Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Insight_Medical_Publishing_3.one
|
data
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\click.wsf
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\rad38C2A.tmp.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\ZLTlFkhzfcDaCjB\GJcmgWEWTZrc.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 62582 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header
|
Matlab v4 mat-file (little endian) \340\004, numeric, rows 262223750, columns 0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\OneNote15WatsonLog.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\36a44befa49650d0.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZUNH4RPCMTORJA8SP86T.temp
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
|
C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Insight_Medical_Publishing_3.one
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Local\Temp\click.wsf"
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe" "C:\Users\user\AppData\Local\Temp\rad38C2A.tmp.dll
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
"C:\Users\user\AppData\Local\Temp\rad38C2A.tmp.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\ZLTlFkhzfcDaCjB\GJcmgWEWTZrc.dll"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://167.172.199.165:8080/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/eB
|
unknown
|
|
|
|
https://182.162.143.56/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/
|
182.162.143.56
|
|
|
|
https://167.172.199.165:8080/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/#
|
unknown
|
|
|
|
https://182.162.143.56/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/x
|
unknown
|
|
|
|
https://penshorn.org/
|
unknown
|
|
|
|
https://penshorn.org/admin/Ses8712iGR8du/tM
|
unknown
|
|
|
|
https://penshorn.org/admin/Ses8712iGR8du/
|
203.26.41.131
|
|
|
|
https://182.162.143.56/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/l/
|
unknown
|
|
|
|
http://softwareulike.com/cWIYxWMPkK/
|
unknown
|
||
|
https://159.89.202.34/
|
unknown
|
||
|
https://182.162.143.56/
|
unknown
|
||
|
https://91.121.146.47:8080/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/
|
unknown
|
||
|
https://pe2.162.143.56/
|
unknown
|
||
|
https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/
|
unknown
|
||
|
https://167.172.199.165:8080/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/
|
unknown
|
||
|
https://91.121.146.47:8080/
|
unknown
|
||
|
https://160.16.142.56:8080/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/
|
unknown
|
||
|
https://187.172.199.165:8080/
|
unknown
|
||
|
https://160.16.142.56:8080/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl//6(
|
unknown
|
||
|
https://www.gomespontes.com.br/logs/pd/vM
|
unknown
|
||
|
https://167.172.199.165:8080/l
|
unknown
|
||
|
https://167.172.199.165:8080/
|
unknown
|
||
|
https://159.89.202.34/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/h
|
unknown
|
||
|
https://167.172.199.165:8080/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/IT
|
unknown
|
||
|
https://91.121.146.47:8080/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/000
|
unknown
|
||
|
https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/.dll
|
unknown
|
||
|
https://167.172.199.165:8080/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/n
|
unknown
|
||
|
https://portalevolucao.com/GerarBoleto/fLIOoFb
|
unknown
|
||
|
http://ozmeydan.com/cekici/9/
|
unknown
|
||
|
https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/wM
|
unknown
|
||
|
https://www.gomespontes.com.br/logs/pd/
|
unknown
|
||
|
https://167.172.199.165:8080/mwollpl/
|
unknown
|
||
|
https://portalevolucao.com/GerarBoleto/fLIOoFbFs1j
|
unknown
|
||
|
https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/uM
|
unknown
|
||
|
http://softwareulike.com/cWIYxWMPkK/7
|
unknown
|
||
|
https://66.228.32.31:7080/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/
|
unknown
|
||
|
http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/
|
unknown
|
||
|
http://softwareulike.com/cWIYxWMPkK/yM
|
unknown
|
||
|
https://167.172.199.165:8080/8
|
unknown
|
||
|
https://159.89.202.34/I
|
unknown
|
||
|
https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/.dllNZr
|
unknown
|
||
|
http://softwareulike.com/cWIYxW
|
unknown
|
||
|
http://ozmeydan.com/cekici/9/xM
|
unknown
|
||
|
https://187.63.160.88:80/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/01
|
unknown
|
||
|
https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/
|
unknown
|
||
|
http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/zM
|
unknown
|
||
|
https://66.228.32.31:7080/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/_
|
unknown
|
||
|
https://159.89.202.34/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/
|
unknown
|
||
|
https://160.16.142.56:8080/
|
unknown
|
||
|
https://164.90.222.65/qudwkmxm/xmonncmqfa/dpvphsc/beehnbizxmwollpl/
|
unknown
|
||
|
https://163.44.196.120:8080/3
|
unknown
|
There are 41 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
penshorn.org
|
203.26.41.131
|
|
|
|
windowsupdatebg.s.llnwi.net
|
178.79.242.128
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
110.232.117.186
|
unknown
|
Australia
|
|
|
|
103.132.242.26
|
unknown
|
India
|
|
|
|
104.168.155.143
|
unknown
|
United States
|
|
|
|
79.137.35.198
|
unknown
|
France
|
|
|
|
115.68.227.76
|
unknown
|
Korea Republic of
|
|
|
|
163.44.196.120
|
unknown
|
Singapore
|
|
|
|
206.189.28.199
|
unknown
|
United States
|
|
|
|
203.26.41.131
|
penshorn.org
|
Australia
|
|
|
|
107.170.39.149
|
unknown
|
United States
|
|
|
|
66.228.32.31
|
unknown
|
United States
|
|
|
|
197.242.150.244
|
unknown
|
South Africa
|
|
|
|
185.4.135.165
|
unknown
|
Greece
|
|
|
|
183.111.227.137
|
unknown
|
Korea Republic of
|
|
|
|
45.176.232.124
|
unknown
|
Colombia
|
|
|
|
169.57.156.166
|
unknown
|
United States
|
|
|
|
164.68.99.3
|
unknown
|
Germany
|
|
|
|
139.59.126.41
|
unknown
|
Singapore
|
|
|
|
167.172.253.162
|
unknown
|
United States
|
|
|
|
167.172.199.165
|
unknown
|
United States
|
|
|
|
202.129.205.3
|
unknown
|
Thailand
|
|
|
|
147.139.166.154
|
unknown
|
United States
|
|
|
|
153.92.5.27
|
unknown
|
Germany
|
|
|
|
159.65.88.10
|
unknown
|
United States
|
|
|
|
172.105.226.75
|
unknown
|
United States
|
|
|
|
164.90.222.65
|
unknown
|
