Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
zJ2b57acTF.xlsx
|
Microsoft OOXML
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\~$zJ2b57acTF.xlsx
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\804B232B-F5B7-40B7-9B79-A747BDD996CB
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
|
||
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.diagnosticssdf.office.com
|
unknown
|
||
|
https://login.microsoftonline.com/
|
unknown
|
||
|
https://shell.suite.office.com:1443
|
unknown
|
||
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
||
|
https://autodiscover-s.outlook.com/
|
unknown
|
||
|
https://roaming.edog.
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
|
https://cdn.entity.
|
unknown
|
||
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
||
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
|
https://powerlift.acompli.net
|
unknown
|
||
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
|
https://cortana.ai
|
unknown
|
||
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
||
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
||
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
||
|
https://api.aadrm.com/
|
unknown
|
||
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
||
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
|
https://api.microsoftstream.com/api/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
||
|
https://cr.office.com
|
unknown
|
||
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
||
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
||
|
https://graph.ppe.windows.net
|
unknown
|
||
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
||
|
https://tasks.office.com
|
unknown
|
||
|
https://officeci.azurewebsites.net/api/
|
unknown
|
||
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
||
|
https://store.office.cn/addinstemplate
|
unknown
|
||
|
https://api.aadrm.com
|
unknown
|
||
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
||
|
https://globaldisco.crm.dynamics.com
|
unknown
|
||
|
https://messaging.engagement.office.com/
|
unknown
|
||
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
||
|
https://www.odwebp.svc.ms
|
unknown
|
||
|
https://api.diagnosticssdf.office.com/v2/feedback
|
unknown
|
||
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
||
|
https://web.microsoftstream.com/video/
|
unknown
|
||
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
|
https://graph.windows.net
|
unknown
|
||
|
https://dataservice.o365filtering.com/
|
unknown
|
||
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
||
|
https://analysis.windows.net/powerbi/api
|
unknown
|
||
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
||
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
||
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
||
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
|
https://ncus.contentsync.
|
unknown
|
||
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
||
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
|
http://weather.service.msn.com/data.aspx
|
unknown
|
||
|
https://apis.live.net/v5.0/
|
unknown
|
||
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
||
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
|
https://messaging.lifecycle.office.com/
|
unknown
|
||
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
|
https://management.azure.com
|
unknown
|
||
|
https://outlook.office365.com
|
unknown
|
||
|
https://wus2.contentsync.
|
unknown
|
||
|
https://incidents.diagnostics.office.com
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
||
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
||
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
|
https://api.office.net
|
unknown
|
||
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
||
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
|
https://entitlement.diagnostics.office.com
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
||
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
||
|
https://outlook.office.com/
|
unknown
|
||
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
||
|
https://outlook.office365.com/
|
unknown
|
||
|
https://webshell.suite.office.com
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
||
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
||
|
https://management.azure.com/
|
unknown
|
||
|
https://messaging.lifecycle.office.com/getcustommessage16
|
unknown
|
||
|
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize
|
unknown
|
||
|
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://graph.windows.net/
|
unknown
|
||
|
https://api.powerbi.com/beta/myorg/imports
|
unknown
|
||
|
https://devnull.onenote.com
|
unknown
|
||
|
https://messaging.action.office.com/
|
unknown
|
||
|
https://ncus.pagecontentsync.
|
unknown
|
||
|
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
|
unknown
|
||
|
https://messaging.office.com/
|
unknown
|
||
|
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://augloop.office.com/v2
|
unknown
|
There are 90 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
