||
|
EBC000
|
unkown
|
page readonly
|
||
|
2F3DBC13000
|
heap
|
page read and write
|
||
|
5170000
|
trusted library allocation
|
page read and write
|
||
|
F6145DC000
|
stack
|
page read and write
|
||
|
2721000
|
trusted library allocation
|
page read and write
|
||
|
76E000
|
stack
|
page read and write
|
||
|
2729000
|
trusted library allocation
|
page read and write
|
||
|
8D2000
|
heap
|
page read and write
|
||
|
9B8000
|
unkown
|
page write copy
|
||
|
FF4000
|
heap
|
page read and write
|
||
|
D4C000
|
heap
|
page read and write
|
||
|
15E0BE00000
|
heap
|
page read and write
|
||
|
4B70000
|
trusted library allocation
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
4AFD000
|
trusted library allocation
|
page read and write
|
||
|
1D232402000
|
heap
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
318B000
|
stack
|
page read and write
|
||
|
2BBF000
|
stack
|
page read and write
|
||
|
F8C05FD000
|
stack
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
15E0BE5F000
|
heap
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
139D000
|
unkown
|
page readonly
|
||
|
15E0BE42000
|
heap
|
page read and write
|
||
|
948000
|
unkown
|
page write copy
|
||
|
11D000
|
stack
|
page read and write
|
||
|
EBC000
|
unkown
|
page readonly
|
||
|
2755000
|
trusted library allocation
|
page read and write
|
||
|
63A647C000
|
stack
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
3B7E000
|
stack
|
page read and write
|
||
|
1D8AAF50000
|
heap
|
page read and write
|
||
|
4B30000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
2C5C000
|
stack
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
9B8000
|
unkown
|
page read and write
|
||
|
CAE000
|
stack
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
C7D000
|
stack
|
page read and write
|
||
|
4FB000
|
stack
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
12DC9000
|
trusted library allocation
|
page read and write
|
||
|
73B000
|
stack
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
B4E000
|
stack
|
page read and write
|
||
|
5160000
|
trusted library allocation
|
page read and write
|
||
|
270A000
|
trusted library allocation
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
79B000
|
trusted library allocation
|
page execute and read and write
|
||
|
FEE000
|
heap
|
page read and write
|
||
|
2C9E000
|
stack
|
page read and write
|
||
|
FAF000
|
heap
|
page read and write
|
||
|
52F000
|
stack
|
page read and write
|
||
|
312F000
|
stack
|
page read and write
|
||
|
1D8AAFC0000
|
heap
|
page read and write
|
||
|
1948D240000
|
heap
|
page read and write
|
||
|
378992B000
|
stack
|
page read and write
|
||
|
9AE000
|
unkown
|
page readonly
|
||
|
6CC000
|
stack
|
page read and write
|
||
|
51E0000
|
trusted library allocation
|
page read and write
|
||
|
153779C000
|
stack
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
D53000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
D4A000
|
heap
|
page read and write
|
||
|
F8C0CFE000
|
stack
|
page read and write
|
||
|
9BD000
|
unkown
|
page readonly
|
||
|
F40000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
FA6000
|
heap
|
page read and write
|
||
|
15E0BC80000
|
heap
|
page read and write
|
||
|
F30000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
1948D1C0000
|
remote allocation
|
page read and write
|
||
|
5215000
|
trusted library allocation
|
page read and write
|
||
|
9AE000
|
unkown
|
page readonly
|
||
|
2224000
|
trusted library allocation
|
page read and write
|
||
|
2240000
|
heap
|
page execute and read and write
|
||
|
F50000
|
trusted library allocation
|
page read and write
|
||
|
36D9000
|
trusted library allocation
|
page read and write
|
||
|
239F000
|
stack
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
AD6000
|
unkown
|
page readonly
|
||
|
4B50000
|
trusted library allocation
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
4F49000
|
heap
|
page read and write
|
||
|
15E0BF02000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
6D0D8000
|
unkown
|
page readonly
|
||
|
32CC000
|
stack
|
page read and write
|
||