United States
|
|
|
|
213.239.212.5
|
unknown
|
Germany
|
|
|
|
5.135.159.50
|
unknown
|
France
|
|
|
|
186.194.240.217
|
unknown
|
Brazil
|
|
|
|
119.59.103.152
|
unknown
|
Thailand
|
|
|
|
159.89.202.34
|
unknown
|
United States
|
|
|
|
91.121.146.47
|
unknown
|
France
|
|
|
|
160.16.142.56
|
unknown
|
Japan
|
|
|
|
201.94.166.162
|
unknown
|
Brazil
|
|
|
|
91.207.28.33
|
unknown
|
Kyrgyzstan
|
|
|
|
103.75.201.2
|
unknown
|
Thailand
|
|
|
|
103.43.75.120
|
unknown
|
Japan
|
|
|
|
188.44.20.25
|
unknown
|
Macedonia
|
|
|
|
45.235.8.30
|
unknown
|
Brazil
|
|
|
|
153.126.146.25
|
unknown
|
Japan
|
|
|
|
72.15.201.15
|
unknown
|
United States
|
|
|
|
187.63.160.88
|
unknown
|
Brazil
|
|
|
|
82.223.21.224
|
unknown
|
Spain
|
|
|
|
173.212.193.249
|
unknown
|
Germany
|
|
|
|
95.217.221.146
|
unknown
|
Germany
|
|
|
|
149.56.131.28
|
unknown
|
Canada
|
|
|
|
182.162.143.56
|
unknown
|
Korea Republic of
|
|
|
|
1.234.2.232
|
unknown
|
Korea Republic of
|
|
|
|
129.232.188.93
|
unknown
|
South Africa
|
|
|
|
94.23.45.86
|
unknown
|
France
|
|
There are 39 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems
|
xb8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Resiliency\StartupItems
|
yb8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
|
FriendlyName
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
|
Description
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
|
LoadBehavior
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
|
CommandLineSafe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
|
FriendlyName
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
|
Description
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
|
LoadBehavior
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
|
CommandLineSafe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
LastMyDocumentsPathUsed
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
ProgressWindowPosLeft
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
ProgressWindowPosTop
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
ConsecutiveBootCrashes
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
ConsecutiveEarlyCrashes
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save
|
BackupFilenamePostfixStartSP1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save
|
BackupFilenamePostfixEndSP1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options\Save
|
BackupFilenamePostfixEndRerepairSP1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote
|
FirstBootStatus
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\Options
|
WatsonLoggingUserId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\OneNote\General
|
LastCacheFclRepairSuccessTime
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
OneNoteFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\0\win32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\0\win32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1D12BD3F-89B6-4077-AA2C-C9DC2BCA42F9}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D12BD3F-89B6-4077-AA2C-C9DC2BCA42F9}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{627EA7B4-95B5-4980-84C1-9D20DA4460B1}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{627EA7B4-95B5-4980-84C1-9D20DA4460B1}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{452AC71A-B655-4967-A208-A4CC39DD7949}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{452AC71A-B655-4967-A208-A4CC39DD7949}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E8304B8-CBD1-44F8-B0E8-89C625B2002E}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E8304B8-CBD1-44F8-B0E8-89C625B2002E}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\TypeLib
|
Version
|
There are 33 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2B11000
|
direct allocation
|
page execute read
|
|
|
|
F41000
|
direct allocation
|
page execute read
|
|
|
|
1220000
|
direct allocation
|
page execute and read and write
|
|
|
|
1268000
|
heap
|
page read and write
|
|
|
|
F10000
|
direct allocation
|
page execute and read and write
|
|
|
|
1DA52702000
|
heap
|
page read and write
|
||
|
5473000
|
heap
|
page read and write
|
||
|
5419000
|
heap
|
page read and write
|
||
|
4F8D000
|
heap
|
page read and write
|
||
|
53B9000
|
heap
|
page read and write
|
||
|
2EC80713000
|
heap
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
4F4F000
|
heap
|
page read and write
|
||
|
205A8902000
|
heap
|
page read and write
|
||
|
A8F000
|
heap
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
53B1000
|
heap
|
page read and write
|
||
|
5237000
|
heap
|
page read and write
|
||
|
5210000
|
heap
|
page read and write
|
||
|
1A7A6668000
|
heap
|
page read and write
|
||
|
12C4000
|
heap
|
page read and write
|
||
|
4EA0000
|
heap
|
page read and write
|
||
|
A97000
|
heap
|
page read and write
|
||
|
1DA526CB000
|
heap
|
page read and write
|
||
|
536E000
|
heap
|
page read and write
|
||
|
6500000
|
heap
|
page read and write
|
||
|
133ACD30000
|
heap
|
page read and write
|
||
|
1CFC2350000
|
trusted library allocation
|
page read and write
|
||
|
1CFC2340000
|
heap
|
page readonly
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
50AC000
|
heap
|
page read and write
|
||
|
5346000
|
heap
|
page read and write
|
||
|
2D5C000
|
stack
|
page read and write
|
||
|
4EB3000
|
heap
|
page read and write
|
||
|
133A000
|
heap
|
page read and write
|
||
|
1B7380A0000
|
heap
|
page read and write
|
||
|
DBC000
|
heap
|
page read and write
|
||
|
1A7A6580000
|
heap
|
page read and write
|
||
|
1BF3BE60000
|
heap
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
5158000
|
heap
|
page read and write
|
||
|
12B8000
|
heap
|
page read and write
|
||
|
A2B000
|
heap
|
page read and write
|
||
|
205A8760000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
50AD000
|
heap
|
page read and write
|
||
|
5245000
|
heap
|
page read and write
|
||
|
543B000
|
heap
|
page read and write
|
||
|
52BD000
|
heap
|
page read and write
|
||
|
EF0000
|
direct allocation
|
page execute and read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
AA2000
|
heap
|
page read and write
|
||
|
4F6A000
|
heap
|
page read and write
|
||
|
4F55000
|
heap
|
page read and write
|
||
|
550B000
|
heap
|
page read and write
|
||
|
334E000
|
heap
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
2B3C000
|
direct allocation
|