y5-
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
z5-
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
nd-
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\1DCCF
|
1DCCF
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
;z,
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\667E7
|
667E7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
There are 25 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
E591A7B000
|
stack
|
page read and write
|
||
|
235DE59B000
|
heap
|
page read and write
|
||
|
1963EA55000
|
heap
|
page read and write
|
||
|
23B5E6C0000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
6FEF6FE000
|
stack
|
page read and write
|
||
|
1963EA53000
|
heap
|
page read and write
|
||
|
6FEF77E000
|
stack
|
page read and write
|
||
|
9921477000
|
stack
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
7E3F5FF000
|
stack
|
page read and write
|
||
|
25E71429000
|
heap
|
page read and write
|
||
|
235DE59F000
|
heap
|
page read and write
|
||
|
1D44E5E0000
|
trusted library allocation
|
page read and write
|
||
|
211B39C0000
|
heap
|
page read and write
|
||
|
235DE58A000
|
heap
|
page read and write
|
||
|
22FF20F0000
|
heap
|
page read and write
|
||
|
41438FD000
|
stack
|
page read and write
|
||
|
25E71380000
|
heap
|
page read and write
|
||
|
414397B000
|
stack
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
1D452E88000
|
heap
|
page read and write
|
||
|
235DE586000
|
heap
|
page read and write
|
||
|
1619B7F000
|
stack
|
page read and write
|
||
|
17016E20000
|
heap
|
page read and write
|
||
|
4D5DE7C000
|
stack
|
page read and write
|
||
|
235DE56D000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
18721C66000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
235DE555000
|
heap
|
page read and write
|
||
|
1D452D40000
|
trusted library allocation
|
page read and write
|
||
|
1D452EE6000
|
heap
|
page read and write
|
||
|
25E713B0000
|
trusted library allocation
|
page read and write
|
||
|
1963EA3E000
|
heap
|
page read and write
|
||
|
56B86FE000
|
stack
|
page read and write
|
||
|
211B3A41000
|
heap
|
page read and write
|
||
|
1D44D6FC000
|
heap
|
page read and write
|
||
|
235DEA00000
|
heap
|
page read and write
|
||
|
1D44D510000
|
heap
|
page read and write
|
||
|
1D44D613000
|
heap
|
page read and write
|
||
|
1D452E11000
|
heap
|
page read and write
|
||
|
17017088000
|
heap
|
page read and write
|
||
|
23B5E510000
|
heap
|
page read and write
|
||
|
235DDC3C000
|
heap
|
page read and write
|
||
|
26659B70000
|
remote allocation
|
page read and write
|
||
|
2614225E000
|
heap
|
page read and write
|
||
|
26659B70000
|
remote allocation
|
page read and write
|
||
|
1963EA48000
|
heap
|
page read and write
|
||
|
23B5F602000
|
heap
|
page read and write
|
||
|
4A50E7E000
|
stack
|
page read and write
|
||
|
235DDC88000
|
heap
|
page read and write
|
||
|
1D452EA9000
|
heap
|
page read and write
|
||
|
1D452D30000
|
trusted library allocation
|
page read and write
|
||
|
235DE598000
|
heap
|
page read and write
|
||
|
1F6DDAA5000
|
heap
|
page read and write
|
||
|
23B5F71B000
|
heap
|
page read and write
|
||
|
211B4401000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
E591B7E000
|
stack
|
page read and write
|
||
|
1D452E64000
|
heap
|
page read and write
|
||
|
41147FE000
|
stack
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
211B3A68000
|
heap
|
page read and write
|
||
|
235DEA02000
|
heap
|
page read and write
|
||
|
22FF224C000
|
heap
|
page read and write
|
||
|
23B5E681000
|
heap
|
page read and write
|
||
|
23B5EF36000
|
heap
|
page read and write
|
||
|
22FF2229000
|
heap
|
page read and write
|
||
|
41143DE000
|
stack
|
page read and write
|
||
|
1D44D68E000
|
heap
|
page read and write
|
||
|
235DE54D000
|
heap
|
page read and write
|
||
|
1619F7F000
|
stack
|
page read and write
|
||
|
1F6DDA60000
|
heap
|
page read and write
|
||
|
235DEA03000
|
heap
|
page read and write
|
||
|
25E7147A000
|
heap
|
page read and write
|
||
|
235DDCC8000
|
heap
|
page read and write
|
||
|
1D452E00000
|
heap
|
page read and write
|
||
|
23B5E629000
|
heap
|
page read and write
|
||
|
211B3A2D000
|
heap
|
page read and write
|
||
|
23B5F700000
|
heap
|
page read and write
|
||
|
235DE586000
|
heap
|
page read and write
|
||
|
19941C13000
|
heap
|
page read and write
|
||
|
41148F7000
|
stack
|
page read and write
|
||
|
23B5E65F000
|
heap
|
page read and write
|
||
|
4114C7F000
|
unkown
|
page read and write
|
||
|
211B3AE6000
|
heap
|
page read and write
|
||
|
22FF2A02000
|
trusted library allocation
|
page read and write
|
||
|
170170E9000
|
heap
|
page read and write
|
||
|
6FEF87E000
|
stack
|
page read and write
|
||
|
25E7147C000
|
heap
|
page read and write
|
||
|
4A507CE000
|
stack
|
page read and write
|
||
|
1F6DDA50000
|
heap
|
page read and write
|
||
|
936FAFE000
|
stack
|
page read and write
|
||
|
235DE571000
|
heap
|
page read and write
|
||
|
1963EA50000
|
heap
|
page read and write
|
||
|
17017000000
|
heap
|
page read and write
|
||
|
26142264000
|
heap
|
