Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Insight_Medical_Publishing.one
|
data
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\click.wsf
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\rad0767A.tmp.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\CRCPqQPgWxqcgJu\zBLf.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 62582 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header
|
Matlab v4 mat-file (little endian) p\004, numeric, rows 262223750, columns 0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\OneNote15WatsonLog.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\36a44befa49650d0.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\IOV5D23NX65BBX4TEENK.temp
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
|
C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Insight_Medical_Publishing.one
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad0767A.tmp.dll
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
"C:\Users\user\AppData\Local\Temp\rad0767A.tmp.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\CRCPqQPgWxqcgJu\zBLf.dll"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://penshorn.org/admin/Ses8712iGR8du/
|
203.26.41.131
|
|
|
|
https://91.121.146.47:8080/jesecsgigcdk/zfgrij/wjhswvhm/D
|
unknown
|
|
|
|
https://182.162.143.56/jesecsgigcdk/zfgrij/wjhswvhm/
|
182.162.143.56
|
|
|
|
http://ozmeydan.com/cekici/9/
|
unknown
|
||
|
http://softwareulike.com/cWIYxWMPkK/
|
unknown
|
||
|
https://penshorn.org/
|
unknown
|
||
|
https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/wM
|
unknown
|
||
|
https://www.gomespontes.com.br/logs/pd/
|
unknown
|
||
|
https://penshorn.org/admin/Ses8712iGR8du/tM
|
unknown
|
||
|
http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/0
|
unknown
|
||
|
https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/uM
|
unknown
|
||
|
https://bbvoyage.com/useragreem
|
unknown
|
||
|
http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/
|
unknown
|
||
|
https://163.44.196.120:8080/jesecsgigcdk/zfgrij/wjhswvhm/
|
unknown
|
||
|
http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/D
|
unknown
|
||
|
https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/
|
unknown
|
||
|
http://softwareulike.com/cWIYxWMPkK/yM
|
unknown
|
||
|
https://91.121.146.47:8080/
|
unknown
|
||
|
https://163.44.196.120:8080/
|
unknown
|
||
|
https://160.16.142.56:8080/jesecsgigcdk/zfgrij/wjhswvhm/
|
unknown
|
||
|
https://penshorn.org/admin/Ses8712iGR8du/:
|
unknown
|
||
|
https://164.90.222.65:443/jesecsgigcdk/zfgrij/wjhswvhm/
|
unknown
|
||
|
https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/.dllG
|
unknown
|
||
|
https://www.gomespontes.com.br/logs/pd/vM
|
unknown
|
||
|
https://163.44.196.120:8080/a
|
unknown
|
||
|
https://www.gomespontes.com.br/logs/pd/RPROFIN
|
unknown
|
||
|
https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6
|
unknown
|
||
|
http://ozmeydan.com/cekici/9/xM
|
unknown
|
||
|
https://167.172.199.165:8080/
|
unknown
|
||
|
https://160.16.142.56:8080/jesecsgigcdk/zfgrij/wjhswvhm/~
|
unknown
|
||
|
https://167.172.199.165:8080/jesecsgigcdk/zfgrij/wjhswvhm/
|
unknown
|
||
|
https://www.gomespontes.com.br/logs/pd/RPROFII
|
unknown
|
||
|
https://91.121.146.47:8080/jesecsgigcdk/zfgrij/wjhswvhm/
|
unknown
|
||
|
https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/
|
unknown
|
||
|
http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/zM
|
unknown
|
||
|
https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/.dll
|
unknown
|
||
|
https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/LE=C:
|
unknown
|
||
|
https://167.172.199.165:8080/&C
|
unknown
|
||
|
https://penshorn.org/admin/Ses8712iGR8du/o8
|
unknown
|
||
|
https://penshorn.org/l
|
unknown
|
||
|
https://160.16.142.56:8080/
|
unknown
|
||
|
https://penshorn.org:443/admin/Ses8712iGR8du/script.createobject(
|
unknown
|
||
|
https://160.16.142.56:8080/jesecsgigcdk/zfgrij/wjhswvhm/Low
|
unknown
|
||
|
https://164.90.222.65/jesecsgigcdk/zfgrij/wjhswvhm/
|
unknown
|
There are 34 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
penshorn.org
|
203.26.41.131
|
|
|
|
c-0001.c-msedge.net
|
13.107.4.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
110.232.117.186
|
unknown
|
Australia
|
|
|
|
103.132.242.26
|
unknown
|
India
|
|
|
|
104.168.155.143
|
unknown
|
United States
|
|
|
|
79.137.35.198
|
unknown
|
France
|
|
|
|
115.68.227.76
|
unknown
|
Korea Republic of
|
|
|
|
163.44.196.120
|
unknown
|
Singapore
|
|
|
|
206.189.28.199
|
unknown
|
United States
|
|
|
|
203.26.41.131
|
penshorn.org
|
Australia
|
|
|
|
107.170.39.149
|
unknown
|
United States
|
|
|
|
66.228.32.31
|
unknown
|
United States
|
|
|
|
197.242.150.244
|
unknown
|
South Africa
|
|
|
|
185.4.135.165
|
unknown
|
Greece
|
|
|
|
183.111.227.137
|
unknown
|
Korea Republic of
|
