Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
05#U7248.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\Public\Music\05#U7248.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Music\05#U7248.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\40C9AF57-D49E-46F0-BAA8-A9E834DB8605
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\05.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue May 24 17:18:00
2022, mtime=Tue May 24 17:18:03 2022, atime=Tue May 24 17:18:00 2022, length=1786211, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\Desktop\05#U7248.pptx
|
Microsoft PowerPoint 2007+
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\05#U7248.exe
|
"C:\Users\user\Desktop\05#U7248.exe"
|
|
|
|
C:\Users\Public\Music\05#U7248.exe
|
C:\Users\Public\Music\05#U7248.exe
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c del C:\Users\user\Desktop\05#U7248.exe > nul
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE
|
C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE" "C:\Users\user\Desktop\05#U7248.pptx" /ou "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://service-ep07djah-1306669097.bj.apigw.tencentcs.com:443/bootstrap-2.min.js
|
|
||
|
https://api.diagnosticssdf.office.com
|
unknown
|
||
|
https://login.microsoftonline.com/
|
unknown
|
||
|
https://shell.suite.office.com:1443
|
unknown
|
||
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
||
|
http://rs.qbox.me/chtype/RGJhay9jaGRiOnFpbml1LnBuZw==/type/1
|
unknown
|
||
|
https://autodiscover-s.outlook.com/
|
unknown
|
||
|
https://roaming.edog.
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
|
https://cdn.entity.
|
unknown
|
||
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
||
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
|
https://powerlift.acompli.net
|
unknown
|
||
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
|
http://api.qiniu.com
|
unknown
|
||
|
https://cortana.ai
|
unknown
|
||
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
http://rs.qbox.mehttp://rsf.qbox.mehttp://api.qiniu.comhttp://fusion.qiniuapi.comhttp://uc.qbox.meht
|
unknown
|
||
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
||
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
||
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
||
|
https://api.aadrm.com/
|
unknown
|
||
|
http://rs.qbox.me/chtype/RGJhay9jaGRiOnFpbml1LnBuZw==/type/1da
|
unknown
|
||
|
https://curl.se/docs/hsts.html
|
unknown
|
||
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
||
|
https://service-ep07djah-1306669097.bj.apigw.tencentcs.com/bootstrap-2.min.js
|
unknown
|
||
|
https://service-ep07djah-1306669097.bj.apigw.tencentcs.com/bootstrap-2.min.js0
|
unknown
|
||
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
|
https://api.microsoftstream.com/api/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
||
|
https://cr.office.com
|
unknown
|
||
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
||
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
||
|
https://graph.ppe.windows.net
|
unknown
|
||
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
||
|
https://tasks.office.com
|
unknown
|
||
|
https://officeci.azurewebsites.net/api/
|
unknown
|
||
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
||
|
http://upload.qiniup.com
|
unknown
|
||
|
http://rs.qbox.me/chtype/RGJhay9jaGRiOnFpbml1LnBuZw==/type/1_PM
|
unknown
|
||
|
https://store.office.cn/addinstemplate
|
unknown
|
||
|
https://api.aadrm.com
|
unknown
|
||
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
||
|
https://globaldisco.crm.dynamics.com
|
unknown
|
||
|
https://messaging.engagement.office.com/
|
unknown
|
||
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
||
|
https://www.odwebp.svc.ms
|
unknown
|
||
|
https://api.diagnosticssdf.office.com/v2/feedback
|
unknown
|
||
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
||
|
https://web.microsoftstream.com/video/
|
unknown
|
||
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
|
https://curl.se/docs/alt-svc.html
|
unknown
|
||
|
https://service-ep07djah-1306669097.bj.apigw.tencentcs.com/bootstrap-2.min.js.com
|
unknown
|
||
|
https://graph.windows.net
|
unknown
|
||
|
https://dataservice.o365filtering.com/
|
unknown
|
||
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
||
|
https://service-ep07djah-1306669097.bj.apigw.tencentcs.com/bootstrap-2.min.jsX
|
unknown
|
||
|
https://analysis.windows.net/powerbi/api
|
unknown
|
||
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
||
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
||
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
||
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
|
https://ncus.contentsync.
|
unknown
|
||
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
||
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
|
http://weather.service.msn.com/data.aspx
|
unknown
|
||
|
https://apis.live.net/v5.0/
|
unknown
|
||
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
||
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
|
https://management.azure.com
|
unknown
|
||
|
https://outlook.office365.com
|
unknown
|
||
|
https://wus2.contentsync.
|
unknown
|
||
|
https://incidents.diagnostics.office.com
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
||
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
||
|
http://iovip.qbox.me
|
unknown
|
||
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
|
https://api.office.net
|
unknown
|
||
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
||
|
http://fusion.qiniuapi.com
|
unknown
|
||
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
|
https://entitlement.diagnostics.office.com
|
unknown
|
||
|
https://service-ep07djah-1306669097.bj.apigw.tencentcs.com/xN