page read and write
|
||
|
25E71C02000
|
trusted library allocation
|
page read and write
|
||
|
17017102000
|
heap
|
page read and write
|
||
|
1D452D40000
|
remote allocation
|
page read and write
|
||
|
2614227C000
|
heap
|
page read and write
|
||
|
41149F7000
|
stack
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
23B5E6D7000
|
heap
|
page read and write
|
||
|
19941C6C000
|
heap
|
page read and write
|
||
|
211B3A31000
|
heap
|
page read and write
|
||
|
7E3F7FE000
|
stack
|
page read and write
|
||
|
18721C7B000
|
heap
|
page read and write
|
||
|
235DDCAC000
|
heap
|
page read and write
|
||
|
26142288000
|
heap
|
page read and write
|
||
|
211B3A08000
|
heap
|
page read and write
|
||
|
4D5E17B000
|
stack
|
page read and write
|
||
|
235DE51E000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
211B3A98000
|
heap
|
page read and write
|
||
|
1D44D600000
|
heap
|
page read and write
|
||
|
22FF2308000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
211B3A51000
|
heap
|
page read and write
|
||
|
23B5E654000
|
heap
|
page read and write
|
||
|
235DE589000
|
heap
|
page read and write
|
||
|
22FF2258000
|
heap
|
page read and write
|
||
|
235DDCF4000
|
heap
|
page read and write
|
||
|
4143B7E000
|
stack
|
page read and write
|
||
|
1D44D663000
|
heap
|
page read and write
|
||
|
1D44DDE0000
|
trusted library allocation
|
page read and write
|
||
|
211B3AE6000
|
heap
|
page read and write
|
||
|
1D452C24000
|
trusted library allocation
|
page read and write
|
||
|
9B18CFF000
|
stack
|
page read and write
|
||
|
19941D13000
|
heap
|
page read and write
|
||
|
7F0B07E000
|
stack
|
page read and write
|
||
|
235DDCB1000
|
heap
|
page read and write
|
||
|
D21E079000
|
stack
|
page read and write
|
||
|
25E71413000
|
heap
|
page read and write
|
||
|
22FF2313000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
22FF224F000
|
heap
|
page read and write
|
||
|
1F6DD9A0000
|
heap
|
page read and write
|
||
|
992167D000
|
stack
|
page read and write
|
||
|
19941C00000
|
heap
|
page read and write
|
||
|
1D44D5B0000
|
trusted library allocation
|
page read and write
|
||
|
18721D00000
|
heap
|
page read and write
|
||
|
26659370000
|
heap
|
page read and write
|
||
|
1D452D20000
|
trusted library allocation
|
page read and write
|
||
|
41437FC000
|
stack
|
page read and write
|
||
|
4A50F7F000
|
stack
|
page read and write
|
||
|
1963E980000
|
trusted library allocation
|
page read and write
|
||
|
2FB807E000
|
stack
|
page read and write
|
||
|
211B3A45000
|
heap
|
page read and write
|
||
|
1963EA51000
|
heap
|
page read and write
|
||
|
211B3AEA000
|
heap
|
page read and write
|
||
|
23B5F702000
|
heap
|
page read and write
|
||
|
1963EA4C000
|
heap
|
page read and write
|
||
|
235DE5B1000
|
heap
|
page read and write
|
||
|
235DDCC2000
|
heap
|
page read and write
|
||
|
23B5E6D1000
|
heap
|
page read and write
|
||
|
19941BA0000
|
heap
|
page read and write
|
||
|
41430AB000
|
stack
|
page read and write
|
||
|
235DE320000
|
remote allocation
|
page read and write
|
||
|
235DDC00000
|
heap
|
page read and write
|
||
|
23B5E6BC000
|
heap
|
page read and write
|
||
|
235DE58C000
|
heap
|
page read and write
|
||
|
26659402000
|
heap
|
page read and write
|
||
|
1D44D65D000
|
heap
|
page read and write
|
||
|
211B4400000
|
heap
|
page read and write
|
||
|
211B3A51000
|
heap
|
page read and write
|
||
|
235DDC50000
|
heap
|
page read and write
|
||
|
18721A00000
|
heap
|
page read and write
|
||
|
1D452C01000
|
trusted library allocation
|
page read and write
|
||
|
235DDC13000
|
heap
|
page read and write
|
||
|
1D452EA4000
|
heap
|
page read and write
|
||
|
936FB7E000
|
stack
|
page read and write
|
||
|
235DDCB6000
|
heap
|
page read and write
|
||
|
1963EA4D000
|
heap
|
page read and write
|
||
|
9B18A7E000
|
stack
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
22FF2302000
|
heap
|
page read and write
|
||
|
17017732000
|
heap
|
page read and write
|
||
|
235DDC29000
|
heap
|
page read and write
|
||
|
1701703D000
|
heap
|
page read and write
|
||
|
261421D0000
|
trusted library allocation
|
page read and write
|
||
|
6FEF3FA000
|
stack
|
page read and write
|
||
|
211B4403000
|
heap
|
page read and write
|
||
|
1F6DDA8E000
|
heap
|
page read and write
|
||
|
1963EA6E000
|
heap
|
page read and write
|
||
|
1F6DDA8E000
|
heap
|
page read and write
|
||
|
235DE58C000
|
heap
|
page read and write
|
||
|
1D452E2B000
|
heap
|
page read and write
|
||
|
235DEA20000
|
heap
|
page read and write
|
||
|
211B4090000
|
remote allocation
|
page read and write
|
||
|
25E71502000
|
heap
|
page read and write
|
||
|
1D452AD0000
|
trusted library allocation
|
page read and write
|
||
|
211B4090000
|
remote allocation
|
page read and write
|
||
|
235DE588000
|
heap
|
page read and write
|
||
|
1D452D10000
|
trusted library allocation
|
page read and write
|
||
|
1DA42CB8000
|
heap
|
page read and write
|
||
|
1DA42B00000
|
heap
|
page read and write
|
||
|
4114D7A000
|
stack
|
page read and write
|
||
|
26142A02000
|
trusted library allocation
|