|
|
|
45.176.232.124
|
unknown
|
Colombia
|
|
|
|
169.57.156.166
|
unknown
|
United States
|
|
|
|
164.68.99.3
|
unknown
|
Germany
|
|
|
|
139.59.126.41
|
unknown
|
Singapore
|
|
|
|
167.172.253.162
|
unknown
|
United States
|
|
|
|
167.172.199.165
|
unknown
|
United States
|
|
|
|
202.129.205.3
|
unknown
|
Thailand
|
|
|
|
147.139.166.154
|
unknown
|
United States
|
|
|
|
153.92.5.27
|
unknown
|
Germany
|
|
|
|
159.65.88.10
|
unknown
|
United States
|
|
|
|
172.105.226.75
|
unknown
|
United States
|
|
|
|
164.90.222.65
|
unknown
|
United States
|
|
|
|
213.239.212.5
|
unknown
|
Germany
|
|
|
|
5.135.159.50
|
unknown
|
France
|
|
|
|
186.194.240.217
|
unknown
|
Brazil
|
|
|
|
119.59.103.152
|
unknown
|
Thailand
|
|
|
|
159.89.202.34
|
unknown
|
United States
|
|
|
|
91.121.146.47
|
unknown
|
France
|
|
|
|
160.16.142.56
|
unknown
|
Japan
|
|
|
|
201.94.166.162
|
unknown
|
Brazil
|
|
|
|
91.207.28.33
|
unknown
|
Kyrgyzstan
|
|
|
|
103.75.201.2
|
unknown
|
Thailand
|
|
|
|
103.43.75.120
|
unknown
|
Japan
|
|
|
|
188.44.20.25
|
unknown
|
Macedonia
|
|
|
|
45.235.8.30
|
unknown
|
Brazil
|
|
|
|
153.126.146.25
|
unknown
|
Japan
|
|
|
|
72.15.201.15
|
unknown
|
United States
|
|
|
|
187.63.160.88
|
unknown
|
Brazil
|
|
|
|
82.223.21.224
|
unknown
|
Spain
|
|
|
|
173.212.193.249
|
unknown
|
Germany
|
|
|
|
95.217.221.146
|
unknown
|
Germany
|
|
|
|
149.56.131.28
|
unknown
|
Canada
|
|
|
|
182.162.143.56
|
unknown
|
Korea Republic of
|
|
|
|
1.234.2.232
|
unknown
|
Korea Republic of
|
|
|
|
129.232.188.93
|
unknown
|
South Africa
|
|
|
|
94.23.45.86
|
unknown
|
France
|
|
There are 39 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems
|
e{8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems
|
f{8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
|
FriendlyName
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
|
Description
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
|
LoadBehavior
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
|
CommandLineSafe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
|
FriendlyName
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
|
Description
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
|
LoadBehavior
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
|
CommandLineSafe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
LastMyDocumentsPathUsed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
ProgressWindowPosLeft
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
ProgressWindowPosTop
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
ConsecutiveBootCrashes
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
ConsecutiveEarlyCrashes
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save
|
BackupFilenamePostfixStartSP1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save
|
BackupFilenamePostfixEndSP1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save
|
BackupFilenamePostfixEndRerepairSP1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote
|
FirstBootStatus
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options
|
WatsonLoggingUserId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
LastCacheFclRepairSuccessTime
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
OneNoteFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\0\win32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\0\win32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1D12BD3F-89B6-4077-AA2C-C9DC2BCA42F9}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D12BD3F-89B6-4077-AA2C-C9DC2BCA42F9}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{627EA7B4-95B5-4980-84C1-9D20DA4460B1}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{627EA7B4-95B5-4980-84C1-9D20DA4460B1}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{452AC71A-B655-4967-A208-A4CC39DD7949}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{452AC71A-B655-4967-A208-A4CC39DD7949}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E8304B8-CBD1-44F8-B0E8-89C625B2002E}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E8304B8-CBD1-44F8-B0E8-89C625B2002E}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\TypeLib
|
Version
|
There are 33 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
BDC000
|
heap
|
page read and write
|
|
|
|
24A1000
|
direct allocation
|
page execute read
|
|
|
|
731000
|
direct allocation
|
page execute read
|
|
|
|
2470000
|
direct allocation
|
page execute and read and write
|
|
|
|
700000
|
direct allocation
|
page execute and read and write
|
|
|
|
C0C000
|
heap
|
page read and write
|
||
|
5854000
|
heap
|
page read and write
|
||
|
BBA000
|
heap
|
page read and write
|
||
|
59B1000
|
heap
|
page read and write
|
||
|
31A8000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
599C000
|
heap
|
page read and write
|
||
|
C2D000
|
heap
|
page read and write