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
||
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
||
|
https://outlook.office.com/
|
unknown
|
||
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
||
|
https://outlook.office365.com/
|
unknown
|
||
|
https://webshell.suite.office.com
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
||
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
service-ep07djah-1306669097.bj.apigw.tencentcs.com
|
unknown
|
|
|
|
1-1.bj.apigwtencent.com
|
140.143.115.153
|
||
|
kodo-elb-z0.qbox.me
|
115.231.97.60
|
||
|
rs.qbox.me
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
115.231.97.60
|
kodo-elb-z0.qbox.me
|
China
|
||
|
180.101.136.19
|
unknown
|
China
|
||
|
140.143.115.153
|
1-1.bj.apigwtencent.com
|
China
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
PPTFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} {0000013A-0000-0000-C000-000000000046} 0xFFFF
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\f0\52C64B7E
|
@C:\Program Files\Common Files\Microsoft Shared\Office16\oregres.dll,-204
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\Resiliency\StartupItems
|
;t:
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\Resiliency\StartupItems
|
<t:
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\options
|
DesktopBootGuid
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\Resiliency\DocumentRecovery\27EBC
|
27EBC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\options
|
AppMaximized
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\options
|
Top
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\options
|
Left
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\options
|
Bottom
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\options
|
Right
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\Resiliency\StartupItems
|
x:
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\Resiliency\DocumentRecovery\28312
|
28312
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\Place MRU\Change
|
ChangeId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru\Change
|
ChangeId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\Place MRU
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 21
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
PPTFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\Resiliency\DocumentRecovery\27EBC
|
27EBC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\Resiliency\DocumentRecovery\28312
|
28312
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
CacheReady
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
LastRequest
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
CacheReady
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
LastUpdate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ServicesManagerCache\ServicesCatalog
|
NextUpdate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\Place MRU\Change
|
ChangeId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\PowerPoint\file mru\Change
|
ChangeId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
There are 65 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2BB3F020000
|
direct allocation
|
page execute and read and write
|
|
|
|
2BB3EE32000
|
heap
|
page read and write
|
|
|
|
2BB3EE33000
|
heap
|
page read and write
|
|
|
|
CE7937F000
|
stack
|
page read and write
|
||
|
21925C80000
|
trusted library allocation
|
page read and write
|
||
|
200FBB40000
|
heap
|
page read and write
|
||
|
2A947420000
|
heap
|
page read and write
|
||
|
228CACD0000
|
heap
|
page read and write
|
||
|
2A946713000
|
heap
|
page read and write
|
||
|
200FB9D0000
|
heap
|
page read and write
|
||
|
2584D05F000
|
heap
|
page read and write
|
||
|
21F5EFE000
|
stack
|
page read and write
|
||
|
27013C41000
|
heap
|
page read and write
|
||
|
B58A6FD000
|
stack
|
page read and write
|
||
|
7FF7E2641000
|
unkown
|
page readonly
|
||
|
1B8EEDC0000
|
heap
|
page read and write
|
||
|
4FA197D000
|
stack
|
page read and write
|
||
|
CE790FB000
|
stack
|
page read and write
|
||
|
1A69272B000
|
heap
|
page read and write
|
||
|
7FF7E23C0000
|
unkown
|
page readonly
|
||
|
1F8D4F02000
|
heap
|
page read and write
|
||
|
2A9466AF000
|
heap
|
page read and write
|
||
|
21925700000
|
heap
|
page read and write
|
||
|
2A947402000
|
heap
|
page read and write
|
||
|
200FBB65000
|
heap
|
page read and write
|
||
|
1CDB4E02000
|
heap
|
page read and write
|
||
|
200FBB73000
|
heap
|
page read and write
|
||
|
1CDB9C40000
|
trusted library allocation
|
page read and write
|
||
|
2A946F77000
|
heap
|
page read and write
|
||
|
1A692795000
|
heap
|
page read and write
|
||
|
1CDB5501000
|
trusted library allocation
|
page read and write
|
||
|
228CAD70000
|
trusted library allocation
|
page read and write
|
||
|
2A946F7D000
|
heap
|
page read and write
|
||
|
21F65FE000
|
stack
|
page read and write
|
||
|
2A946F96000
|
heap
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
2A946F66000
|
heap
|
page read and write
|
||
|
1F8D4E5C000
|
heap
|
page read and write
|
||
|
25F4865A000
|
heap
|
page read and write
|
||
|
1A69271D000
|
heap
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
200FBB73000
|
heap
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
228CAE4F000
|
heap
|
page read and write
|
||
|
C63737D000
|
stack
|
page read and write
|
||
|
25F48660000
|
heap
|
page read and write
|
||
|
1A69274B000
|
heap
|
page read and write
|
||
|
7FF778371000
|
unkown
|
page execute read
|
||
|
27013C26000
|
heap
|
page read and write
|
||
|
2A946636000
|
heap
|
page read and write
|
||
|
2584D100000
|
heap
|
page read and write
|
||
|
7FF7785E8000
|
unkown
|
page read and write
|
||
|
2584D090000
|
heap