page read and write
|
||
|
1D452C10000
|
trusted library allocation
|
page read and write
|
||
|
23B5EFF2000
|
heap
|
page read and write
|
||
|
1D44DF02000
|
heap
|
page read and write
|
||
|
1D44E101000
|
trusted library allocation
|
page read and write
|
||
|
235DDCD4000
|
heap
|
page read and write
|
||
|
1963EA4E000
|
heap
|
page read and write
|
||
|
1963EA13000
|
heap
|
page read and write
|
||
|
235DDD02000
|
heap
|
page read and write
|
||
|
235DDC49000
|
heap
|
page read and write
|
||
|
26142229000
|
heap
|
page read and write
|
||
|
9B1937E000
|
stack
|
page read and write
|
||
|
25E71513000
|
heap
|
page read and write
|
||
|
235DDC4D000
|
heap
|
page read and write
|
||
|
1963EA30000
|
heap
|
page read and write
|
||
|
17017013000
|
heap
|
page read and write
|
||
|
235DDA90000
|
heap
|
page read and write
|
||
|
26142140000
|
heap
|
page read and write
|
||
|
22FF2190000
|
trusted library allocation
|
page read and write
|
||
|
1B76A520000
|
heap
|
page read and write
|
||
|
7E3F8FB000
|
stack
|
page read and write
|
||
|
1D452EFD000
|
heap
|
page read and write
|
||
|
235DE574000
|
heap
|
page read and write
|
||
|
26659429000
|
heap
|
page read and write
|
||
|
D21DEFE000
|
stack
|
page read and write
|
||
|
161997D000
|
stack
|
page read and write
|
||
|
17016FF0000
|
trusted library allocation
|
page read and write
|
||
|
235DE573000
|
heap
|
page read and write
|
||
|
9B18B7B000
|
stack
|
page read and write
|
||
|
1701706D000
|
heap
|
page read and write
|
||
|
1D44D6AE000
|
heap
|
page read and write
|
||
|
25E71310000
|
heap
|
page read and write
|
||
|
1963EA76000
|
heap
|
page read and write
|
||
|
6FEF67F000
|
stack
|
page read and write
|
||
|
23B5E6A9000
|
heap
|
page read and write
|
||
|
2665943E000
|
heap
|
page read and write
|
||
|
23B5E646000
|
heap
|
page read and write
|
||
|
23B5E520000
|
heap
|
page read and write
|
||
|
25E71500000
|
heap
|
page read and write
|
||
|
211B3AE6000
|
heap
|
page read and write
|
||
|
23B5E637000
|
heap
|
page read and write
|
||
|
161A17E000
|
stack
|
page read and write
|
||
|
18722402000
|
trusted library allocation
|
page read and write
|
||
|
1D44D69E000
|
heap
|
page read and write
|
||
|
1B76A9C0000
|
heap
|
page read and write
|
||
|
1DA42CB0000
|
heap
|
page read and write
|
||
|
1963EA46000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
22FF2257000
|
heap
|
page read and write
|
||
|
2FB7B2C000
|
stack
|
page read and write
|
||
|
235DE577000
|
heap
|
page read and write
|
||
|
23B5E65C000
|
heap
|
page read and write
|
||
|
266593E0000
|
heap
|
page read and write
|
||
|
1D452E1E000
|
heap
|
page read and write
|
||
|
23B5E66B000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
1963EA75000
|
heap
|
page read and write
|
||
|
235DE571000
|
heap
|
page read and write
|
||
|
187219F0000
|
heap
|
page read and write
|
||
|
1B76A760000
|
heap
|
page read and write
|
||
|
1963EA42000
|
heap
|
page read and write
|
||
|
211B3AF0000
|
heap
|
page read and write
|
||
|
1B76A787000
|
heap
|
page read and write
|
||
|
E59207E000
|
stack
|
page read and write
|
||
|
9B186F7000
|
stack
|
page read and write
|
||
|
1D44EA60000
|
trusted library allocation
|
page read and write
|
||
|
18721C00000
|
heap
|
page read and write
|
||
|
211B3A8A000
|
heap
|
page read and write
|
||
|
56B897F000
|
stack
|
page read and write
|
||
|
25E71400000
|
heap
|
page read and write
|
||
|
235DE58C000
|
heap
|
page read and write
|
||
|
23B5E6FB000
|
heap
|
page read and write
|
||
|
22FF2251000
|
heap
|
page read and write
|
||
|
1D44E710000
|
trusted library section
|
page readonly
|
||
|
1D452D00000
|
trusted library allocation
|
page read and write
|
||
|
18721C28000
|
heap
|
page read and write
|
||
|
211B4090000
|
remote allocation
|
page read and write
|
||
|
1D44E6C0000
|
trusted library section
|
page readonly
|
||
|
235DE5DC000
|
heap
|
page read and write
|
||
|
1963EA7E000
|
heap
|
page read and write
|
||
|
1963EA7B000
|
heap
|
page read and write
|
||
|
41434FC000
|
stack
|
page read and write
|
||
|
D21E0FE000
|
stack
|
page read and write
|
||
|
1963EA00000
|
heap
|
page read and write
|
||
|
23B5E6B8000
|
heap
|
page read and write
|
||
|
25E7147A000
|
heap
|
page read and write
|
||
|
1963EA4A000
|
heap
|
page read and write
|
||
|
1963EA78000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
992157E000
|
stack
|
page read and write
|
||
|
1D44DE15000
|
heap
|
page read and write
|
||
|
56B834E000
|
stack
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
235DDC55000
|
heap
|
page read and write
|
||
|
936FBFB000
|
stack
|
page read and write
|
||
|
23B5E6FE000
|
heap
|
page read and write
|
||
|
235DE5C0000
|
heap
|
page read and write
|
||
|
6FEF7FF000
|
stack
|
page read and write
|
||
|
1D44D667000
|
heap
|
page read and write
|
||
|
992107B000
|
stack
|
page read and write
|
||
|
1963EA85000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
1D452D40000
|
remote allocation
|
page read and write
|
||
|
23B5F602000
|
heap
|
page read and write
|
||
|
1D44D6A0000
|
heap
|
page read and write