|
||
|
C41000
|
heap
|
page read and write
|
||
|
56FB000
|
heap
|
page read and write
|
||
|
58F8000
|
heap
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
526E000
|
stack
|
page read and write
|
||
|
32FE000
|
stack
|
page read and write
|
||
|
31CA000
|
heap
|
page read and write
|
||
|
31FA000
|
heap
|
page read and write
|
||
|
2CFC000
|
heap
|
page read and write
|
||
|
59E6000
|
heap
|
page read and write
|
||
|
315B000
|
heap
|
page read and write
|
||
|
5158000
|
heap
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
5939000
|
heap
|
page read and write
|
||
|
5618000
|
heap
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
EF9000
|
stack
|
page read and write
|
||
|
554B000
|
heap
|
page read and write
|
||
|
595C000
|
heap
|
page read and write
|
||
|
51CA000
|
heap
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
5A30000
|
heap
|
page read and write
|
||
|
25F0000
|
trusted library allocation
|
page read and write
|
||
|
57C1000
|
heap
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
C32000
|
heap
|
page read and write
|
||
|
5A20000
|
heap
|
page read and write
|
||
|
2594EF70000
|
heap
|
page read and write
|
||
|
31D1000
|
heap
|
page read and write
|
||
|
51B7000
|
heap
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
5710000
|
heap
|
page read and write
|
||
|
3159000
|
heap
|
page read and write
|
||
|
A7B000
|
stack
|
page read and write
|
||
|
5152000
|
heap
|
page read and write
|
||
|
31CF000
|
heap
|
page read and write
|
||
|
1FAE000
|
stack
|
page read and write
|
||
|
5612000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
C2D000
|
heap
|
page read and write
|
||
|
2EA7000
|
heap
|
page read and write
|
||
|
BFD000
|
heap
|
page read and write
|
||
|
51CA000
|
heap
|
page read and write
|
||
|
8CB44FE000
|
stack
|
page read and write
|
||
|
57A4000
|
heap
|
page read and write
|
||
|
54E3000
|
heap
|
page read and write
|
||
|
2D16000
|
heap
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
5A41000
|
heap
|
page read and write
|
||
|
C3C000
|
heap
|
page read and write
|
||
|
571C000
|
heap
|
page read and write
|
||
|
5A41000
|
heap
|
page read and write
|
||
|
5941000
|
heap
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
5824000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
25E0000
|
trusted library allocation
|
page read and write
|
||
|
587B000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
5881000
|
heap
|
page read and write
|
||
|
2C7C000
|
stack
|
page read and write
|
||
|
5516000
|
heap
|
page read and write
|
||
|
595A000
|
heap
|
page read and write
|
||
|
5142000
|
heap
|
page read and write
|
||
|
269E000
|
stack
|
page read and write
|
||
|
5520000
|
heap
|
page read and write
|
||
|
599E000
|
heap
|
page read and write
|
||
|
5925000
|
heap
|
page read and write
|
||
|
C41000
|
heap
|
page read and write
|
||
|
516D000
|
heap
|
page read and write
|
||
|
513C000
|
heap
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
3152000
|
heap
|
page read and write
|
||
|
51B2000
|
heap
|
page read and write
|
||
|
580E000
|
heap
|
page read and write
|
||
|
5592000
|
heap
|
page read and write
|
||
|
31D7000
|
heap
|
page read and write
|
||
|
24CB000
|
direct allocation
|
page read and write
|
||
|
5964000
|
heap
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
590F000
|
heap
|
page read and write
|
||
|
58D9000
|
heap
|
page read and write
|
||
|
CA4000
|
heap
|
page read and write
|
||
|
55F2000
|
heap
|
page read and write
|
||
|
562B000
|
heap
|
page read and write
|
||
|
5A45000
|
heap
|
page read and write
|
||
|
515D000
|
heap
|
page read and write
|
||
|
54C0000
|
heap
|
page read and write
|
||
|
54D0000
|
heap
|
page read and write
|
||
|
3145000
|
heap
|
page read and write
|
||
|
5173000
|
heap
|
page read and write
|
||
|
5889000
|
heap
|
page read and write
|
||
|
31B8000
|
heap
|
page read and write
|
||
|
595A000
|
heap
|
page read and write
|
||
|
5612000
|
heap
|
page read and write
|
||
|
C05000
|
heap
|
page read and write
|
||
|
51CA000
|
heap
|
page read and write
|
||
|
5709000
|
heap
|
page read and write
|
||
|
2EA8000
|
heap
|
page read and write
|
||
|
2D24000
|
heap
|
page read and write
|
||
|
5854000
|
heap
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
5691000
|
heap
|
page read and write
|
||
|
554B000
|
heap
|
page read and write
|
||
|
5164000
|
heap
|
page read and write
|
||
|
5159000
|
heap
|
page read and write
|
||
|
5579000
|
heap
|
page read and write
|
||
|
2594EF79000
|
heap
|
page read and write
|
||
|
5872000
|
heap
|
page read and write
|
||
|
C41000
|
heap
|
page read and write
|
||
|
2ECF000
|
heap
|
page read and write
|
||
|
314A000
|
heap
|
page read and write
|
||
|
58B9000
|
heap
|
page read and write
|
||
|
5738000
|
heap
|
page read and write
|
||
|
5147000
|
heap
|