|
page read and write
|
||
|
2A9464C0000
|
heap
|
page read and write
|
||
|
2BB3EE36000
|
heap
|
page read and write
|
||
|
1A6927D0000
|
heap
|
page read and write
|
||
|
27013C59000
|
heap
|
page read and write
|
||
|
2A946F69000
|
heap
|
page read and write
|
||
|
7FF7785E8000
|
unkown
|
page write copy
|
||
|
1A692789000
|
heap
|
page read and write
|
||
|
7FF7E2641000
|
unkown
|
page readonly
|
||
|
20A62689000
|
heap
|
page read and write
|
||
|
1F8D4E40000
|
heap
|
page read and write
|
||
|
1CDB463F000
|
heap
|
page read and write
|
||
|
1A6926F7000
|
heap
|
page read and write
|
||
|
2584D089000
|
heap
|
page read and write
|
||
|
2A946FA4000
|
heap
|
page read and write
|
||
|
7FF7E23C1000
|
unkown
|
page execute read
|
||
|
2A946F7D000
|
heap
|
page read and write
|
||
|
970D98E000
|
stack
|
page read and write
|
||
|
2BB3EFD0000
|
heap
|
page read and write
|
||
|
2A9466C2000
|
heap
|
page read and write
|
||
|
1A692772000
|
heap
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
1A69277C000
|
heap
|
page read and write
|
||
|
20A62560000
|
trusted library allocation
|
page read and write
|
||
|
25F48E02000
|
trusted library allocation
|
page read and write
|
||
|
21F62FF000
|
stack
|
page read and write
|
||
|
3BAD3FB000
|
stack
|
page read and write
|
||
|
3BADBFE000
|
stack
|
page read and write
|
||
|
1A692784000
|
heap
|
page read and write
|
||
|
1F8D4E13000
|
heap
|
page read and write
|
||
|
2A946F00000
|
heap
|
page read and write
|
||
|
2A946F8A000
|
heap
|
page read and write
|
||
|
2A946670000
|
heap
|
page read and write
|
||
|
C2179FE000
|
stack
|
page read and write
|
||
|
2A94663C000
|
heap
|
page read and write
|
||
|
1F8D4CA0000
|
heap
|
page read and write
|
||
|
1CDB4600000
|
heap
|
page read and write
|
||
|
1A692764000
|
heap
|
page read and write
|
||
|
27013C7C000
|
heap
|
page read and write
|
||
|
2A9466EC000
|
heap
|
page read and write
|
||
|
20A62713000
|
heap
|
page read and write
|
||
|
27013C67000
|
heap
|
page read and write
|
||
|
21925713000
|
heap
|
page read and write
|
||
|
A3CECFB000
|
stack
|
page read and write
|
||
|
200FBB87000
|
heap
|
page read and write
|
||
|
1A692758000
|
heap
|
page read and write
|
||
|
A3CEF7E000
|
stack
|
page read and write
|
||
|
1A692733000
|
heap
|
page read and write
|
||
|
2A946654000
|
heap
|
page read and write
|
||
|
27013C7E000
|
heap
|
page read and write
|
||
|
A3CEAFE000
|
stack
|
page read and write
|
||
|
1A692732000
|
heap
|
page read and write
|
||
|
3BAD87E000
|
stack
|
page read and write
|
||
|
CE791F7000
|
stack
|
page read and write
|
||
|
2192564B000
|
heap
|
page read and write
|
||
|
2A9466EB000
|
heap
|
page read and write
|
||
|
2A946F77000
|
heap
|
page read and write
|
||
|
9020EF9000
|
stack
|
page read and write
|
||
|
970DDFE000
|
stack
|
page read and write
|
||
|
27013C75000
|
heap
|
page read and write
|
||
|
7FF7E2598000
|
unkown
|
page readonly
|
||
|
73D9CFF000
|
stack
|
page read and write
|
||
|
1A69270E000
|
heap
|
page read and write
|
||
|
4516EDB000
|
stack
|
page read and write
|
||
|
228CAF00000
|
heap
|
page read and write
|
||
|
2A946FA4000
|
heap
|
page read and write
|
||
|
A3CEBFC000
|
stack
|
page read and write
|
||
|
9020B9E000
|
stack
|
page read and write
|
||
|
27013C70000
|
heap
|
page read and write
|
||
|
2A946F72000
|
heap
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
1B8EEE13000
|
heap
|
page read and write
|
||
|
27014402000
|
trusted library allocation
|
page read and write
|
||
|
4FA177D000
|
stack
|
page read and write
|
||
|
228CAE29000
|
heap
|
page read and write
|
||
|
2A946F96000
|
heap
|
page read and write
|
||
|
2BB3EE56000
|
heap
|
page read and write
|
||
|
2A946F77000
|
heap
|
page read and write
|
||
|
B58A2FE000
|
stack
|
page read and write
|
||
|
1A69275A000
|
heap
|
page read and write
|
||
|
4FA14FC000
|
stack
|
page read and write
|
||
|
2A946F66000
|
heap
|
page read and write
|
||
|
1A692570000
|
heap
|
page read and write
|
||
|
27013C4E000
|
heap
|
page read and write
|
||
|
228CAE58000
|
heap
|
page read and write
|
||
|
B188CFD000
|
stack
|
page read and write
|
||
|
21F61FE000
|
stack
|
page read and write
|
||
|
228CAE53000
|
heap
|
page read and write
|
||
|
73D9AFB000
|
stack
|
page read and write
|
||
|
2BB3F0B0000
|
remote allocation
|
page read and write
|
||
|
1B8EEE00000
|
heap
|
page read and write
|
||
|
2A947402000
|
heap
|
page read and write
|
||
|
2584CF60000
|
heap
|
page read and write
|
||
|
1CDB4678000
|
heap
|
page read and write
|
||
|
27013C51000
|
heap
|
page read and write
|
||
|
3BACFF7000
|
stack
|
page read and write
|
||
|
1CDB5740000
|
trusted library section
|
page readonly
|
||
|
2A946FB5000
|
heap
|
page read and write
|
||
|
27013C6E000
|
heap
|
page read and write
|
||
|
2A946F81000
|
heap
|
page read and write
|
||
|
7FF7E2598000
|
unkown
|
page readonly
|
||
|
228CAE86000
|
heap
|
page read and write
|
||
|
200FBB64000
|
heap
|
page read and write
|
||
|
1CDB4726000
|
heap
|
page read and write
|
||
|
1CDB4658000
|
heap
|
page read and write
|
||
|
200FBB89000
|
heap
|
page read and write
|
||
|
27013C6A000
|
heap
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
7FF778548000
|
unkown
|
page readonly
|
||
|
1A69275F000
|
heap
|
page read and write
|
||
|
1B8EEF13000
|
heap
|
page read and write
|
||
|
2A946F7D000
|
heap
|
page read and write
|
||
|
2192568B000
|
heap
|
page read and write
|
||
|
2A946D40000
|
remote allocation
|
page read and write
|
||
|
C63797E000
|
unkown
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
2A9466C9000
|
heap
|
page read and write
|
||
|
45174FF000
|
stack
|
page read and write
|
||
|
1CDB9B00000
|
trusted library allocation
|
page read and write
|
||