|
||
|
23B5E570000
|
heap
|
page read and write
|
||
|
1F6DDA84000
|
heap
|
page read and write
|
||
|
211B3950000
|
heap
|
page read and write
|
||
|
23B5E600000
|
heap
|
page read and write
|
||
|
1D44D5C0000
|
trusted library section
|
page read and write
|
||
|
170170CB000
|
heap
|
page read and write
|
||
|
235DE580000
|
heap
|
page read and write
|
||
|
1963EA68000
|
heap
|
page read and write
|
||
|
22FF2252000
|
heap
|
page read and write
|
||
|
22FF223C000
|
heap
|
page read and write
|
||
|
1D452C10000
|
trusted library allocation
|
page read and write
|
||
|
E591AFD000
|
stack
|
page read and write
|
||
|
17017024000
|
heap
|
page read and write
|
||
|
211B3ACA000
|
heap
|
page read and write
|
||
|
22FF2213000
|
heap
|
page read and write
|
||
|
1D44E6D0000
|
trusted library section
|
page readonly
|
||
|
18721B60000
|
trusted library allocation
|
page read and write
|
||
|
235DDC52000
|
heap
|
page read and write
|
||
|
235DDC58000
|
heap
|
page read and write
|
||
|
936FDFF000
|
stack
|
page read and write
|
||
|
23B5E687000
|
heap
|
page read and write
|
||
|
9B18C7E000
|
stack
|
page read and write
|
||
|
1D44D68C000
|
heap
|
page read and write
|
||
|
17017700000
|
heap
|
page read and write
|
||
|
1F6DDAA6000
|
heap
|
page read and write
|
||
|
936F7CA000
|
stack
|
page read and write
|
||
|
235DE320000
|
remote allocation
|
page read and write
|
||
|
23B5E795000
|
heap
|
page read and write
|
||
|
23B5E68D000
|
heap
|
page read and write
|
||
|
235DE576000
|
heap
|
page read and write
|
||
|
1F6DDA76000
|
heap
|
page read and write
|
||
|
23B5E669000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
19941C29000
|
heap
|
page read and write
|
||
|
7F0AF7E000
|
stack
|
page read and write
|
||
|
1D44DF18000
|
heap
|
page read and write
|
||
|
19941B40000
|
heap
|
page read and write
|
||
|
235DE586000
|
heap
|
page read and write
|
||
|
1F6DDA76000
|
heap
|
page read and write
|
||
|
23B5E63B000
|
heap
|
page read and write
|
||
|
23B5E713000
|
heap
|
page read and write
|
||
|
1963EA6B000
|
heap
|
page read and write
|
||
|
414367E000
|
stack
|
page read and write
|
||
|
1D452E57000
|
heap
|
page read and write
|
||
|
1D452AC0000
|
trusted library allocation
|
page read and write
|
||
|
22FF2200000
|
heap
|
page read and write
|
||
|
1963EA49000
|
heap
|
page read and write
|
||
|
23B5E62F000
|
heap
|
page read and write
|
||
|
235DE584000
|
heap
|
page read and write
|
||
|
22FF224A000
|
heap
|
page read and write
|
||
|
211B3A65000
|
heap
|
page read and write
|
||
|
23B5E5A0000
|
trusted library allocation
|
page read and write
|
||
|
235DDCE4000
|
heap
|
page read and write
|
||
|
1D44DE02000
|
heap
|
page read and write
|
||
|
1B76A680000
|
heap
|
page read and write
|
||
|
1D452D40000
|
remote allocation
|
page read and write
|
||
|
1D452EFB000
|
heap
|
page read and write
|
||
|
19941C75000
|
heap
|
page read and write
|
||
|
23B5EE02000
|
heap
|
page read and write
|
||
|
18721C13000
|
heap
|
page read and write
|
||
|
26142268000
|
heap
|
page read and write
|
||
|
211B3C15000
|
heap
|
page read and write
|
||
|
25E71487000
|
heap
|
page read and write
|
||
|
26659502000
|
heap
|
page read and write
|
||
|
211B3AF0000
|
heap
|
page read and write
|
||
|
23B5E613000
|
heap
|
page read and write
|
||
|
235DE559000
|
heap
|
page read and write
|
||
|
211B3A8A000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
7E3F2FB000
|
stack
|
page read and write
|
||
|
1DA42C30000
|
heap
|
page read and write
|
||
|
D21DE7A000
|
stack
|
page read and write
|
||
|
18721D13000
|
heap
|
page read and write
|
||
|
992117E000
|
stack
|
page read and write
|
||
|
1D452EF0000
|
heap
|
page read and write
|
||
|
22FF2253000
|
heap
|
page read and write
|
||
|
1963EA2F000
|
heap
|
page read and write
|
||
|
17017113000
|
heap
|
page read and write
|
||
|
235DDC53000
|
heap
|
page read and write
|
||
|
235DDB00000
|
heap
|
page read and write
|
||
|
23B5F600000
|
heap
|
page read and write
|
||
|
1D44E6E0000
|
trusted library section
|
page readonly
|
||
|
E591D7B000
|
stack
|
page read and write
|
||
|
211B3ACA000
|
heap
|
page read and write
|
||
|
4143A7D000
|
stack
|
page read and write
|
||
|
1F6DDA82000
|
heap
|
page read and write
|
||
|
211B3A97000
|
heap
|
page read and write
|
||
|
23B5EFD7000
|
heap
|
page read and write
|
||
|
9B18BFF000
|
stack
|
page read and write
|
||
|
211B3A41000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
211B3A45000
|
heap
|
page read and write
|
||
|
2FB7F7B000
|
stack
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
18721C3F000
|
heap
|
page read and write
|
||
|
235DEA02000
|
heap
|
page read and write
|
||
|
1D44D656000
|
heap
|
page read and write
|
||
|
E591E77000
|
stack
|
page read and write
|
||
|
19941C77000
|
heap
|
page read and write
|
||
|
261421A0000
|
heap
|
page read and write
|
||
|
1619D7D000
|
stack
|
page read and write
|
||
|
26142200000
|
heap
|
page read and write
|
||
|
23B5E7B8000
|
heap
|
page read and write
|
||
|
26142313000
|
heap
|
page read and write
|
||
|