page readonly
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
4B2D000
|
heap
|
page read and write
|
||
|
134F000
|
heap
|
page read and write
|
||
|
1DA52390000
|
heap
|
page read and write
|
||
|
205A886D000
|
heap
|
page read and write
|
||
|
4B29000
|
heap
|
page read and write
|
||
|
133A000
|
heap
|
page read and write
|
||
|
5208000
|
heap
|
page read and write
|
||
|
4B39000
|
heap
|
page read and write
|
||
|
53A0000
|
heap
|
page read and write
|
||
|
512D000
|
heap
|
page read and write
|
||
|
A78000
|
heap
|
page read and write
|
||
|
4B58000
|
heap
|
page read and write
|
||
|
4F90000
|
heap
|
page read and write
|
||
|
50C0000
|
heap
|
page read and write
|
||
|
1B738202000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
A49000
|
heap
|
page read and write
|
||
|
510B000
|
heap
|
page read and write
|
||
|
5350000
|
heap
|
page read and write
|
||
|
12FE000
|
heap
|
page read and write
|
||
|
12BC000
|
heap
|
page read and write
|
||
|
33D7000
|
heap
|
page read and write
|
||
|
1CFC14F8000
|
heap
|
page read and write
|
||
|
A75000
|
heap
|
page read and write
|
||
|
4D70000
|
heap
|
page read and write
|
||
|
1B738313000
|
heap
|
page read and write
|
||
|
4AC3000
|
heap
|
page read and write
|
||
|
535A000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
1A7A6687000
|
heap
|
page read and write
|
||
|
FEF257E000
|
stack
|
page read and write
|
||
|
50EF000
|
heap
|
page read and write
|
||
|
1DA52D00000
|
heap
|
page read and write
|
||
|
4FCF000
|
heap
|
page read and write
|
||
|
1A68E7F000
|
stack
|
page read and write
|
||
|
3507000
|
heap
|
page read and write
|
||
|
AB7000
|
heap
|
page read and write
|
||
|
4E0FBFE000
|
stack
|
page read and write
|
||
|
133ACF02000
|
heap
|
page read and write
|
||
|
FEF247F000
|
stack
|
page read and write
|
||
|
FEF267F000
|
stack
|
page read and write
|
||
|
205A8865000
|
heap
|
page read and write
|
||
|
9EC000
|
heap
|
page read and write
|
||
|
AC2000
|
heap
|
page read and write
|
||
|
1A7A6600000
|
heap
|
page read and write
|
||
|
205A8874000
|
heap
|
page read and write
|
||
|
1DA5266A000
|
heap
|
page read and write
|
||
|
12E1000
|
heap
|
page read and write
|
||
|
53CD000
|
heap
|
page read and write
|
||
|
518A000
|
heap
|
page read and write
|
||
|
4B8D000
|
heap
|
page read and write
|
||
|
53A7000
|
heap
|
page read and write
|
||
|
4FAE000
|
heap
|
page read and write
|
||
|
4B2E000
|
heap
|
page read and write
|
||
|
1DA523A0000
|
heap
|
page read and write
|
||
|
4B49000
|
heap
|
page read and write
|
||
|
54C000
|
stack
|
page read and write
|
||
|
FEF1A9B000
|
stack
|
page read and write
|
||
|
AC7000
|
heap
|
page read and write
|
||
|
1CFC20E0000
|
trusted library allocation
|
page read and write
|
||
|
D1B000
|
heap
|
page read and write
|
||
|
51C6000
|
heap
|
page read and write
|
||
|
3508000
|
heap
|
page read and write
|
||
|
53C6000
|
heap
|
page read and write
|
||
|
1A68EFE000
|
stack
|
page read and write
|
||
|
5065000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
5557000
|
heap
|
page read and write
|
||
|
4E0FA7E000
|
stack
|
page read and write
|
||
|
538C000
|
heap
|
page read and write
|
||
|
1A7A6613000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
36E5000
|
heap
|
page read and write
|
||
|
205A87C0000
|
heap
|
page read and write
|
||
|
4EE6000
|
heap
|
page read and write
|
||
|
5141000
|
heap
|
page read and write
|
||
|
1B738243000
|
heap
|
page read and write
|
||
|
338A000
|
heap
|
page read and write
|
||
|
502B000
|
heap
|
page read and write
|
||
|
205A87F0000
|
trusted library allocation
|
page read and write
|
||
|
1BF3C040000
|
heap
|
page read and write
|
||
|
12B8000
|
heap
|
page read and write
|
||
|
5175000
|
heap
|
page read and write
|
||
|
541B000
|
heap
|
page read and write
|
||
|
3578000
|
heap
|
page read and write
|
||
|
521E000
|
heap
|
page read and write
|
||
|
3372000
|
heap
|
page read and write
|
||
|
4F61000
|
heap
|
page read and write
|
||
|
5363000
|
heap
|
page read and write
|
||
|
180023000
|
unkown
|
page readonly
|
||
|
524F000
|
heap
|
page read and write
|
||
|
12BC000
|
heap
|
page read and write
|
||
|
5423000
|
heap
|
page read and write
|
||
|
68AC000
|
stack
|
page read and write
|
||
|
4F10000
|
heap
|
page read and write
|
||
|
A1E000
|
heap
|
page read and write
|
||
|
36E6000
|
heap
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
1CFC1470000
|
heap
|
page read and write
|
||
|
9E9B9FF000
|
stack
|
page read and write
|
||
|
5191000
|
heap
|
page read and write
|
||
|
4E0F7BE000
|
stack
|
page read and write
|
||
|
1210000
|
direct allocation
|
page execute and read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
2EC80675000
|
heap
|
page read and write
|
||
|
53E2000
|
heap
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
2CF0000
|
remote allocation
|
page read and write
|
||
|
1A7A665D000
|
heap
|
page read and write
|
||
|
2B10000
|
direct allocation
|
page read and write
|
||
|
30AF9FD000
|
stack
|
page read and write
|
||
|
FEF277F000
|
stack
|
page read and write
|
||
|
1000000
|
trusted library allocation
|
page read and write
|
||
|
5318000
|
heap
|
page read and write
|
||
|
1B738251000
|
heap
|
page read and write
|
||
|
529E000
|
heap
|
page read and write
|
||
|
314C000
|
stack
|
page read and write
|
||
|
A78000
|
heap
|
page read and write
|
||
|
A2B000
|
heap
|
page read and write
|
||
|
205A8863000
|
heap
|
page read and write
|
||
|
53FE000
|
heap
|
page read and write
|
||
|
8FA000
|
stack
|
page read and write
|
||
|
12EC000
|
heap
|
page read and write
|
||
|
1CFC2330000
|
trusted library allocation
|
page read and write
|
||
|
32E1000
|
heap
|
page read and write
|
||
|
5099000
|
heap
|
page read and write
|
||
|
12DD000
|
heap
|
page read and write
|
||
|
527D000
|
heap
|
page read and write
|
||
|
4E90000
|
heap
|
page read and write
|
||
|
1B738213000
|
heap
|
page read and write
|
||
|
5118000
|
heap
|
page read and write
|
||
|
5110000
|
heap
|
page read and write
|
||
|
51DC000
|
heap
|
page read and write
|
||
|
1A7A8130000
|
remote allocation
|
page read and write
|
||
|
55ED000
|
stack
|
page read and write
|
||
|
1CFC1541000
|
heap
|
page read and write
|
||
|
5007000
|
heap
|
page read and write
|
||
|
4E0F73B000
|
stack
|
page read and write
|
||
|
5103000
|
heap
|
page read and write