|
3BAD9F9000
|
stack
|
page read and write
|
||
|
2A946C80000
|
trusted library allocation
|
page read and write
|
||
|
228CAE49000
|
heap
|
page read and write
|
||
|
200FBB7E000
|
heap
|
page read and write
|
||
|
27013C42000
|
heap
|
page read and write
|
||
|
3BAD47E000
|
stack
|
page read and write
|
||
|
1CDB9C50000
|
trusted library allocation
|
page read and write
|
||
|
B18867B000
|
stack
|
page read and write
|
||
|
27013C40000
|
heap
|
page read and write
|
||
|
2BB3EEA8000
|
heap
|
page read and write
|
||
|
1CDB9D30000
|
trusted library allocation
|
page read and write
|
||
|
3BAD6FC000
|
stack
|
page read and write
|
||
|
1CDB9C60000
|
trusted library allocation
|
page read and write
|
||
|
7FF7E23C1000
|
unkown
|
page execute read
|
||
|
1A69276D000
|
heap
|
page read and write
|
||
|
2A946FA4000
|
heap
|
page read and write
|
||
|
228CAE48000
|
heap
|
page read and write
|
||
|
1A69273B000
|
heap
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
1CDB469D000
|
heap
|
page read and write
|
||
|
1CDB4713000
|
heap
|
page read and write
|
||
|
1CDB4F02000
|
heap
|
page read and write
|
||
|
2A946FB7000
|
heap
|
page read and write
|
||
|
2A946F72000
|
heap
|
page read and write
|
||
|
219254B0000
|
heap
|
page read and write
|
||
|
9020A9A000
|
stack
|
page read and write
|
||
|
1CDB5720000
|
trusted library section
|
page readonly
|
||
|
2584D102000
|
heap
|
page read and write
|
||
|
2BB3EE53000
|
heap
|
page read and write
|
||
|
2BB3EE53000
|
heap
|
page read and write
|
||
|
C217DFF000
|
stack
|
page read and write
|
||
|
2A946FA1000
|
heap
|
page read and write
|
||
|
2BB3EFF0000
|
heap
|
page read and write
|
||
|
20A62E02000
|
heap
|
page read and write
|
||
|
970D90B000
|
stack
|
page read and write
|
||
|
2BB3EE00000
|
heap
|
page read and write
|
||
|
1A692725000
|
heap
|
page read and write
|
||
|
2A946F72000
|
heap
|
page read and write
|
||
|
2A946FC5000
|
heap
|
page read and write
|
||
|
2A946F96000
|
heap
|
page read and write
|
||
|
27013C65000
|
heap
|
page read and write
|
||
|
1CDB9D80000
|
remote allocation
|
page read and write
|
||
|
25F48670000
|
heap
|
page read and write
|
||
|
C217CFE000
|
stack
|
page read and write
|
||
|
228CAD40000
|
heap
|
page read and write
|
||
|
2A9466E5000
|
heap
|
page read and write
|
||
|
1F8D5490000
|
remote allocation
|
page read and write
|
||
|
2A9466B6000
|
heap
|
page read and write
|
||
|
1A692890000
|
heap
|
page read and write
|
||
|
228CAE52000
|
heap
|
page read and write
|
||
|
1A692725000
|
heap
|
page read and write
|
||
|
2584D08B000
|
heap
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
B188A7F000
|
stack
|
page read and write
|
||
|
21F60FF000
|
stack
|
page read and write
|
||
|
2A946FB5000
|
heap
|
page read and write
|
||
|
2A946FA4000
|
heap
|
page read and write
|
||
|
7FF7E2638000
|
unkown
|
page write copy
|
||
|
1B8EEF00000
|
heap
|
page read and write
|
||
|
2A946F72000
|
heap
|
page read and write
|
||
|
1CDB4F59000
|
heap
|
page read and write
|
||
|
2A946F16000
|
heap
|
page read and write
|
||
|
2A946655000
|
heap
|
page read and write
|
||
|
1CDB4D30000
|
trusted library section
|
page read and write
|
||
|
1A694385000
|
heap
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
C6377FF000
|
stack
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
2192563C000
|
heap
|
page read and write
|
||
|
C2176FE000
|
stack
|
page read and write
|
||
|
2A946F7D000
|
heap
|
page read and write
|
||
|
C637B7A000
|
stack
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
1CDB4F59000
|
heap
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
1CDB9E9F000
|
heap
|
page read and write
|
||
|
2BB3EEA7000
|
heap
|
page read and write
|
||
|
2BB3ED80000
|
heap
|
page read and write
|
||
|
1CDB9E5F000
|
heap
|
page read and write
|
||
|
2A946F96000
|
heap
|
page read and write
|
||
|
2A946F8A000
|
heap
|
page read and write
|
||
|
4FA15FD000
|
stack
|
page read and write
|
||
|
2A94665D000
|
heap
|
page read and write
|
||
|
1CDB56F0000
|
trusted library section
|
page readonly
|
||
|
9020E79000
|
stack
|
page read and write
|
||
|
C6374FE000
|
stack
|
page read and write
|
||
|
27013C64000
|
heap
|
page read and write
|
||
|
1CDB4F13000
|
heap
|
page read and write
|
||
|
3BAD1FD000
|
stack
|
page read and write
|
||
|
1CDB9C2E000
|
trusted library allocation
|
page read and write
|
||
|
2A946FA5000
|
heap
|
page read and write
|
||
|
27013C63000
|
heap
|
page read and write
|
||
|
200FBB7E000
|
heap
|
page read and write
|
||
|
25F48686000
|
heap
|
page read and write
|
||
|
21F5B3B000
|
stack
|
page read and write
|
||
|
3BAD8FE000
|
stack
|
page read and write
|
||
|
1CDB46AE000
|
heap
|
page read and write
|
||
|
21925E02000
|
trusted library allocation
|
page read and write
|
||
|
A3CE79C000
|
stack
|
page read and write
|
||
|
27013C68000
|
heap
|
page read and write
|
||
|
CE78FFC000
|
stack
|
page read and write
|
||
|
2BB3EE76000
|
heap
|
page read and write
|
||
|
1CDB9C28000
|
trusted library allocation
|
page read and write
|
||
|
20A626BC000
|
heap
|
page read and write
|
||
|
2A94664E000
|
heap
|
page read and write
|
||
|
73D9BF7000
|
stack
|
page read and write
|
||
|
228CAE55000
|
heap
|
page read and write
|
||
|
21925520000
|
heap
|
page read and write
|
||
|
228CAE3C000
|
heap
|
page read and write
|
||
|
228CAE8B000
|
heap
|
page read and write
|
||
|
1CDB9EF5000
|
heap
|
page read and write
|
||
|
1A692782000
|
heap
|
page read and write
|
||
|
45173FB000
|
stack
|
page read and write
|
||
|
1A692720000
|
heap
|
page read and write
|
||
|
1A692779000
|
heap
|
page read and write
|
||
|
4FA147F000
|
stack
|
page read and write
|
||
|
2A946F61000
|
heap
|
page read and write
|
||
|
2A946F63000