page read and write
|
||
|
59DC000
|
heap
|
page read and write
|
||
|
2CEE000
|
heap
|
page read and write
|
||
|
3088000
|
heap
|
page read and write
|
||
|
2594EDF0000
|
trusted library allocation
|
page read and write
|
||
|
25DE000
|
stack
|
page read and write
|
||
|
51CA000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
8CB3FDE000
|
stack
|
page read and write
|
||
|
56AB000
|
heap
|
page read and write
|
||
|
5141000
|
heap
|
page read and write
|
||
|
58C1000
|
heap
|
page read and write
|
||
|
574E000
|
heap
|
page read and write
|
||
|
54D6000
|
heap
|
page read and write
|
||
|
3188000
|
heap
|
page read and write
|
||
|
2594ECE0000
|
trusted library allocation
|
page read and write
|
||
|
47B000
|
stack
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
5872000
|
heap
|
page read and write
|
||
|
550D000
|
heap
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
5144000
|
heap
|
page read and write
|
||
|
59A5000
|
heap
|
page read and write
|
||
|
309E000
|
stack
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
3460000
|
heap
|
page read and write
|
||
|
5139000
|
heap
|
page read and write
|
||
|
5130000
|
heap
|
page read and write
|
||
|
C9D000
|
heap
|
page read and write
|
||
|
31A8000
|
heap
|
page read and write
|
||
|
514A000
|
heap
|
page read and write
|
||
|
315A000
|
heap
|
page read and write
|
||
|
596D000
|
heap
|
page read and write
|
||
|
5881000
|
heap
|
page read and write
|
||
|
5753000
|
heap
|
page read and write
|
||
|
5154000
|
heap
|
page read and write
|
||
|
58A9000
|
heap
|
page read and write
|
||
|
55DA000
|
heap
|
page read and write
|
||
|
30DE000
|
stack
|
page read and write
|
||
|
5162000
|
heap
|
page read and write
|
||
|
51CA000
|
heap
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
5536000
|
heap
|
page read and write
|
||
|
5155000
|
heap
|
page read and write
|
||
|
5A4B000
|
heap
|
page read and write
|
||
|
5952000
|
heap
|
page read and write
|
||
|
55FE000
|
heap
|
page read and write
|
||
|
58B9000
|
heap
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
595A000
|
heap
|
page read and write
|
||
|
58A0000
|
heap
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
2594EC70000
|
heap
|
page read and write
|
||
|
5133000
|
heap
|
page read and write
|
||
|
2D05000
|
heap
|
page read and write
|
||
|
354E000
|
heap
|
page read and write
|
||
|
5935000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
2610000
|
heap
|
page read and write
|
||
|
5135000
|
heap
|
page read and write
|
||
|
554C000
|
heap
|
page read and write
|
||
|
56A4000
|
heap
|
page read and write
|
||
|
3174000
|
heap
|
page read and write
|
||
|
2594EE90000
|
trusted library allocation
|
page read and write
|
||
|
2CFC000
|
heap
|
page read and write
|
||
|
5915000
|
heap
|
page read and write
|
||
|
770000
|
trusted library allocation
|
page read and write
|
||
|
5146000
|
heap
|
page read and write
|
||
|
3197000
|
heap
|
page read and write
|
||
|
2594ED3D000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page readonly
|
||
|
2C81000
|
heap
|
page read and write
|
||
|
56F4000
|
heap
|
page read and write
|
||
|
57B1000
|
heap
|
page read and write
|
||
|
579C000
|
heap
|
page read and write
|
||
|
51A6000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
5516000
|
heap
|
page read and write
|
||
|
5A15000
|
heap
|
page read and write
|
||
|
5AA3000
|
heap
|
page read and write
|
||
|
5197000
|
heap
|
page read and write
|
||
|
5A29000
|
heap
|
page read and write
|
||
|
580E000
|
heap
|
page read and write
|
||
|
51AB000
|
heap
|
page read and write
|
||
|
24CA000
|
direct allocation
|
page readonly
|
||
|
CA4000
|
heap
|
page read and write
|
||
|
2594ED33000
|
heap
|
page read and write
|
||
|
354D000
|
heap
|
page read and write
|
||
|
C32000
|
heap
|
page read and write
|
||
|
5980000
|
heap
|
page read and write
|
||
|
5137000
|
heap
|
page read and write
|
||
|
513D000
|
heap
|
page read and write
|
||
|
2594ED3B000
|
heap
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
514B000
|
heap
|
page read and write
|
||
|
51BF000
|
heap
|
page read and write
|
||
|
518F000
|
heap
|
page read and write
|
||
|
31F2000
|
heap
|
page read and write
|
||
|
54AF000
|
stack
|
page read and write
|
||
|
3148000
|
heap
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
5B41000
|
heap
|
page read and write
|
||
|
5730000
|
heap
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
5FD0000
|
remote allocation
|
page read and write
|
||
|
31B8000
|
heap
|
page read and write
|
||
|
C07000
|
heap
|
page read and write
|
||
|
2CAC000
|
stack
|
page read and write
|
||
|
61AE000
|
stack
|
page read and write
|
||
|
5B63000
|
heap
|
page read and write
|
||
|
56CB000
|
heap
|
page read and write
|
||
|
2594EB20000
|
trusted library allocation
|
page read and write
|
||
|
5161000
|