|
||
|
52DD000
|
heap
|
page read and write
|
||
|
4F7E000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
526F000
|
heap
|
page read and write
|
||
|
FEF1EFB000
|
stack
|
page read and write
|
||
|
133A000
|
heap
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
1CFC14F0000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
1CFC17F9000
|
heap
|
page read and write
|
||
|
2D8B000
|
stack
|
page read and write
|
||
|
2DDF000
|
stack
|
page read and write
|
||
|
6B732FE000
|
stack
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
4AC8000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
D55000
|
heap
|
page read and write
|
||
|
51F2000
|
heap
|
page read and write
|
||
|
529E000
|
heap
|
page read and write
|
||
|
205A8867000
|
heap
|
page read and write
|
||
|
133ACE2A000
|
heap
|
page read and write
|
||
|
32DF000
|
stack
|
page read and write
|
||
|
4E6F000
|
stack
|
page read and write
|
||
|
4B44000
|
heap
|
page read and write
|
||
|
53BC000
|
heap
|
page read and write
|
||
|
A2E000
|
heap
|
page read and write
|
||
|
5321000
|
heap
|
page read and write
|
||
|
4B5A000
|
heap
|
page read and write
|
||
|
205A8844000
|
heap
|
page read and write
|
||
|
4F01000
|
heap
|
page read and write
|
||
|
59FE000
|
stack
|
page read and write
|
||
|
DB4000
|
heap
|
page read and write
|
||
|
531F000
|
heap
|
page read and write
|
||
|
A1F000
|
heap
|
page read and write
|
||
|
5BCE000
|
heap
|
page read and write
|
||
|
12EC000
|
heap
|
page read and write
|
||
|
12BC000
|
heap
|
page read and write
|
||
|
F6C000
|
direct allocation
|
page readonly
|
||
|
D10000
|
heap
|
page read and write
|
||
|
529E000
|
heap
|
page read and write
|
||
|
180021000
|
unkown
|
page read and write
|
||
|
2EC8065B000
|
heap
|
page read and write
|
||
|
5077000
|
heap
|
page read and write
|
||
|
4B2E000
|
heap
|
page read and write
|
||
|
7FE52AC000
|
stack
|
page read and write
|
||
|
33B3000
|
heap
|
page read and write
|
||
|
AFAC98C000
|
stack
|
page read and write
|
||
|
DB8000
|
heap
|
page read and write
|
||
|
12EB000
|
heap
|
page read and write
|
||
|
336A000
|
heap
|
page read and write
|
||
|
AFACFFB000
|
stack
|
page read and write
|
||
|
5BCD000
|
heap
|
page read and write
|
||
|
133ACE13000
|
heap
|
page read and write
|
||
|
4EA6000
|
heap
|
page read and write
|
||
|
4EDD000
|
heap
|
page read and write
|
||
|
2CF0000
|
remote allocation
|
page read and write
|
||
|
12BC000
|
heap
|
page read and write
|
||
|
5384000
|
heap
|
page read and write
|
||
|
109B000
|
stack
|
page read and write
|
||
|
4ECC000
|
heap
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
AFAD1FE000
|
stack
|
page read and write
|
||
|
180023000
|
unkown
|
page readonly
|
||
|
4B2E000
|
heap
|
page read and write
|
||
|
12E1000
|
heap
|
page read and write
|
||
|
4E95000
|
heap
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
1BF3C013000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
133ACD90000
|
remote allocation
|
page read and write
|
||
|
4B33000
|
heap
|
page read and write
|
||
|
50F7000
|
heap
|
page read and write
|
||
|
205A8842000
|
heap
|
page read and write
|
||
|
A0D000
|
heap
|
page read and write
|
||
|
4B03000
|
heap
|
page read and write
|
||
|
205A886A000
|
heap
|
page read and write
|
||
|
1A7A664D000
|
heap
|
page read and write
|
||
|
205A8841000
|
heap
|
page read and write
|
||
|
4B22000
|
heap
|
page read and write
|
||
|
30AF5FE000
|
stack
|
page read and write
|
||
|
12FD000
|
heap
|
page read and write
|
||
|
6B737FF000
|
stack
|
page read and write
|
||
|
1000000
|
trusted library allocation
|
page read and write
|
||
|
5503000
|
heap
|
page read and write
|
||
|
4F84000
|
heap
|
page read and write
|
||
|
A35000
|
heap
|
page read and write
|
||
|
550D000
|
heap
|
page read and write
|
||
|
1DA526BA000
|
heap
|
page read and write
|
||
|
A9A000
|
heap
|
page read and write
|
||
|
4B4F000
|
heap
|
page read and write
|
||
|
1035000
|
heap
|
page read and write
|
||
|
3366000
|
heap
|
page read and write
|
||
|
133A000
|
heap
|
page read and write
|
||
|
4FF5000
|
heap
|
page read and write
|
||
|
28DE000
|
stack
|
page read and write
|
||
|
521E000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
205A8868000
|
heap
|
page read and write
|
||
|
526F000
|
heap
|
page read and write
|
||
|
1DA526C4000
|
heap
|
page read and write
|
||
|
6B733FB000
|
stack
|
page read and write
|
||
|
1BF3C06C000
|
heap
|
page read and write
|
||
|
134F000
|
heap
|
page read and write
|
||
|
521F000
|
heap
|
page read and write
|
||
|
33D3000
|
heap
|
page read and write
|
||
|
4FC9000
|
heap
|
page read and write
|
||
|
5285000
|
heap
|
page read and write
|
||
|
5277000
|
heap
|
page read and write
|
||
|
3366000
|
heap
|
page read and write
|
||
|
1B738229000
|
heap
|
page read and write
|
||
|
4AC5000
|
heap
|
page read and write
|
||
|
1A7A668E000
|
heap
|
page read and write
|
||
|
5227000
|
heap
|
page read and write
|
||
|
4B2C000
|
heap
|
page read and write
|
||
|
DB6000
|
heap
|
page read and write
|
||
|
1DA52D32000
|
heap
|
page read and write
|
||
|
540A000
|
heap
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
52F4000
|
heap
|
page read and write
|
||
|
5083000
|
heap
|
page read and write
|
||
|
205A8855000
|
heap
|
page read and write
|
||
|
53B9000
|
heap
|
page read and write
|
||
|
1BF3C000000
|
heap
|
page read and write
|
||
|
4B2A000
|
heap
|
page read and write
|
||
|
A63000
|
heap
|
page read and write
|
||
|
4B36000
|
heap
|
page read and write
|
||
|
DB6000
|
heap
|
page read and write
|
||
|
9E9B3FC000
|
stack
|
page read and write
|
||
|
334E000
|
heap
|
page read and write
|
||
|
1BF3C002000
|
heap
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
5396000
|
heap
|
page read and write
|
||
|
52DB000
|
heap
|
page read and write
|
||
|
4B48000
|
heap
|
page read and write
|
||
|
5237000
|
heap
|
page read and write
|
||
|
4B34000
|
heap
|
page read and write
|
||
|
4C1E000
|
stack
|
page read and write
|
||
|
5364000
|
heap
|
page read and write
|
||
|
180021000
|
unkown
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
56ED000
|
stack
|
page read and write
|
||
|
1BF3BFC0000
|
trusted library allocation
|
page read and write
|
||
|
134D000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
4FAB000
|
heap
|
page read and write
|
||
|
134A000
|
heap
|