|
heap
|
page read and write
|
||
|
1CDB9E3A000
|
heap
|
page read and write
|
||
|
B1887FE000
|
stack
|
page read and write
|
||
|
2A947403000
|
heap
|
page read and write
|
||
|
1CDB9B10000
|
trusted library allocation
|
page read and write
|
||
|
1B8EED60000
|
heap
|
page read and write
|
||
|
1A692705000
|
heap
|
page read and write
|
||
|
2584CFF0000
|
trusted library allocation
|
page read and write
|
||
|
1A69274B000
|
heap
|
page read and write
|
||
|
B58ABFF000
|
stack
|
page read and write
|
||
|
A3CED7F000
|
stack
|
page read and write
|
||
|
228CAE00000
|
heap
|
page read and write
|
||
|
228CAE70000
|
heap
|
page read and write
|
||
|
1A692788000
|
heap
|
page read and write
|
||
|
1A692777000
|
heap
|
page read and write
|
||
|
2BB3EE35000
|
heap
|
page read and write
|
||
|
B188DFD000
|
stack
|
page read and write
|
||
|
200FBB86000
|
heap
|
page read and write
|
||
|
2A946F73000
|
heap
|
page read and write
|
||
|
C6376F7000
|
stack
|
page read and write
|
||
|
1A69272B000
|
heap
|
page read and write
|
||
|
1A692764000
|
heap
|
page read and write
|
||
|
1A692780000
|
heap
|
page read and write
|
||
|
27013C58000
|
heap
|
page read and write
|
||
|
2A946F96000
|
heap
|
page read and write
|
||
|
7FF778371000
|
unkown
|
page execute read
|
||
|
1A69270E000
|
heap
|
page read and write
|
||
|
C6375F8000
|
stack
|
page read and write
|
||
|
B188BFF000
|
stack
|
page read and write
|
||
|
2A946F7D000
|
heap
|
page read and write
|
||
|
1F8D4D00000
|
heap
|
page read and write
|
||
|
2A946FB5000
|
heap
|
page read and write
|
||
|
1B8EED50000
|
heap
|
page read and write
|
||
|
2A946F67000
|
heap
|
page read and write
|
||
|
CE7947D000
|
stack
|
page read and write
|
||
|
27013C46000
|
heap
|
page read and write
|
||
|
27013C5D000
|
heap
|
page read and write
|
||
|
1CDB4F18000
|
heap
|
page read and write
|
||
|
2584CF50000
|
heap
|
page read and write
|
||
|
4FA137F000
|
stack
|
page read and write
|
||
|
1CDB4673000
|
heap
|
page read and write
|
||
|
1A69271D000
|
heap
|
page read and write
|
||
|
1CDB5710000
|
trusted library section
|
page readonly
|
||
|
B58A8FF000
|
stack
|
page read and write
|
||
|
2A946600000
|
heap
|
page read and write
|
||
|
1A69270E000
|
heap
|
page read and write
|
||
|
228CAF02000
|
heap
|
page read and write
|
||
|
200FBB72000
|
heap
|
page read and write
|
||
|
2A947400000
|
heap
|
page read and write
|
||
|
2584D063000
|
heap
|
page read and write
|
||
|
1CDB9EF2000
|
heap
|
page read and write
|
||
|
73D99FB000
|
stack
|
page read and write
|
||
|
20A626C5000
|
heap
|
page read and write
|
||
|
21F69FF000
|
stack
|
page read and write
|
||
|
228CAE4D000
|
heap
|
page read and write
|
||
|
2A946FA4000
|
heap
|
page read and write
|
||
|
2A946F78000
|
heap
|
page read and write
|
||
|
2A946F72000
|
heap
|
page read and write
|
||
|
2192564E000
|
heap
|
page read and write
|
||
|
200FBB51000
|
heap
|
page read and write
|
||
|
21F67FB000
|
stack
|
page read and write
|
||
|
7FF7E2638000
|
unkown
|
page read and write
|
||
|
200FBB4D000
|
heap
|
page read and write
|
||
|
2A946F77000
|
heap
|
page read and write
|
||
|
1A692741000
|
heap
|
page read and write
|
||
|
1CDB9EE6000
|
heap
|
page read and write
|
||
|
B58A7FE000
|
stack
|
page read and write
|
||
|
228CAE4B000
|
heap
|
page read and write
|
||
|
1B8EEDF0000
|
trusted library allocation
|
page read and write
|
||
|
2A946F7E000
|
heap
|
page read and write
|
||
|
1B8EEE28000
|
heap
|
page read and write
|
||
|
1A692740000
|
heap
|
page read and write
|
||
|
2A946F75000
|
heap
|
page read and write
|
||
|
2A946F72000
|
heap
|
page read and write
|
||
|
C63747B000
|
stack
|
page read and write
|
||
|
1A692787000
|
heap
|
page read and write
|
||
|
B58A4FF000
|
stack
|
page read and write
|
||
|
25F48713000
|
heap
|
page read and write
|
||
|
3BAD77E000
|
stack
|
page read and write
|
||
|
2192564F000
|
heap
|
page read and write
|
||
|
27013C00000
|
heap
|
page read and write
|
||
|
25F48600000
|
heap
|
page read and write
|
||
|
4FA167B000
|
stack
|
page read and write
|
||
|
1A692786000
|
heap
|
page read and write
|
||
|
1CDB9D40000
|
trusted library allocation
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
3BACBAC000
|
stack
|
page read and write
|
||
|
27013C7F000
|
heap
|
page read and write
|
||
|
1A692748000
|
heap
|
page read and write
|
||
|
25F48613000
|
heap
|
page read and write
|
||
|
B1888FE000
|
stack
|
page read and write
|
||
|
21925600000
|
heap
|
page read and write
|
||
|
2192564C000
|
heap
|
page read and write
|
||
|
2A946D40000
|
remote allocation
|
page read and write
|
||
|
228CAE13000
|
heap
|
page read and write
|
||
|
CE792FE000
|
stack
|
page read and write
|
||
|
1CDB9E52000
|
heap
|
page read and write
|
||
|
2584D05C000
|
heap
|
page read and write
|
||
|
2A946F67000
|
heap
|
page read and write
|
||
|
C6378F7000
|
stack
|
page read and write
|
||
|
2A946F70000
|
heap
|
page read and write
|
||
|
1F8D4E36000
|
heap
|
page read and write
|
||
|
1CDB5610000
|
trusted library allocation
|
page read and write
|
||
|
9020B1E000
|
stack
|
page read and write
|
||
|
1CDB9F00000
|
heap
|
page read and write
|
||
|
1A692764000
|
heap
|
page read and write
|
||
|
2A946F6D000
|
heap
|
page read and write
|
||
|
20A62613000
|
heap
|
page read and write
|
||
|
2A946F62000
|
heap
|
page read and write
|
||
|
2BB3EE88000
|
heap
|
page read and write
|
||
|
B18897E000
|
stack
|
page read and write
|
||
|
20A62460000
|
heap
|
page read and write
|
||
|
1CDB9C41000
|
trusted library allocation
|
page read and write
|
||
|
1B8EEE66000
|
heap
|
page read and write
|
||
|
2A946708000
|
heap
|
page read and write
|
||
|
B589D6C000
|
stack
|
page read and write
|
||
|
2A946F7B000
|
heap
|