235DE320000
|
remote allocation
|
page read and write
|
||
|
26142302000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
25E71482000
|
heap
|
page read and write
|
||
|
235DE590000
|
heap
|
page read and write
|
||
|
1D452C04000
|
trusted library allocation
|
page read and write
|
||
|
211B39E0000
|
heap
|
page read and write
|
||
|
211B3A6D000
|
heap
|
page read and write
|
||
|
1963EA45000
|
heap
|
page read and write
|
||
|
7F0AEFE000
|
stack
|
page read and write
|
||
|
7F0B2FD000
|
stack
|
page read and write
|
||
|
25E71463000
|
heap
|
page read and write
|
||
|
1D452BEE000
|
trusted library allocation
|
page read and write
|
||
|
235DE581000
|
heap
|
page read and write
|
||
|
1963E8F0000
|
heap
|
page read and write
|
||
|
4D5E37E000
|
stack
|
page read and write
|
||
|
235DDCA5000
|
heap
|
page read and write
|
||
|
235DDC4A000
|
heap
|
page read and write
|
||
|
9B18FFE000
|
stack
|
page read and write
|
||
|
1963EA32000
|
heap
|
page read and write
|
||
|
26142255000
|
heap
|
page read and write
|
||
|
7F0B3FD000
|
stack
|
page read and write
|
||
|
7F0ADFE000
|
stack
|
page read and write
|
||
|
9B182FB000
|
stack
|
page read and write
|
||
|
23B5E6CE000
|
heap
|
page read and write
|
||
|
211B3C10000
|
heap
|
page read and write
|
||
|
1F6DDA85000
|
heap
|
page read and write
|
||
|
235DE59B000
|
heap
|
page read and write
|
||
|
235DEA03000
|
heap
|
page read and write
|
||
|
1D452BE0000
|
trusted library allocation
|
page read and write
|
||
|
235DE599000
|
heap
|
page read and write
|
||
|
1963F202000
|
trusted library allocation
|
page read and write
|
||
|
235DDCD2000
|
heap
|
page read and write
|
||
|
22FF2160000
|
heap
|
page read and write
|
||
|
211B3AF2000
|
heap
|
page read and write
|
||
|
2614225D000
|
heap
|
page read and write
|
||
|
7E3F97E000
|
stack
|
page read and write
|
||
|
19941BD0000
|
trusted library allocation
|
page read and write
|
||
|
2FB7E7E000
|
stack
|
page read and write
|
||
|
211B3AE9000
|
heap
|
page read and write
|
||
|
D21E17E000
|
stack
|
page read and write
|
||
|
235DE54B000
|
heap
|
page read and write
|
||
|
1D452EF7000
|
heap
|
page read and write
|
||
|
23B5E6DF000
|
heap
|
page read and write
|
||
|
4A50D77000
|
stack
|
page read and write
|
||
|
1B76A76B000
|
heap
|
page read and write
|
||
|
17016DC0000
|
heap
|
page read and write
|
||
|
170170BA000
|
heap
|
page read and write
|
||
|
235DE599000
|
heap
|
page read and write
|
||
|
2FB7FFF000
|
stack
|
page read and write
|
||
|
7F0B1FF000
|
stack
|
page read and write
|
||
|
4D5E47E000
|
stack
|
page read and write
|
||
|
23B5F654000
|
heap
|
page read and write
|
||
|
936FC7D000
|
stack
|
page read and write
|
||
|
1963EB02000
|
heap
|
page read and write
|
||
|
1F6DDA9E000
|
heap
|
page read and write
|
||
|
D21DF7E000
|
stack
|
page read and write
|
||
|
26659413000
|
heap
|
page read and write
|
||
|
235DE59B000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
25E7145E000
|
heap
|
page read and write
|
||
|
235DE518000
|
heap
|
page read and write
|
||
|
235DDD16000
|
heap
|
page read and write
|
||
|
211B3A65000
|
heap
|
page read and write
|
||
|
26659400000
|
heap
|
page read and write
|
||
|
7E3EFFD000
|
stack
|
page read and write
|
||
|
1D44DF18000
|
heap
|
page read and write
|
||
|
1D452BE0000
|
trusted library allocation
|
page read and write
|
||
|
9B18EFE000
|
stack
|
page read and write
|
||
|
23B5F61D000
|
heap
|
page read and write
|
||
|
235DEA19000
|
heap
|
page read and write
|
||
|
1D452C20000
|
trusted library allocation
|
page read and write
|
||
|
992127C000
|
stack
|
page read and write
|
||
|
411467E000
|
stack
|
page read and write
|
||
|
4143C7C000
|
stack
|
page read and write
|
||
|
9B1907F000
|
stack
|
page read and write
|
||
|
235DE586000
|
heap
|
page read and write
|
||
|
26659380000
|
heap
|
page read and write
|
||
|
1963EA6C000
|
heap
|
page read and write
|
||
|
1D452E3F000
|
heap
|
page read and write
|
||
|
1F6DDA8E000
|
heap
|
page read and write
|
||
|
26142300000
|
heap
|
page read and write
|
||
|
235DE516000
|
heap
|
page read and write
|
||
|
161938B000
|
stack
|
page read and write
|
||
|
1D44DDF0000
|
trusted library allocation
|
page read and write
|
||
|
9B18E79000
|
stack
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
1963EA43000
|
heap
|
page read and write
|
||
|
26142130000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
936FA7E000
|
stack
|
page read and write
|
||
|
1963EA2A000
|
heap
|
page read and write
|
||
|
4A50C7B000
|
stack
|
page read and write
|
||
|
1619E7F000
|
stack
|
page read and write
|
||
|
1963EA3A000
|
heap
|
page read and write
|
||
|
1D44D580000
|
heap
|
page read and write
|
||
|
9B18D7F000
|
stack
|
page read and write
|
||
|
235DDCE7000
|
heap
|
page read and write
|
||
|
1D44D693000
|
heap
|
page read and write
|
||
|
4A50A7E000
|
stack
|
page read and write
|
||
|
9B1917D000
|
stack
|
page read and write
|
||
|
22FF226F000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
1D44DDD0000
|
trusted library allocation
|
page read and write
|
||
|
22FF2277000