page read and write
|
||
|
5375000
|
heap
|
page read and write
|
||
|
205A8875000
|
heap
|
page read and write
|
||
|
511F000
|
heap
|
page read and write
|
||
|
1DA52665000
|
heap
|
page read and write
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
9E9BDFD000
|
stack
|
page read and write
|
||
|
1BF3C075000
|
heap
|
page read and write
|
||
|
2D7B000
|
stack
|
page read and write
|
||
|
1CFC20F0000
|
trusted library allocation
|
page read and write
|
||
|
5065000
|
heap
|
page read and write
|
||
|
DB8000
|
heap
|
page read and write
|
||
|
540A000
|
heap
|
page read and write
|
||
|
2E5B000
|
stack
|
page read and write
|
||
|
205A8861000
|
heap
|
page read and write
|
||
|
4B3B000
|
heap
|
page read and write
|
||
|
7FE587E000
|
stack
|
page read and write
|
||
|
A71000
|
heap
|
page read and write
|
||
|
59A0000
|
remote allocation
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
531F000
|
heap
|
page read and write
|
||
|
205A8800000
|
heap
|
page read and write
|
||
|
1A7A6700000
|
heap
|
page read and write
|
||
|
533C000
|
heap
|
page read and write
|
||
|
4B5A000
|
heap
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
1A7A6679000
|
heap
|
page read and write
|
||
|
12AC000
|
heap
|
page read and write
|
||
|
1A7A6702000
|
heap
|
page read and write
|
||
|
30AF67E000
|
stack
|
page read and write
|
||
|
1A68FFE000
|
stack
|
page read and write
|
||
|
205A8839000
|
heap
|
page read and write
|
||
|
52AD000
|
heap
|
page read and write
|
||
|
12C4000
|
heap
|
page read and write
|
||
|
536E000
|
heap
|
page read and write
|
||
|
9E9BB7C000
|
stack
|
page read and write
|
||
|
5245000
|
heap
|
page read and write
|
||
|
5B80000
|
heap
|
page read and write
|
||
|
1CFC1532000
|
heap
|
page read and write
|
||
|
4AC0000
|
heap
|
page read and write
|
||
|
3366000
|
heap
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
4B21000
|
heap
|
page read and write
|
||
|
53EC000
|
heap
|
page read and write
|
||
|
134D000
|
heap
|
page read and write
|
||
|
2B3A000
|
direct allocation
|
page readonly
|
||
|
1B73823C000
|
heap
|
page read and write
|
||
|
4F7E000
|
heap
|
page read and write
|
||
|
4B03000
|
heap
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
596F000
|
stack
|
page read and write
|
||
|
134F000
|
heap
|
page read and write
|
||
|
1A7A664D000
|
heap
|
page read and write
|
||
|
31CC000
|
stack
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
A66000
|
heap
|
page read and write
|
||
|
4ED5000
|
heap
|
page read and write
|
||
|
4EB3000
|
heap
|
page read and write
|
||
|
133ACE40000
|
heap
|
page read and write
|
||
|
5056000
|
heap
|
page read and write
|
||
|
205A8847000
|
heap
|
page read and write
|
||
|
526F000
|
heap
|
page read and write
|
||
|
1A7A662A000
|
heap
|
page read and write
|
||
|
4EE3000
|
heap
|
page read and write
|
||
|
6B7367A000
|
stack
|
page read and write
|
||
|
133A000
|
heap
|
page read and write
|
||
|
1BF3C102000
|
heap
|
page read and write
|
||
|
1B7380B0000
|
heap
|
page read and write
|
||
|
5028000
|
heap
|
page read and write
|
||
|
AA7000
|
heap
|
page read and write
|
||
|
543C000
|
heap
|
page read and write
|
||
|
512C000
|
heap
|
page read and write
|
||
|
205A8860000
|
heap
|
page read and write
|
||
|
133A000
|
heap
|
page read and write
|
||
|
4FF9000
|
heap
|
page read and write
|
||
|
1DA52629000
|
heap
|
page read and write
|
||
|
4B8E000
|
heap
|
page read and write
|
||
|
541D000
|
heap
|
page read and write
|
||
|
5043000
|
heap
|
page read and write
|
||
|
205A8840000
|
heap
|
page read and write
|
||
|
336B000
|
heap
|
page read and write
|
||
|
522D000
|
heap
|
page read and write
|
||
|
4F06000
|
heap
|
page read and write
|
||
|
ACB000
|
heap
|
page read and write
|
||
|
1DA525D0000
|
trusted library allocation
|
page read and write
|
||
|
205A887E000
|
heap
|
page read and write
|
||
|
4B3A000
|
heap
|
page read and write
|
||
|
5331000
|
heap
|
page read and write
|
||
|
5398000
|
heap
|
page read and write
|
||
|
4B54000
|
heap
|
page read and write
|
||
|
4E91000
|
heap
|
page read and write
|
||
|
A3F000
|
heap
|
page read and write
|
||
|
5001000
|
heap
|
page read and write
|
||
|
337A000
|
heap
|
page read and write
|
||
|
51E9000
|
heap
|
page read and write
|
||
|
3307000
|
heap
|
page read and write
|
||
|
533D000
|
heap
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
134D000
|
heap
|
page read and write
|
||
|
53AF000
|
heap
|
page read and write
|
||
|
5316000
|
heap
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
2EC80D30000
|
trusted library allocation
|
page read and write
|
||
|
FEF217B000
|
stack
|
page read and write
|
||
|
1BF3C079000
|
heap
|
page read and write
|
||
|
1DA52613000
|
heap
|
page read and write
|
||
|
1A7A665A000
|
heap
|
page read and write
|
||
|
30AF77F000
|
stack
|
page read and write
|
||
|
5304000
|
heap
|
page read and write
|
||
|
1DA52C02000
|
heap
|
page read and write
|
||
|
4B5A000
|
heap
|
page read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
205A886B000
|
heap
|
page read and write
|
||
|
5160000
|
heap
|
page read and write
|
||
|
5419000
|
heap
|
page read and write
|
||
|
4B3F000
|
heap
|
page read and write
|
||
|
4D6E000
|
stack
|
page read and write
|
||
|
A35000
|
heap
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
4B59000
|
heap
|
page read and write
|
||
|
4EB8000
|
heap
|
page read and write
|
||
|
4B41000
|
heap
|
page read and write
|
||
|
4F7E000
|
heap
|
page read and write
|
||
|
205A8849000
|
heap
|
page read and write
|
||
|
12C4000
|
heap
|
page read and write
|
||
|
50AC000
|
heap
|
page read and write
|
||
|
51D3000
|
heap
|
page read and write
|
||
|
5405000
|
heap
|
page read and write
|
||
|
3328000
|
heap
|
page read and write
|
||
|
4F8D000
|
heap
|
page read and write
|
||
|
A78000
|
heap
|
page read and write
|
||
|
4B35000
|
heap
|
page read and write
|
||
|
67AD000
|
stack
|
page read and write
|
||
|
3366000
|
heap
|
page read and write
|
||
|
4F1B000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
3551000
|
heap
|
page read and write
|
||
|
9E9B7FC000
|
stack
|
page read and write
|
||
|
50A0000
|
heap
|
page read and write
|
||
|
4B35000
|
heap
|
page read and write
|
||
|
A7D000
|
heap
|
page read and write
|
||
|
6B7357E000
|
stack
|
page read and write
|
||
|
5257000
|
heap
|
page read and write