page read and write
|
||
|
228CAE66000
|
heap
|
page read and write
|
||
|
2A946F5F000
|
heap
|
page read and write
|
||
|
CE78EFE000
|
stack
|
page read and write
|
||
|
2584D05B000
|
heap
|
page read and write
|
||
|
1CDB9E00000
|
heap
|
page read and write
|
||
|
2584D03C000
|
heap
|
page read and write
|
||
|
2A946F5F000
|
heap
|
page read and write
|
||
|
2A946FA5000
|
heap
|
page read and write
|
||
|
4FA187E000
|
stack
|
page read and write
|
||
|
1A6926D0000
|
heap
|
page read and write
|
||
|
200FBB7E000
|
heap
|
page read and write
|
||
|
2A946F82000
|
heap
|
page read and write
|
||
|
2A947402000
|
heap
|
page read and write
|
||
|
1A69277C000
|
heap
|
page read and write
|
||
|
2A946F21000
|
heap
|
page read and write
|
||
|
2A946F82000
|
heap
|
page read and write
|
||
|
27013C85000
|
heap
|
page read and write
|
||
|
2A946702000
|
heap
|
page read and write
|
||
|
2A9466E9000
|
heap
|
page read and write
|
||
|
2A946650000
|
heap
|
page read and write
|
||
|
9020F7E000
|
stack
|
page read and write
|
||
|
2A946FA5000
|
heap
|
page read and write
|
||
|
2A94664C000
|
heap
|
page read and write
|
||
|
C2178FF000
|
stack
|
page read and write
|
||
|
2BB3EE45000
|
heap
|
page read and write
|
||
|
2A946F7B000
|
heap
|
page read and write
|
||
|
7FF778370000
|
unkown
|
page readonly
|
||
|
21925702000
|
heap
|
page read and write
|
||
|
200FBD10000
|
heap
|
page read and write
|
||
|
1A6927A5000
|
heap
|
page read and write
|
||
|
2BB3F0B0000
|
remote allocation
|
page read and write
|
||
|
7FF7785EF000
|
unkown
|
page read and write
|
||
|
21925708000
|
heap
|
page read and write
|
||
|
2584D059000
|
heap
|
page read and write
|
||
|
2A946FA4000
|
heap
|
page read and write
|
||
|
1A692704000
|
heap
|
page read and write
|
||
|
73D95FB000
|
stack
|
page read and write
|
||
|
1A692895000
|
heap
|
page read and write
|
||
|
1B8EF602000
|
trusted library allocation
|
page read and write
|
||
|
2A946FA5000
|
heap
|
page read and write
|
||
|
25F483E0000
|
heap
|
page read and write
|
||
|
2A946F96000
|
heap
|
page read and write
|
||
|
1CDB4613000
|
heap
|
page read and write
|
||
|
2584D057000
|
heap
|
page read and write
|
||
|
1A694550000
|
heap
|
page read and write
|
||
|
2A946FB5000
|
heap
|
page read and write
|
||
|
1A69274B000
|
heap
|
page read and write
|
||
|
2A946F96000
|
heap
|
page read and write
|
||
|
B58AAFF000
|
stack
|
page read and write
|
||
|
3BAD2FF000
|
stack
|
page read and write
|
||
|
228CAF08000
|
heap
|
page read and write
|
||
|
73D98FE000
|
stack
|
page read and write
|
||
|
1CDB4550000
|
heap
|
page read and write
|
||
|
1A692788000
|
heap
|
page read and write
|
||
|
2A946F77000
|
heap
|
page read and write
|
||
|
2A946F7C000
|
heap
|
page read and write
|
||
|
3BAD0FA000
|
stack
|
page read and write
|
||
|
2A946F7D000
|
heap
|
page read and write
|
||
|
1A692786000
|
heap
|
page read and write
|
||
|
1CDB9E47000
|
heap
|
page read and write
|
||
|
1CDB9C64000
|
trusted library allocation
|
page read and write
|
||
|
7FF778548000
|
unkown
|
page readonly
|
||
|
3BAD4FE000
|
stack
|
page read and write
|
||
|
1A692759000
|
heap
|
page read and write
|
||
|
27013C5A000
|
heap
|
page read and write
|
||
|
1F8D5460000
|
trusted library allocation
|
page read and write
|
||
|
1F8D4E00000
|
heap
|
page read and write
|
||
|
20A626CB000
|
heap
|
page read and write
|
||
|
1CDB9C20000
|
trusted library allocation
|
page read and write
|
||
|
1B8EEE53000
|
heap
|
page read and write
|
||
|
2BB3EE53000
|
heap
|
page read and write
|
||
|
1CDB5520000
|
trusted library allocation
|
page read and write
|
||
|
228CAE50000
|
heap
|
page read and write
|
||
|
2A946F7E000
|
heap
|
page read and write
|
||
|
1A694540000
|
heap
|
page read and write
|
||
|
25F48688000
|
heap
|
page read and write
|
||
|
200FBD15000
|
heap
|
page read and write
|
||
|
1CDB468B000
|
heap
|
page read and write
|
||
|
20A62702000
|
heap
|
page read and write
|
||
|
20A6262A000
|
heap
|
page read and write
|
||
|
27013A70000
|
heap
|
page read and write
|
||
|
2BB3EE76000
|
heap
|
page read and write
|
||
|
A3CEE77000
|
stack
|
page read and write
|
||
|
1F8D5602000
|
trusted library allocation
|
page read and write
|
||
|
2BB3F0B0000
|
remote allocation
|
page read and write
|
||
|
1CDB4560000
|
heap
|
page read and write
|
||
|
1A6926D8000
|
heap
|
page read and write
|
||
|
B58A3FC000
|
stack
|
page read and write
|
||
|
2A947402000
|
heap
|
page read and write
|
||
|
27013C56000
|
heap
|
page read and write
|
||
|
1F8D4E21000
|
heap
|
page read and write
|
||
|
200FBB20000
|
heap
|
page read and write
|
||
|
228CAE66000
|
heap
|
page read and write
|
||
|
2BB3EE08000
|
heap
|
page read and write
|
||
|
A3CF07D000
|
stack
|
page read and write
|
||
|
2A947402000
|
heap
|
page read and write
|
||
|
27013C29000
|
heap
|
page read and write
|
||
|
2A946F62000
|
heap
|
page read and write
|
||
|
219254C0000
|
heap
|
page read and write
|
||
|
1CDB4DF0000
|
trusted library allocation
|
page read and write
|
||
|
21F68FE000
|
stack
|
page read and write
|
||
|
B188B7D000
|
stack
|
page read and write
|
||
|
2A946627000
|
heap
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
C637A78000
|
stack
|
page read and write
|
||
|
1B8EEE64000
|
heap
|
page read and write
|
||
|
7FF778370000
|
unkown
|
page readonly
|
||
|
73D987E000
|
stack
|
page read and write
|
||
|
2A946E02000
|
heap
|
page read and write
|
||
|
2A94665C000
|
heap
|
page read and write
|
||
|
200FBB7E000
|
heap
|
page read and write
|
||
|
200FBB66000
|
heap
|
page read and write
|
||
|
2A946FB5000
|
heap
|
page read and write
|
||
|
7FF7785F1000
|
unkown
|
page readonly
|
||
|
2BB3EE27000
|
heap
|
page read and write
|
||
|
970DFFF000
|
stack
|