|
3A3E000
|
stack
|
page read and write
|
||
|
7FFC9D6C0000
|
trusted library allocation
|
page read and write
|
||
|
63A5FFC000
|
stack
|
page read and write
|
||
|
15E0BE7C000
|
heap
|
page read and write
|
||
|
940000
|
unkown
|
page readonly
|
||
|
1948D302000
|
heap
|
page read and write
|
||
|
96E000
|
stack
|
page read and write
|
||
|
29717A7B000
|
heap
|
page read and write
|
||
|
272B000
|
trusted library allocation
|
page read and write
|
||
|
15E0BE55000
|
heap
|
page read and write
|
||
|
BAF000
|
stack
|
page read and write
|
||
|
26B1000
|
trusted library allocation
|
page read and write
|
||
|
F8C00AC000
|
stack
|
page read and write
|
||
|
FB4000
|
heap
|
page read and write
|
||
|
63A677D000
|
stack
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
15E0BE22000
|
heap
|
page read and write
|
||
|
F30000
|
trusted library allocation
|
page read and write
|
||
|
2220000
|
trusted library allocation
|
page read and write
|
||
|
568000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
1948D160000
|
heap
|
page read and write
|
||
|
C5F000
|
stack
|
page read and write
|
||
|
1D231A00000
|
heap
|
page read and write
|
||
|
F8C000
|
heap
|
page read and write
|
||
|
7FFC9D6CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
FB7000
|
heap
|
page read and write
|
||
|
16C0000
|
heap
|
page read and write
|
||
|
6D0C1000
|
unkown
|
page execute read
|
||
|
D78000
|
heap
|
page read and write
|
||
|
15E0BE67000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
567000
|
unkown
|
page readonly
|
||
|
3C7F000
|
stack
|
page read and write
|
||
|
15E0BE3C000
|
heap
|
page read and write
|
||
|
F8C08FD000
|
stack
|
page read and write
|
||
|
6FC000
|
stack
|
page read and write
|
||
|
D68000
|
heap
|
page read and write
|
||
|
12A5000
|
heap
|
page read and write
|
||
|
1398000
|
unkown
|
page write copy
|
||
|
4B80000
|
trusted library allocation
|
page read and write
|
||
|
4BD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFC9D6BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
29717C60000
|
heap
|
page read and write
|
||
|
15E0BE61000
|
heap
|
page read and write
|
||
|
ED7000
|
heap
|
page read and write
|
||
|
9AE000
|
unkown
|
page readonly
|
||
|
15E0BE4E000
|
heap
|
page read and write
|
||
|
F30000
|
trusted library allocation
|
page read and write
|
||
|
C6F000
|
stack
|
page read and write
|
||
|
9AE000
|
unkown
|
page readonly
|
||
|
15E0BE3A000
|
heap
|
page read and write
|
||
|
2226000
|
trusted library allocation
|
page read and write
|
||
|
8C1FFD000
|
stack
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
5140000
|
trusted library allocation
|
page read and write
|
||
|
2F3DBC6E000
|
heap
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
EB0000
|
unkown
|
page readonly
|
||
|
2F3DBC00000
|
heap
|
page read and write
|
||
|
5190000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
unkown
|
page readonly
|
||
|
9AE000
|
unkown
|
page readonly
|
||
|
77F000
|
stack
|
page read and write
|
||
|
2742000
|
trusted library allocation
|
page read and write
|
||
|
2220000
|
trusted library allocation
|
page read and write
|
||
|
47AE000
|
stack
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
15E0BE13000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
1948D202000
|
heap
|
page read and write
|
||
|
2F3DBD13000
|
heap
|
page read and write
|
||
|
78C000
|
stack
|
page read and write
|
||
|
9BD000
|
unkown
|
page readonly
|
||
|
F8C0AFE000
|
stack
|
page read and write
|
||
|
888000
|
heap
|
page read and write
|
||
|
2440000
|
heap
|
page read and write
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
139D000
|
unkown
|
page readonly
|
||
|
C50000
|
heap
|
page read and write
|
||
|
63A657D000
|
stack
|
page read and write
|
||
|
8C1D7E000
|
stack
|
page read and write
|
||
|
1D8AB050000
|
heap
|
page read and write
|
||
|
1D8AB410000
|
heap
|
page read and write
|
||
|
36B5000
|
trusted library allocation
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
3097000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