|
||
|
DBD000
|
heap
|
page read and write
|
||
|
12FE000
|
heap
|
page read and write
|
||
|
1A7A665D000
|
heap
|
page read and write
|
||
|
4F2C000
|
heap
|
page read and write
|
||
|
A58000
|
heap
|
page read and write
|
||
|
D78000
|
heap
|
page read and write
|
||
|
2EC80600000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
1A7A6718000
|
heap
|
page read and write
|
||
|
337A000
|
heap
|
page read and write
|
||
|
2CBE000
|
stack
|
page read and write
|
||
|
12C4000
|
heap
|
page read and write
|
||
|
2D3C000
|
stack
|
page read and write
|
||
|
205A8864000
|
heap
|
page read and write
|
||
|
4B5A000
|
heap
|
page read and write
|
||
|
A3F000
|
heap
|
page read and write
|
||
|
523F000
|
heap
|
page read and write
|
||
|
2EC805D0000
|
heap
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
133A000
|
heap
|
page read and write
|
||
|
50DB000
|
heap
|
page read and write
|
||
|
53E2000
|
heap
|
page read and write
|
||
|
133ACCD0000
|
heap
|
page read and write
|
||
|
AFAD0FB000
|
stack
|
page read and write
|
||
|
5479000
|
heap
|
page read and write
|
||
|
7FE5E7C000
|
stack
|
page read and write
|
||
|
4EF5000
|
heap
|
page read and write
|
||
|
1A7A663D000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
36E6000
|
heap
|
page read and write
|
||
|
12E1000
|
heap
|
page read and write
|
||
|
133ACD90000
|
remote allocation
|
page read and write
|
||
|
133ACE36000
|
heap
|
page read and write
|
||
|
5AFE000
|
stack
|
page read and write
|
||
|
12BC000
|
heap
|
page read and write
|
||
|
2EC80641000
|
heap
|
page read and write
|
||
|
4ACD000
|
heap
|
page read and write
|
||
|
A4D000
|
heap
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
A79000
|
heap
|
page read and write
|
||
|
205A883D000
|
heap
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
205A8750000
|
heap
|
page read and write
|
||
|
12EB000
|
heap
|
page read and write
|
||
|
133ACE00000
|
heap
|
page read and write
|
||
|
5396000
|
heap
|
page read and write
|
||
|
1A7A65B0000
|
trusted library allocation
|
page read and write
|
||
|
5406000
|
heap
|
page read and write
|
||
|
1BF3C028000
|
heap
|
page read and write
|
||
|
4B31000
|
heap
|
page read and write
|
||
|
50C0000
|
heap
|
page read and write
|
||
|
7FE56FC000
|
stack
|
page read and write
|
||
|
538E000
|
heap
|
page read and write
|
||
|
1A7A6713000
|
heap
|
page read and write
|
||
|
51B0000
|
heap
|
page read and write
|
||
|
285E000
|
stack
|
page read and write
|
||
|
5382000
|
heap
|
page read and write
|
||
|
335A000
|
heap
|
page read and write
|
||
|
5182000
|
heap
|
page read and write
|
||
|
205A8850000
|
heap
|
page read and write
|
||
|
54C1000
|
heap
|
page read and write
|
||
|
1B738890000
|
trusted library allocation
|
page read and write
|
||
|
12FE000
|
heap
|
page read and write
|
||
|
12C4000
|
heap
|
page read and write
|
||
|
506B000
|
heap
|
page read and write
|
||
|
7FE5D7F000
|
stack
|
page read and write
|
||
|
4B2F000
|
heap
|
page read and write
|
||
|
205A8830000
|
heap
|
page read and write
|
||
|
5070000
|
heap
|
page read and write
|
||
|
133AD602000
|
trusted library allocation
|
page read and write
|
||
|
205A8813000
|
heap
|
page read and write
|
||
|
2EC80702000
|
heap
|
page read and write
|
||
|
335A000
|
heap
|
page read and write
|
||
|
1BF3C802000
|
trusted library allocation
|
page read and write
|
||
|
2EC80602000
|
heap
|
page read and write
|
||
|
53AF000
|
heap
|
page read and write
|
||
|
335A000
|
heap
|
page read and write
|
||
|
2EC80560000
|
heap
|
page read and write
|
||
|
1A7A664A000
|
heap
|
page read and write
|
||
|
5331000
|
heap
|
page read and write
|
||
|
F6A000
|
direct allocation
|
page readonly
|
||
|
338A000
|
heap
|
page read and write
|
||
|
5423000
|
heap
|
page read and write
|
||
|
12FE000
|
heap
|
page read and write
|
||
|
5351000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
FFF000
|
stack
|
page read and write
|
||
|
1A7A65D0000
|
trusted library allocation
|
page read and write
|
||
|
4B5A000
|
heap
|
page read and write
|
||
|
4E0FCFE000
|
stack
|
page read and write
|
||
|
A92000
|
heap
|
page read and write
|
||
|
4B5A000
|
heap
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
FEF287E000
|
stack
|
page read and write
|
||
|
2EC80570000
|
heap
|
page read and write
|
||
|
4ED2000
|
heap
|
page read and write
|
||
|
5013000
|
heap
|
page read and write
|
||
|
4FDB000
|
heap
|
page read and write
|
||
|
2EC8067A000
|
heap
|
page read and write
|
||
|
5423000
|
heap
|
page read and write
|
||
|
518B000
|
heap
|
page read and write
|
||
|
53DA000
|
heap
|
page read and write
|
||
|
51BD000
|
heap
|
page read and write
|
||
|
133ACD90000
|
remote allocation
|
page read and write
|
||
|
4F44000
|
heap
|
page read and write
|
||
|
4B4F000
|
heap
|
page read and write
|
||
|
1DA526E4000
|
heap
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
3366000
|
heap
|
page read and write
|
||
|
53D7000
|
heap
|
page read and write
|
||
|
1CFC13E0000
|
heap
|
page read and write
|
||
|
533B000
|
heap
|
page read and write
|
||
|
2958000
|
stack
|
page read and write
|
||
|
205A884E000
|
heap
|
page read and write
|
||
|
51A7000
|
heap
|
page read and write
|
||
|
5396000
|
heap
|
page read and write
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
205A8877000
|
heap
|
page read and write
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
53B9000
|
heap
|
page read and write
|
||
|
4E0FEFF000
|
stack
|
page read and write
|
||
|
4E70000
|
heap
|
page read and write
|
||
|
1A6907F000
|
stack
|
page read and write
|
||
|
5149000
|
heap
|
page read and write
|
||
|
1A7A8202000
|
trusted library allocation
|
page read and write
|
||
|
508A000
|
heap
|
page read and write
|
||
|
1B738300000
|
heap
|
page read and write
|
||
|
33D7000
|
heap
|
page read and write
|
||
|
524F000
|
heap
|
page read and write
|
||
|
A0F000
|
heap
|
page read and write
|
||
|
5190000
|
heap
|
page read and write
|
||
|
4AC9000
|
heap
|
page read and write
|
||
|
31DA000
|
heap
|
page read and write
|
||
|
1A690F9000
|
stack
|
page read and write
|
||
|
5165000
|
heap
|
page read and write
|
||
|
205A9002000
|
trusted library allocation
|
page read and write
|
||
|
4EC3000
|
heap
|
page read and write
|
||
|
4B58000
|
heap
|
page read and write
|
||
|
4D1F000
|
stack
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