|
heap
|
page read and write
|
||
|
23B5E64E000
|
heap
|
page read and write
|
||
|
235DE57F000
|
heap
|
page read and write
|
||
|
235DDAA0000
|
heap
|
page read and write
|
||
|
18721A60000
|
heap
|
page read and write
|
||
|
235DEA02000
|
heap
|
page read and write
|
||
|
1F6DDA55000
|
heap
|
page read and write
|
||
|
235DE580000
|
heap
|
page read and write
|
||
|
235DE56E000
|
heap
|
page read and write
|
||
|
1D452BE8000
|
trusted library allocation
|
page read and write
|
||
|
235DE520000
|
heap
|
page read and write
|
||
|
235DEA02000
|
heap
|
page read and write
|
||
|
26142213000
|
heap
|
page read and write
|
||
|
1D44D713000
|
heap
|
page read and write
|
||
|
26142257000
|
heap
|
page read and write
|
||
|
1D44E700000
|
trusted library section
|
page readonly
|
||
|
235DE260000
|
trusted library allocation
|
page read and write
|
||
|
1D452CB0000
|
trusted library allocation
|
page read and write
|
||
|
7F0B17D000
|
stack
|
page read and write
|
||
|
170170C5000
|
heap
|
page read and write
|
||
|
D21DFFC000
|
stack
|
page read and write
|
||
|
25E71468000
|
heap
|
page read and write
|
||
|
23B5E7FD000
|
heap
|
page read and write
|
||
|
235DDC4E000
|
heap
|
page read and write
|
||
|
23B5EF5F000
|
heap
|
page read and write
|
||
|
56B83CE000
|
stack
|
page read and write
|
||
|
235DE589000
|
heap
|
page read and write
|
||
|
1B76A795000
|
heap
|
page read and write
|
||
|
1D452C00000
|
trusted library allocation
|
page read and write
|
||
|
161A07F000
|
stack
|
page read and write
|
||
|
1B76A79E000
|
heap
|
page read and write
|
||
|
1963EA7C000
|
heap
|
page read and write
|
||
|
1D44E6F0000
|
trusted library section
|
page readonly
|
||
|
414377E000
|
stack
|
page read and write
|
||
|
1963EA47000
|
heap
|
page read and write
|
||
|
7E3F6FA000
|
stack
|
page read and write
|
||
|
235DE571000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
7E3F3FA000
|
stack
|
page read and write
|
||
|
235DE586000
|
heap
|
page read and write
|
||
|
56B887E000
|
stack
|
page read and write
|
||
|
4A50B7C000
|
stack
|
page read and write
|
||
|
1963E8E0000
|
heap
|
page read and write
|
||
|
235DE520000
|
heap
|
page read and write
|
||
|
1963EA3C000
|
heap
|
page read and write
|
||
|
1F6DDA71000
|
heap
|
page read and write
|
||
|
7E3F4FC000
|
stack
|
page read and write
|
||
|
235DE547000
|
heap
|
page read and write
|
||
|
235DE520000
|
heap
|
page read and write
|
||
|
19941C02000
|
heap
|
page read and write
|
||
|
2614225B000
|
heap
|
page read and write
|
||
|
235DE571000
|
heap
|
page read and write
|
||
|
16197FA000
|
stack
|
page read and write
|
||
|
235DDCDF000
|
heap
|
page read and write
|
||
|
19942402000
|
trusted library allocation
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
1701702A000
|
heap
|
page read and write
|
||
|
18721C55000
|
heap
|
page read and write
|
||
|
1963EA54000
|
heap
|
page read and write
|
||
|
23B5E67D000
|
heap
|
page read and write
|
||
|
17016DB0000
|
heap
|
page read and write
|
||
|
235DE586000
|
heap
|
page read and write
|
||
|
1963EA52000
|
heap
|
page read and write
|
||
|
7F0AC7B000
|
stack
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
211B3A8A000
|
heap
|
page read and write
|
||
|
23B5E7E1000
|
heap
|
page read and write
|
||
|
235DE5CA000
|
heap
|
page read and write
|
||
|
235DE599000
|
heap
|
page read and write
|
||
|
25E71320000
|
heap
|
page read and write
|
||
|
1B76A660000
|
heap
|
page read and write
|
||
|
23B5E649000
|
heap
|
page read and write
|
||
|
235DE520000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
23B5F713000
|
heap
|
page read and write
|
||
|
235DDCE7000
|
heap
|
page read and write
|
||
|
1DA42EC5000
|
heap
|
page read and write
|
||
|
992137B000
|
stack
|
page read and write
|
||
|
235DE588000
|
heap
|
page read and write
|
||
|
4A5074B000
|
stack
|
page read and write
|
||
|
235DE59B000
|
heap
|
page read and write
|
||
|
235DEA02000
|
heap
|
page read and write
|
||
|
19941C3D000
|
heap
|
page read and write
|
||
|
7E3EEFB000
|
stack
|
page read and write
|
||
|
1D44DF00000
|
heap
|
page read and write
|
||
|
23B5EF00000
|
heap
|
page read and write
|
||
|
211B3AF0000
|
heap
|
page read and write
|
||
|
235DEA02000
|
heap
|
page read and write
|
||
|
23B5E6E2000
|
heap
|
page read and write
|
||
|
26142308000
|
heap
|
page read and write
|
||
|
235DEA02000
|
heap
|
page read and write
|
||
|
235DE59B000
|
heap
|
page read and write
|
||
|
1DA42CBE000
|
heap
|
page read and write
|
||
|
235DE573000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
1D44D520000
|
heap
|
page read and write
|
||
|
4D5E27B000
|
stack
|
page read and write
|
||
|
1963E950000
|
heap
|
page read and write
|
||
|
25E71455000
|
heap
|
page read and write
|
||
|
1619C7F000
|
stack
|
page read and write
|
||
|
1F6DDA86000
|
heap
|
page read and write
|
||
|
1D452F02000
|
heap
|
page read and write
|
||
|
1F6DD980000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
936FCFC000
|
stack
|
page read and write
|
||
|
235DE55E000
|
heap
|
page read and write
|
||
|
235DE580000