50F0000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
15E0BCE0000
|
heap
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
4B60000
|
trusted library allocation
|
page read and write
|
||
|
33C000
|
stack
|
page read and write
|
||
|
806000
|
heap
|
page read and write
|
||
|
2F3DBB20000
|
heap
|
page read and write
|
||
|
274C000
|
trusted library allocation
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
426000
|
unkown
|
page execute and read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
7D0000
|
trusted library section
|
page read and write
|
||
|
309D000
|
heap
|
page read and write
|
||
|
1D231A43000
|
heap
|
page read and write
|
||
|
1D231A70000
|
heap
|
page read and write
|
||
|
378A0FE000
|
stack
|
page read and write
|
||
|
29717DB0000
|
heap
|
page read and write
|
||
|
FC5000
|
heap
|
page read and write
|
||
|
2F3DBC58000
|
heap
|
page read and write
|
||
|
567000
|
unkown
|
page readonly
|
||
|
1D231A8A000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
9B8000
|
unkown
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
51B0000
|
trusted library allocation
|
page read and write
|
||
|
1D232532000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
9B8000
|
unkown
|
page read and write
|
||
|
15E0BE58000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
2723000
|
trusted library allocation
|
page read and write
|
||
|
15E0BE64000
|
heap
|
page read and write
|
||
|
42F000
|
unkown
|
page execute and read and write
|
||
|
1B33D000
|
stack
|
page read and write
|
||
|
270E000
|
trusted library allocation
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
52EF000
|
stack
|
page read and write
|
||
|
797000
|
trusted library allocation
|
page execute and read and write
|
||
|
94C000
|
unkown
|
page readonly
|
||
|
F9E000
|
stack
|
page read and write
|
||
|
BCF000
|
stack
|
page read and write
|
||
|
6D0C0000
|
unkown
|
page readonly
|
||
|
ACF000
|
stack
|
page read and write
|
||
|
877000
|
heap
|
page read and write
|
||
|
7C0000
|
trusted library allocation
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
1D231B02000
|
heap
|
page read and write
|
||
|
15E0BE79000
|
heap
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
9AE000
|
unkown
|
page readonly
|
||
|
F22000
|
trusted library allocation
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
38FE000
|
stack
|
page read and write
|
||
|
5220000
|
trusted library allocation
|
page read and write
|
||
|
1D231AE2000
|
heap
|
page read and write
|
||
|
9BD000
|
unkown
|
page readonly
|
||
|
41A000
|
unkown
|
page write copy
|
||
|
2250000
|
trusted library allocation
|
page read and write
|
||
|
ACF000
|
stack
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
9B8000
|
unkown
|
page write copy
|
||
|
9AE000
|
unkown
|
page readonly
|
||
|
1398000
|
unkown
|
page read and write
|
||
|
1D231930000
|
heap
|
page read and write
|
||
|
1D8AB059000
|
heap
|
page read and write
|
||
|
889000
|
heap
|
page read and write
|
||
|
F00000
|
trusted library allocation
|
page read and write
|
||
|
29717C40000
|
heap
|
page read and write
|
||
|
2BDB000
|
stack
|
page read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
2D1A000
|
heap
|
page read and write
|
||
|
5150000
|
trusted library allocation
|
page read and write
|
||
|
139E000
|
stack
|
page read and write
|
||
|
274A000
|
trusted library allocation
|
page read and write
|
||
|
AD2000
|
unkown
|
page readonly
|
||
|
2740000
|
trusted library allocation
|
page read and write
|
||
|
7FFC9D6B4000
|
trusted library allocation
|
page read and write
|
||
|
1B800000
|
heap
|
page execute and read and write
|
||
|
EB1000
|
unkown
|
page execute read
|
||
|
2714000
|
trusted library allocation
|
page read and write
|
||
|
8CA000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
63A687E000
|
stack
|
page read and write
|
||
|
5180000
|
trusted library allocation
|
page read and write
|
||
|
11DF000
|
stack
|
page read and write
|
||
|
2F3DBC75000
|
heap
|
page read and write
|
||
|
E7E000
|
stack
|
page read and write
|
||
|
3094000
|
heap
|
page read and write
|
||
|
CF7000