133ACD60000
|
trusted library allocation
|
page read and write
|
||
|
134D000
|
heap
|
page read and write
|
||
|
512C000
|
heap
|
page read and write
|
||
|
ACC000
|
heap
|
page read and write
|
||
|
4B5A000
|
heap
|
page read and write
|
||
|
9E9BCFB000
|
stack
|
page read and write
|
||
|
12AC000
|
heap
|
page read and write
|
||
|
4EC9000
|
heap
|
page read and write
|
||
|
1CFC1541000
|
heap
|
page read and write
|
||
|
2B3B000
|
direct allocation
|
page read and write
|
||
|
4B1F000
|
heap
|
page read and write
|
||
|
550A000
|
heap
|
page read and write
|
||
|
4F3E000
|
heap
|
page read and write
|
||
|
30AF12C000
|
stack
|
page read and write
|
||
|
A78000
|
heap
|
page read and write
|
||
|
1CFC1500000
|
heap
|
page read and write
|
||
|
5099000
|
heap
|
page read and write
|
||
|
4B30000
|
heap
|
page read and write
|
||
|
4F0A000
|
heap
|
page read and write
|
||
|
4F32000
|
heap
|
page read and write
|
||
|
586E000
|
stack
|
page read and write
|
||
|
205A884B000
|
heap
|
page read and write
|
||
|
A92000
|
heap
|
page read and write
|
||
|
537A000
|
heap
|
page read and write
|
||
|
1BF3BE50000
|
heap
|
page read and write
|
||
|
1BF3C100000
|
heap
|
page read and write
|
||
|
DBE000
|
heap
|
page read and write
|
||
|
530D000
|
heap
|
page read and write
|
||
|
1CFC2360000
|
trusted library allocation
|
page read and write
|
||
|
59A0000
|
remote allocation
|
page read and write
|
||
|
5182000
|
heap
|
page read and write
|
||
|
14F5000
|
heap
|
page read and write
|
||
|
50B3000
|
heap
|
page read and write
|
||
|
133ACCC0000
|
heap
|
page read and write
|
||
|
1A7A8130000
|
remote allocation
|
page read and write
|
||
|
1B738302000
|
heap
|
page read and write
|
||
|
4F67000
|
heap
|
page read and write
|
||
|
5013000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page readonly
|
||
|
5346000
|
heap
|
page read and write
|
||
|
4B1F000
|
heap
|
page read and write
|
||
|
501A000
|
heap
|
page read and write
|
||
|
A5A000
|
heap
|
page read and write
|
||
|
ACB000
|
heap
|
page read and write
|
||
|
572E000
|
stack
|
page read and write
|
||
|
A71000
|
heap
|
page read and write
|
||
|
5306000
|
heap
|
page read and write
|
||
|
4ACD000
|
heap
|
page read and write
|
||
|
133ACE5C000
|
heap
|
page read and write
|
||
|
133A000
|
heap
|
page read and write
|
||
|
7FE5C7D000
|
stack
|
page read and write
|
||
|
2EC80E02000
|
trusted library allocation
|
page read and write
|
||
|
4B44000
|
heap
|
page read and write
|
||
|
2CF0000
|
remote allocation
|
page read and write
|
||
|
30AF8FF000
|
stack
|
page read and write
|
||
|
1BF3C113000
|
heap
|
page read and write
|
||
|
1CFC14E0000
|
trusted library allocation
|
page read and write
|
||
|
4B59000
|
heap
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
4FEE000
|
heap
|
page read and write
|
||
|
9E9BFFC000
|
stack
|
page read and write
|
||
|
12AC000
|
heap
|
page read and write
|
||
|
205A8856000
|
heap
|
page read and write
|
||
|
4B3F000
|
heap
|
page read and write
|
||
|
12BC000
|
heap
|
page read and write
|
||
|
538C000
|
heap
|
page read and write
|
||
|
4ED5000
|
heap
|
page read and write
|
||
|
4EE6000
|
heap
|
page read and write
|
||
|
1DA52400000
|
heap
|
page read and write
|
||
|
205A8884000
|
heap
|
page read and write
|
||
|
A08000
|
heap
|
page read and write
|
||
|
4F47000
|
heap
|
page read and write
|
||
|
A5A000
|
heap
|
page read and write
|
||
|
52DB000
|
heap
|
page read and write
|
||
|
1CFC1800000
|
trusted library allocation
|
page read and write
|
||
|
5305000
|
heap
|
page read and write
|
||
|
133ACE02000
|
heap
|
page read and write
|
||
|
50CB000
|
heap
|
page read and write
|
||
|
1A7A8070000
|
trusted library allocation
|
page read and write
|
||
|
5545000
|
heap
|
page read and write
|
||
|
4AE9000
|
heap
|
page read and write
|
||
|
205A8831000
|
heap
|
page read and write
|
||
|
1B738870000
|
trusted library allocation
|
page read and write
|
||
|
4B4D000
|
heap
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
5333000
|
heap
|
page read and write
|
||
|
9D8000
|
heap
|
page read and write
|
||
|
334F000
|
heap
|
page read and write
|
||
|
205A8845000
|
heap
|
page read and write
|
||
|
4B27000
|
heap
|
page read and write
|
||
|
335A000
|
heap
|
page read and write
|
||
|
59A0000
|
remote allocation
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
1B738A02000
|
trusted library allocation
|
page read and write
|
||
|
541D000
|
heap
|
page read and write
|
||
|
30AFA7C000
|
stack
|
page read and write
|
||
|
5014000
|
heap
|
page read and write
|
||
|
180016000
|
unkown
|
page readonly
|
||
|
1B738200000
|
heap
|
page read and write
|
||
|
4F91000
|
heap
|
page read and write
|
||
|
A9A000
|
heap
|
page read and write
|
||
|
205A8862000
|
heap
|
page read and write
|
||
|
1CFC153A000
|
heap
|
page read and write
|
||
|
53BB000
|
heap
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
5103000
|
heap
|
page read and write
|
||
|
4B2D000
|
heap
|
page read and write
|
||
|
4B59000
|
heap
|
page read and write
|
||
|
524F000
|
heap
|
page read and write
|
||
|
7FE5A7F000
|
stack
|
page read and write
|
||
|
53C4000
|
heap
|
page read and write
|
||
|
205A8846000
|
heap
|
page read and write
|
||
|
7FE597E000
|
stack
|
page read and write
|
||
|
1DA5263D000
|
heap
|
page read and write
|
||
|
324D000
|
stack
|
page read and write
|
||
|
1DA52687000
|
heap
|
page read and write
|
||
|
205A884F000
|
heap
|
page read and write
|
||
|
9E9BC7C000
|
stack
|
page read and write
|
||
|
1BF3C054000
|
heap
|
page read and write
|
||
|
5328000
|
heap
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
530F000
|
heap
|
page read and write
|
||
|
1B738110000
|
heap
|
page read and write
|
||
|
535C000
|
heap
|
page read and write
|
||
|
1CFC13F0000
|
trusted library allocation
|
page read and write
|
||
|
528E000
|
heap
|
page read and write
|
||
|
1DA52713000
|
heap
|
page read and write
|
||
|
50D3000
|
heap
|
page read and write
|
||
|
52DB000
|
heap
|
page read and write
|
||
|
4F21000
|
heap
|
page read and write
|
||
|
5158000
|
heap
|
page read and write
|
||
|
1CFC23B0000
|
trusted library allocation
|
page read and write
|
||
|
9FE000
|
heap
|
page read and write
|
||
|
4B33000
|
heap
|
page read and write
|
||
|
F6B000
|
direct allocation
|
page read and write
|