heap
|
page read and write
|
||
|
318A000
|
heap
|
page read and write
|
||
|
5157000
|
heap
|
page read and write
|
||
|
59C9000
|
heap
|
page read and write
|
||
|
55B1000
|
heap
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
3145000
|
heap
|
page read and write
|
||
|
2594ED00000
|
heap
|
page read and write
|
||
|
57BA000
|
heap
|
page read and write
|
||
|
515C000
|
heap
|
page read and write
|
||
|
C41000
|
heap
|
page read and write
|
||
|
562F000
|
heap
|
page read and write
|
||
|
55A0000
|
heap
|
page read and write
|
||
|
26DB000
|
stack
|
page read and write
|
||
|
5525000
|
heap
|
page read and write
|
||
|
5816000
|
heap
|
page read and write
|
||
|
59FA000
|
heap
|
page read and write
|
||
|
2EF1000
|
heap
|
page read and write
|
||
|
3179000
|
heap
|
page read and write
|
||
|
592E000
|
heap
|
page read and write
|
||
|
57EE000
|
heap
|
page read and write
|
||
|
C08000
|
heap
|
page read and write
|
||
|
180021000
|
unkown
|
page read and write
|
||
|
578F000
|
heap
|
page read and write
|
||
|
5A1E000
|
heap
|
page read and write
|
||
|
3548000
|
heap
|
page read and write
|
||
|
2594EF80000
|
trusted library allocation
|
page read and write
|
||
|
583C000
|
heap
|
page read and write
|
||
|
515C000
|
heap
|
page read and write
|
||
|
54FC000
|
heap
|
page read and write
|
||
|
2D4C000
|
heap
|
page read and write
|
||
|
3154000
|
heap
|
page read and write
|
||
|
58EF000
|
heap
|
page read and write
|
||
|
6F0000
|
direct allocation
|
page execute and read and write
|
||
|
30A1000
|
heap
|
page read and write
|
||
|
314A000
|
heap
|
page read and write
|
||
|
55A0000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
5982000
|
heap
|
page read and write
|
||
|
25E0000
|
trusted library allocation
|
page read and write
|
||
|
C05000
|
heap
|
page read and write
|
||
|
2B5D000
|
stack
|
page read and write
|
||
|
54E3000
|
heap
|
page read and write
|
||
|
207E000
|
stack
|
page read and write
|
||
|
565D000
|
heap
|
page read and write
|
||
|
2594EEC0000
|
trusted library allocation
|
page read and write
|
||
|
5FD0000
|
remote allocation
|
page read and write
|
||
|
54C1000
|
heap
|
page read and write
|
||
|
2177000
|
stack
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
5649000
|
heap
|
page read and write
|
||
|
5AA5000
|
heap
|
page read and write
|
||
|
5950000
|
heap
|
page read and write
|
||
|
59A5000
|
heap
|
page read and write
|
||
|
59C0000
|
heap
|
page read and write
|
||
|
595A000
|
heap
|
page read and write
|
||
|
180016000
|
unkown
|
page readonly
|
||
|
599C000
|
heap
|
page read and write
|
||
|
5A45000
|
heap
|
page read and write
|
||
|
54E8000
|
heap
|
page read and write
|
||
|
5907000
|
heap
|
page read and write
|
||
|
5AF2000
|
heap
|
page read and write
|
||
|
75B000
|
direct allocation
|
page read and write
|
||
|
571C000
|
heap
|
page read and write
|
||
|
5135000
|
heap
|
page read and write
|
||
|
595A000
|
heap
|
page read and write
|
||
|
56D2000
|
heap
|
page read and write
|
||
|
2594FA70000
|
trusted library allocation
|
page read and write
|
||
|
596D000
|
heap
|
page read and write
|
||
|
2594EC50000
|
heap
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
555C000
|
heap
|
page read and write
|
||
|
5872000
|
heap
|
page read and write
|
||
|
C08000
|
heap
|
page read and write
|
||
|
58D8000
|
heap
|
page read and write
|
||
|
5657000
|
heap
|
page read and write
|
||
|
5747000
|
heap
|
page read and write
|
||
|
5A45000
|
heap
|
page read and write
|
||
|
3088000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
598C000
|
heap
|
page read and write
|
||
|
3544000
|
heap
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
2CA7000
|
heap
|
page read and write
|
||
|
CA4000
|
heap
|
page read and write
|
||
|
5691000
|
heap
|
page read and write
|
||
|
5A4B000
|
heap
|
page read and write
|
||
|
5963000
|
heap
|
page read and write
|
||
|
75A000
|
direct allocation
|
page readonly
|
||
|
5D5D000
|
stack
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
59DC000
|
heap
|
page read and write
|
||
|
55B7000
|
heap
|
page read and write
|
||
|
8CB4379000
|
stack
|
page read and write
|
||
|
5138000
|
heap
|
page read and write
|
||
|
24A0000
|
direct allocation
|
page read and write
|
||
|
33FF000
|
stack
|
page read and write
|
||
|
3193000
|
heap
|
page read and write
|
||
|
5151000
|
heap
|
page read and write
|
||
|
59EE000
|
heap
|
page read and write
|
||
|
5A30000
|
heap
|
page read and write
|
||
|
59A5000
|
heap
|
page read and write
|
||
|
583C000
|
heap
|
page read and write
|
||
|
2594EF10000
|
trusted library allocation
|
page read and write
|
||
|
3159000
|
heap
|
page read and write
|
||
|
C41000
|
heap
|
page read and write
|
||
|
61D0000
|
heap
|
page read and write
|
||
|
2B60000
|
remote allocation
|
page read and write
|
||
|
57C0000
|