|
heap
|
page read and write
|
||
|
D67000
|
heap
|
page read and write
|
||
|
15E0BE47000
|
heap
|
page read and write
|
||
|
15E0BE6A000
|
heap
|
page read and write
|
||
|
1948DC02000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
31CE000
|
stack
|
page read and write
|
||
|
2746000
|
trusted library allocation
|
page read and write
|
||
|
15E0BDE0000
|
trusted library allocation
|
page read and write
|
||
|
2725000
|
trusted library allocation
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
1948D100000
|
heap
|
page read and write
|
||
|
2744000
|
trusted library allocation
|
page read and write
|
||
|
CEF000
|
stack
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
B0000
|
heap
|
page read and write
|
||
|
F8C0BFE000
|
stack
|
page read and write
|
||
|
254F000
|
stack
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
26EB000
|
trusted library allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
EF6000
|
stack
|
page read and write
|
||
|
15E0BE5C000
|
heap
|
page read and write
|
||
|
9AE000
|
unkown
|
page readonly
|
||
|
800000
|
heap
|
page read and write
|
||
|
F60000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
272D000
|
trusted library allocation
|
page read and write
|
||
|
1948D25C000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
2250000
|
trusted library allocation
|
page read and write
|
||
|
71D000
|
stack
|
page read and write
|
||
|
36BE000
|
stack
|
page read and write
|
||
|
1948D190000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
unkown
|
page readonly
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
26F3000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
9B8000
|
unkown
|
page read and write
|
||
|
700000
|
trusted library allocation
|
page read and write
|
||
|
12DC3000
|
trusted library allocation
|
page read and write
|
||
|
4BE0000
|
heap
|
page execute and read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
37899AE000
|
stack
|
page read and write
|
||
|
7FFC9D796000
|
trusted library allocation
|
page execute and read and write
|
||
|
3EE000
|
stack
|
page read and write
|
||
|
15E0BE57000
|
heap
|
page read and write
|
||
|
3789DFE000
|
stack
|
page read and write
|
||
|
15E0BC70000
|
heap
|
page read and write
|
||
|
5FB000
|
stack
|
page read and write
|
||
|
7FFC9D770000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
1D2318C0000
|
heap
|
page read and write
|
||
|
2270000
|
trusted library section
|
page read and write
|
||
|
26DC000
|
trusted library allocation
|
page read and write
|
||
|
26EF000
|
trusted library allocation
|
page read and write
|
||
|
D6E000
|
heap
|
page read and write
|
||
|
857000
|
heap
|
page execute and read and write
|
||
|
29719700000
|
heap
|
page read and write
|
||
|
6D0CF000
|
unkown
|
page readonly
|
||
|
F11000
|
trusted library allocation
|
page read and write
|
||
|
F8C09FE000
|
stack
|
page read and write
|
||
|
2719000
|
trusted library allocation
|
page read and write
|
||
|
4BA0000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
1350000
|
heap
|
page read and write
|
||
|
9B8000
|
unkown
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
F14000
|
trusted library allocation
|
page read and write
|
||
|
2210000
|
trusted library allocation
|
page read and write
|
||
|
1570000
|
heap
|
page read and write
|
||
|
79F000
|
stack
|
page read and write
|
||
|
38DF000
|
stack
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
63A5BFB000
|
stack
|
page read and write
|
||
|
9BD000
|
unkown
|
page readonly
|
||
|
53EF000
|
stack
|
page read and write
|
||
|
7FFC9D6C2000
|
trusted library allocation
|
page read and write
|
||
|
1D231B13000
|
heap
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
4B90000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
unkown
|
page readonly
|
||
|
15C000
|
stack
|
page read and write
|
||
|
4B6E000
|
stack
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
15E0BE6C000
|
heap
|
page read and write
|
||
|
8B3000
|
heap
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
2706000
|
trusted library allocation
|
page read and write