|
heap
|
page read and write
|
||
|
235DE5AA000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
235DDC4F000
|
heap
|
page read and write
|
||
|
235DDC4B000
|
heap
|
page read and write
|
||
|
1D44DE00000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
56B877E000
|
stack
|
page read and write
|
||
|
2FB7BAF000
|
stack
|
page read and write
|
||
|
1DA42C50000
|
heap
|
page read and write
|
||
|
22FF2100000
|
heap
|
page read and write
|
||
|
E591F7F000
|
stack
|
page read and write
|
||
|
1D452E4C000
|
heap
|
page read and write
|
||
|
1D454000000
|
heap
|
page read and write
|
||
|
25E71508000
|
heap
|
page read and write
|
||
|
235DE5CD000
|
heap
|
page read and write
|
||
|
1D44D68A000
|
heap
|
page read and write
|
||
|
25E71460000
|
heap
|
page read and write
|
||
|
99210FE000
|
stack
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
411435C000
|
stack
|
page read and write
|
||
|
23B5E63E000
|
heap
|
page read and write
|
||
|
235DE589000
|
heap
|
page read and write
|
||
|
411477B000
|
stack
|
page read and write
|
||
|
23B5F606000
|
heap
|
page read and write
|
||
|
1D44D665000
|
heap
|
page read and write
|
||
|
235DE571000
|
heap
|
page read and write
|
||
|
1D44D702000
|
heap
|
page read and write
|
||
|
211B3ACA000
|
heap
|
page read and write
|
||
|
22FF2281000
|
heap
|
page read and write
|
||
|
235DDC80000
|
heap
|
page read and write
|
||
|
9B1897B000
|
stack
|
page read and write
|
||
|
1963EA66000
|
heap
|
page read and write
|
||
|
26659B70000
|
remote allocation
|
page read and write
|
||
|
235DE402000
|
heap
|
page read and write
|
||
|
1963EA3B000
|
heap
|
page read and write
|
||
|
235DDD08000
|
heap
|
page read and write
|
||
|
4114BF9000
|
stack
|
page read and write
|
||
|
235DE58A000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
235DE581000
|
heap
|
page read and write
|
||
|
1D44DF13000
|
heap
|
page read and write
|
||
|
1963EA41000
|
heap
|
page read and write
|
||
|
211B3A00000
|
heap
|
page read and write
|
||
|
18721D02000
|
heap
|
page read and write
|
||
|
235DDC6F000
|
heap
|
page read and write
|
||
|
22FF2255000
|
heap
|
page read and write
|
||
|
23B5F643000
|
heap
|
page read and write
|
||
|
E591C7B000
|
stack
|
page read and write
|
||
|
17017602000
|
heap
|
page read and write
|
||
|
4114AFF000
|
stack
|
page read and write
|
||
|
9B1887A000
|
stack
|
page read and write
|
||
|
25E7143C000
|
heap
|
page read and write
|
||
|
1DA42EC0000
|
heap
|
page read and write
|
||
|
936FD7E000
|
stack
|
page read and write
|
||
|
235DE5A8000
|
heap
|
page read and write
|
||
|
235DE597000
|
heap
|
page read and write
|
||
|
1619A7F000
|
stack
|
page read and write
|
||
|
2665945F000
|
heap
|
page read and write
|
||
|
18721C02000
|
heap
|
page read and write
|
||
|
235DDC57000
|
heap
|
page read and write
|
||
|
235DDD13000
|
heap
|
page read and write
|
||
|
23B5E5F0000
|
trusted library allocation
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
235DE520000
|
heap
|
page read and write
|
||
|
22FF2290000
|
heap
|
page read and write
|
||
|
19941D02000
|
heap
|
page read and write
|
||
|
1D452EE1000
|
heap
|
page read and write
|
||
|
1F6DD850000
|
heap
|
page read and write
|
||
|
26659B40000
|
trusted library allocation
|
page read and write
|
||
|
1F6DDA9D000
|
heap
|
page read and write
|
||
|
56B82CB000
|
stack
|
page read and write
|
||
|
1963EA69000
|
heap
|
page read and write
|
||
|
1D44D63C000
|
heap
|
page read and write
|
||
|
26142260000
|
heap
|
page read and write
|
||
|
7E3EF7E000
|
stack
|
page read and write
|
||
|
235DEA44000
|
heap
|
page read and write
|
||
|
2614223C000
|
heap
|
page read and write
|
||
|
235DE571000
|
heap
|
page read and write
|
||
|
19941C59000
|
heap
|
page read and write
|
||
|
23B5E6B1000
|
heap
|
page read and write
|
||
|
1D44D629000
|
heap
|
page read and write
|
||
|
1963EA2E000
|
heap
|
page read and write
|
||
|
170170E3000
|
heap
|
page read and write
|
||
|
4143D7F000
|
stack
|
page read and write
|
||
|
26142286000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
235DE500000
|
heap
|
page read and write
|
||
|
1D452CF0000
|
trusted library allocation
|
page read and write
|
||
|
26142261000
|
heap
|
page read and write
|
||
|
1D44DDD3000
|
trusted library allocation
|
page read and write
|
||
|
235DE599000
|
heap
|
page read and write
|
||
|
161A27F000
|
stack
|
page read and write
|
||
|
22FF2300000
|
heap
|
page read and write
|
||
|
26659C02000
|
trusted library allocation
|
page read and write
|
||
|
235DE597000
|
heap
|
page read and write
|
||
|
56B8A7E000
|
stack
|
page read and write
|
||
|
235DEA02000
|
heap
|
page read and write
|
||
|
1B76A9C5000
|
heap
|
page read and write
|
||
|
235DE59A000
|
heap
|
page read and write
|
||
|
19941B30000
|
heap
|
page read and write
|
||
|
235DE549000
|
heap
|
page read and write
|
||
|
235DE571000
|
heap
|
page read and write
|
||
|
1D44DDB1000
|
trusted library allocation
|
page read and write
|
||
|
18721C6A000
|
heap
|
page read and write
|
There are 713 hidden memdumps, click here to show them.