heap
|
page read and write
|
||
|
CA4000
|
heap
|
page read and write
|
||
|
590D000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
5505000
|
heap
|
page read and write
|
||
|
5520000
|
heap
|
page read and write
|
||
|
583C000
|
heap
|
page read and write
|
||
|
57E0000
|
heap
|
page read and write
|
||
|
59CB000
|
heap
|
page read and write
|
||
|
24D0000
|
heap
|
page readonly
|
||
|
578F000
|
heap
|
page read and write
|
||
|
56F4000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
31A1000
|
heap
|
page read and write
|
||
|
57BA000
|
heap
|
page read and write
|
||
|
2CEE000
|
heap
|
page read and write
|
||
|
5513000
|
heap
|
page read and write
|
||
|
5505000
|
heap
|
page read and write
|
||
|
8CB42F9000
|
stack
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
308A000
|
heap
|
page read and write
|
||
|
5A0B000
|
heap
|
page read and write
|
||
|
2ADB000
|
stack
|
page read and write
|
||
|
2F1B000
|
heap
|
page read and write
|
||
|
5A0D000
|
heap
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
5A30000
|
heap
|
page read and write
|
||
|
31E7000
|
heap
|
page read and write
|
||
|
2CEE000
|
heap
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
53AE000
|
stack
|
page read and write
|
||
|
2594ED53000
|
heap
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
5A4B000
|
heap
|
page read and write
|
||
|
75C000
|
direct allocation
|
page readonly
|
||
|
1FF0000
|
heap
|
page read and write
|
||
|
56FF000
|
heap
|
page read and write
|
||
|
5173000
|
heap
|
page read and write
|
||
|
516D000
|
heap
|
page read and write
|
||
|
581C000
|
heap
|
page read and write
|
||
|
2E81000
|
heap
|
page read and write
|
||
|
590D000
|
heap
|
page read and write
|
||
|
CA3000
|
heap
|
page read and write
|
||
|
31A9000
|
heap
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
5600000
|
heap
|
page read and write
|
||
|
8CB3F5B000
|
stack
|
page read and write
|
||
|
5A4B000
|
heap
|
page read and write
|
||
|
2CC8000
|
heap
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
5906000
|
heap
|
page read and write
|
||
|
180023000
|
unkown
|
page readonly
|
||
|
567E000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
553A000
|
heap
|
page read and write
|
||
|
271B000
|
stack
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
31D1000
|
heap
|
page read and write
|
||
|
58B9000
|
heap
|
page read and write
|
||
|
318A000
|
heap
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
5940000
|
heap
|
page read and write
|
||
|
57F6000
|
heap
|
page read and write
|
||
|
558C000
|
heap
|
page read and write
|
||
|
C34000
|
heap
|
page read and write
|
||
|
59DC000
|
heap
|
page read and write
|
||
|
590D000
|
heap
|
page read and write
|
||
|
C2D000
|
heap
|
page read and write
|
||
|
55E0000
|
heap
|
page read and write
|
||
|
785000
|
heap
|
page read and write
|
||
|
5F9F000
|
stack
|
page read and write
|
||
|
CA4000
|
heap
|
page read and write
|
||
|
5657000
|
heap
|
page read and write
|
||
|
54FC000
|
heap
|
page read and write
|
||
|
51A3000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
2594ED3B000
|
heap
|
page read and write
|
||
|
571D000
|
heap
|
page read and write
|
||
|
590D000
|
heap
|
page read and write
|
||
|
5989000
|
heap
|
page read and write
|
||
|
5A0A000
|
heap
|
page read and write
|
||
|
31E1000
|
heap
|
page read and write
|
||
|
58D8000
|
heap
|
page read and write
|
||
|
F35000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
59DC000
|
heap
|
page read and write
|
||
|
255C000
|
stack
|
page read and write
|
||
|
CAC000
|
heap
|
page read and write
|
||
|
59F8000
|
heap
|
page read and write
|
||
|
56E5000
|
heap
|
page read and write
|
||
|
513E000
|
heap
|
page read and write
|
||
|
58E1000
|
heap
|
page read and write
|
||
|
5948000
|
heap
|
page read and write
|
||
|
5797000
|
heap
|
page read and write
|
||
|
5AB000
|
heap
|
page read and write
|
||
|
5724000
|
heap
|
page read and write
|
||
|
54F3000
|
heap
|
page read and write
|
||
|
5153000
|
heap
|
page read and write
|
||
|
5589000
|
heap
|
page read and write
|
||
|
55C8000
|
heap
|
page read and write
|
||
|
582C000
|
heap
|
page read and write
|
||
|
180021000
|
unkown
|
page read and write
|
||
|
C9E000
|
heap
|
page read and write
|
||
|
2594ECF0000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
5A01000
|
heap
|
page read and write
|
||
|
59AF000
|
heap
|
page read and write
|
||
|
5981000
|
heap
|
page read and write
|
||
|
5624000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
5669000
|
heap
|
page read and write
|
||
|
6DCD000
|
stack
|
page read and write
|
||
|
CA3000
|
heap
|
page read and write
|
||
|
5B63000
|
heap
|
page read and write
|
||
|
2594EE50000
|
trusted library allocation
|
page read and write
|
||
|
3139000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
5520000
|
heap