|
||
|
2FD000
|
stack
|
page read and write
|
||
|
1DC000
|
stack
|
page read and write
|
||
|
2F3DBC41000
|
heap
|
page read and write
|
||
|
15E0BE62000
|
heap
|
page read and write
|
||
|
272F000
|
trusted library allocation
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
EB8000
|
unkown
|
page write copy
|
||
|
15E0BE78000
|
heap
|
page read and write
|
||
|
1948D229000
|
heap
|
page read and write
|
||
|
15E0BE31000
|
heap
|
page read and write
|
||
|
1682000
|
heap
|
page read and write
|
||
|
F21000
|
trusted library allocation
|
page read and write
|
||
|
EFB000
|
stack
|
page read and write
|
||
|
220E000
|
stack
|
page read and write
|
||
|
8C2000
|
heap
|
page read and write
|
||
|
5240000
|
trusted library allocation
|
page read and write
|
||
|
15E0BE5E000
|
heap
|
page read and write
|
||
|
F61487F000
|
stack
|
page read and write
|
||
|
2B9D000
|
stack
|
page read and write
|
||
|
1948D200000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
5130000
|
trusted library allocation
|
page read and write
|
||
|
941000
|
unkown
|
page execute read
|
||
|
302E000
|
stack
|
page read and write
|
||
|
1D231960000
|
trusted library allocation
|
page read and write
|
||
|
26E1000
|
trusted library allocation
|
page read and write
|
||
|
2F3DBD02000
|
heap
|
page read and write
|
||
|
2F3DBAC0000
|
heap
|
page read and write
|
||
|
857000
|
heap
|
page read and write
|
||
|
1D8AAFE0000
|
heap
|
page read and write
|
||
|
15E0BE7A000
|
heap
|
page read and write
|
||
|
2748000
|
trusted library allocation
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
15E0BE83000
|
heap
|
page read and write
|
||
|
2712000
|
trusted library allocation
|
page read and write
|
||
|
B4E000
|
stack
|
page read and write
|
||
|
264F000
|
stack
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
2F3DBAB0000
|
heap
|
page read and write
|
||
|
2230000
|
trusted library allocation
|
page read and write
|
||
|
20D0000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
354E000
|
stack
|
page read and write
|
||
|
15E0BE24000
|
heap
|
page read and write
|
||
|
8C207F000
|
stack
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
1537A7E000
|
stack
|
page read and write
|
||
|
3CBE000
|
stack
|
page read and write
|
||
|
88A000
|
heap
|
page read and write
|
||
|
2CBE000
|
stack
|
page read and write
|
||
|
15E0BE56000
|
heap
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
1910000
|
heap
|
page read and write
|
||
|
4D86000
|
heap
|
page read and write
|
||
|
297179F0000
|
heap
|
page read and write
|
||
|
9B8000
|
unkown
|
page write copy
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
8C18AB000
|
stack
|
page read and write
|
||
|
270C000
|
trusted library allocation
|
page read and write
|
||
|
29717A70000
|
heap
|
page read and write
|
||
|
138E000
|
unkown
|
page readonly
|
||
|
394E000
|
stack
|
page read and write
|
||
|
9B8000
|
unkown
|
page write copy
|
||
|
94A000
|
unkown
|
page readonly
|
||
|
A5D000
|
stack
|
page read and write
|
||
|
1D232500000
|
heap
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
367F000
|
stack
|
page read and write
|
||
|
7FFC9D852000
|
trusted library allocation
|
page read and write
|
||
|
3789C7E000
|
stack
|
page read and write
|
||
|
F30000
|
trusted library allocation
|
page read and write
|
||
|
710000
|
trusted library allocation
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
8CA000
|
heap
|
page read and write
|
||
|
1D231ABB000
|
heap
|
page read and write
|
||
|
9AE000
|
unkown
|
page readonly
|
||
|
417000
|
unkown
|
page execute read
|
||
|
15E0BE63000
|
heap
|
page read and write
|
||
|
1650000
|
heap
|
page read and write
|
||
|
15E0BE7D000
|
heap
|
page read and write
|
||
|
26F5000
|
trusted library allocation
|
page read and write
|
||
|
1948D1C0000
|
remote allocation
|
page read and write
|
||
|
941000
|
unkown
|
page execute read
|
||
|
71D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
9BD000
|
unkown
|
page readonly
|
||
|
980000
|
unkown
|
page readonly
|
There are 709 hidden memdumps, click here to show them.