page read and write
|
||
|
1F8D5490000
|
remote allocation
|
page read and write
|
||
|
2192566F000
|
heap
|
page read and write
|
||
|
27013B70000
|
trusted library allocation
|
page read and write
|
||
|
C63727B000
|
stack
|
page read and write
|
||
|
27013C60000
|
heap
|
page read and write
|
||
|
2A946F62000
|
heap
|
page read and write
|
||
|
228CAE7C000
|
heap
|
page read and write
|
||
|
21F66FE000
|
stack
|
page read and write
|
||
|
1CDB9D80000
|
trusted library allocation
|
page read and write
|
||
|
1CDB9F02000
|
heap
|
page read and write
|
||
|
2A946F67000
|
heap
|
page read and write
|
||
|
2A946657000
|
heap
|
page read and write
|
||
|
1CDB469F000
|
heap
|
page read and write
|
||
|
CE78BBB000
|
stack
|
page read and write
|
||
|
1F8D4C90000
|
heap
|
page read and write
|
||
|
2A946629000
|
heap
|
page read and write
|
||
|
27013C13000
|
heap
|
page read and write
|
||
|
1F8D4E2A000
|
heap
|
page read and write
|
||
|
1A692764000
|
heap
|
page read and write
|
||
|
1CDB4E00000
|
heap
|
page read and write
|
||
|
A3CEA7E000
|
stack
|
page read and write
|
||
|
25F4863D000
|
heap
|
page read and write
|
||
|
1CDB9D70000
|
trusted library allocation
|
page read and write
|
||
|
45175FF000
|
stack
|
page read and write
|
||
|
27013C62000
|
heap
|
page read and write
|
||
|
C217FFD000
|
stack
|
page read and write
|
||
|
1CDB4F18000
|
heap
|
page read and write
|
||
|
1A6926B0000
|
heap
|
page read and write
|
||
|
2A946F67000
|
heap
|
page read and write
|
||
|
2584D000000
|
heap
|
page read and write
|
||
|
2A946F77000
|
heap
|
page read and write
|
||
|
1CDB9C20000
|
trusted library allocation
|
page read and write
|
||
|
1CDB9ED5000
|
heap
|
page read and write
|
||
|
2584D02C000
|
heap
|
page read and write
|
||
|
2A946FA1000
|
heap
|
page read and write
|
||
|
1CDB4F00000
|
heap
|
page read and write
|
||
|
21925690000
|
heap
|
page read and write
|
||
|
2A946F66000
|
heap
|
page read and write
|
||
|
2A947402000
|
heap
|
page read and write
|
||
|
73D9DFF000
|
stack
|
page read and write
|
||
|
1CDB4676000
|
heap
|
page read and write
|
||
|
2584D108000
|
heap
|
page read and write
|
||
|
1A692764000
|
heap
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
1CDB4DF3000
|
trusted library allocation
|
page read and write
|
||
|
2A946F96000
|
heap
|
page read and write
|
||
|
2584D061000
|
heap
|
page read and write
|
||
|
27013C48000
|
heap
|
page read and write
|
||
|
2584D013000
|
heap
|
page read and write
|
||
|
1A692720000
|
heap
|
page read and write
|
||
|
1CDB5A90000
|
trusted library allocation
|
page read and write
|
||
|
1B8EEE3C000
|
heap
|
page read and write
|
||
|
1A692748000
|
heap
|
page read and write
|
||
|
2192564A000
|
heap
|
page read and write
|
||
|
2A9466AB000
|
heap
|
page read and write
|
||
|
2A946F18000
|
heap
|
page read and write
|
||
|
1CDB45C0000
|
heap
|
page read and write
|
||
|
2A946FB5000
|
heap
|
page read and write
|
||
|
2584D05A000
|
heap
|
page read and write
|
||
|
2A946FA4000
|
heap
|
page read and write
|
||
|
27013C5C000
|
heap
|
page read and write
|
||
|
1B8EEF02000
|
heap
|
page read and write
|
||
|
3BAD5FF000
|
stack
|
page read and write
|
||
|
2A9466FA000
|
heap
|
page read and write
|
||
|
2A946F5E000
|
heap
|
page read and write
|
||
|
21925651000
|
heap
|
page read and write
|
||
|
1CDB4702000
|
heap
|
page read and write
|
||
|
200FBB8A000
|
heap
|
page read and write
|
||
|
2A946659000
|
heap
|
page read and write
|
||
|
2BB3EE3E000
|
heap
|
page read and write
|
||
|
2A946F5F000
|
heap
|
page read and write
|
||
|
1CDB9EF8000
|
heap
|
page read and write
|
||
|
1A69277F000
|
heap
|
page read and write
|
||
|
25F483F0000
|
heap
|
page read and write
|
||
|
1CDB9C50000
|
trusted library allocation
|
page read and write
|
||
|
2A94667F000
|
heap
|
page read and write
|
||
|
2A946F72000
|
heap
|
page read and write
|
||
|
2A946F85000
|
heap
|
page read and write
|
||
|
1CDB9EEC000
|
heap
|
page read and write
|
||
|
1F8D5490000
|
remote allocation
|
page read and write
|
||
|
1A692720000
|
heap
|
page read and write
|
||
|
228CB602000
|
trusted library allocation
|
page read and write
|
||
|
2A946F50000
|
heap
|
page read and write
|
||
|
2A946F93000
|
heap
|
page read and write
|
||
|
2584D020000
|
heap
|
page read and write
|
||
|
C6372FE000
|
stack
|
page read and write
|
||
|
2584D029000
|
heap
|
page read and write
|
||
|
27013C3C000
|
heap
|
page read and write
|
||
|
228CACE0000
|
heap
|
page read and write
|
||
|
970DC7E000
|
stack
|
page read and write
|
||
|
2BB3EE3E000
|
heap
|
page read and write
|
||
|
25F48450000
|
heap
|
page read and write
|
||
|
1CDB9D50000
|
trusted library allocation
|
page read and write
|
||
|
CE78E7E000
|
stack
|
page read and write
|
||
|
2A946716000
|
heap
|
page read and write
|
||
|
200FBB56000
|
heap
|
page read and write
|
||
|
20A623F0000
|
heap
|
page read and write
|
||
|
25F48629000
|
heap
|
page read and write
|
||
|
7FF7785F1000
|
unkown
|
page readonly
|
||
|
228CAE4C000
|
heap
|
page read and write
|
||
|
200FBB00000
|
heap
|
page read and write
|
||
|
4FA1A7F000
|
stack
|
page read and write
|
||
|
2A94664D000
|
heap
|
page read and write
|
||
|
B58A17A000
|
stack
|
page read and write
|
||
|
1CDB9A90000
|
trusted library allocation
|
page read and write
|
||
|
27013C5E000
|
heap
|
page read and write
|
||
|
2584CFC0000
|
heap
|
page read and write
|
||
|
27013A10000
|
heap
|
page read and write
|
||
|
2A946FBA000
|
heap
|
page read and write
|
||
|
2192562C000
|
heap
|
page read and write
|
||
|
1F8D4E02000
|
heap
|
page read and write
|
||
|
1CDB4629000
|
heap
|
page read and write
|
||
|
27013D02000
|
heap
|
page read and write
|
||
|
1CDB9EFB000
|
heap
|
page read and write
|
||
|