|
page read and write
|
||
|
C4D000
|
heap
|
page read and write
|
||
|
56BE000
|
heap
|
page read and write
|
||
|
5173000
|
heap
|
page read and write
|
||
|
2CFC000
|
heap
|
page read and write
|
||
|
564D000
|
heap
|
page read and write
|
||
|
C41000
|
heap
|
page read and write
|
||
|
1FB0000
|
trusted library allocation
|
page read and write
|
||
|
5163000
|
heap
|
page read and write
|
||
|
C41000
|
heap
|
page read and write
|
||
|
C0C000
|
heap
|
page read and write
|
||
|
BA5000
|
heap
|
page read and write
|
||
|
57AC000
|
heap
|
page read and write
|
||
|
31F7000
|
heap
|
page read and write
|
||
|
2CEB000
|
stack
|
page read and write
|
||
|
5763000
|
heap
|
page read and write
|
||
|
C4C000
|
heap
|
page read and write
|
||
|
5780000
|
heap
|
page read and write
|
||
|
8CB427F000
|
stack
|
page read and write
|
||
|
180016000
|
unkown
|
page readonly
|
||
|
5576000
|
heap
|
page read and write
|
||
|
6212000
|
heap
|
page read and write
|
||
|
5192000
|
heap
|
page read and write
|
||
|
55BB000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
31FA000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
313A000
|
heap
|
page read and write
|
||
|
563A000
|
heap
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
55CE000
|
heap
|
page read and write
|
||
|
57A4000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
265F000
|
stack
|
page read and write
|
||
|
513D000
|
heap
|
page read and write
|
||
|
3183000
|
heap
|
page read and write
|
||
|
59D3000
|
heap
|
page read and write
|
||
|
5935000
|
heap
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
31A1000
|
heap
|
page read and write
|
||
|
2594ED57000
|
heap
|
page read and write
|
||
|
5583000
|
heap
|
page read and write
|
||
|
BFD000
|
heap
|
page read and write
|
||
|
5A43000
|
heap
|
page read and write
|
||
|
3540000
|
heap
|
page read and write
|
||
|
5173000
|
heap
|
page read and write
|
||
|
2460000
|
direct allocation
|
page execute and read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
51FE000
|
heap
|
page read and write
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
5A2C000
|
heap
|
page read and write
|
||
|
5709000
|
heap
|
page read and write
|
||
|
5612000
|
heap
|
page read and write
|
||
|
5A41000
|
heap
|
page read and write
|
||
|
3108000
|
heap
|
page read and write
|
||
|
C2D000
|
heap
|
page read and write
|
||
|
C0C000
|
heap
|
page read and write
|
||
|
59E4000
|
heap
|
page read and write
|
||
|
C0C000
|
heap
|
page read and write
|
||
|
59DC000
|
heap
|
page read and write
|
||
|
5A9F000
|
heap
|
page read and write
|
||
|
5B63000
|
heap
|
page read and write
|
||
|
5747000
|
heap
|
page read and write
|
||
|
5730000
|
heap
|
page read and write
|
||
|
598B000
|
heap
|
page read and write
|
||
|
5697000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
5642000
|
heap
|
page read and write
|
||
|
59A7000
|
heap
|
page read and write
|
||
|
3544000
|
heap
|
page read and write
|
||
|
6CCE000
|
stack
|
page read and write
|
||
|
592C000
|
heap
|
page read and write
|
||
|
8CB4479000
|
stack
|
page read and write
|
||
|
20FE000
|
stack
|
page read and write
|
||
|
BF9000
|
heap
|
page read and write
|
||
|
C0C000
|
heap
|
page read and write
|
||
|
2594ED3B000
|
heap
|
page read and write
|
||
|
C07000
|
heap
|
page read and write
|
||
|
598B000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
31BD000
|
heap
|
page read and write
|
||
|
5531000
|
heap
|
page read and write
|
||
|
55E4000
|
heap
|
page read and write
|
||
|
2CFC000
|
heap
|
page read and write
|
||
|
5892000
|
heap
|
page read and write
|
||
|
536F000
|
stack
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
2594EB10000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
5965000
|
heap
|
page read and write
|
||
|
514E000
|
heap
|
page read and write
|
||
|
55BB000
|
heap
|
page read and write
|
||
|
5158000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
312E000
|
heap
|
page read and write
|
||
|
354E000
|
heap
|
page read and write
|
||
|
567E000
|
heap
|
page read and write
|
||
|
5778000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
5583000
|
heap
|
page read and write
|
||
|
2D15000
|
heap
|
page read and write
|
||
|
51BA000
|
heap
|
page read and write
|
||
|
513E000
|
heap
|
page read and write
|
||
|
31CA000
|
heap
|
page read and write
|
||
|
567E000
|
heap
|
page read and write
|
||
|
51CA000
|
heap
|
page read and write
|
||
|
57CA000
|
heap
|
page read and write
|
||
|
516D000
|
heap
|
page read and write
|
||
|
31FA000
|
heap
|
page read and write
|
||
|
57EE000
|
heap
|
page read and write
|
||
|
31D1000
|
heap
|
page read and write
|
||
|
3548000
|
heap
|
page read and write
|
||
|
55A6000
|
heap
|
page read and write
|
||
|
591E000
|
heap
|
page read and write
|
||
|
C3D000
|
heap
|
page read and write
|
||
|