||
|
51B5000
|
heap
|
page read and write
|
||
|
3578000
|
heap
|
page read and write
|
||
|
5030000
|
heap
|
page read and write
|
||
|
4B30000
|
heap
|
page read and write
|
||
|
1A7A8130000
|
remote allocation
|
page read and write
|
||
|
12E1000
|
heap
|
page read and write
|
||
|
DB8000
|
heap
|
page read and write
|
||
|
6B731FB000
|
stack
|
page read and write
|
||
|
9E9BAFE000
|
stack
|
page read and write
|
||
|
5124000
|
heap
|
page read and write
|
||
|
338A000
|
heap
|
page read and write
|
||
|
12B8000
|
heap
|
page read and write
|
||
|
12B8000
|
heap
|
page read and write
|
||
|
535A000
|
heap
|
page read and write
|
||
|
503C000
|
heap
|
page read and write
|
||
|
1B73824D000
|
heap
|
page read and write
|
||
|
AFACEFB000
|
stack
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
4B5A000
|
heap
|
page read and write
|
||
|
2EC80629000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
52F2000
|
heap
|
page read and write
|
||
|
34DE000
|
stack
|
page read and write
|
||
|
1CFC1790000
|
trusted library allocation
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
4FA4000
|
heap
|
page read and write
|
||
|
4B1E000
|
heap
|
page read and write
|
||
|
205A8829000
|
heap
|
page read and write
|
||
|
5134000
|
heap
|
page read and write
|
||
|
52EB000
|
heap
|
page read and write
|
||
|
4B51000
|
heap
|
page read and write
|
||
|
4ECC000
|
heap
|
page read and write
|
||
|
1DA52600000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
A78000
|
heap
|
page read and write
|
||
|
4B36000
|
heap
|
page read and write
|
||
|
6B72DAB000
|
stack
|
page read and write
|
||
|
530D000
|
heap
|
page read and write
|
||
|
A37000
|
heap
|
page read and write
|
||
|
4FB6000
|
heap
|
page read and write
|
||
|
51E9000
|
heap
|
page read and write
|
||
|
530D000
|
heap
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
4F1B000
|
heap
|
page read and write
|
||
|
6B7347E000
|
stack
|
page read and write
|
||
|
9ED000
|
heap
|
page read and write
|
||
|
2EC80613000
|
heap
|
page read and write
|
||
|
ACD000
|
heap
|
page read and write
|
||
|
4B1F000
|
heap
|
page read and write
|
||
|
1B738243000
|
heap
|
page read and write
|
||
|
A53000
|
heap
|
page read and write
|
||
|
4FBD000
|
heap
|
page read and write
|
||
|
A3F000
|
heap
|
page read and write
|
||
|
4B4A000
|
heap
|
page read and write
|
||
|
52C6000
|
heap
|
page read and write
|
||
|
5B81000
|
heap
|
page read and write
|
||
|
1250000
|
heap
|
page readonly
|
||
|
4B41000
|
heap
|
page read and write
|
||
|
34E1000
|
heap
|
page read and write
|
||
|
51A0000
|
heap
|
page read and write
|
||
|
4B42000
|
heap
|
page read and write
|
||
|
504F000
|
heap
|
page read and write
|
||
|
9E9BEFE000
|
stack
|
page read and write
|
||
|
30AF87D000
|
stack
|
page read and write
|
||
|
52A6000
|
heap
|
page read and write
|
||
|
5346000
|
heap
|
page read and write
|
||
|
F40000
|
direct allocation
|
page read and write
|
||
|
134D000
|
heap
|
page read and write
|
||
|
516D000
|
heap
|
page read and write
|
||
|
53D8000
|
heap
|
page read and write
|
||
|
4B43000
|
heap
|
page read and write
|
||
|
4F87000
|
heap
|
page read and write
|
||
|
1A68BFF000
|
stack
|
page read and write
|
||
|
205A887A000
|
heap
|
page read and write
|
||
|
12E1000
|
heap
|
page read and write
|
||
|
5307000
|
heap
|
page read and write
|
||
|
1CFC17F0000
|
heap
|
page read and write
|
||
|
C7B000
|
stack
|
page read and write
|
||
|
5189000
|
heap
|
page read and write
|
||
|
205A8823000
|
heap
|
page read and write
|
||
|
1BF3BEC0000
|
heap
|
page read and write
|
||
|
205A8848000
|
heap
|
page read and write
|
||
|
AB2000
|
heap
|
page read and write
|
||
|
4ACD000
|
heap
|
page read and write
|
||
|
4B59000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
A43000
|
heap
|
page read and write
|
||
|
530D000
|
heap
|
page read and write
|
||
|
33D7000
|
heap
|
page read and write
|
||
|
4E0FDFE000
|
stack
|
page read and write
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
12A8000
|
heap
|
page read and write
|
||
|
9E9C0FF000
|
stack
|
page read and write
|
||
|
5028000
|
heap
|
page read and write
|
||
|
4FDB000
|
heap
|
page read and write
|
||
|
12B5000
|
heap
|
page read and write
|
||
|
4FE2000
|
heap
|
page read and write
|
||
|
1A7A80B0000
|
trusted library allocation
|
page read and write
|
||
|
205A8879000
|
heap
|
page read and write
|
||
|
5363000
|
heap
|
page read and write
|
||
|
205A887B000
|
heap
|
page read and write
|
||
|
335A000
|
heap
|
page read and write
|
||
|
12B8000
|
heap
|
page read and write
|
||
|
31F1000
|
heap
|
page read and write
|
||
|
5028000
|
heap
|
page read and write
|
||
|
DB4000
|
heap
|
page read and write
|
||
|
1CFC1450000
|
heap
|
page read and write
|
||
|
5346000
|
heap
|
page read and write
|
||
|
180016000
|
unkown
|
page readonly
|
||
|
3308000
|
heap
|
page read and write
|
||
|
1B738257000
|
heap
|
page read and write
|
||
|
DB8000
|
heap
|
page read and write
|
||
|
12E1000
|
heap
|
page read and write
|
||
|
5070000
|
heap
|
page read and write
|
||
|
4B36000
|
heap
|
page read and write
|
||
|
4F1C000
|
heap
|
page read and write
|
||
|
A8B000
|
heap
|
page read and write
|
||
|
582E000
|
stack
|
page read and write
|
||
|
1A7A6510000
|
heap
|
page read and write
|
||
|
FEF237D000
|
stack
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
5237000
|
heap
|
page read and write
|
||
|
7FE5B7C000
|
stack
|
page read and write
|
||
|
52CC000
|
heap
|
page read and write
|
||
|
337C000
|
heap
|
page read and write
|
||
|
4B47000
|
heap
|
page read and write
|
||
|
1A68B7B000
|
stack
|
page read and write
|
||
|
12B5000
|
heap
|
page read and write
|
||
|
FEF207D000
|
stack
|
page read and write
|
||
|
A0E000
|
heap
|
page read and write
|
||
|
1CFC17F5000
|
heap
|
page read and write
|
||
|
4B3E000
|
heap
|
page read and write
|
||
|
12C4000
|
heap
|
page read and write
|
||
|
1A7A6520000
|
heap
|
page read and write
|
||
|
5347000
|
heap
|
page read and write
|
||
|
535B000
|
heap
|
page read and write
|
||
|
4B48000
|
heap
|
page read and write
|
||
|
50C7000
|
heap
|
page read and write
|
||
|
1A68F79000
|
stack
|
page read and write
|
||
|
D58000
|
heap
|
page read and write
|
||
|
1CFC1541000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
There are 903 hidden memdumps, click here to show them.