B58A5FD000
|
stack
|
page read and write
|
||
|
21F63FE000
|
stack
|
page read and write
|
||
|
7FF7E23C0000
|
unkown
|
page readonly
|
||
|
1A692789000
|
heap
|
page read and write
|
||
|
25F48550000
|
trusted library allocation
|
page read and write
|
||
|
2A946F67000
|
heap
|
page read and write
|
||
|
2A946F72000
|
heap
|
page read and write
|
||
|
27013C57000
|
heap
|
page read and write
|
||
|
2BB3F105000
|
heap
|
page read and write
|
||
|
970DEFE000
|
stack
|
page read and write
|
||
|
1CDB9D60000
|
trusted library allocation
|
page read and write
|
||
|
2A947403000
|
heap
|
page read and write
|
||
|
20A62600000
|
heap
|
page read and write
|
||
|
1CDB9E1B000
|
heap
|
page read and write
|
||
|
1CDB466E000
|
heap
|
page read and write
|
||
|
21925613000
|
heap
|
page read and write
|
||
|
200FBB7E000
|
heap
|
page read and write
|
||
|
1CDB4E15000
|
heap
|
page read and write
|
||
|
20A62645000
|
heap
|
page read and write
|
||
|
2A946FB4000
|
heap
|
page read and write
|
||
|
2A946F77000
|
heap
|
page read and write
|
||
|
1CDB9D80000
|
remote allocation
|
page read and write
|
||
|
2A946613000
|
heap
|
page read and write
|
||
|
200FBB4B000
|
heap
|
page read and write
|
||
|
20A6266D000
|
heap
|
page read and write
|
||
|
1A692774000
|
heap
|
page read and write
|
||
|
2A946F5F000
|
heap
|
page read and write
|
||
|
1A692716000
|
heap
|
page read and write
|
||
|
4FA0DBB000
|
stack
|
page read and write
|
||
|
2584D802000
|
trusted library allocation
|
page read and write
|
||
|
25F48667000
|
heap
|
page read and write
|
||
|
2A947402000
|
heap
|
page read and write
|
||
|
1CDB9E29000
|
heap
|
page read and write
|
||
|
2BB3EE45000
|
heap
|
page read and write
|
||
|
2A946520000
|
heap
|
page read and write
|
||
|
1CDB5700000
|
trusted library section
|
page readonly
|
||
|
200FBB56000
|
heap
|
page read and write
|
||
|
1B8EEE7B000
|
heap
|
page read and write
|
||
|
21925629000
|
heap
|
page read and write
|
||
|
2A947402000
|
heap
|
page read and write
|
||
|
4FA11FB000
|
stack
|
page read and write
|
||
|
2584D038000
|
heap
|
page read and write
|
||
|
C217EFD000
|
stack
|
page read and write
|
||
|
2A946FB4000
|
heap
|
page read and write
|
||
|
2584D05D000
|
heap
|
page read and write
|
||
|
2BB3EE53000
|
heap
|
page read and write
|
||
|
228CAE59000
|
heap
|
page read and write
|
||
|
27013C61000
|
heap
|
page read and write
|
||
|
228CAF13000
|
heap
|
page read and write
|
||
|
2A9466D5000
|
heap
|
page read and write
|
||
|
2A9464B0000
|
heap
|
page read and write
|
||
|
A3CF17F000
|
stack
|
page read and write
|
||
|
2A946D40000
|
remote allocation
|
page read and write
|
||
|
1CDB9D80000
|
remote allocation
|
page read and write
|
||
|
2A946FA4000
|
heap
|
page read and write
|
||
|
2A946FBA000
|
heap
|
page read and write
|
||
|
2A946FC4000
|
heap
|
page read and write
|
||
|
1A692770000
|
heap
|
page read and write
|
||
|
20A62F00000
|
heap
|
page read and write
|
||
|
1CDB4692000
|
heap
|
page read and write
|
||
|
1CDB9E12000
|
heap
|
page read and write
|
||
|
1CDB45F0000
|
trusted library allocation
|
page read and write
|
||
|
1A69275A000
|
heap
|
page read and write
|
||
|
21F5FFE000
|
stack
|
page read and write
|
||
|
C2173AB000
|
stack
|
page read and write
|
||
|
2BB3EEA7000
|
heap
|
page read and write
|
||
|
9020FFC000
|
stack
|
page read and write
|
||
|
27013C31000
|
heap
|
page read and write
|
||
|
27013C76000
|
heap
|
page read and write
|
||
|
20A626CD000
|
heap
|
page read and write
|
||
|
2A946F7D000
|
heap
|
page read and write
|
||
|
2A946FB4000
|
heap
|
page read and write
|
||
|
1A6927A6000
|
heap
|
page read and write
|
||
|
1CDB46FC000
|
heap
|
page read and write
|
||
|
2A946F69000
|
heap
|
page read and write
|
||
|
2584D07F000
|
heap
|
page read and write
|
||
|
1A692703000
|
heap
|
page read and write
|
||
|
20A62400000
|
heap
|
page read and write
|
||
|
200FBB62000
|
heap
|
page read and write
|
||
|
45172FF000
|
stack
|
page read and write
|
||
|
3BAD57E000
|
stack
|
page read and write
|
||
|
1A69271D000
|
heap
|
page read and write
|
||
|
25F48626000
|
heap
|
page read and write
|
||
|
7FF7E263F000
|
unkown
|
page read and write
|
||
|
1CDB9E86000
|
heap
|
page read and write
|
||
|
1B8EEE02000
|
heap
|
page read and write
|
||
|
1A69278A000
|
heap
|
page read and write
|
||
|
25F48602000
|
heap
|
page read and write
|
||
|
2A947419000
|
heap
|
page read and write
|
||
|
2BB3F100000
|
heap
|
page read and write
|
||
|
2A946F6C000
|
heap
|
page read and write
|
||
|
27013A00000
|
heap
|
page read and write
|
||
|
C217BF9000
|
stack
|
page read and write
|
||
|
21925649000
|
heap
|
page read and write
|
||
|
2A946F7A000
|
heap
|
page read and write
|
||
|
2A946F67000
|
heap
|
page read and write
|
||
|
27013C55000
|
heap
|
page read and write
|
||
|
B58A9FF000
|
stack
|
page read and write
|
||
|
2A9466D8000
|
heap
|
page read and write
|
||
|
1A69276F000
|
heap
|
page read and write
|
||
|
2A946FB6000
|
heap
|
page read and write
|
||
|
2A94665B000
|
heap
|
page read and write
|
||
|
2A9466A4000
|
heap
|
page read and write
|
||
|
1A69273C000
|
heap
|
page read and write
|
||
|
1CDB9CF0000
|
trusted library allocation
|
page read and write
|
||
|
2BB3EE88000
|
heap
|
page read and write
|
||
|
1CDB9C44000
|
trusted library allocation
|
page read and write
|
||
|
25F48702000
|
heap
|
page read and write
|
||
|
2584D113000
|
heap
|
page read and write
|
||
|
2A946688000
|
heap
|
page read and write
|
||
|
C217AFE000
|
stack
|
page read and write
|
||
|
27013C6B000
|
heap
|
page read and write
|
||
|
1CDB5730000
|
trusted library section
|
page readonly
|
||
|
970E0FF000
|
stack
|
page read and write
|
There are 740 hidden memdumps, click here to show them.