5824000
|
heap
|
page read and write
|
||
|
24CC000
|
direct allocation
|
page readonly
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
586A000
|
heap
|
page read and write
|
||
|
5B41000
|
heap
|
page read and write
|
||
|
31AE000
|
heap
|
page read and write
|
||
|
BFD000
|
heap
|
page read and write
|
||
|
51AF000
|
heap
|
page read and write
|
||
|
C2D000
|
heap
|
page read and write
|
||
|
56B7000
|
heap
|
page read and write
|
||
|
5A30000
|
heap
|
page read and write
|
||
|
2B60000
|
remote allocation
|
page read and write
|
||
|
518F000
|
heap
|
page read and write
|
||
|
5562000
|
heap
|
page read and write
|
||
|
56A4000
|
heap
|
page read and write
|
||
|
5606000
|
heap
|
page read and write
|
||
|
2594EF75000
|
heap
|
page read and write
|
||
|
55FF000
|
heap
|
page read and write
|
||
|
5A4B000
|
heap
|
page read and write
|
||
|
5144000
|
heap
|
page read and write
|
||
|
2594EEA0000
|
heap
|
page readonly
|
||
|
519A000
|
heap
|
page read and write
|
||
|
57D8000
|
heap
|
page read and write
|
||
|
5E5E000
|
stack
|
page read and write
|
||
|
5854000
|
heap
|
page read and write
|
||
|
5A2C000
|
heap
|
page read and write
|
||
|
519C000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
C41000
|
heap
|
page read and write
|
||
|
3153000
|
heap
|
page read and write
|
||
|
60AE000
|
stack
|
page read and write
|
||
|
5A41000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
5144000
|
heap
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
5636000
|
heap
|
page read and write
|
||
|
59C9000
|
heap
|
page read and write
|
||
|
2CFC000
|
heap
|
page read and write
|
||
|
2D0C000
|
heap
|
page read and write
|
||
|
5C1D000
|
stack
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
C3C000
|
heap
|
page read and write
|
||
|
514D000
|
heap
|
page read and write
|
||
|
55C0000
|
heap
|
page read and write
|
||
|
5A15000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
57A5000
|
heap
|
page read and write
|
||
|
B7C000
|
stack
|
page read and write
|
||
|
5131000
|
heap
|
page read and write
|
||
|
5551000
|
heap
|
page read and write
|
||
|
31A8000
|
heap
|
page read and write
|
||
|
5778000
|
heap
|
page read and write
|
||
|
576B000
|
heap
|
page read and write
|
||
|
5139000
|
heap
|
page read and write
|
||
|
2594ECF8000
|
heap
|
page read and write
|
||
|
59EE000
|
heap
|
page read and write
|
||
|
55FE000
|
heap
|
page read and write
|
||
|
58A0000
|
heap
|
page read and write
|
||
|
2CFC000
|
heap
|
page read and write
|
||
|
5D1D000
|
stack
|
page read and write
|
||
|
CA3000
|
heap
|
page read and write
|
||
|
2CEE000
|
heap
|
page read and write
|
||
|
578F000
|
heap
|
page read and write
|
||
|
5684000
|
heap
|
page read and write
|
||
|
5502000
|
heap
|
page read and write
|
||
|
311C000
|
heap
|
page read and write
|
||
|
C9B000
|
heap
|
page read and write
|
||
|
5980000
|
heap
|
page read and write
|
||
|
6203000
|
heap
|
page read and write
|
||
|
5A30000
|
heap
|
page read and write
|
||
|
5657000
|
heap
|
page read and write
|
||
|
5A2A000
|
heap
|
page read and write
|
||
|
54F9000
|
heap
|
page read and write
|
||
|
607000
|
heap
|
page read and write
|
||
|
C08000
|
heap
|
page read and write
|
||
|
180023000
|
unkown
|
page readonly
|
||
|
5A4B000
|
heap
|
page read and write
|
||
|
2B60000
|
remote allocation
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
5692000
|
heap
|
page read and write
|
||
|
31A8000
|
heap
|
page read and write
|
||
|
5844000
|
heap
|
page read and write
|
||
|
54C5000
|
heap
|
page read and write
|
||
|
2D14000
|
heap
|
page read and write
|
||
|
56F4000
|
heap
|
page read and write
|
||
|
5E9E000
|
stack
|
page read and write
|
||
|
31A6000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
5173000
|
heap
|
page read and write
|
||
|
5540000
|
heap
|
page read and write
|
||
|
5898000
|
heap
|
page read and write
|
||
|
56DE000
|
heap
|
page read and write
|
||
|
518F000
|
heap
|
page read and write
|
||
|
C33000
|
heap
|
page read and write
|
||
|
51CA000
|
heap
|
page read and write
|
||
|
5137000
|
heap
|
page read and write
|
||
|
317E000
|
heap
|
page read and write
|
||
|
2594EEB0000
|
trusted library allocation
|
page read and write
|
||
|
55EC000
|
heap
|
page read and write
|
||
|
58E7000
|
heap
|
page read and write
|
||
|
5A30000
|
heap
|
page read and write
|
||
|
5A41000
|
heap
|
page read and write
|
||
|
308F000
|
heap
|
page read and write
|
||
|
55C1000
|
heap
|
page read and write
|
||
|
8CB43FF000
|
stack
|
page read and write
|
||
|
311D000
|
heap
|
page read and write
|
||
|
5FD0000
|
remote allocation
|
page read and write
|
||
|
585C000
|
heap
|
page read and write
|
||
|
31FA000
|
heap
|
page read and write
|
||
|
5A41000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
There are 693 hidden memdumps, click here to show them.